1 | <?xml version="1.0" encoding="UTF-8"?> |
---|
2 | <!-- |
---|
3 | SINK format: |
---|
4 | <ids> |
---|
5 | <id role="owner" actions="rud">u1</id> |
---|
6 | </ids> |
---|
7 | ??? |
---|
8 | <sc:access> |
---|
9 | <sc:user role="owner" ref="u1" actions="rud"/> |
---|
10 | </sc:access> |
---|
11 | |
---|
12 | --> |
---|
13 | <sequence debug="false"> |
---|
14 | <switch assignment="response"> |
---|
15 | <cond> |
---|
16 | <request> |
---|
17 | <identifier>active:sloot.xpath2</identifier> |
---|
18 | <argument name="operand">arg:verb</argument> |
---|
19 | <argument name="operator"> |
---|
20 | <literal type="string">boolean(.='SOURCE')</literal> |
---|
21 | </argument> |
---|
22 | </request> |
---|
23 | </cond> |
---|
24 | <then> |
---|
25 | <sequence> |
---|
26 | <request assignment="response"> |
---|
27 | <header name="exclude-dependencies"> |
---|
28 | <literal type="boolean">true</literal> |
---|
29 | </header> |
---|
30 | <identifier>active:org.basex.query</identifier> |
---|
31 | <argument name="operator"> |
---|
32 | <literal type="xml"> |
---|
33 | <query xmlns:sc="http://www.isocat.org/ns/schemacat"> |
---|
34 | <ids>{ |
---|
35 | for $user in //sc:schema[@xml:id = $schemaID]/sc:access/* |
---|
36 | return if (name($user) eq 'sc:all' and contains($user/@actions ,'r')) |
---|
37 | then <id actions="{data($user/@actions)}">ALL</id> |
---|
38 | else <id actions="{data($user/@actions)}" |
---|
39 | role="{data($user/@role)}">{string($user/@ref)}</id> |
---|
40 | } |
---|
41 | </ids> |
---|
42 | </query> |
---|
43 | </literal> |
---|
44 | </argument> |
---|
45 | <argument name="schemaID">arg:schemaID</argument> |
---|
46 | </request> |
---|
47 | <sloot-debug> |
---|
48 | <log> |
---|
49 | <level>INFO</level> |
---|
50 | <message> |
---|
51 | <literal type="string">[access.data] [%1] requested users authorized to access schema with ID: [%2].
[
%3
]</literal> |
---|
52 | </message> |
---|
53 | <param> |
---|
54 | <request> |
---|
55 | <identifier>active:xpath2</identifier> |
---|
56 | <argument name="operand">scratch:user</argument> |
---|
57 | <argument name="operator"> |
---|
58 | <literal type="string">string(/sc:user/@xml:id)</literal> |
---|
59 | </argument> |
---|
60 | </request> |
---|
61 | </param> |
---|
62 | <param>arg:schemaID</param> |
---|
63 | <param> |
---|
64 | <request> |
---|
65 | <identifier>response-string</identifier> |
---|
66 | <verb>TRANSREPT</verb> |
---|
67 | <representation>java.lang.String</representation> |
---|
68 | <argument name="primary">this:response</argument> |
---|
69 | </request> |
---|
70 | </param> |
---|
71 | </log> |
---|
72 | <request> |
---|
73 | <verb>SINK</verb> |
---|
74 | <identifier>res:/debug/org.isocat.schemacat.access.data.schema.authorizedIDs.source.response.xml</identifier> |
---|
75 | <argument name="primary">this:response</argument> |
---|
76 | </request> |
---|
77 | </sloot-debug> |
---|
78 | </sequence> |
---|
79 | </then> |
---|
80 | <cond> |
---|
81 | <request> |
---|
82 | <identifier>active:sloot.xpath2</identifier> |
---|
83 | <argument name="operand">arg:verb</argument> |
---|
84 | <argument name="operator"> |
---|
85 | <literal type="string">boolean(.='SINK')</literal> |
---|
86 | </argument> |
---|
87 | </request> |
---|
88 | </cond> |
---|
89 | <then> |
---|
90 | <if> |
---|
91 | <cond> |
---|
92 | <request> |
---|
93 | <identifier>arg:authorizedUsers</identifier> |
---|
94 | <verb>EXISTS</verb> |
---|
95 | </request> |
---|
96 | </cond> |
---|
97 | <then> |
---|
98 | <sequence> |
---|
99 | <request assignment="response"> |
---|
100 | <header name="exclude-dependencies"> |
---|
101 | <literal type="boolean">true</literal> |
---|
102 | </header> |
---|
103 | <identifier>active:org.basex.query</identifier> |
---|
104 | <argument name="operator"> |
---|
105 | <literal type="xml"> |
---|
106 | <query xmlns:sc="http://www.isocat.org/ns/schemacat"> |
---|
107 | let $newAccessRules := |
---|
108 | <sc:access> |
---|
109 | { |
---|
110 | for $userID in $authorizedUsers/id |
---|
111 | return |
---|
112 | if ($userID/text() eq 'ALL') |
---|
113 | then |
---|
114 | <sc:all actions="r"/> |
---|
115 | else |
---|
