Revision 947
Added by Jing Tao almost 23 years ago
src/edu/ucsb/nceas/metacat/MetaCatServlet.java | ||
---|---|---|
276 | 276 |
} |
277 | 277 |
} |
278 | 278 |
|
279 |
// Now that we know the session is valid, we can delegate the request |
|
279 |
// Now that we know the session is valid, we can delegate the request
|
|
280 | 280 |
// to a particular action handler |
281 | 281 |
if(action.equals("query")) { |
282 | 282 |
handleQuery(response.getWriter(),params,response,username,groupnames); |
... | ... | |
288 | 288 |
out.println("Illegal action squery without \"query\" parameter"); |
289 | 289 |
} |
290 | 290 |
} else if (action.equals("export")) { |
291 |
//username and groupname have to continue using though they are
|
|
292 |
//not standard |
|
291 |
//"username" and "groupname" have to continue using though they are
|
|
292 |
//not standard variable name
|
|
293 | 293 |
handleExportAction(params, response, username, groupnames); |
294 | 294 |
} else if (action.equals("read")) { |
295 | 295 |
handleReadAction(params, response, username, groupnames); |
... | ... | |
777 | 777 |
// get only docid, eliminate the rest |
778 | 778 |
docid = (String)murlQueryStr.get("docid"); |
779 | 779 |
if ( zip ) { |
780 |
addDocToZip(docid, zout); |
|
780 |
addDocToZip(docid, zout, user, groups);
|
|
781 | 781 |
} else { |
782 | 782 |
readFromMetacat(response, docid, qformat, abstrpath, |
783 | 783 |
user, groups, zip, zout); |
... | ... | |
787 | 787 |
} else { |
788 | 788 |
docid = docs[i]; |
789 | 789 |
if ( zip ) { |
790 |
addDocToZip(docid, zout); |
|
790 |
addDocToZip(docid, zout, user, groups);
|
|
791 | 791 |
} else { |
792 | 792 |
readFromURLConnection(response, docid); |
793 | 793 |
} |
... | ... | |
797 | 797 |
} catch (MalformedURLException mue) { |
798 | 798 |
docid = docs[i]; |
799 | 799 |
if ( zip ) { |
800 |
addDocToZip(docid, zout); |
|
800 |
addDocToZip(docid, zout, user, groups);
|
|
801 | 801 |
} else { |
802 | 802 |
readFromMetacat(response, docid, qformat, abstrpath, |
803 | 803 |
user, groups, zip, zout); |
... | ... | |
811 | 811 |
zout.close(); //close the zip stream |
812 | 812 |
} |
813 | 813 |
|
814 |
/* |
|
815 |
} catch (ClassNotFoundException cnfe) { |
|
816 |
} catch (IOException ioe1) { |
|
817 |
} catch (SQLException se) { |
|
818 |
} catch (McdbException mcdbe) { |
|
814 |
|
|
819 | 815 |
} catch (Exception e) { |
820 |
*/ |
|
821 |
} catch (Exception e) { |
|
822 | 816 |
try { |
823 | 817 |
response.setContentType("text/xml"); //MIME type |
824 | 818 |
//PrintWriter pw = response.getWriter(); |
... | ... | |
859 | 853 |
conn = util.getConnection(); |
860 | 854 |
DocumentImpl doc = new DocumentImpl(conn, docid); |
861 | 855 |
|
856 |
//check the permission for read |
|
857 |
if (!doc.hasReadPermission(conn, user, groups, docid)) |
|
858 |
{ |
|
859 |
Exception e = new Exception("User " + user + " does not have permission" |
|
860 |
+" to read the document with the docid " + docid); |
|
861 |
util.returnConnection(conn); |
|
862 |
throw e; |
|
863 |
} |
|
864 |
|
|
862 | 865 |
if ( doc.getRootNodeID() == 0 ) { |
863 | 866 |
// this is data file |
864 | 867 |
ServletOutputStream out = response.getOutputStream(); |
... | ... | |
978 | 981 |
} |
979 | 982 |
|
980 | 983 |
// read file/doc and write to ZipOutputStream |
981 |
private void addDocToZip(String docid, ZipOutputStream zout) |
|
984 |
private void addDocToZip(String docid, ZipOutputStream zout, |
|
985 |
String user, String[] groups) |
|
982 | 986 |
throws ClassNotFoundException, IOException, SQLException, |
983 | 987 |
McdbException, Exception |
984 | 988 |
{ |
... | ... | |
1012 | 1016 |
try { |
1013 | 1017 |
conn = util.getConnection(); |
1014 | 1018 |
DocumentImpl doc = new DocumentImpl(conn, docid); |
1015 |
|
|
1019 |
|
|
1020 |
//check the permission for read |
|
1021 |
if (!doc.hasReadPermission(conn, user, groups, docid)) |
|
1022 |
{ |
|
1023 |
Exception e = new Exception("User " + user + " does not have " |
|
1024 |
+"permission to read the document with the docid " + docid); |
|
1025 |
util.returnConnection(conn); |
|
1026 |
throw e; |
|
1027 |
} |
|
1028 |
|
|
1016 | 1029 |
if ( doc.getRootNodeID() == 0 ) { |
1017 | 1030 |
// this is data file; add file to zip |
1018 | 1031 |
String filepath = util.getOption("datafilepath"); |
Also available in: Unified diff
The feature of check permission before Metacat handle a "read" action. If user doesn't have permission, its request will be rejected.
After creating a DocumentImpl object. A method named hasReadPermission in that class will be called to make sure the user has permission to read it.