Project

General

Profile

« Previous | Next » 

Revision 947

Added by Jing Tao almost 23 years ago

The feature of check permission before Metacat handle a "read" action. If user doesn't have permission, its request will be rejected.
After creating a DocumentImpl object. A method named hasReadPermission in that class will be called to make sure the user has permission to read it.

View differences:

src/edu/ucsb/nceas/metacat/MetaCatServlet.java
276 276
        }  
277 277
      }    
278 278
  
279
      // Now that we know the session is valid, we can delegate the request
279
       // Now that we know the session is valid, we can delegate the request
280 280
      // to a particular action handler
281 281
      if(action.equals("query")) {
282 282
        handleQuery(response.getWriter(),params,response,username,groupnames);
......
288 288
          out.println("Illegal action squery without \"query\" parameter");
289 289
        }
290 290
      } else if (action.equals("export")) {
291
        //username and groupname have to continue using though they are 
292
        //not standard
291
        //"username" and "groupname" have to continue using though they are 
292
        //not standard variable name
293 293
        handleExportAction(params, response, username, groupnames);
294 294
      } else if (action.equals("read")) {
295 295
        handleReadAction(params, response, username, groupnames);
......
777 777
            // get only docid, eliminate the rest
778 778
            docid = (String)murlQueryStr.get("docid");
779 779
            if ( zip ) {
780
              addDocToZip(docid, zout);
780
              addDocToZip(docid, zout, user, groups);
781 781
            } else {
782 782
              readFromMetacat(response, docid, qformat, abstrpath,
783 783
                              user, groups, zip, zout);
......
787 787
          } else {
788 788
            docid = docs[i];
789 789
            if ( zip ) {
790
              addDocToZip(docid, zout);
790
              addDocToZip(docid, zout, user, groups);
791 791
            } else {
792 792
              readFromURLConnection(response, docid);
793 793
            }
......
797 797
        } catch (MalformedURLException mue) {
798 798
          docid = docs[i];
799 799
          if ( zip ) {
800
            addDocToZip(docid, zout);
800
            addDocToZip(docid, zout, user, groups);
801 801
          } else {
802 802
            readFromMetacat(response, docid, qformat, abstrpath,
803 803
                            user, groups, zip, zout);
......
811 811
        zout.close();  //close the zip stream
812 812
      }
813 813
      
814
        /*
815
    } catch (ClassNotFoundException cnfe) {
816
    } catch (IOException ioe1) {
817
    } catch (SQLException se) {
818
    } catch (McdbException mcdbe) {
814
  
819 815
    } catch (Exception e) {
820
      */
821
    } catch (Exception e) {
822 816
      try {
823 817
        response.setContentType("text/xml"); //MIME type
824 818
        //PrintWriter pw = response.getWriter();
......
859 853
      conn = util.getConnection();
860 854
      DocumentImpl doc = new DocumentImpl(conn, docid);
861 855
      
856
      //check the permission for read
857
      if (!doc.hasReadPermission(conn, user, groups, docid))
858
      {
859
        Exception e = new Exception("User " + user + " does not have permission"
860
                       +" to read the document with the docid " + docid);
861
        util.returnConnection(conn);
862
        throw e;
863
      }
864
     
862 865
      if ( doc.getRootNodeID() == 0 ) {
863 866
        // this is data file
864 867
        ServletOutputStream out = response.getOutputStream(); 
......
978 981
  }
979 982
  
980 983
  // read file/doc and write to ZipOutputStream
981
  private void addDocToZip(String docid, ZipOutputStream zout)
984
  private void addDocToZip(String docid, ZipOutputStream zout, 
985
                              String user, String[] groups)
982 986
               throws ClassNotFoundException, IOException, SQLException, 
983 987
                      McdbException, Exception
984 988
  {
......
1012 1016
      try {
1013 1017
        conn = util.getConnection();
1014 1018
        DocumentImpl doc = new DocumentImpl(conn, docid);
1015
      
1019
        
1020
        //check the permission for read
1021
        if (!doc.hasReadPermission(conn, user, groups, docid))
1022
        {
1023
          Exception e = new Exception("User " + user + " does not have "
1024
                    +"permission to read the document with the docid " + docid);
1025
          util.returnConnection(conn);
1026
          throw e;
1027
        } 
1028
        
1016 1029
        if ( doc.getRootNodeID() == 0 ) {
1017 1030
          // this is data file; add file to zip
1018 1031
          String filepath = util.getOption("datafilepath");

Also available in: Unified diff