1 PACKAGE BODY bism_access_control AS
2 /* $Header: bibaclb.pls 115.4 2004/02/13 00:34:33 gkellner noship $ */
3
4 function check_list_access(fid raw,myid raw)
5 return varchar2
6 is
7 priv number(2):=0;
8 name bism_objects.object_name%type;
9 begin
10
11 -- resolve folder path,getUserPrivilege,checkUserPrivilege calls this function
12 -- cheks to see if the specified user has at least
13 -- list access to the specified folder
14
15 select max(privilege) into priv from bism_permissions where
16 object_id = fid and subject_id in
17 (
18 select group_id from bism_groups where user_id = myid
19 );
20
21 if priv is null then
22 begin
23 select object_name into name from bism_objects where object_id = fid;
24 raise_application_error(BISM_ERRORCODES.NO_PRIVILEGES,'User has no privileges for folder');
25 exception
26 when no_data_found then
27 raise_application_error(BISM_ERRORCODES.FOLDER_NOT_FOUND,'Folder not found');
28 end;
29 end if;
30
31 if priv >= 10 then
32 return 'y';
33 else
34 raise_application_error(BISM_ERRORCODES.INSUFFICIENT_PRIVILEGES,'Insufficient privileges');
35 end if;
36 exception
37 when no_data_found then
38 return 'n';
39 end;
40
41 function check_ins_access(fid raw,myid raw)
42 return varchar2
43 is
44 name bism_objects.object_name%type;
45 priv number(2):=0;
46 begin
47
48 -- always look at the folder id and see if the folder allows this
49 -- object to be inserted (this object can be either be a folder
50 -- or an object - it does not matter)
51 select max(privilege) into priv from bism_permissions where
52 object_id = fid and subject_id in
53 (
54 select group_id from bism_groups where user_id = myid
55 );
56
57 if priv is null then
58 begin
59 select object_name into name from bism_objects where object_id = fid;
60 raise_application_error(BISM_ERRORCODES.NO_PRIVILEGES,'User has no privileges for folder');
61 exception
62 when no_data_found then
63 raise_application_error(BISM_ERRORCODES.FOLDER_NOT_FOUND,'Folder not found');
64 end;
65 end if;
66
67 if priv >= 30 then
68 return 'y';
69 else
70 raise_application_error(BISM_ERRORCODES.INSUFFICIENT_PRIVILEGES,'Insufficient privileges');
71 end if;
72 exception
73 when no_data_found then
74 return 'n';
75 end;
76
77
78 function check_upd_access(oid raw,fid raw,is_record_a_folder varchar2,curr_user_id raw)
79 return varchar2
80 is
81 priv number(2):=0;
82 thisid raw(16);
83 name bism_objects.object_name%type;
84 begin
85
86
87 if is_record_a_folder = 'Y' OR is_record_a_folder = 'y' then
88 thisid := oid;--if curr selection is a folder, fine lets look up access on folder
89 else
90 thisid := fid;-- if current record is an object, walk up to its parent folder
91 end if;
92
93 select max(privilege) into priv from bism_permissions where
94 object_id = thisid and subject_id in
95 (
96 select group_id from bism_groups where user_id = curr_user_id
97 );
98
99 if priv is null then
100 begin
101 select object_name into name from bism_objects where object_id = thisid;
102 raise_application_error(BISM_ERRORCODES.NO_PRIVILEGES,'User has no privileges for folder');
103 exception
104 when no_data_found then
105 raise_application_error(BISM_ERRORCODES.FOLDER_NOT_FOUND,'Folder not found');
106 end;
107 end if;
108
109 if priv >= 40 then
110 return 'y';
111 else
112 raise_application_error(BISM_ERRORCODES.INSUFFICIENT_PRIVILEGES,'Insufficient privileges');
113 end if;
114
115 exception
116 when no_data_found then
117 dbms_output.put_line('Exception occurred - No Data Found');
118 return 'n';
119
120 end;
121
122
123 function check_read_access(oid raw,fid raw,current_selection_is_folder varchar2,curr_user_id raw)
124 return varchar2
125 is
126 priv number(2):=0;
127 tempid raw(16);
128 name bism_objects.object_name%type;
129 begin
130
131 if current_selection_is_folder = 'Y' OR current_selection_is_folder = 'y' then
132 tempid := oid;
133 else
134 tempid := fid;
135 end if;
136
137 select max(privilege) into priv from bism_permissions where
138 object_id = tempid and subject_id in
139 (
140 select group_id from bism_groups where user_id = curr_user_id
141 );
142
143 if priv is null then
144 begin
145 select object_name into name from bism_objects where object_id = tempid;
146 raise_application_error(BISM_ERRORCODES.NO_PRIVILEGES,'User has no privileges for folder');
147 exception
148 when no_data_found then
149 raise_application_error(BISM_ERRORCODES.FOLDER_NOT_FOUND,'Folder not found');
150 end;
151 end if;
152
153 if priv >= 20 then
154 return 'y';
155 else
156 raise_application_error(BISM_ERRORCODES.INSUFFICIENT_PRIVILEGES,'Insufficient privileges');
157 end if;
