/src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java - Annotate - Metacat - Ecoinformatics Redmine

metacat/src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java @ 10288

-            cjones
+/**
  *  '$RCSfile$'
  *  Copyright: 2000-2011 Regents of the University of California and the
  *              National Center for Ecological Analysis and Synthesis
+ *
  *   '$Author$'
  *     '$Date$'
+ *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
  * (at your option) any later version.
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 package edu.ucsb.nceas.metacat.dataone;
-            tao
+import java.io.ByteArrayOutputStream;
-            cjones
+import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.FileOutputStream;
 import java.io.IOException;
-            cjones
+import java.io.InputStream;
-            cjones
+import java.io.OutputStream;
-            tao
+import java.io.OutputStreamWriter;
 import java.io.Writer;
-            tao
+import java.math.BigInteger;
-            tao
+import java.security.DigestOutputStream;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-            tao
+import java.sql.PreparedStatement;
 import java.sql.ResultSet;
-            cjones
+import java.sql.SQLException;
-            leinfelder
+import java.util.ArrayList;
-            leinfelder
+import java.util.Calendar;
-            cjones
+import java.util.Date;
-            cjones
+import java.util.Hashtable;
-            leinfelder
+import java.util.Iterator;
-            leinfelder
+import java.util.List;
-            leinfelder
+import java.util.Set;
-            cjones
+import java.util.Timer;
-            tao
+import java.util.Vector;
-            leinfelder
+import java.util.concurrent.locks.Lock;
             cjones
-            leinfelder
+import javax.servlet.http.HttpServletRequest;
-            tao
+import javax.xml.bind.DatatypeConverter;
             cjones
-            cjones
+import org.apache.commons.io.IOUtils;
-            leinfelder
+import org.apache.log4j.Logger;
-            leinfelder
+import org.dataone.client.v2.CNode;
 import org.dataone.client.v2.itk.D1Client;
 import org.dataone.client.v2.formats.ObjectFormatCache;
-            tao
+import org.dataone.configuration.Settings;
-            cjones
+import org.dataone.service.exceptions.BaseException;
-            cjones
+import org.dataone.service.exceptions.IdentifierNotUnique;
 import org.dataone.service.exceptions.InsufficientResources;
-            cjones
+import org.dataone.service.exceptions.InvalidRequest;
-            cjones
+import org.dataone.service.exceptions.InvalidSystemMetadata;
-            cjones
+import org.dataone.service.exceptions.InvalidToken;
 import org.dataone.service.exceptions.NotAuthorized;
 import org.dataone.service.exceptions.NotFound;
 import org.dataone.service.exceptions.NotImplemented;
 import org.dataone.service.exceptions.ServiceFailure;
-            cjones
+import org.dataone.service.exceptions.UnsupportedType;
-            leinfelder
+import org.dataone.service.types.v1.AccessRule;
-            tao
+import org.dataone.service.types.v1.Checksum;
-            leinfelder
+import org.dataone.service.types.v1.DescribeResponse;
-            leinfelder
+import org.dataone.service.types.v1.Group;
-            leinfelder
+import org.dataone.service.types.v1.Identifier;
-            tao
+import org.dataone.service.types.v1.ObjectFormatIdentifier;
 import org.dataone.service.types.v1.ObjectList;
-            tao
+import org.dataone.service.types.v1.Person;
-            tao
+import org.dataone.service.types.v1.SubjectInfo;
-            leinfelder
+import org.dataone.service.types.v2.Log;
 import org.dataone.service.types.v2.Node;
-            tao
+import org.dataone.service.types.v2.OptionList;
-            leinfelder
+import org.dataone.service.types.v1.Event;
-            leinfelder
+import org.dataone.service.types.v1.NodeReference;
-            cjones
+import org.dataone.service.types.v1.NodeType;
-            leinfelder
+import org.dataone.service.types.v2.ObjectFormat;
