Project

General

Profile

Revision 1427

Added by Jing Tao over 18 years ago

Change the code to handle permission checking.

View differences:

src/edu/ucsb/nceas/metacat/DBQuery.java
1000 1000
                  throws SQLException, Exception
1001 1001
  {
1002 1002
    // Check for READ permission on @docid for @user and/or @groups
1003
    //AccessControlList aclobj = new AccessControlList();
1004
    //return aclobj.hasPermission("READ", user, groups, docid);
1005
    return AccessControlList.hasPermission("READ", user, groups, docid);
1003
   PermissionController controller = new PermissionController(docid);
1004
   return controller.hasPermission(user,groups,
1005
                                 AccessControlInterface.READSTRING);
1006 1006
  }
1007 1007

  
1008 1008
  /**
src/edu/ucsb/nceas/metacat/DocumentImpl.java
855 855
        if ( currentNode.parentnodeid != currentElement.nodeid ) {
856 856
          while ( currentNode.parentnodeid != currentElement.nodeid ) {
857 857
            currentElement = (NodeRecord)openElements.pop();
858
            util.debugMessage("\n POPPED: " + currentElement.nodename);
858
            util.debugMessage("\n POPPED: " + currentElement.nodename, 50);
859 859
            if (previousNodeWasElement) {
860 860
              out.print(">");
861 861
              previousNodeWasElement = false;
......
894 894
          }
895 895
        }
896 896
        openElements.push(currentNode);
897
        util.debugMessage("\n PUSHED: " + currentNode.nodename);
897
        util.debugMessage("\n PUSHED: " + currentNode.nodename, 50);
898 898
        previousNodeWasElement = true;
899 899
        if ( currentNode.nodeprefix != null ) {
900 900
          out.print("<" + currentNode.nodeprefix + ":" + currentNode.nodename);
......
954 954
    while(!openElements.empty())
955 955
    {
956 956
      NodeRecord currentElement = (NodeRecord)openElements.pop();
957
      util.debugMessage("\n POPPED: " + currentElement.nodename);
957
      util.debugMessage("\n POPPED: " + currentElement.nodename, 50);
958 958
      if ( currentElement.nodeprefix != null ) {
959 959
        out.print("</" + currentElement.nodeprefix + ":" + 
960 960
                  currentElement.nodename + ">" );
......
1475 1475
      char istreamChar;
1476 1476
     
1477 1477
      // check for 'write' permission for 'user' to update this document
1478
      if ( !hasPermission(user, groups, docid) ) {
1478
      if ( !hasWritePermission(user, groups, docid) ) {
1479 1479
        throw new Exception("User " + user + 
1480 1480
              " does not have permission to update XML Document #" + accnum);
1481 1481
      }        
......
1550 1550
    if ( action.equals("UPDATE") ) {
1551 1551
      // check for 'write' permission for 'user' to update this document
1552 1552

  
1553
      if ( !hasPermission(user, groups, docid) ) {
1553
      if ( !hasWritePermission(user, groups, docid) ) {
1554 1554
        throw new Exception("User " + user + 
1555 1555
              " does not have permission to update XML Document #" + accnum);
1556 1556
      }          
......
1735 1735
    
1736 1736

  
1737 1737
    // check for 'write' permission for 'user' to delete this document
1738
      if ( !hasPermission(user, groups, docid) ) {
1738
      if ( !hasWritePermission(user, groups, docid) ) {
1739 1739
        throw new Exception("User " + user + 
1740 1740
              " does not have permission to delete XML Document #" + accnum);
1741 1741
      }
......
1805 1805
    * Check for "WRITE" permission on @docid for @user and/or @groups 
1806 1806
    * from DB connection 
1807 1807
    */
1808
  private static boolean hasPermission (String user,
1808
  private static boolean hasWritePermission (String user,
1809 1809
                                  String[] groups, String docid ) 
1810 1810
                  throws SQLException, Exception
1811 1811
  {
1812 1812
    // Check for WRITE permission on @docid for @user and/or @groups
1813
    //AccessControlList aclobj = new AccessControlList(dbconn);
1814
    return AccessControlList.hasPermission("WRITE", user, groups, docid);
1815
    //return aclobj.hasPermission("WRITE", user, groups, docid);
1813
    PermissionController controller = new PermissionController(docid);
1814
    return controller.hasPermission(user,groups,
1815
                                    AccessControlInterface.WRITESTRING);
1816 1816
  }
1817 1817

  
1818 1818
  /** 
......
1827 1827
                  throws SQLException, Exception
1828 1828
  {
1829 1829
    // Check for READ permission on @docid for @user and/or @groups
1830
    //AccessControlList aclObj = new AccessControlList(conn);
1831
    //return aclObj.hasPermission("READ", user, groups, docId);
1832
    return AccessControlList.hasPermission("READ", user, groups, docId);
1830
    PermissionController controller = 
1831
                        new PermissionController(docId);
1832
    return controller.hasPermission(user,groups,
1833
                                            AccessControlInterface.READSTRING);
1833 1834
  }  
1834 1835

  
1835 1836
  

Also available in: Unified diff