158 exception
159 when no_data_found then
160 return 'n';
161
162 end;
163
164
165 function check_del_access(oid raw,fid raw,is_folder varchar2,name varchar2,curr_user_id raw)
166 return varchar2
167 is
168 c1 number;
169 c2 number;
170 priv number(2):=0;
171 tempid bism_objects.object_id%type;
172 fname bism_objects.object_name%type;
173 begin
174
175 if is_folder = 'N' OR is_folder = 'n' then
176 -- if the record is an object, check its folder privilege
177 -- unbind() enters this block
178 tempid := fid;
179 else
180 -- if the selected record is a folder, use its oid
181 tempid := oid;
182 end if;
183
184
185 select max(privilege) into priv from bism_permissions
186 where object_id = tempid and subject_id in
187 (
188 select group_id from bism_groups where user_id = curr_user_id
189 );
190
191
192 if priv is null then
193 begin
194 select object_name into fname from bism_objects where object_id = tempid;
195 raise_application_error(BISM_ERRORCODES.NO_PRIVILEGES,'User has no privileges for folder');
196 exception
197 when no_data_found then
198 raise_application_error(BISM_ERRORCODES.FOLDER_NOT_FOUND,'Folder not found');
199 end;
200 end if;
201
202 if priv >=40 then
203 return 'y';
204 else
205 raise_application_error(BISM_ERRORCODES.INSUFFICIENT_PRIVILEGES,'Insufficient privileges');
206 end if;
207 exception
208 when no_data_found then
209 dbms_output.put_line('Exception occurred - No Data Found');
210 return 'n';
211
212 end;
213
214
215 function check_fullcontrol_access(oid raw,myid raw)
216 return varchar2
217 is
218 priv number(2):=0;
219 name bism_objects.object_name%type;
220 begin
221 -- this function mus be called only on a folder
222 select max(privilege) into priv from bism_permissions where
223 object_id = oid and subject_id in
224 (
225 select group_id from bism_groups where user_id = myid
226 );
227
228 if priv is null then
229 begin
230 select object_name into name from bism_objects where object_id = oid;
231 raise_application_error(BISM_ERRORCODES.NO_PRIVILEGES,'User has no privileges for folder');
232 exception
233 when no_data_found then
234 raise_application_error(BISM_ERRORCODES.FOLDER_NOT_FOUND,'Folder not found');
235 end;
236 end if;
237
238 if priv >= 50 then
239 return 'y';
240 else
241 raise_application_error(BISM_ERRORCODES.INSUFFICIENT_PRIVILEGES,'Insufficient privileges');
242 end if;
243 exception
244 when no_data_found then
245 dbms_output.put_line('Exception occurred - No Data Found');
246 return 'n';
247
248 end;
249
250 function check_show_entries_access(oid raw,myid raw)
251 return varchar2
252 is
253 priv number(2):=0;
254 name bism_objects.object_name%type;
255 oname bism_objects.object_name%type;
256 begin
257
258 -- this function must be called only on a folder
259 -- for now entries() is the only method calling this
260
261 select max(privilege) into priv from bism_permissions where
262 object_id = oid and subject_id in
263 (
264 select group_id from bism_groups where user_id = myid
265 );
266
267 if priv is null then
268 begin
269 select object_name into name from bism_objects where object_id = oid;
270 raise_application_error(BISM_ERRORCODES.NO_PRIVILEGES,'User has no privileges for folder');
271 exception
272 when no_data_found then
273 raise_application_error(BISM_ERRORCODES.FOLDER_NOT_FOUND,'Folder not found');
274 end;
275 end if;
276
277 -- to list the entries on a folder, the caller should have atleast the
278 -- LIST access. Originally I have coded it in such a way that the caller
279 -- needed to have FULLCONTROL (50) but then we found that NT allows the
280 -- user with LIST access to see the AclEntries on a folder, so Henry and I
281 -- decided to change the behavior here to be compliant with NT
282 -- now I only check for priv of 10
283 if priv >= 10 then
284 return 'y';
285 else
286 raise_application_error(BISM_ERRORCODES.INSUFFICIENT_PRIVILEGES, 'Insufficient privileges to show entries');
287 end if;
288 exception
289 when no_data_found then
290 begin
291 select object_name into oname from bism_objects where object_id = oid;
292 raise_application_error(BISM_ERRORCODES.NO_PRIVILEGES,'User has no privileges for folder');
293 exception
294 when no_data_found then
295 raise_application_error(BISM_ERRORCODES.FOLDER_NOT_FOUND,'Folder not found');
296 end;
297
298 return 'n';
299
300 end;
301
302
303 function dummy_op(oid raw,myid raw)
304 return varchar2
305 is
306 begin
307 return 'y';
308 end;
309
310 function dummy_op2(oid raw,fid raw,current_selection_is_folder varchar2,myid raw)
311 return varchar2
312 is
313 begin
314 return 'y';
315 end;
316
317 end bism_access_control;