-            leinfelder
+import org.dataone.service.types.v1.Permission;
-            cjones
+import org.dataone.service.types.v1.Replica;
-            leinfelder
+import org.dataone.service.types.v1.Session;
 import org.dataone.service.types.v1.Subject;
-            leinfelder
+import org.dataone.service.types.v2.SystemMetadata;
-            leinfelder
+import org.dataone.service.types.v1.util.AuthUtils;
-            leinfelder
+import org.dataone.service.types.v1.util.ChecksumUtil;
-            leinfelder
+import org.dataone.service.util.Constants;
             cjones
-            tao
+import edu.ucsb.nceas.metacat.AccessionNumber;
-            cjones
+import edu.ucsb.nceas.metacat.AccessionNumberException;
-            tao
+import edu.ucsb.nceas.metacat.DBTransform;
-            cjones
+import edu.ucsb.nceas.metacat.DocumentImpl;
-            leinfelder
+import edu.ucsb.nceas.metacat.EventLog;
 import edu.ucsb.nceas.metacat.IdentifierManager;
-            leinfelder
+import edu.ucsb.nceas.metacat.McdbDocNotFoundException;
-            cjones
+import edu.ucsb.nceas.metacat.MetacatHandler;
-            leinfelder
+import edu.ucsb.nceas.metacat.client.InsufficientKarmaException;
-            tao
+import edu.ucsb.nceas.metacat.common.query.stream.ContentTypeByteArrayInputStream;
-            leinfelder
+import edu.ucsb.nceas.metacat.database.DBConnection;
 import edu.ucsb.nceas.metacat.database.DBConnectionPool;
-            leinfelder
+import edu.ucsb.nceas.metacat.dataone.hazelcast.HazelcastService;
-            leinfelder
+import edu.ucsb.nceas.metacat.index.MetacatSolrIndex;
-            cjones
+import edu.ucsb.nceas.metacat.properties.PropertyService;
-            cjones
+import edu.ucsb.nceas.metacat.replication.ForceReplicationHandler;
-            tao
+import edu.ucsb.nceas.metacat.util.SkinUtil;
-            cjones
+import edu.ucsb.nceas.utilities.PropertyNotFoundException;
             leinfelder
-            cjones
+public abstract class D1NodeService {
             tao
   public static final String DELETEDMESSAGE = "The object with the PID has been deleted from the node.";
             walker
-            cjones
+  private static Logger logMetacat = Logger.getLogger(D1NodeService.class);
             leinfelder
-            leinfelder
+  /** For logging the operations */
   protected HttpServletRequest request;
             cjones
-            cjones
+  /* reference to the metacat handler */
-            leinfelder
+  protected MetacatHandler handler;
             cjones
-            cjones
+  /* parameters set in the incoming request */
-            tao
+  //private Hashtable<String, String[]> params;
             leinfelder
   /**
-            leinfelder
+   * limit paged results sets to a configured maximum
    */
   protected static int MAXIMUM_DB_RECORD_COUNT = 7000;
   static {
 		try {
 			MAXIMUM_DB_RECORD_COUNT = Integer.valueOf(PropertyService.getProperty("database.webResultsetSize"));
 		} catch (Exception e) {
 			logMetacat.warn("Could not set MAXIMUM_DB_RECORD_COUNT", e);
+		}
+	}
   /**
-            leinfelder
+   * out-of-band session object to be used when not passed in as a method parameter
    */
   protected Session session;
             cjones
-            cjones
+  /**
    * Constructor - used to set the metacatUrl from a subclass extending D1NodeService
+   *
    * @param metacatUrl - the URL of the metacat service, including the ending /d1
    */
-            leinfelder
+  public D1NodeService(HttpServletRequest request) {
 		this.request = request;
+	}
             leinfelder
-            cjones
+  /**
-            leinfelder
+   * retrieve the out-of-band session
    * @return
    */
   	public Session getSession() {
 		return session;
+	}
   	/**
   	 * Set the out-of-band session
   	 * @param session
   	 */
 	public void setSession(Session session) {
 		this.session = session;
+	}
   /**
-            leinfelder
+   * This method provides a lighter weight mechanism than
    * getSystemMetadata() for a client to determine basic
    * properties of the referenced object.
