Project

General

Profile

Revision 1424

Added by Jing Tao over 18 years ago

Get rid of the permission code to handle ticket count and duration.

View differences:

src/edu/ucsb/nceas/metacat/AccessControlList.java
895 895
    //If begin_time or end_time is null in table, isnull(begin_time, sysdate)
896 896
    //function will assign begin_time=sysdate
897 897
    pStmt = conn.prepareStatement(
898
                "SELECT permission, ticket_count " +
898
                "SELECT permission " +
899 899
                "FROM xml_access " +
900 900
                "WHERE docid = ? " + 
901 901
                "AND principal_name = ? " +
902
                "AND perm_type = ? " +
903
                "AND " + sysdate + 
904
                " BETWEEN " + isnull + "(begin_time," + sysdate + ") " +
905
                     "AND " + isnull + "(end_time," + sysdate + ")");
902
                "AND perm_type = ? ");
906 903
    //bind docid, perm_type
907 904
    pStmt.setString(1, docId);
908 905
    pStmt.setString(3, ALLOW);
......
916 913
      while (rs.next())//check every entry for one user
917 914
      {
918 915
        permissionValueInTable=rs.getInt(1);
919
        ticketCount=rs.getInt(2);
920
       
921
        //permission is ok and ticketcount geat than 0 or ticket is null, 
916
            
917
        //permission is ok  
922 918
        //the user have a permission to access the file
923
        if ((( permissionValueInTable & permissionValue )== permissionValue )
924
              && (rs.wasNull()||ticketCount > 0))
919
        if (( permissionValueInTable & permissionValue )== permissionValue )
925 920
        {
926
           //ticket count should minus one 
927
           //ticketCount isnot null and greater than 0, order is allowfirst
928
           if (!rs.wasNull() && ticketCount>0 && isAllowFirst(principals,docId))
929
           {
930
              decreaseNumberOfAccess(permissionValueInTable, principals[i],
931
                                              docId, ALLOW, ALLOWFIRST);
932
            }
933
           //ticketCount isnot null and greater than 0, order is not allowfirst
934
           if (!rs.wasNull() &&ticketCount>0 && !isAllowFirst(principals,docId))
935
           {
936
              decreaseNumberOfAccess(permissionValueInTable, principals[i],
937
                                              docId, ALLOW, DENYFIRST);
938
           }
939
          
940 921
           allow=true;//has allow rule entry
941
         }//if
922
        }//if
942 923
      }//while
943 924
    }//for
944 925
   }//try
......
992 973
     conn=DBConnectionPool.getDBConnection("AccessControlList.hasExplicitDeny");
993 974
     serialNumber=conn.getCheckOutSerialNumber();
994 975
   
995
    //This sql statement will select entry with 
996
    //begin_time<=currentTime<=end_time in xml_access table
997
    //If begin_time or end_time is null in table, isnull(begin_time, sysdate)
998
    //function will assign begin_time=sysdate
999
    pStmt = conn.prepareStatement(
976
     pStmt = conn.prepareStatement(
1000 977
                "SELECT permission " +
1001 978
                "FROM xml_access " +
1002 979
                "WHERE docid = ? " + 
1003 980
                "AND principal_name = ? " +
1004
                "AND perm_type = ? " +
1005
                "AND " + sysdate + 
1006
                " BETWEEN " + isnull + "(begin_time," + sysdate + ") " +
1007
                     "AND " + isnull + "(end_time," + sysdate + ")");
981
                "AND perm_type = ? ");
1008 982
    //bind docid, perm_type
1009 983
    pStmt.setString(1, docId);
1010 984
    pStmt.setString(3, DENY);
......
1047 1021
   return false;//no deny rule
1048 1022
  }//hasExplicitDenyRule 
1049 1023
   
1050
   /**
1051
    * Check if the users array has implicit deny rules for given users, docid 
1052
    * and permission. That means the though perm_type is "allow" but current 
1053
    * time is less than begin_time or greater than end time, or ticket count
1054
    * is 0.
1055
    * @param principals, list of names of principals to check for 
1056
    * @param docid, document identifier to check for
1057
    * @param permission, the permssion need to check
1058
    */
1059
  private static boolean hasImplicitDenyRule(String [] principals, String docId, 
1060
                                  String permission)
1061
                  throws SQLException
1062
 {
1063
   int lengthOfArray=principals.length;
1064
   ResultSet rs;
1065
   PreparedStatement pStmt = null;
1066
   int permissionValue=intValue(permission);
1067
   int permissionValueInTable;
1068
   DBConnection conn = null;
1069
   int serialNumber = -1;
1070
   
1071
 
1072
   try
1073
   {
1074
    //check out DBConnection
1075
    conn=DBConnectionPool.getDBConnection("AccessControlList.hasImplicitDeny");
1076
    serialNumber=conn.getCheckOutSerialNumber();
1077
    //This sql statement will select entry with  perm_type =allow and
1078
    //currentTime is less than begin_time or greater than end time
1079
    //in xml_access table. This is an implicit deny rule (allow is out of date) 
1080
    pStmt = conn.prepareStatement(
1081
                "SELECT permission " +
1082
                "FROM xml_access " +
1083
                "WHERE docid = ? " + 
1084
                "AND principal_name = ? " +
1085
                "AND perm_type = ? " +
1086
                "AND " + sysdate + 
1087
                " < " + isnull + "(begin_time," + sysdate + ") " +
1088
                "OR " + sysdate + " > "+ isnull + "(end_time," + sysdate + ")");
1089
    //bind docid, perm_type
1090
    pStmt.setString(1, docId);
1091
    pStmt.setString(3, ALLOW);//It is allow
1092
   
