Project

General

Profile

« Previous | Next » 

Revision 966

Added by Jing Tao over 22 years ago

In hasPermission method, a rule for access document is implements. If user want to write a access document, it should hhave "all" permission.
The permission for access document now is looking up in xml_access table directly, rather get same permission to data set document.

View differences:

src/edu/ucsb/nceas/metacat/AccessControlList.java
692 692
        //get the permission order from data base
693 693
        String permissionOrder=rs.getString(1);
694 694
        //if the permission order is "allowFirst
695
        if (permissionOrder.compareTo(ALLOWFIRST)==0)
695
        if (permissionOrder.equalsIgnoreCase(ALLOWFIRST))
696 696
        {
697 697
          pStmt.close();
698 698
          return true;
......
1038 1038
      //if gouprs is not null and user is not public, we should create a array 
1039 1039
      //to store the groups and user and public. 
1040 1040
      //So the length of userPackage is the length of group plus two
1041
      if (user.compareTo(PUBLIC)!=0)
1041
      if (!user.equalsIgnoreCase(PUBLIC))
1042 1042
      {
1043 1043
        lengthOfPackage=(groups.length)+2;
1044 1044
        usersPackage=new String [lengthOfPackage];
......
1071 1071
    {
1072 1072
      //because no groups, the userPackage only need two elements
1073 1073
      //one is for user, the other is for public
1074
      if (user.compareTo(PUBLIC)!=0)
1074
      if (!user.equalsIgnoreCase(PUBLIC))
1075 1075
      {
1076 1076
        lengthOfPackage=2;
1077 1077
        usersPackage=new String [lengthOfPackage];
......
1090 1090
  }//createUsersPackage
1091 1091
 
1092 1092
  /**
1093
    * According the permission policy, user have the same permission to access
1094
    * doc to data set doc. (There is no entry in xml_access table for access 
1095
    * itself and we couldn't look-up the table to find permission rule).
1096
    *
1097 1093
    * This method will return a data set id for given access id.
1098 1094
    * @param accessDocId, the accessDocId which need to be found data set id
1099 1095
   */
......
1148 1144
    //create a userpackage including user, public and group member
1149 1145
    userPackage=createUsersPackage(user, groups);
1150 1146
    
1151
    //if the requested document is access documents
1152
    //we will check the permission for document data set
1153
    //because there is no entries in xml_access table
1154
    //we will give users the same permission as data set
1155
    if (isAccessDocument(docId))
1147
    //if the requested document is access documents and requested permission
1148
    //is "write", the user should have "all" right
1149
    if (isAccessDocument(docId) && (intValue(permission)==WRITE))
1156 1150
    {
1157
      //assign data set id to datasetdocId to replace the access docId
1158
      String dataSetDocId=getDataSetId(docId);
1159
      if (dataSetDocId!=null)
1160
      {
1161
        //if get the data set id, check the permission for the data set id 
1162
        hasPermission = hasPermission(userPackage,dataSetDocId,permission);
1163
      }
1164
      else if (containDocumentOwner(userPackage, docId))
1165
      {
1166
        //if we couldn't find the data set id for access document in 
1167
        //xml-relation table, check if the userPakcage  contains the access
1168
        //document owner. if have, permission=true
1169
        hasPermission=true;
1170
      }
1171
      else
1172
      {
1173
        //we couldn't find the data set id for access document and userpackage
1174
        //doen't contain the access document owner. permission=flase
1175
        hasPermission=false;
1176
      }
1177
      
1178
           
1151
      hasPermission = hasPermission(userPackage,docId, "ALL");
1179 1152
    }//if
1180
    else //if it is not access documents, just check the request permission
1153
    else //in other situation, just check the request permission
1181 1154
    {
1182 1155
    
1183 1156
      // Check for @permission on @docid for @user and/or @groups
......
1252 1225
      MetaCatUtil.debugMessage("There is a exception in hasPermission method: "
1253 1226
                         +e.getMessage());
1254 1227
    }
1228
   
1255 1229
    return false;
1256 1230
  }//hasPermission
1257 1231
 

Also available in: Unified diff