Revision 966
Added by Jing Tao over 22 years ago
| src/edu/ucsb/nceas/metacat/AccessControlList.java | ||
|---|---|---|
| 692 | 692 |
//get the permission order from data base |
| 693 | 693 |
String permissionOrder=rs.getString(1); |
| 694 | 694 |
//if the permission order is "allowFirst |
| 695 |
if (permissionOrder.compareTo(ALLOWFIRST)==0)
|
|
| 695 |
if (permissionOrder.equalsIgnoreCase(ALLOWFIRST))
|
|
| 696 | 696 |
{
|
| 697 | 697 |
pStmt.close(); |
| 698 | 698 |
return true; |
| ... | ... | |
| 1038 | 1038 |
//if gouprs is not null and user is not public, we should create a array |
| 1039 | 1039 |
//to store the groups and user and public. |
| 1040 | 1040 |
//So the length of userPackage is the length of group plus two |
| 1041 |
if (user.compareTo(PUBLIC)!=0)
|
|
| 1041 |
if (!user.equalsIgnoreCase(PUBLIC))
|
|
| 1042 | 1042 |
{
|
| 1043 | 1043 |
lengthOfPackage=(groups.length)+2; |
| 1044 | 1044 |
usersPackage=new String [lengthOfPackage]; |
| ... | ... | |
| 1071 | 1071 |
{
|
| 1072 | 1072 |
//because no groups, the userPackage only need two elements |
| 1073 | 1073 |
//one is for user, the other is for public |
| 1074 |
if (user.compareTo(PUBLIC)!=0)
|
|
| 1074 |
if (!user.equalsIgnoreCase(PUBLIC))
|
|
| 1075 | 1075 |
{
|
| 1076 | 1076 |
lengthOfPackage=2; |
| 1077 | 1077 |
usersPackage=new String [lengthOfPackage]; |
| ... | ... | |
| 1090 | 1090 |
}//createUsersPackage |
| 1091 | 1091 |
|
| 1092 | 1092 |
/** |
| 1093 |
* According the permission policy, user have the same permission to access |
|
| 1094 |
* doc to data set doc. (There is no entry in xml_access table for access |
|
| 1095 |
* itself and we couldn't look-up the table to find permission rule). |
|
| 1096 |
* |
|
| 1097 | 1093 |
* This method will return a data set id for given access id. |
| 1098 | 1094 |
* @param accessDocId, the accessDocId which need to be found data set id |
| 1099 | 1095 |
*/ |
| ... | ... | |
| 1148 | 1144 |
//create a userpackage including user, public and group member |
| 1149 | 1145 |
userPackage=createUsersPackage(user, groups); |
| 1150 | 1146 |
|
| 1151 |
//if the requested document is access documents |
|
| 1152 |
//we will check the permission for document data set |
|
| 1153 |
//because there is no entries in xml_access table |
|
| 1154 |
//we will give users the same permission as data set |
|
| 1155 |
if (isAccessDocument(docId)) |
|
| 1147 |
//if the requested document is access documents and requested permission |
|
| 1148 |
//is "write", the user should have "all" right |
|
| 1149 |
if (isAccessDocument(docId) && (intValue(permission)==WRITE)) |
|
| 1156 | 1150 |
{
|
| 1157 |
//assign data set id to datasetdocId to replace the access docId |
|
| 1158 |
String dataSetDocId=getDataSetId(docId); |
|
| 1159 |
if (dataSetDocId!=null) |
|
| 1160 |
{
|
|
| 1161 |
//if get the data set id, check the permission for the data set id |
|
| 1162 |
hasPermission = hasPermission(userPackage,dataSetDocId,permission); |
|
| 1163 |
} |
|
| 1164 |
else if (containDocumentOwner(userPackage, docId)) |
|
| 1165 |
{
|
|
| 1166 |
//if we couldn't find the data set id for access document in |
|
| 1167 |
//xml-relation table, check if the userPakcage contains the access |
|
| 1168 |
//document owner. if have, permission=true |
|
| 1169 |
hasPermission=true; |
|
| 1170 |
} |
|
| 1171 |
else |
|
| 1172 |
{
|
|
| 1173 |
//we couldn't find the data set id for access document and userpackage |
|
| 1174 |
//doen't contain the access document owner. permission=flase |
|
| 1175 |
hasPermission=false; |
|
| 1176 |
} |
|
| 1177 |
|
|
| 1178 |
|
|
| 1151 |
hasPermission = hasPermission(userPackage,docId, "ALL"); |
|
| 1179 | 1152 |
}//if |
| 1180 |
else //if it is not access documents, just check the request permission
|
|
| 1153 |
else //in other situation, just check the request permission
|
|
| 1181 | 1154 |
{
|
| 1182 | 1155 |
|
| 1183 | 1156 |
// Check for @permission on @docid for @user and/or @groups |
| ... | ... | |
| 1252 | 1225 |
MetaCatUtil.debugMessage("There is a exception in hasPermission method: "
|
| 1253 | 1226 |
+e.getMessage()); |
| 1254 | 1227 |
} |
| 1228 |
|
|
| 1255 | 1229 |
return false; |
| 1256 | 1230 |
}//hasPermission |
| 1257 | 1231 |
|
Also available in: Unified diff
In hasPermission method, a rule for access document is implements. If user want to write a access document, it should hhave "all" permission.
The permission for access document now is looking up in xml_access table directly, rather get same permission to data set document.