Revision 959
Added by Jing Tao almost 23 years ago
src/edu/ucsb/nceas/metacat/AccessControlList.java | ||
---|---|---|
1088 | 1088 |
}//else groups==null |
1089 | 1089 |
return usersPackage; |
1090 | 1090 |
}//createUsersPackage |
1091 |
|
|
1091 |
|
|
1092 | 1092 |
/** |
1093 |
* According the permission policy, user have the same permission to access |
|
1094 |
* doc to data set doc. (There is no entry in xml_access table for access |
|
1095 |
* itself and we couldn't look-up the table to find permission rule). |
|
1096 |
* |
|
1097 |
* This method will return a data set id for given access id. |
|
1098 |
* @param accessDocId, the accessDocId which need to be found data set id |
|
1099 |
*/ |
|
1100 |
private String getDataSetId(String accessDocId) |
|
1101 |
throws SQLException, Exception |
|
1102 |
{ |
|
1103 |
String dataSetId=null; |
|
1104 |
PreparedStatement pStmt; |
|
1105 |
ResultSet rs=null; |
|
1106 |
String query="SELECT docId from xml_relation where subject = ? or " |
|
1107 |
+"object = ?"; |
|
1108 |
|
|
1109 |
pStmt=conn.prepareStatement(query); |
|
1110 |
//bind the value to query |
|
1111 |
pStmt.setString(1, accessDocId); |
|
1112 |
pStmt.setString(2, accessDocId); |
|
1113 |
//execute the query |
|
1114 |
pStmt.execute(); |
|
1115 |
rs=pStmt.getResultSet(); |
|
1116 |
//process the result |
|
1117 |
if (rs.next()) //There are some records for the data set id for access id |
|
1118 |
{ |
|
1119 |
dataSetId=rs.getString(1); |
|
1120 |
} |
|
1121 |
else //No data set id for the given access id in xml_relation table |
|
1122 |
{ |
|
1123 |
pStmt.close(); |
|
1124 |
throw new Exception(" Couldn't find data set id for the given access " |
|
1125 |
+ "document id " +accessDocId); |
|
1126 |
} |
|
1127 |
|
|
1128 |
|
|
1129 |
pStmt.close(); |
|
1130 |
return dataSetId; |
|
1131 |
}//getDataPackageId() |
|
1132 |
|
|
1133 |
/** |
|
1093 | 1134 |
* Check from db connection if at least one of the list of @principals |
1094 | 1135 |
* has @permission on @docid. |
1095 | 1136 |
* @param permission permission type to check for |
... | ... | |
1098 | 1139 |
*/ |
1099 | 1140 |
public boolean hasPermission(String permission, String user, |
1100 | 1141 |
String[] groups, String docId ) |
1101 |
throws SQLException |
|
1142 |
throws SQLException, Exception
|
|
1102 | 1143 |
{ |
1103 | 1144 |
//detele the rev number if docid contains it |
1104 | 1145 |
docId=MetaCatUtil.getDocIdFromString(docId); |
1105 | 1146 |
boolean hasPermission=false; |
1106 | 1147 |
String [] userPackage=null; |
1107 | 1148 |
|
1108 |
// b' of the command line invocation |
|
1109 |
if ( (user == null) && (groups == null || groups.length == 0) ) { |
|
1110 |
return true; |
|
1111 |
} |
|
1112 |
|
|
1113 |
|
|
1149 |
|
|
1114 | 1150 |
//create a userpackage including user, public and group member |
1115 | 1151 |
userPackage=createUsersPackage(user, groups); |
1116 | 1152 |
|
1117 |
//if the requested document is access documents the user should |
|
1118 |
//have "all" permission not matter the requested permission |
|
1153 |
//if the requested document is access documents |
|
1154 |
//we will check the permission for document data set |
|
1155 |
//because there is no entries in xml_access table |
|
1156 |
//we will give users the same permission as data set |
|
1119 | 1157 |
if (isAccessDocument(docId)) |
1120 | 1158 |
{ |
1121 |
|
|
1122 |
// check for all permission on @docid for @userPackage |
|
1123 |
hasPermission = hasPermission(userPackage,docId,"all"); |
|
1124 |
|
|
1159 |
//assign data set id to docId to replace the access docId |
|
1160 |
docId=getDataSetId(docId); |
|
1161 |
//check the permission for the data set id |
|
1162 |
hasPermission = hasPermission(userPackage,docId,permission); |
|
1163 |
|
|
1125 | 1164 |
}//if |
1126 | 1165 |
else //if it is not access documents, just check the request permission |
1127 | 1166 |
{ |
... | ... | |
1273 | 1312 |
* @param groups names of user's groups to which user belongs |
1274 | 1313 |
*/ |
1275 | 1314 |
public String getACL(String docid, String user, String[] groups) |
1276 |
throws SQLException |
|
1315 |
throws SQLException, Exception
|
|
1277 | 1316 |
{ |
1278 | 1317 |
StringBuffer output = new StringBuffer(); |
1279 | 1318 |
StringBuffer outTemp = new StringBuffer(); |
Also available in: Unified diff
Add a new method getDataSetId to the class. The permission policy for access documents is: the user will have the same permission as data set file. (There is no entry in xml_access table for access document.