Project

General

Profile

Revision 1369

Added by Jing Tao almost 18 years ago

Create a action setaccess for assign access rule to single file.

View differences:

src/edu/ucsb/nceas/metacat/MetaCatServlet.java
43 43
import java.util.ResourceBundle;
44 44
import java.util.Random;
45 45
import java.util.PropertyResourceBundle;
46
import java.util.Vector;
46 47
import java.net.URL;
47 48
import java.net.MalformedURLException;
48 49
import java.sql.PreparedStatement;
......
115 116
  private PropertyResourceBundle options = null;
116 117
  private MetaCatUtil util = null;
117 118
  private DBConnectionPool connPool = null;
119
  private static final String PROLOG = "<?xml version=\"1.0\"?>";
120
  private static final String SUCCESS = "<success>";
121
  private static final String SUCCESSCLOSE = "</success>";
122
  private static final String ERROR = "<error>";
123
  private static final String ERRORCLOSE = "</error>";
118 124

  
119 125
  /**
120 126
   * Initialize the servlet by creating appropriate database connections
......
341 347
        PrintWriter out = response.getWriter();
342 348
        handleValidateAction(out, params);
343 349
        out.close();
350
      } else if (action.equals("setaccess")) {
351
         PrintWriter out = response.getWriter();
352
         handleSetAccessAction(out, params, username);
353
        out.close();
344 354
      } else if (action.equals("getaccesscontrol")) {
345 355
        PrintWriter out = response.getWriter();
346 356
        handleGetAccessControlAction(out,params,response,username,groupnames);
......
2047 2057
      out.println("</error>");
2048 2058
    }
2049 2059
  }
2060
  
2061
  /*
2062
   * A method to handle set access action
2063
   */
2064
  private void handleSetAccessAction(PrintWriter out,
2065
                                   Hashtable params,
2066
                                   String username)
2067
  {
2068
    String [] docList        = null;
2069
    String [] principalList  = null;
2070
    String [] permissionList = null;
2071
    String [] permTypeList   = null;
2072
    String [] permOrderList  = null;
2073
    String permission = null;
2074
    String permType   = null;
2075
    String permOrder  = null;
2076
    Vector errorList  = new Vector();
2077
    String error      = null;
2078
    Vector successList = new Vector();
2079
    String success    = null;
2080
   
2081
    
2082
    // Get parameters
2083
    if (params.containsKey("docid")) 
2084
    {
2085
      docList = (String[])params.get("docid");
2086
    }
2087
    if (params.containsKey("principal"))
2088
    {
2089
      principalList = (String[])params.get("principal"); 
2090
    }
2091
    if (params.containsKey("permission"))
2092
    {
2093
      permissionList = (String[])params.get("permission");
2094
      
2095
    }
2096
    if (params.containsKey("permType"))
2097
    {
2098
      permTypeList = (String[])params.get("permType");
2099
    
2100
    }
2101
    if (params.containsKey("permOrder"))
2102
    {
2103
      permOrderList = (String[])params.get("permOrder");
2104
     
2105
    }
2106
   
2107
    // Make sure the parameter is not null
2108
    if (docList == null || principalList == null || permTypeList == null ||
2109
        permissionList == null)
2110
    {
2111
      error = "Please check your parameter list, it should look like: "+
2112
              "?action=setaccess&docid=pipeline.1.1&principal=public" +
2113
              "&permission=read&permType=allow&permOrder=allowFirst";
2114
      errorList.addElement(error);
2115
      outputResponse(successList, errorList, out);
2116
      return;
2117
    }
2118
    
2119
    // Only select first element for permission, type and order
2120
    permission = permissionList[0];
2121
    permType = permTypeList[0];
2122
    if (permOrderList != null)
2123
    {
2124
       permOrder = permOrderList[0];
2125
    }
2126
    
2127
    // Get package doctype set
2128
    Vector packageSet =MetaCatUtil.getOptionList(
2129
                                    MetaCatUtil.getOption("packagedoctypeset"));
2130
    //debug
2131
    if (packageSet != null)
2132
    {
2133
      for (int i = 0; i<packageSet.size(); i++)
2134
      {
2135
        MetaCatUtil.debugMessage("doctype in package set: " + 
2136
                              (String)packageSet.elementAt(i), 34);
2137
      }
2138
    }//if
2139
    
2140
    // handle every accessionNumber
2141
    for (int i=0; i <docList.length; i++)
2142
    {
2143
      String accessionNumber = docList[i];
2144
      String owner = null;
2145
      String publicId = null;
2146
      // Get document owner and public id
2147
      try
2148
      {
2149
        owner = getFieldValueForDoc(accessionNumber, "user_owner");
2150
        publicId = getFieldValueForDoc(accessionNumber, "doctype");
2151
      }//try
2152
      catch (Exception e)
2153
      {
2154
        MetaCatUtil.debugMessage("Error in handleSetAccessAction: " +
2155
                                  e.getMessage(), 30);
2156
        error = "Error in set access control for document - " + accessionNumber+
2157
                 e.getMessage();
2158
        errorList.addElement(error);
2159
        continue;
2160
      }
2161
      //check if user is the owner. Only owner can do owner                            
2162
      if (username == null || owner == null || !username.equals(owner))
2163
      {
2164
        error = "User - " + username + " does not have permission to set " +
2165
                "access control for docid - " + accessionNumber;
2166
        errorList.addElement(error);
2167
        continue;
2168
      }
2169
      
