Revision 947
Added by Jing Tao over 22 years ago
| src/edu/ucsb/nceas/metacat/MetaCatServlet.java | ||
|---|---|---|
| 276 | 276 |
} |
| 277 | 277 |
} |
| 278 | 278 |
|
| 279 |
// Now that we know the session is valid, we can delegate the request |
|
| 279 |
// Now that we know the session is valid, we can delegate the request
|
|
| 280 | 280 |
// to a particular action handler |
| 281 | 281 |
if(action.equals("query")) {
|
| 282 | 282 |
handleQuery(response.getWriter(),params,response,username,groupnames); |
| ... | ... | |
| 288 | 288 |
out.println("Illegal action squery without \"query\" parameter");
|
| 289 | 289 |
} |
| 290 | 290 |
} else if (action.equals("export")) {
|
| 291 |
//username and groupname have to continue using though they are
|
|
| 292 |
//not standard |
|
| 291 |
//"username" and "groupname" have to continue using though they are
|
|
| 292 |
//not standard variable name
|
|
| 293 | 293 |
handleExportAction(params, response, username, groupnames); |
| 294 | 294 |
} else if (action.equals("read")) {
|
| 295 | 295 |
handleReadAction(params, response, username, groupnames); |
| ... | ... | |
| 777 | 777 |
// get only docid, eliminate the rest |
| 778 | 778 |
docid = (String)murlQueryStr.get("docid");
|
| 779 | 779 |
if ( zip ) {
|
| 780 |
addDocToZip(docid, zout); |
|
| 780 |
addDocToZip(docid, zout, user, groups);
|
|
| 781 | 781 |
} else {
|
| 782 | 782 |
readFromMetacat(response, docid, qformat, abstrpath, |
| 783 | 783 |
user, groups, zip, zout); |
| ... | ... | |
| 787 | 787 |
} else {
|
| 788 | 788 |
docid = docs[i]; |
| 789 | 789 |
if ( zip ) {
|
| 790 |
addDocToZip(docid, zout); |
|
| 790 |
addDocToZip(docid, zout, user, groups);
|
|
| 791 | 791 |
} else {
|
| 792 | 792 |
readFromURLConnection(response, docid); |
| 793 | 793 |
} |
| ... | ... | |
| 797 | 797 |
} catch (MalformedURLException mue) {
|
| 798 | 798 |
docid = docs[i]; |
| 799 | 799 |
if ( zip ) {
|
| 800 |
addDocToZip(docid, zout); |
|
| 800 |
addDocToZip(docid, zout, user, groups);
|
|
| 801 | 801 |
} else {
|
| 802 | 802 |
readFromMetacat(response, docid, qformat, abstrpath, |
| 803 | 803 |
user, groups, zip, zout); |
| ... | ... | |
| 811 | 811 |
zout.close(); //close the zip stream |
| 812 | 812 |
} |
| 813 | 813 |
|
| 814 |
/* |
|
| 815 |
} catch (ClassNotFoundException cnfe) {
|
|
| 816 |
} catch (IOException ioe1) {
|
|
| 817 |
} catch (SQLException se) {
|
|
| 818 |
} catch (McdbException mcdbe) {
|
|
| 814 |
|
|
| 819 | 815 |
} catch (Exception e) {
|
| 820 |
*/ |
|
| 821 |
} catch (Exception e) {
|
|
| 822 | 816 |
try {
|
| 823 | 817 |
response.setContentType("text/xml"); //MIME type
|
| 824 | 818 |
//PrintWriter pw = response.getWriter(); |
| ... | ... | |
| 859 | 853 |
conn = util.getConnection(); |
| 860 | 854 |
DocumentImpl doc = new DocumentImpl(conn, docid); |
| 861 | 855 |
|
| 856 |
//check the permission for read |
|
| 857 |
if (!doc.hasReadPermission(conn, user, groups, docid)) |
|
| 858 |
{
|
|
| 859 |
Exception e = new Exception("User " + user + " does not have permission"
|
|
| 860 |
+" to read the document with the docid " + docid); |
|
| 861 |
util.returnConnection(conn); |
|
| 862 |
throw e; |
|
| 863 |
} |
|
| 864 |
|
|
| 862 | 865 |
if ( doc.getRootNodeID() == 0 ) {
|
| 863 | 866 |
// this is data file |
| 864 | 867 |
ServletOutputStream out = response.getOutputStream(); |
| ... | ... | |
| 978 | 981 |
} |
| 979 | 982 |
|
| 980 | 983 |
// read file/doc and write to ZipOutputStream |
| 981 |
private void addDocToZip(String docid, ZipOutputStream zout) |
|
| 984 |
private void addDocToZip(String docid, ZipOutputStream zout, |
|
| 985 |
String user, String[] groups) |
|
| 982 | 986 |
throws ClassNotFoundException, IOException, SQLException, |
| 983 | 987 |
McdbException, Exception |
| 984 | 988 |
{
|
| ... | ... | |
| 1012 | 1016 |
try {
|
| 1013 | 1017 |
conn = util.getConnection(); |
| 1014 | 1018 |
DocumentImpl doc = new DocumentImpl(conn, docid); |
| 1015 |
|
|
| 1019 |
|
|
| 1020 |
//check the permission for read |
|
| 1021 |
if (!doc.hasReadPermission(conn, user, groups, docid)) |
|
| 1022 |
{
|
|
| 1023 |
Exception e = new Exception("User " + user + " does not have "
|
|
| 1024 |
+"permission to read the document with the docid " + docid); |
|
| 1025 |
util.returnConnection(conn); |
|
| 1026 |
throw e; |
|
| 1027 |
} |
|
| 1028 |
|
|
| 1016 | 1029 |
if ( doc.getRootNodeID() == 0 ) {
|
| 1017 | 1030 |
// this is data file; add file to zip |
| 1018 | 1031 |
String filepath = util.getOption("datafilepath");
|
Also available in: Unified diff
The feature of check permission before Metacat handle a "read" action. If user doesn't have permission, its request will be rejected.
After creating a DocumentImpl object. A method named hasReadPermission in that class will be called to make sure the user has permission to read it.