Project

General

Profile

Revision 1446

Added by Jing Tao over 18 years ago

Add a access control query for return fields.

View differences:

src/edu/ucsb/nceas/metacat/QuerySpecification.java
203 203
  private String createAllowRuleQuery()
204 204
  {
205 205
    String allowQuery = null;
206
    allowQuery ="SELECT docid from xml_access WHERE ";
207
    // add allow rule for user name
208
    if (userName != null && !userName.equals(""))
206
    String allowString = constructAllowString();
207
    allowQuery ="SELECT docid from xml_access WHERE "+allowString;
208
    MetaCatUtil.debugMessage("allow query is: "+ allowQuery, 30);
209
    return allowQuery;
210
    
211
  
212
  }
213
  
214
  /* Method to construct a allow rule string */
215
  private String constructAllowString()
216
  {
217
    String allowQuery ="";
218
     // add allow rule for user name
219
     if (userName != null && !userName.equals(""))
209 220
    {
210 221
      allowQuery = allowQuery +"(principal_name = '" + userName 
211 222
                              +"' AND perm_type = 'allow'"
......
230 241
        }//if
231 242
      }//for
232 243
    }//if
233
    MetaCatUtil.debugMessage("allow query is: "+ allowQuery, 30);
244
    MetaCatUtil.debugMessage("allow string is: "+ allowQuery, 40);
234 245
    return allowQuery;
235
  
236 246
  }
237 247

  
238 248
   /*
......
243 253
  private String createDenyRuleQuery()
244 254
  {
245 255
    String denyQuery = null;
246
    denyQuery ="SELECT docid from xml_access WHERE ";
256
    String denyString = constructDenyString();
257
    denyQuery ="SELECT docid from xml_access WHERE " + denyString;
258
    MetaCatUtil.debugMessage("denyquery is: "+ denyQuery, 30);
259
    return denyQuery;
260
  
261
  }
262
  /* Construct deny string */
263
  private String constructDenyString()
264
  {
265
    String denyQuery ="";
247 266
    // add deny rule for user name
248 267
    if (userName != null && !userName.equals(""))
249 268
    {
......
273 292
        }//if
274 293
      }//for
275 294
    }//if
276
    MetaCatUtil.debugMessage("denyquery is: "+ denyQuery, 30);
277 295
    return denyQuery;
278
  
279 296
  }
280 297
  
281 298
  /**
......
707 724
    return self.toString();
708 725
  }
709 726
  
727
  /** This sql command will selecet startnodeid and endnodeid that user can NOT
728
    * access
729
   */
730
  public String printAccessControlSQLForReturnField(String doclist)
731
  {
732
    StringBuffer sql = new StringBuffer();
733
    String allowString = constructAllowString();
734
    String denyString = constructDenyString();
735
    sql.append("SELECT startnodeid, endnodeid from xml_access ");
736
    sql.append("WHERE docid in (");
737
    sql.append(doclist);
738
    sql.append(") AND subtreeid IS NOT NULL AND ");
739
    sql.append("(");
740
    sql.append("(subtreeid NOT IN (SELECT subtreeid from xml_access where ");
741
    sql.append(allowString);
742
    sql.append(")");
743
    sql.append(")");
744
    sql.append(" OR (subtreeid IN (SELECT subtreeid from xml_access where ");
745
    sql.append(denyString);
746
    sql.append(")");
747
    sql.append(")");
748
    sql.append(")");
749
    MetaCatUtil.debugMessage("accessControlSQLForReturnField: " +
750
                             sql.toString(), 30);
751
    return sql.toString();
752
  }
753
  
710 754
  /**
711 755
   * This method prints sql based upon the <returnfield> tag in the
712 756
   * pathquery document.  This allows for customization of the 

Also available in: Unified diff