+   *
    * @param session - the Session object containing the credentials for the Subject
    * @param pid - the identifier of the object to be described
+   *
    * @return describeResponse - A set of values providing a basic description
    *                            of the object.
+   *
    * @throws InvalidToken
    * @throws ServiceFailure
    * @throws NotAuthorized
    * @throws NotFound
    * @throws NotImplemented
    * @throws InvalidRequest
    */
   public DescribeResponse describe(Session session, Identifier pid)
       throws InvalidToken, ServiceFailure, NotAuthorized, NotFound, NotImplemented {
             tao
       String serviceFailureCode = "4931";
       Identifier sid = getPIDForSID(pid, serviceFailureCode);
       if(sid != null) {
           pid = sid;
+      }
             leinfelder
     // get system metadata and construct the describe response
       SystemMetadata sysmeta = getSystemMetadata(session, pid);
       DescribeResponse describeResponse =
       	new DescribeResponse(sysmeta.getFormatId(), sysmeta.getSize(),
       			sysmeta.getDateSysMetadataModified(),
       			sysmeta.getChecksum(), sysmeta.getSerialVersion());
       return describeResponse;
+  }
   /**
-            leinfelder
+   * Deletes an object from the Member Node, where the object is either a
    * data object or a science metadata object.
+   *
    * @param session - the Session object containing the credentials for the Subject
    * @param pid - The object identifier to be deleted
+   *
    * @return pid - the identifier of the object used for the deletion
+   *
    * @throws InvalidToken
    * @throws ServiceFailure
    * @throws NotAuthorized
    * @throws NotFound
    * @throws NotImplemented
    * @throws InvalidRequest
    */
   public Identifier delete(Session session, Identifier pid)
       throws InvalidToken, ServiceFailure, NotAuthorized, NotFound, NotImplemented {
             tao
-            leinfelder
+      String localId = null;
       if (session == null) {
       	throw new InvalidToken("1330", "No session has been provided");
+      }
-            leinfelder
+      // just for logging purposes
       String username = session.getSubject().getValue();
             leinfelder
       // do we have a valid pid?
       if (pid == null || pid.getValue().trim().equals("")) {
           throw new ServiceFailure("1350", "The provided identifier was invalid.");
+      }
       // check for the existing identifier
       try {
           localId = IdentifierManager.getInstance().getLocalId(pid.getValue());
       } catch (McdbDocNotFoundException e) {
           throw new NotFound("1340", "The object with the provided " + "identifier was not found.");
-            tao
+      } catch (SQLException e) {
           throw new ServiceFailure("1350", "The object with the provided " + "identifier "+pid.getValue()+" couldn't be identified since "+e.getMessage());
             leinfelder
             leinfelder
-            leinfelder
+      try {
-            leinfelder
+          // delete the document, as admin
           DocumentImpl.delete(localId, null, null, null, true);
           EventLog.getInstance().log(request.getRemoteAddr(), request.getHeader("User-Agent"), username, localId, Event.DELETE.xmlValue());
           // archive it
-            leinfelder
+          // DocumentImpl.delete() now sets this
           // see https://redmine.dataone.org/issues/3406
 //          SystemMetadata sysMeta = HazelcastService.getInstance().getSystemMetadataMap().get(pid);
 //          sysMeta.setArchived(true);
 //          sysMeta.setDateSysMetadataModified(Calendar.getInstance().getTime());
 //          HazelcastService.getInstance().getSystemMetadataMap().put(pid, sysMeta);
             leinfelder
-            leinfelder
+      } catch (McdbDocNotFoundException e) {
           throw new NotFound("1340", "The provided identifier was invalid.");
             leinfelder
-            leinfelder
+      } catch (SQLException e) {
           throw new ServiceFailure("1350", "There was a problem deleting the object." + "The error message was: " + e.getMessage());
             leinfelder
-            leinfelder
+      } catch (InsufficientKarmaException e) {
-            cjones
+          if ( logMetacat.isDebugEnabled() ) {
               e.printStackTrace();
+          }
-            leinfelder
+          throw new NotAuthorized("1320", "The provided identity does not have " + "permission to DELETE objects on the Member Node.");
             cjones
-            leinfelder
+      } catch (Exception e) { // for some reason DocumentImpl throws a general Exception
           throw new ServiceFailure("1350", "There was a problem deleting the object." + "The error message was: " + e.getMessage());
             leinfelder
       return pid;
+  }
   /**
-            leinfelder
+   * Low level, "are you alive" operation. A valid ping response is
    * indicated by a HTTP status of 200.