116 | element sc:user { |
---|
117 | attribute role { |
---|
118 | if(exists($userID/@role)) |
---|
119 | then $userID/@role |
---|
120 | else 'user'}, |
---|
121 | attribute ref { |
---|
122 | if(exists($userID/text())) |
---|
123 | then $userID/text() |
---|
124 | else error(xs:QName('sc:accessUserIdNotSupplied'),'ERROR updating schema access: user ID not supplied!')}, |
---|
125 | attribute actions { |
---|
126 | if(exists($userID/@actions)) |
---|
127 | then $userID/@actions |
---|
128 | else 'r'} |
---|
129 | } |
---|
130 | } |
---|
131 | </sc:access> |
---|
132 | return |
---|
133 | if (not(exists($schemaID)) or $schemaID eq '') |
---|
134 | then |
---|
135 | error(xs:QName('sc:accessSchemaIdNotSupplied'),'ERROR updating schema access: schema ID not supplied!') |
---|
136 | else |
---|
137 | ( |
---|
138 | let $db-name := db:name(/sc:schema[@xml:id = $schemaID]) |
---|
139 | return |
---|
140 | (db:output(element sc:response {attribute success {'true'}, element sc:written-data {$newAccessRules} }), replace node /sc:schema[@xml:id = $schemaID]/sc:access with $newAccessRules, |
---|
141 | put(/sc:schema[@xml:id = $schemaID], concat(string(db:list-details()[. = $db-name]/@path), file:dir-separator(),db:path(/sc:schema[@xml:id = $schemaID])))) |
---|
142 | ) |
---|
143 | </query> |
---|
144 | </literal> |
---|
145 | </argument> |
---|
146 | <argument name="schemaID">arg:schemaID</argument> |
---|
147 | <argument name="authorizedUsers">arg:authorizedUsers</argument> |
---|
148 | </request> |
---|
149 | <request> |
---|
150 | <identifier>active:cutGoldenThread</identifier> |
---|
151 | <argument name="id">schemaAuthorizedIdsCache</argument> |
---|
152 | </request> |
---|
153 | <request> |
---|
154 | <identifier>active:cutGoldenThread</identifier> |
---|
155 | <argument name="id">schemaMetadataCache</argument> |
---|
156 | </request> |
---|
157 | <request> |
---|
158 | <identifier>active:cutGoldenThread</identifier> |
---|
159 | <argument name="id">pagedSchemasListCache</argument> |
---|
160 | </request> |
---|
161 | <request> |
---|
162 | <identifier>active:cutGoldenThread</identifier> |
---|
163 | <argument name="id">schemasCache</argument> |
---|
164 | </request> |
---|
165 | <sloot-debug> |
---|
166 | <log> |
---|
167 | <level>INFO</level> |
---|
168 | <message> |
---|
169 | <literal type="string">[access.data] [%1] modified users authorized to access schema with ID: [%2].
[
%3
]</literal> |
---|
170 | </message> |
---|
171 | <param> |
---|
172 | <request> |
---|
173 | <identifier>active:xpath2</identifier> |
---|
174 | <argument name="operand">scratch:user</argument> |
---|
175 | <argument name="operator"> |
---|
176 | <literal type="string">string(/sc:user/@xml:id)</literal> |
---|
177 | </argument> |
---|
178 | </request> |
---|
179 | </param> |
---|
180 | <param>arg:schemaID</param> |
---|
181 | <param> |
---|
182 | <request> |
---|
183 | <identifier>response-string</identifier> |
---|
184 | <verb>TRANSREPT</verb> |
---|
185 | <representation>java.lang.String</representation> |
---|
186 | <argument name="primary">this:response</argument> |
---|
187 | </request> |
---|
188 | </param> |
---|
189 | </log> |
---|
190 | <request> |
---|
191 | <verb>SINK</verb> |
---|
192 | <identifier>res:/debug/org.isocat.schemacat.access.data.schema.authorizedIDs.sink.response.xml</identifier> |
---|
193 | <argument name="primary">this:response</argument> |
---|
194 | </request> |
---|
195 | </sloot-debug> |
---|
196 | </sequence> |
---|
197 | </then> |
---|
198 | <else> |
---|
199 | <throw> |
---|
200 | <id> |
---|
201 | <literal type="string">NK_INPUT_ARGS_NOT_COMPLETE</literal> |
---|
202 | </id> |
---|
203 | <message> |
---|
204 | <literal type="string">org.isocat.schemacat.access.data.schema.authorizedIDs.sink: 'authorizedUsers' not supplied!</literal> |
---|
205 | </message> |
---|
206 | </throw> |
---|
207 | </else> |
---|
208 | </if> |
---|
209 | </then> |
---|
210 | </switch> |
---|
211 | <request> |
---|
212 | <identifier>active:attachGoldenThread</identifier> |
---|
213 | <argument name="id">schemaAuthorizedIdsCache</argument> |
---|
214 | </request> |
---|
215 | </sequence> |
---|
216 | |
---|