Project

General

Profile

Revision 665

Added by bojilova almost 20 years ago

implementation for multiple <resourceIndentifier> tags under <resource>

View differences:

src/edu/ucsb/nceas/metacat/AccessControlList.java
57 57
  private String 	doctype;
58 58
  private String 	systemid;
59 59

  
60
  private String resourceURL;
61
  private String resourceId;
60
  private String docurl;
61
  private Vector resourceURL;
62
  private Vector resourceID;
62 63
  private Vector principal;
63 64
  private int    permission;
64 65
  private String permType;
......
103 104
    this.user = user;
104 105
    this.group = group;
105 106
    this.aclid = aclid;
107
    this.resourceURL = new Vector();
108
    this.resourceID = new Vector();
106 109
    this.principal = new Vector();
107 110
    this.permission = 0;
108 111
    this.ticketCount = 0;
......
210 213

  
211 214
    if (currentTag.equals("resourceIdentifier")) {
212 215

  
213
      resourceURL = inputString;
214
      resourceId = getDocid(inputString);
215
      // check permissions for @user on resourceId first
216
      // @user must have permission "all" on resourceId
216
      // docid of the current resource
217
      String docid = getDocid(inputString); 
218
      // URL string of the current resource
219
      // docurl is declared in the class
220
      try {
221
        docurl = (new URL(inputString)).toString();
222
      } catch (MalformedURLException murle) {
223
        throw new SAXException(murle.getMessage());
224
      }
225
      // collect them in Vector variables
226
      resourceID.addElement(docid);
227
      resourceURL.addElement(docurl);
228
      // check permissions for @user on the current resource first
229
      // @user must have permission "all" on it(docid)
217 230
      boolean hasPermission = false;
218 231
      try {
219
        hasPermission = hasPermission("ALL",user,resourceId);
232
        hasPermission = hasPermission("ALL",user,docid);
220 233
        if ( !hasPermission && group != null ) {
221
          hasPermission = hasPermission("ALL",group,resourceId);
234
          hasPermission = hasPermission("ALL",group,docid);
222 235
        }
223 236
      } catch (SQLException e) {
224 237
        throw new SAXException(e.getMessage());
225 238
      }
226 239
      if ( !hasPermission ) {
227 240
        throw new SAXException(
228
         "Permission denied for setting access control on " + resourceId);
241
         "Permission denied for setting access control on " + docid);
229 242
      }
230
      // end of check for "all" perm on resourceId
243
      // end of check for "all" perm on docid
231 244

  
232 245
    } else if (currentTag.equals("principal")) {
233 246

  
234
      principal.addElement(new String(inputString));
247
      principal.addElement(inputString);
235 248

  
236 249
    } else if (currentTag.equals("permission")) {
237 250

  
......
241 254
        permission = permission | WRITE;
242 255
      } else if ( inputString.trim().toUpperCase().equals("ALL") ) {
243 256
        permission = permission | ALL;
257
      } else {
258
        throw new SAXException("Unknown permission type: " + inputString);
244 259
      }
245 260

  
246 261
    } else if (currentTag.equals("duration") && 
......
253 268
      }
254 269

  
255 270
    } else if (currentTag.equals("ticketCount") && ticketCount == 0 ) {
256
      ticketCount = (new Integer(inputString.trim())).intValue();
271
      try {
272
        ticketCount = (new Integer(inputString.trim())).intValue();
273
      } catch (NumberFormatException nfe) {
274
        throw new SAXException("Wrong integer format for:" + inputString);
275
      }
257 276
    }
258 277
  }
259 278

  
......
269 288
    if ( leaving.getTagName().equals("resourceIdentifier") ) {
270 289
      
271 290
      try {
272
        // make a relationship for @aclid on @resourceId
291
        // make a relationship for @aclid on the current resource(docurl)
273 292
        if ( aclid != null ) {
274
          insertRelation(aclid, resourceURL);
293
          insertRelation(aclid, docurl);
275 294
        }
276 295
      } catch (SQLException sqle) {
277 296
        throw new SAXException(sqle);
......
317 336

  
318 337
    } else if ( leaving.getTagName().equals("resource") ) {
319 338
      // reset the resource identifier
320
      resourceId = null;
339
      resourceID = new Vector();
340
      resourceURL = new Vector();
321 341
      permOrder = null;
322 342
    }
323 343

  
......
419 439
              "begin_time,end_time,ticket_count, accessfileid) VALUES " +
420 440
              "(?,?,?,?,?,to_date(?,'mm/dd/yy'),to_date(?,'mm/dd/yy'),?,?)");
421 441
      // Bind the values to the query
422
      pstmt.setString(1, resourceId);
423 442
      pstmt.setInt(3, permission);
424 443
      pstmt.setString(4, permType);
425 444
      pstmt.setString(5, permOrder);
......
431 450
      } else {
432 451
        pstmt.setString(8, "");
433 452
      }
434
      for ( int i = 0; i < principal.size(); i++ ) {
435
        pstmt.setString(2, (String)principal.elementAt(i));
436
        pstmt.execute();
453
      for ( int i = 0; i < resourceID.size(); i++ ) {
454
        pstmt.setString(1, (String)resourceID.elementAt(i));
455
        for ( int j = 0; j < principal.size(); j++ ) {
456
          pstmt.setString(2, (String)principal.elementAt(j));
457
          pstmt.execute();
458
        }
437 459
      }
438 460