+   *
    * @return true if the service is alive
+   *
    * @throws NotImplemented
    * @throws ServiceFailure
    * @throws InsufficientResources
    */
   public Date ping()
       throws NotImplemented, ServiceFailure, InsufficientResources {
       // test if we can get a database connection
       int serialNumber = -1;
       DBConnection dbConn = null;
       try {
           dbConn = DBConnectionPool.getDBConnection("MNodeService.ping");
           serialNumber = dbConn.getCheckOutSerialNumber();
       } catch (SQLException e) {
       	ServiceFailure sf = new ServiceFailure("", e.getMessage());
       	sf.initCause(e);
           throw sf;
       } finally {
           // Return the database connection
           DBConnectionPool.returnDBConnection(dbConn, serialNumber);
+      }
       return Calendar.getInstance().getTime();
+  }
   /**
-            cjones
+   * Adds a new object to the Node, where the object is either a data
    * object or a science metadata object. This method is called by clients
    * to create new data objects on Member Nodes or internally for Coordinating
    * Nodes
+   *
    * @param session - the Session object containing the credentials for the Subject
    * @param pid - The object identifier to be created
    * @param object - the object bytes
    * @param sysmeta - the system metadata that describes the object
+   *
    * @return pid - the object identifier created
+   *
    * @throws InvalidToken
    * @throws ServiceFailure
    * @throws NotAuthorized
    * @throws IdentifierNotUnique
    * @throws UnsupportedType
    * @throws InsufficientResources
    * @throws InvalidSystemMetadata
    * @throws NotImplemented
    * @throws InvalidRequest
    */
   public Identifier create(Session session, Identifier pid, InputStream object,
     SystemMetadata sysmeta)
     throws InvalidToken, ServiceFailure, NotAuthorized, IdentifierNotUnique,
     UnsupportedType, InsufficientResources, InvalidSystemMetadata,
     NotImplemented, InvalidRequest {
             cjones
-            cjones
+    Identifier resultPid = null;
     String localId = null;
     boolean allowed = false;
-            leinfelder
+    // check for null session
     if (session == null) {
     	throw new InvalidToken("4894", "Session is required to WRITE to the Node.");
+    }
     Subject subject = session.getSubject();
-            leinfelder
+    Subject publicSubject = new Subject();
     publicSubject.setValue(Constants.SUBJECT_PUBLIC);
 	// be sure the user is authenticated for create()
-            leinfelder
+    if (subject == null || subject.getValue() == null ||
-            leinfelder
+        subject.equals(publicSubject) ) {
-            cjones
+      throw new NotAuthorized("1100", "The provided identity does not have " +
-            leinfelder
+        "permission to WRITE to the Node.");
             cjones
+    }
             tao
-            cjones
+    // verify that pid == SystemMetadata.getIdentifier()
     logMetacat.debug("Comparing pid|sysmeta_pid: " +
       pid.getValue() + "|" + sysmeta.getIdentifier().getValue());
     if (!pid.getValue().equals(sysmeta.getIdentifier().getValue())) {
         throw new InvalidSystemMetadata("1180",