1093
    //bind every elenment in user name array
1094
    for (int i=0;i<lengthOfArray; i++)
1095
    {
1096
      pStmt.setString(2, principals[i]);
1097
      pStmt.execute();
1098
      rs=pStmt.getResultSet();
1099
      while (rs.next())//check every entry for one user
1100
      {
1101
        permissionValueInTable=rs.getInt(1);
1102
        
1103
        //permission is ok the user doesn't have permission to access the file
1104
        if (( permissionValueInTable & permissionValue )== permissionValue )
1105
             
1106
        {
1107
           pStmt.close();
1108
           //has a implicit deny rule: allow is out of date
1109
           return true;
1110
         }//if
1111
      }//while
1112
    }//for
1113
    pStmt.close();
1114
    
1115
    //Now, there is no implicit deny rule which is allow is out of date
1116
    //another implicit deny rule need to be check: allow is out of ticketCount
1117
    //ticketCount=0
1118
    pStmt = conn.prepareStatement(
1119
                "SELECT permission " +
1120
                "FROM xml_access " +
1121
                "WHERE docid = ? " + 
1122
                "AND principal_name = ? " +
1123
                "AND perm_type = ? " +
1124
                "AND ticket_count = ?");
1125
    //bind docid, perm_type, ticket_count
1126
    pStmt.setString(1, docId);
1127
    pStmt.setString(3, ALLOW);//It is allow!
1128
    pStmt.setInt(4,0);
1129
    
1130
    //Because this DBConnection used twice in this method. But we only count one
1131
    //when it checked out. So we should increase another one
1132
    conn.increaseUsageCount(1);
1133
    
1134
    //bind every elenment in user name array
1135
    for (int i=0;i<lengthOfArray; i++)
1136
    {
1137
      pStmt.setString(2, principals[i]);
1138
      pStmt.execute();
1139
      rs=pStmt.getResultSet();
1140
      while (rs.next())//check every entry for one user
1141
      {
1142
        permissionValueInTable=rs.getInt(1);
1143
        
1144
        //permission is ok the user doesn't have permission to access the file
1145
        if (( permissionValueInTable & permissionValue )== permissionValue )
1146
             
1147
        {
1148
           
1149
           pStmt.close();
1150
           //has a implicit deny rule: allow is out of ticketCount
1151
           return true;
1152
         }//if
1153
      }//while
1154
    }//for
1155
   }//try
1156
   finally
1157
   {
1158
     
1159
     try
1160
     {
1161
       pStmt.close();
1162
     }
1163
     finally
1164
     {
1165
       DBConnectionPool.returnDBConnection(conn, serialNumber);
1166
     }
1167
   }//finally
1168
    return false;//no implicit deny rule
1169
  }//hasImplicitDenyRule
1170
  
1024

  
1171 1025
  /**
1172 1026
    * Creat a users pakages to check permssion rule, user itself, public and
1173 1027
    * the gourps the user belong will be include in this package
......
1354 1208
      if (isAllowFirst(principals, docId))
1355 1209
      {
1356 1210
        
1357
        if (hasExplicitDenyRule(principals, docId, permission)||
1358
                            hasImplicitDenyRule(principals, docId, permission))
1211
        if (hasExplicitDenyRule(principals, docId, permission))
1359 1212
        {
1360
          //if it is allowfirst and has deny rule(either explicit or implicit)
1213
          //if it is allowfirst and has deny rule(either explicit )
1361 1214
          //deny access
1362 1215
          return false;
1363 1216
        }//if
......
1397 1250
  }//hasPermission
1398 1251
 
1399 1252

  
1400
  /* Decrease the number of access to @docid for @principal in db. */
1401
  private static void decreaseNumberOfAccess(int permission, String principal,
1402
                                      String docid, String permType, 
1403
                                      String permOrder) 
1404
               throws SQLException
1405
  {
1406
    PreparedStatement pstmt = null;
1407
    DBConnection conn = null;
1408
    int serialNumber = -1;
1409
    try
1410
    {
1411
      //check out DBConnection
1412
      conn=DBConnectionPool.getDBConnection("AccessControlList.decreaseNumOfA");
1413
      serialNumber=conn.getCheckOutSerialNumber();
1414
      
1415
      pstmt = conn.prepareStatement(
1416
            "UPDATE xml_access SET ticket_count = ticket_count - 1 " +
1417
            "WHERE docid = ? " +
1418
            "AND principal_name = ? " +
1419
            "AND permission = ? " +
1420
            "AND perm_type = ? " +
1421
            "AND perm_order = ? " +
1422
            "AND " + sysdate + 
1423
            " BETWEEN " + isnull + "(begin_time," + sysdate + ") " +
1424
                 "AND " + isnull + "(end_time," + sysdate + ")");
1425
      // Bind the values to the query
1426
      pstmt.setString(1, docid);
1427
      pstmt.setString(2, principal);
1428
      pstmt.setInt(3, permission);
1429
      pstmt.setString(4, permType);
1430
      pstmt.setString(5, permOrder);
1431

  
1432
      pstmt.execute();
1433
    }//try
1434
    finally
1435
    {
1436
      try
1437
      {
1438
        pstmt.close();
1439
      }
1440
      finally
1441
      {
1442
        DBConnectionPool.returnDBConnection(conn, serialNumber);
1443
      }
1444
    }//finally
1445
  }
1446 1253
 
1447 1254
 
1448 1255
  /**

Also available in: Unified diff