Project

General

Profile

« Previous | Next » 

Revision 959

Added by Jing Tao almost 23 years ago

Add a new method getDataSetId to the class. The permission policy for access documents is: the user will have the same permission as data set file. (There is no entry in xml_access table for access document.

View differences:

src/edu/ucsb/nceas/metacat/AccessControlList.java
1088 1088
    }//else groups==null
1089 1089
    return usersPackage;
1090 1090
  }//createUsersPackage
1091
   
1091
 
1092 1092
  /**
1093
    * According the permission policy, user have the same permission to access
1094
    * doc to data set doc. (There is no entry in xml_access table for access 
1095
    * itself and we couldn't look-up the table to find permission rule).
1096
    *
1097
    * This method will return a data set id for given access id.
1098
    * @param accessDocId, the accessDocId which need to be found data set id
1099
   */
1100
  private String getDataSetId(String accessDocId) 
1101
                              throws SQLException, Exception
1102
  {
1103
    String dataSetId=null;
1104
    PreparedStatement pStmt;
1105
    ResultSet rs=null;
1106
    String query="SELECT docId from xml_relation where subject = ? or "
1107
                                                +"object = ?";
1108
    
1109
    pStmt=conn.prepareStatement(query);
1110
    //bind the value to query
1111
    pStmt.setString(1, accessDocId);
1112
    pStmt.setString(2, accessDocId);
1113
    //execute the query
1114
    pStmt.execute();
1115
    rs=pStmt.getResultSet();
1116
    //process the result
1117
    if (rs.next()) //There are some records for the data set id for access id
1118
    {
1119
        dataSetId=rs.getString(1);
1120
    }
1121
    else //No data set id for the given access id in xml_relation table
1122
    {
1123
      pStmt.close();
1124
      throw new Exception(" Couldn't find data set id for the given access "
1125
                          + "document id " +accessDocId);
1126
    }
1127
    
1128
    
1129
    pStmt.close();
1130
    return dataSetId;
1131
  }//getDataPackageId() 
1132
  
1133
  /**
1093 1134
    * Check from db connection if at least one of the list of @principals
1094 1135
    * has @permission on @docid.
1095 1136
    * @param permission permission type to check for
......
1098 1139
    */
1099 1140
  public boolean hasPermission(String permission, String user,
1100 1141
                               String[] groups, String docId )
1101
                 throws SQLException
1142
                 throws SQLException, Exception
1102 1143
  {
1103 1144
    //detele the rev number if docid contains it
1104 1145
    docId=MetaCatUtil.getDocIdFromString(docId);
1105 1146
    boolean hasPermission=false;
1106 1147
    String [] userPackage=null;
1107 1148
    
1108
    // b' of the command line invocation
1109
    if ( (user == null) && (groups == null || groups.length == 0) ) {
1110
      return true;
1111
    }
1112
    
1113
    
1149
   
1114 1150
    //create a userpackage including user, public and group member
1115 1151
    userPackage=createUsersPackage(user, groups);
1116 1152
    
1117
    //if the requested document is access documents the user should 
1118
    //have "all" permission not matter the requested permission
1153
    //if the requested document is access documents
1154
    //we will check the permission for document data set
1155
    //because there is no entries in xml_access table
1156
    //we will give users the same permission as data set
1119 1157
    if (isAccessDocument(docId))
1120 1158
    {
1121
      
1122
      // check for all permission on @docid for @userPackage
1123
      hasPermission = hasPermission(userPackage,docId,"all");
1124
      
1159
      //assign data set id to docId to replace the access docId
1160
      docId=getDataSetId(docId);
1161
      //check the permission for the data set id 
1162
      hasPermission = hasPermission(userPackage,docId,permission);
1163
           
1125 1164
    }//if
1126 1165
    else //if it is not access documents, just check the request permission
1127 1166
    {
......
1273 1312
    * @param groups names of user's groups to which user belongs
1274 1313
    */
1275 1314
  public String getACL(String docid, String user, String[] groups) 
1276
          throws SQLException
1315
          throws SQLException, Exception
1277 1316
  {
1278 1317
    StringBuffer output = new StringBuffer();
1279 1318
    StringBuffer outTemp = new StringBuffer();

Also available in: Unified diff