Project

General

Profile

« Previous | Next » 

Revision 961

Added by Jing Tao almost 23 years ago

We decided that the permission for a user to an access documents is as same as to the data set document(which contains the access document). In order to do this, we need to look-up xml-relation table. If we could find the data set document id, just check the id. If we couldn't find one, we need check if the user is owner. If it is, has permission. Otherwise, doesn't have.

View differences:

src/edu/ucsb/nceas/metacat/AccessControlList.java
65 65
  private static final String PUBLIC="public";
66 66
  private static String sysdate = MetaCatUtil.dbAdapter.getDateTimeFunction();
67 67
  private static String isnull = MetaCatUtil.dbAdapter.getIsNULLFunction();
68

  
68
  
69 69
  private Connection conn;
70 70
  private String parserName;
71 71
  private Stack elementStack;
72 72
  private String server;
73 73
  private String sep;
74

  
74
 
75 75
  private boolean	processingDTD;
76 76
  private String  user;
77 77
  private String[] groups;
......
1098 1098
    * @param accessDocId, the accessDocId which need to be found data set id
1099 1099
   */
1100 1100
  private String getDataSetId(String accessDocId) 
1101
                              throws SQLException, Exception
1101
                              throws SQLException
1102 1102
  {
1103 1103
    String dataSetId=null;
1104 1104
    PreparedStatement pStmt;
......
1116 1116
    //process the result
1117 1117
    if (rs.next()) //There are some records for the data set id for access id
1118 1118
    {
1119
        dataSetId=rs.getString(1);
1119
      dataSetId=rs.getString(1);
1120 1120
    }
1121 1121
    else //No data set id for the given access id in xml_relation table
1122 1122
    {
1123
      pStmt.close();
1124
      throw new Exception(" Couldn't find data set id for the given access "
1125
                          + "document id " +accessDocId);
1123
      dataSetId=null;
1126 1124
    }
1127 1125
    
1128 1126
    
......
1156 1154
    //we will give users the same permission as data set
1157 1155
    if (isAccessDocument(docId))
1158 1156
    {
1159
      //assign data set id to docId to replace the access docId
1160
      docId=getDataSetId(docId);
1161
      //check the permission for the data set id 
1162
      hasPermission = hasPermission(userPackage,docId,permission);
1157
      //assign data set id to datasetdocId to replace the access docId
1158
      String dataSetDocId=getDataSetId(docId);
1159
      if (dataSetDocId!=null)
1160
      {
1161
        //if get the data set id, check the permission for the data set id 
1162
        hasPermission = hasPermission(userPackage,dataSetDocId,permission);
1163
      }
1164
      else if (containDocumentOwner(userPackage, docId))
1165
      {
1166
        //if we couldn't find the data set id for access document in 
1167
        //xml-relation table, check if the userPakcage  contains the access
1168
        //document owner. if have, permission=true
1169
        hasPermission=true;
1170
      }
1171
      else
1172
      {
1173
        //we couldn't find the data set id for access document and userpackage
1174
        //doen't contain the access document owner. permission=flase
1175
        hasPermission=false;
1176
      }
1177
      
1163 1178
           
1164 1179
    }//if
1165 1180
    else //if it is not access documents, just check the request permission

Also available in: Unified diff