2170
      // If docid publicid is BIN data file or other beta4, 6 package document
2171
      // we could not do set access control. Because we don't want inconsistent
2172
      // to its access docuemnt
2173
      if (publicId!=null && packageSet!=null && packageSet.contains(publicId))
2174
      {
2175
        error = "Could not set access control to document "+ accessionNumber +
2176
                "because it is in a pakcage and it has a access file for it";
2177
        errorList.addElement(error);
2178
        continue;
2179
      }
2180
      
2181
      // for every principle
2182
      for (int j = 0; j<principalList.length; j++)
2183
      {
2184
        String principal = principalList[j];
2185
        try
2186
        {
2187
          //insert permission
2188
          AccessControlForSingleFile accessControl = new 
2189
                           AccessControlForSingleFile(accessionNumber,
2190
                                    principal, permission, permType, permOrder);
2191
          accessControl.insertPermissions();
2192
          success = "Set access control to document "+ accessionNumber +
2193
                    " successfully";
2194
          successList.addElement(success);
2195
        }
2196
        catch (Exception ee)
2197
        {
2198
          MetaCatUtil.debugMessage("Erorr in handleSetAccessAction2: " +
2199
                                   ee.getMessage(), 30);
2200
          error = "Faild to set access control for document " + 
2201
                  accessionNumber + " because " + ee.getMessage();
2202
          errorList.addElement(error);
2203
          continue;
2204
        }
2205
      }//for every principle
2206
    }//for every document 
2207
    outputResponse(successList, errorList, out);
2208
  }//handleSetAccessAction
2209
  
2210
 
2211
  /*
2212
   * A method try to determin a docid's public id, if couldn't find null
2213
   * will be returned.
2214
   */
2215
  private String getFieldValueForDoc(String accessionNumber, String fieldName) 
2216
                                      throws Exception
2217
  {
2218
    if (accessionNumber==null || accessionNumber.equals("") ||fieldName == null
2219
        || fieldName.equals(""))
2220
    {
2221
      throw new Exception("Docid or field name was not specified");
2222
    }
2223
    
2224
    PreparedStatement pstmt = null;
2225
    ResultSet rs = null;
2226
    String fieldValue = null;
2227
    String docId = null;
2228
    DBConnection conn = null;
2229
    int serialNumber = -1;
2230
    
2231
    // get rid of revision if access number has
2232
    docId = MetaCatUtil.getDocIdFromString(accessionNumber);
2233
    try
2234
    {
2235
      //check out DBConnection
2236
      conn=DBConnectionPool.getDBConnection("MetaCatServlet.getPublicIdForDoc");
2237
      serialNumber=conn.getCheckOutSerialNumber();
2238
      pstmt = conn.prepareStatement(
2239
            "SELECT " + fieldName + " FROM xml_documents " +
2240
            "WHERE docid = ? ");
2241
          
2242
      pstmt.setString(1, docId);
2243
      pstmt.execute();
2244
      rs = pstmt.getResultSet();
2245
      boolean hasRow = rs.next();
2246
      int perm = 0;
2247
      if ( hasRow ) 
2248
      {
2249
        fieldValue = rs.getString(1);
2250
      }
2251
      else
2252
      {
2253
        throw new Exception("Could not find document: "+accessionNumber);
2254
      }
2255
    }//try
2256
    catch (Exception e)
2257
    {
2258
      MetaCatUtil.debugMessage("Exception in MetacatServlet.getPublicIdForDoc: "
2259
                               + e.getMessage(), 30);
2260
      throw e;
2261
    }
2262
    finally
2263
    {
2264
      try
2265
      {
2266
        rs.close();
2267
        pstmt.close();
2268
        
2269
      }
2270
      finally
2271
      {
2272
        DBConnectionPool.returnDBConnection(conn, serialNumber);
2273
      }
2274
    }
2275
    return fieldValue;
2276
  }//getFieldValueForDoc
2277
  
2278
  /*
2279
   * A method to output setAccess action result
2280
   */
2281
  private void outputResponse(Vector successList, 
2282
                              Vector errorList,
2283
                              PrintWriter out)
2284
  {
2285
    boolean error = false;
2286
    boolean success = false;
2287
    // Output prolog
2288
    out.println(PROLOG);
2289
    // output success message
2290
    if ( successList != null)
2291
    {
2292
      for (int i = 0; i<successList.size(); i++)
2293
      {
2294
        out.println(SUCCESS);
2295
        out.println((String)successList.elementAt(i));
2296
        out.println(SUCCESSCLOSE);
2297
        success = true;
2298
      }//for
2299
    }//if
2300
    // output error message
2301
    if (errorList != null)
2302
    {
2303
      for (int i = 0; i<errorList.size(); i++)
2304
      {
2305
        out.println(ERROR);
2306
        out.println((String)errorList.elementAt(i));
2307
        out.println(ERRORCLOSE);
2308
        error = true;
2309
      }//for
2310
    }//if
2311
    
2312
    // if no error and no success info, send a error that nothing happened
2313
    if( !error && !success)
2314
    {
2315
      out.println(ERROR);
2316
      out.println("Nothing happend for setaccess action");
2317
      out.println(ERRORCLOSE);
2318
    }
2319
    
2320
  }//outputResponse
2050 2321
}

Also available in: Unified diff