             "The supplied system metadata is invalid. " +
             "The identifier " + pid.getValue() + " does not match identifier" +
             "in the system metadata identified by " +
             sysmeta.getIdentifier().getValue() + ".");
+    }
             tao
-            tao
+    if(sysmeta.getChecksum() == null) {
         logMetacat.error("D1NodeService.create - the checksum object from the system metadata shouldn't be null for the object "+pid.getValue());
         throw new InvalidSystemMetadata("1180", "The checksum object from the system metadata shouldn't be null.");
+    }
             cjones
-            leinfelder
+    logMetacat.debug("Checking if identifier exists: " + pid.getValue());
-            cjones
+    // Check that the identifier does not already exist
-            tao
+    boolean idExists = false;
     try {
         idExists = IdentifierManager.getInstance().identifierExists(pid.getValue());
     } catch (SQLException e) {
         throw new ServiceFailure("1190",
                                 "The requested identifier " + pid.getValue() +
                                 " couldn't be determined if it is unique since : "+e.getMessage());
+    }
     if (idExists) {
-            leinfelder
+	    	throw new IdentifierNotUnique("1120",
 			          "The requested identifier " + pid.getValue() +
 			          " is already used by another object and" +
 			          "therefore can not be used for this object. Clients should choose" +
 			          "a new identifier that is unique and retry the operation or " +
-            leinfelder
+			          "use CN.reserveIdentifier() to reserve one.");
             leinfelder
             cjones
             leinfelder
             tao
-            leinfelder
+    // TODO: this probably needs to be refined more
-            cjones
+    try {
       allowed = isAuthorized(session, pid, Permission.WRITE);
     } catch (NotFound e) {
       // The identifier doesn't exist, writing should be fine.
       allowed = true;
+    }
-            tao
+    if(!allowed) {
         throw new NotAuthorized("1100", "Provited Identity doesn't have the WRITE permission on the pid "+pid.getValue());
+    }
             tao
             leinfelder
-            cjones
+    // we have the go ahead
-            tao
+    //if ( allowed ) {
             tao
         logMetacat.debug("Allowed to insert: " + pid.getValue());
-            tao
+        // save the sysmeta
         try {
             // lock and unlock of the pid happens in the subclass
             HazelcastService.getInstance().getSystemMetadataMap().put(sysmeta.getIdentifier(), sysmeta);
         } catch (Exception e) {
-            tao
+            logMetacat.error("D1Node.create - There was problem to save the system metadata: " + pid.getValue(), e);
             throw new ServiceFailure("1190", "There was problem to save the system metadata: " + pid.getValue()+" since "+e.getMessage());
             tao
-            tao
+        boolean isScienceMetadata = false;
-            cjones
+      // Science metadata (XML) or science data object?
       // TODO: there are cases where certain object formats are science metadata
       // but are not XML (netCDF ...).  Handle this.
