Revision 952
Added by Jing Tao almost 23 years ago
src/edu/ucsb/nceas/metacat/AccessControlList.java | ||
---|---|---|
717 | 717 |
* Check if the users array has allow rules for given users, docid and |
718 | 718 |
* permission. |
719 | 719 |
* If it has permission rule and ticket count is greater than 0, the ticket |
720 |
* number will decrease one |
|
720 |
* number will decrease one for every allow rule
|
|
721 | 721 |
* @param principals, list of names of principals to check for |
722 | 722 |
* @param docid, document identifier to check for |
723 | 723 |
* @param permission, the permssion need to check |
... | ... | |
727 | 727 |
throws SQLException, Exception |
728 | 728 |
{ |
729 | 729 |
int lengthOfArray=principals.length; |
730 |
boolean allow=false;//initial value is no allow rule |
|
730 | 731 |
ResultSet rs; |
731 | 732 |
PreparedStatement pStmt; |
732 | 733 |
int permissionValue=intValue(permission); |
... | ... | |
773 | 774 |
decreaseNumberOfAccess(permissionValueInTable, principals[i], |
774 | 775 |
docId, ALLOW, ALLOWFIRST); |
775 | 776 |
} |
777 |
//ticketCount isnot null and greater than 0, order is not allowfirst |
|
778 |
if (!rs.wasNull() &&ticketCount>0 && !isAllowFirst(principals,docId)) |
|
779 |
{ |
|
780 |
decreaseNumberOfAccess(permissionValueInTable, principals[i], |
|
781 |
docId, ALLOW, DENYFIRST); |
|
782 |
} |
|
783 |
|
|
784 |
allow=true;//has allow rule entry |
|
785 |
}//if |
|
786 |
}//while |
|
787 |
}//for |
|
788 |
pStmt.close(); |
|
789 |
return allow; |
|
790 |
}//hasAllowRule |
|
791 |
|
|
792 |
/** |
|
793 |
* Check if the users array has allow rules for given users, docid and |
|
794 |
* permission. |
|
795 |
* If it has permission rule and ticket count is greater than 0, the ticket |
|
796 |
* number will decrease one |
|
797 |
* @param principals, list of names of principals to check for |
|
798 |
* @param docid, document identifier to check for |
|
799 |
* @param permission, the permssion need to check |
|
800 |
*/ |
|
801 |
private boolean hasAllowRuleBackup(String [] principals, String docId, |
|
802 |
String permission) |
|
803 |
throws SQLException, Exception |
|
804 |
{ |
|
805 |
int lengthOfArray=principals.length; |
|
806 |
ResultSet rs; |
|
807 |
PreparedStatement pStmt; |
|
808 |
int permissionValue=intValue(permission); |
|
809 |
int permissionValueInTable; |
|
810 |
int ticketCount; |
|
811 |
|
|
812 |
//This sql statement will select entry with |
|
813 |
//begin_time<=currentTime<=end_time in xml_access table |
|
814 |
//If begin_time or end_time is null in table, isnull(begin_time, sysdate) |
|
815 |
//function will assign begin_time=sysdate |
|
816 |
pStmt = conn.prepareStatement( |
|
817 |
"SELECT permission, ticket_count " + |
|
818 |
"FROM xml_access " + |
|
819 |
"WHERE docid = ? " + |
|
820 |
"AND principal_name = ? " + |
|
821 |
"AND perm_type = ? " + |
|
822 |
"AND " + sysdate + |
|
823 |
" BETWEEN " + isnull + "(begin_time," + sysdate + ") " + |
|
824 |
"AND " + isnull + "(end_time," + sysdate + ")"); |
|
825 |
//bind docid, perm_type |
|
826 |
pStmt.setString(1, docId); |
|
827 |
pStmt.setString(3, ALLOW); |
|
828 |
|
|
829 |
//bind every elenment in user name array |
|
830 |
for (int i=0;i<lengthOfArray; i++) |
|
831 |
{ |
|
832 |
pStmt.setString(2, principals[i]); |
|
833 |
pStmt.execute(); |
|
834 |
rs=pStmt.getResultSet(); |
|
835 |
while (rs.next())//check every entry for one user |
|
836 |
{ |
|
837 |
permissionValueInTable=rs.getInt(1); |
|
838 |
ticketCount=rs.getInt(2); |
|
839 |
|
|
840 |
//permission is ok and ticketcount geat than 0 or ticket is null, |
|
841 |
//the user have a permission to access the file |
|
842 |
if ((( permissionValueInTable & permissionValue )== permissionValue ) |
|
843 |
&& (rs.wasNull()||ticketCount > 0)) |
|
844 |
{ |
|
845 |
//ticket count should minus one |
|
846 |
//ticketCount isnot null and greater than 0, order is allowfirst |
|
847 |
if (!rs.wasNull() && ticketCount>0 && isAllowFirst(principals,docId)) |
|
848 |
{ |
|
849 |
decreaseNumberOfAccess(permissionValueInTable, principals[i], |
|
850 |
docId, ALLOW, ALLOWFIRST); |
|
851 |
} |
|
776 | 852 |
//ticketCount isnot null and greater than 0, order is not allowfirst |
777 | 853 |
if (!rs.wasNull() &&ticketCount>0 && !isAllowFirst(principals,docId)) |
778 | 854 |
{ |
Also available in: Unified diff
The method - hasAllowRule was revised. If a action -read or update was approved, all ticket count of allow rule entries for this action will minus one if the entries have ticket count number (not null).