Project

General

Profile

« Previous | Next » 

Revision 944

Added by Jing Tao almost 23 years ago

Code to handle "read" permission was changed in hasPermission method. The old code used old way to look up the public_access field in xml_documents table.

View differences:

src/edu/ucsb/nceas/metacat/AccessControlList.java
277 277
          permission = permission | READ;
278 278
        } else if ( inputString.trim().toUpperCase().equals("WRITE") ) {
279 279
          permission = permission | WRITE;
280
        } else if ( inputString.trim().toUpperCase().equals("CHANGEPERMISSION") ) {
280
        } else if ( inputString.trim().toUpperCase().equals("CHANGEPERMISSION")) 
281
        {
281 282
          permission = permission | CHMOD;
282 283
        } else if ( inputString.trim().toUpperCase().equals("ALL") ) {
283 284
          permission = permission | ALL;
......
586 587
                                String principal, String docid)
587 588
                 throws SQLException
588 589
  {
589
    //System.out.println("Does " + principal + " have " + permission + " on " + docid);
590
    //detele the rev number if docid contains it
591
    docid=MetaCatUtil.getDocIdFromString(docid);
590 592
    PreparedStatement pstmt;
591
    // check public access to @docid from xml_documents table
592
    if ( permission.equals("READ") ) {
593
      try {
594
        pstmt = conn.prepareStatement(
595
                "SELECT 'x' FROM xml_documents " +
596
                "WHERE docid = ? AND public_access = 1");
597
        // Bind the values to the query
598
        pstmt.setString(1, docid);
599

  
600
        pstmt.execute();
601
        ResultSet rs = pstmt.getResultSet();
602
        boolean hasRow = rs.next();
603
        pstmt.close();
604
        if (hasRow) {
605
          return true;
606
        }
607

  
608

  
609
      } catch (SQLException e) {
610
        throw new 
611
        SQLException("AccessControlList.hasPermission(). " +
612
                     "Error checking public access for document #"+docid+
613
                     ". " + e.getMessage());
614
      }
615
    }
616 593
    
594
   
617 595
    // since owner of resource has all permission on it,
618 596
    // check if @principal is owner of @docid in xml_documents table
619 597
    if ( principal != null ) {
......
646 624
      {
647 625
        pstmt = conn.prepareStatement("select 'x' from xml_access where " +
648 626
                                      "accessfileid like '" + docid + 
649
                                      "' and principal_name like '" + principal +
627
                                      "' and principal_name like '" + principal+
650 628
                                      "' and perm_type like 'allow' and " +
651 629
                                      "permission = 7");
652 630
        pstmt.execute();
......
696 674
               ( permOrder.equals("allowFirst") ) &&
697 675
               ( rs.wasNull() || ticketCount > 0 ) ) {
698 676
            if ( !rs.wasNull() && ticketCount > 0 ) {
699
              decreaseNumberOfAccess(accessValue,principal,docid,"deny","allowFirst");
677
              decreaseNumberOfAccess(accessValue,principal,docid,
678
                                                          "deny","allowFirst");
700 679
            }
701 680
            pstmt.close();
702 681
            return false;
703 682
          }
704 683
          hasRows = rs.next();
705 684
        }
706
//System.out.println("Passed the check for \"deny\" access with \"allowFirst\"");      
685
     
707 686

  
708 687
        // it is not denied then check if it is "allow"
709 688
        // Bind the values to the query
......
721 700
          if ( ( accessValue & intValue(permission) )==intValue(permission) &&
722 701
               ( rs.wasNull() || ticketCount > 0 ) ) {
723 702
            if ( !rs.wasNull() && ticketCount > 0 ) {
724
              decreaseNumberOfAccess(accessValue,principal,docid,"allow",permOrder);
703
              decreaseNumberOfAccess(accessValue,principal,
704
                                                      docid,"allow",permOrder);
725 705
            }
726 706
            pstmt.close();
727 707
            return true;
728 708
          }
729 709
          hasRows = rs.next();
730 710
        }
731
//System.out.println("Passed the check for \"allow\" access");      
711
   
732 712

  
733 713
        // it is not allowed then check if it is "deny" with "denyFirst"
734 714
        // Bind the values to the query
......
747 727
               ( permOrder.equals("denyFirst") ) &&
748 728
               ( rs.wasNull() || ticketCount > 0 ) ) {
749 729
            if ( !rs.wasNull() && ticketCount > 0 ) {
750
              decreaseNumberOfAccess(accessValue,principal,docid,"deny","denyFirst");
730
                decreaseNumberOfAccess(accessValue,principal,docid,
731
                                                "deny","denyFirst");
751 732
            }
752 733
            pstmt.close();
753 734
            return false;
754 735
          }
755 736
          hasRows = rs.next();
756 737
        }
757
//System.out.println("Passed the check for \"deny\" access wirh \"denyFirst\"");      
758 738
      
739
      
759 740
        pstmt.close();
760 741
        return false;
761 742
  
......
841 822
    try {
842 823
      
843 824
      isOwned = isOwned(docid, user);
844
      systemID = getSystemID((String)MetaCatUtil.getOptionList(accDoctype).elementAt(0));
825
      systemID = getSystemID((String)MetaCatUtil.
826
                                      getOptionList(accDoctype).elementAt(0));
845 827
      publicAcc = getPublicAccess(docid);
846 828
        
847 829
      output.append("<?xml version=\"1.0\"?>\n");

Also available in: Unified diff