Revision 959
Added by Jing Tao about 22 years ago
| src/edu/ucsb/nceas/metacat/AccessControlList.java | ||
|---|---|---|
| 1088 | 1088 |
}//else groups==null |
| 1089 | 1089 |
return usersPackage; |
| 1090 | 1090 |
}//createUsersPackage |
| 1091 |
|
|
| 1091 |
|
|
| 1092 | 1092 |
/** |
| 1093 |
* According the permission policy, user have the same permission to access |
|
| 1094 |
* doc to data set doc. (There is no entry in xml_access table for access |
|
| 1095 |
* itself and we couldn't look-up the table to find permission rule). |
|
| 1096 |
* |
|
| 1097 |
* This method will return a data set id for given access id. |
|
| 1098 |
* @param accessDocId, the accessDocId which need to be found data set id |
|
| 1099 |
*/ |
|
| 1100 |
private String getDataSetId(String accessDocId) |
|
| 1101 |
throws SQLException, Exception |
|
| 1102 |
{
|
|
| 1103 |
String dataSetId=null; |
|
| 1104 |
PreparedStatement pStmt; |
|
| 1105 |
ResultSet rs=null; |
|
| 1106 |
String query="SELECT docId from xml_relation where subject = ? or " |
|
| 1107 |
+"object = ?"; |
|
| 1108 |
|
|
| 1109 |
pStmt=conn.prepareStatement(query); |
|
| 1110 |
//bind the value to query |
|
| 1111 |
pStmt.setString(1, accessDocId); |
|
| 1112 |
pStmt.setString(2, accessDocId); |
|
| 1113 |
//execute the query |
|
| 1114 |
pStmt.execute(); |
|
| 1115 |
rs=pStmt.getResultSet(); |
|
| 1116 |
//process the result |
|
| 1117 |
if (rs.next()) //There are some records for the data set id for access id |
|
| 1118 |
{
|
|
| 1119 |
dataSetId=rs.getString(1); |
|
| 1120 |
} |
|
| 1121 |
else //No data set id for the given access id in xml_relation table |
|
| 1122 |
{
|
|
| 1123 |
pStmt.close(); |
|
| 1124 |
throw new Exception(" Couldn't find data set id for the given access "
|
|
| 1125 |
+ "document id " +accessDocId); |
|
| 1126 |
} |
|
| 1127 |
|
|
| 1128 |
|
|
| 1129 |
pStmt.close(); |
|
| 1130 |
return dataSetId; |
|
| 1131 |
}//getDataPackageId() |
|
| 1132 |
|
|
| 1133 |
/** |
|
| 1093 | 1134 |
* Check from db connection if at least one of the list of @principals |
| 1094 | 1135 |
* has @permission on @docid. |
| 1095 | 1136 |
* @param permission permission type to check for |
| ... | ... | |
| 1098 | 1139 |
*/ |
| 1099 | 1140 |
public boolean hasPermission(String permission, String user, |
| 1100 | 1141 |
String[] groups, String docId ) |
| 1101 |
throws SQLException |
|
| 1142 |
throws SQLException, Exception
|
|
| 1102 | 1143 |
{
|
| 1103 | 1144 |
//detele the rev number if docid contains it |
| 1104 | 1145 |
docId=MetaCatUtil.getDocIdFromString(docId); |
| 1105 | 1146 |
boolean hasPermission=false; |
| 1106 | 1147 |
String [] userPackage=null; |
| 1107 | 1148 |
|
| 1108 |
// b' of the command line invocation |
|
| 1109 |
if ( (user == null) && (groups == null || groups.length == 0) ) {
|
|
| 1110 |
return true; |
|
| 1111 |
} |
|
| 1112 |
|
|
| 1113 |
|
|
| 1149 |
|
|
| 1114 | 1150 |
//create a userpackage including user, public and group member |
| 1115 | 1151 |
userPackage=createUsersPackage(user, groups); |
| 1116 | 1152 |
|
| 1117 |
//if the requested document is access documents the user should |
|
| 1118 |
//have "all" permission not matter the requested permission |
|
| 1153 |
//if the requested document is access documents |
|
| 1154 |
//we will check the permission for document data set |
|
| 1155 |
//because there is no entries in xml_access table |
|
| 1156 |
//we will give users the same permission as data set |
|
| 1119 | 1157 |
if (isAccessDocument(docId)) |
| 1120 | 1158 |
{
|
| 1121 |
|
|
| 1122 |
// check for all permission on @docid for @userPackage |
|
| 1123 |
hasPermission = hasPermission(userPackage,docId,"all"); |
|
| 1124 |
|
|
| 1159 |
//assign data set id to docId to replace the access docId |
|
| 1160 |
docId=getDataSetId(docId); |
|
| 1161 |
//check the permission for the data set id |
|
| 1162 |
hasPermission = hasPermission(userPackage,docId,permission); |
|
| 1163 |
|
|
| 1125 | 1164 |
}//if |
| 1126 | 1165 |
else //if it is not access documents, just check the request permission |
| 1127 | 1166 |
{
|
| ... | ... | |
| 1273 | 1312 |
* @param groups names of user's groups to which user belongs |
| 1274 | 1313 |
*/ |
| 1275 | 1314 |
public String getACL(String docid, String user, String[] groups) |
| 1276 |
throws SQLException |
|
| 1315 |
throws SQLException, Exception
|
|
| 1277 | 1316 |
{
|
| 1278 | 1317 |
StringBuffer output = new StringBuffer(); |
| 1279 | 1318 |
StringBuffer outTemp = new StringBuffer(); |
Also available in: Unified diff
Add a new method getDataSetId to the class. The permission policy for access documents is: the user will have the same permission as data set file. (There is no entry in xml_access table for access document.