Project

General

Profile

Revision 1452

Added by Jing Tao over 18 years ago

Add code to handle access control for return fields.

View differences:

src/edu/ucsb/nceas/metacat/QuerySpecification.java
174 174
  private String createOwerQuery()
175 175
  {
176 176
    String ownerQuery = null;
177
    ownerQuery = "SELECT docid FROM xml_documents WHERE user_owner ='" +
178
                  PUBLIC + "'";
177
    ownerQuery = "SELECT docid FROM xml_documents WHERE ";
179 178
    if (userName != null && !userName.equals(""))
180 179
    {
181
      ownerQuery = ownerQuery + " OR user_owner ='"+ userName +"'";
180
      ownerQuery = ownerQuery + "user_owner ='"+ userName +"'";
182 181
    }
183 182
    
184
    if (group != null)
185
    {
186
      for (int i = 0; i< group.length; i++)
187
      {
188
        String groupUint = group[i];
189
        if (groupUint != null && !groupUint.equals(""))
190
        {
191
          ownerQuery = ownerQuery +" OR user_owner = '" + groupUint + "'";
192
        }//if
193
      }//for
194
    }
195 183
    MetaCatUtil.debugMessage("OwnerQuery: "+ownerQuery, 30);
196 184
    return ownerQuery;
197 185
  }
......
737 725
    sql.append("SELECT distinct startnodeid, endnodeid from xml_access ");
738 726
    sql.append("WHERE docid in (");
739 727
    sql.append(doclist);
740
    sql.append(") AND subtreeid IS NOT NULL AND ");
728
    sql.append(") AND startnodeid IS NOT NULL AND ");
741 729
    sql.append("(");
742
    sql.append("(subtreeid NOT IN (SELECT subtreeid from xml_access where ");
730
    sql.append("(startnodeid NOT IN (SELECT startnodeid from xml_access where ");
743 731
    sql.append(allowString);
744 732
    sql.append(")");
745 733
    sql.append(")");
746
    sql.append(" OR (subtreeid IN (SELECT subtreeid from xml_access where ");
734
    sql.append(" OR (startnodeid IN (SELECT startnodeid from xml_access where ");
747 735
    sql.append(denyString);
748 736
    sql.append(")");
749 737
    sql.append(")");

Also available in: Unified diff