  
439 461
    } catch (SQLException e) {
......
442 464
    }
443 465
  }
444 466

  
445
  /** Check for @permission for @principal on @resourceId from db connection */
467
  /** Check for @permission for @principal on @resourceID from db connection */
446 468
  public boolean hasPermission ( String permission,
447
                                 String principal, String resourceId )
469
                                 String principal, String resourceID )
448 470
                 throws SQLException
449 471
  {
450 472
    PreparedStatement pstmt;
451
    // check public access to @resourceId from xml_documents table
473
    // check public access to @resourceID from xml_documents table
452 474
    if ( permission.equals("READ") ) {
453 475
      try {
454 476
        pstmt = conn.prepareStatement(
455 477
                "SELECT 'x' FROM xml_documents " +
456 478
                "WHERE docid LIKE ? AND public_access = 1");
457 479
        // Bind the values to the query
458
        pstmt.setString(1, resourceId);
480
        pstmt.setString(1, resourceID);
459 481

  
460 482
        pstmt.execute();
461 483
        ResultSet rs = pstmt.getResultSet();
......
474 496
    }
475 497
    
476 498
    // since owner of resource has all permission on it,
477
    // check if @principal is owner of @resourceId in xml_documents table
499
    // check if @principal is owner of @resourceID in xml_documents table
478 500
    if ( principal != null ) {
479 501
      try {
480 502
        pstmt = conn.prepareStatement(
481 503
                "SELECT 'x' FROM xml_documents " +
482 504
                "WHERE docid LIKE ? AND user_owner LIKE ?");
483 505
        // Bind the values to the query
484
        pstmt.setString(1, resourceId);
506
        pstmt.setString(1, resourceID);
485 507
        pstmt.setString(2, principal);
486 508

  
487 509
        pstmt.execute();
......
499 521
                     "Error checking document's ownership. " + e.getMessage());
500 522
      }
501 523

  
502
      // check @principal's @permission on @resourceId from xml_access table
524
      // check @principal's @permission on @resourceID from xml_access table
503 525
      int accessValue = 0;
504 526
      int ticketCount = 0;
505 527
      String permOrder = "";
......
514 536
                "AND perm_type LIKE ?");
515 537
        // check if it is "denied" first
516 538
        // Bind the values to the query
517
        pstmt.setString(1, resourceId);
539
        pstmt.setString(1, resourceID);
518 540
        pstmt.setString(2, principal);
519 541
        pstmt.setString(3, "denied");
520 542

  
......
529 551
               ( permOrder.equals("allowFirst") ) &&
530 552
               ( rs.wasNull() || ticketCount > 0 ) ) {
531 553
            if ( !rs.wasNull() && ticketCount > 0 ) {
532
              decreaseNumberOfAccess(accessValue,principal,resourceId,"denied");
554
              decreaseNumberOfAccess(accessValue,principal,resourceID,"denied");
533 555
            }
534 556
            pstmt.close();
535 557
            return false;
......
540 562

  
541 563
        // it is not denied then check if it is "allowed"
542 564
        // Bind the values to the query
543
        pstmt.setString(1, resourceId);
565
        pstmt.setString(1, resourceID);
544 566
        pstmt.setString(2, principal);
545 567
        pstmt.setString(3, "allowed");
546 568

  
......
553 575
          if ( ( accessValue & intValue(permission) )==intValue(permission) &&
554 576
               ( rs.wasNull() || ticketCount > 0 ) ) {
555 577
            if ( !rs.wasNull() && ticketCount > 0 ) {
556
              decreaseNumberOfAccess(accessValue,principal,resourceId,"allowed");
578
              decreaseNumberOfAccess(accessValue,principal,resourceID,"allowed");
557 579
            }
558 580
            pstmt.close();
559 581
            return true;
......
580 602
    return false;
581 603
  }
582 604

  
583
  /** decrease the number of access to @resourceId for @principal */
605
  /** decrease the number of access to @resourceID for @principal */
584 606
  private void decreaseNumberOfAccess(int permission, String principal,
585
                                      String resourceId, String permType)
607
                                      String resourceID, String permType)
586 608
               throws SQLException
587 609
  {
588 610
    PreparedStatement pstmt;
......
595 617
                            "AND nvl(end_time,sysdate) " +
596 618
            "AND perm_type LIKE ?");
597 619
    // Bind the values to the query
598
    pstmt.setString(1, resourceId);
620
    pstmt.setString(1, resourceID);
599 621
    pstmt.setString(2, principal);
600 622
    pstmt.setInt(3, permission);
601 623
    pstmt.setString(4, permType);

Also available in: Unified diff