       if ( isScienceMetadata(sysmeta) ) {
-            tao
+        isScienceMetadata = true;
-            cjones
+        // CASE METADATA:
-            tao
+      	//String objectAsXML = "";
-            cjones
+        try {
-            tao
+	        //objectAsXML = IOUtils.toString(object, "UTF-8");
-            leinfelder
+            String formatId = null;
             if(sysmeta.getFormatId() != null)  {
                 formatId = sysmeta.getFormatId().getValue();
+            }
-            tao
+	        localId = insertOrUpdateDocument(object,"UTF-8", pid, session, "insert", formatId, sysmeta.getChecksum());
-            cjones
+	        //localId = im.getLocalId(pid.getValue());
         } catch (IOException e) {
-            tao
+            removeSystemMetaAndIdentifier(pid);
-            tao
+        	String msg = "The Node is unable to create the object "+pid.getValue() +
           " There was a problem converting the object to XML";
         	logMetacat.error(msg, e);
-            cjones
+          throw new ServiceFailure("1190", msg + ": " + e.getMessage());
-            tao
+        } catch (ServiceFailure e) {
-            tao
+            removeSystemMetaAndIdentifier(pid);
-            tao
+            logMetacat.error("D1NodeService.create - the node couldn't create the object "+pid.getValue()+" since "+e.getMessage(), e);
-            tao
+            throw e;
         } catch (Exception e) {
-            tao
+            removeSystemMetaAndIdentifier(pid);
-            tao
+            logMetacat.error("The node is unable to create the object: "+pid.getValue()+ " since " + e.getMessage(), e);
             throw new ServiceFailure("1190", "The node is unable to create the object: " +pid.getValue()+" since "+ e.getMessage());
             cjones
-            leinfelder
+      } else {
 	      // DEFAULT CASE: DATA (needs to be checked and completed)
-            tao
+          try {
-            tao
+              localId = insertDataObject(object, pid, session, sysmeta.getChecksum());
-            tao
+          } catch (ServiceFailure e) {
-            tao
+              removeSystemMetaAndIdentifier(pid);
-            tao
+              throw e;
-            tao
+          } catch (InvalidSystemMetadata e) {
               removeSystemMetaAndIdentifier(pid);
               throw e;
-            tao
+          } catch (Exception e) {
-            tao
+              removeSystemMetaAndIdentifier(pid);
-            tao
+              throw new ServiceFailure("1190", "The node is unable to create the object "+pid.getValue()+" since " + e.getMessage());
             tao
             leinfelder
-            tao
+    //}
             leinfelder
-            leinfelder
+    logMetacat.debug("Done inserting new object: " + pid.getValue());
-            tao
+    // setting the resulting identifier failed. We will check if the object does exist.
     try {
         if (localId == null || !IdentifierManager.getInstance().objectFileExists(localId, isScienceMetadata) ) {
-            tao
+            removeSystemMetaAndIdentifier(pid);
-            tao
+          throw new ServiceFailure("1190", "The Node is unable to create the object. "+pid.getValue());
+        }
     } catch (PropertyNotFoundException e) {
-            tao
+        removeSystemMetaAndIdentifier(pid);
-            tao
+        throw new ServiceFailure("1190", "The Node is unable to create the object. "+pid.getValue() + " since "+e.getMessage());
             cjones
             tao
             tao
             tao
-            tao
+    try {
         // submit for indexing
         MetacatSolrIndex.getInstance().submit(sysmeta.getIdentifier(), sysmeta, null, true);
     } catch (Exception e) {
         logMetacat.warn("Couldn't create solr index for object "+pid.getValue());
+    }
             leinfelder
-            leinfelder
+    resultPid = pid;
-            tao
+    logMetacat.info("create() complete for object: " + pid.getValue());
             leinfelder
-            cjones
+    return resultPid;
+  }
             tao
   /*
    * Roll-back method when inserting data object fails.
    */
-            tao
+  protected void removeSystemMetaAndIdentifier(Identifier id){
-            tao
+      if(id != null) {
-            tao
+          logMetacat.debug("D1NodeService.removeSystemMeta - the system metadata of object "+id.getValue()+" will removed from both hazelcast and db tables since the object creation failed");
           HazelcastService.getInstance().getSystemMetadataMap().remove(id);
           logMetacat.info("D1NodeService.removeSystemMeta - the system metadata of object "+id.getValue()+" has been removed from both hazelcast and db tables since the object creation failed");
           try {
-            tao
+              if(IdentifierManager.getInstance().mappingExists(id.getValue())) {
                  String localId = IdentifierManager.getInstance().getLocalId(id.getValue());
-            tao
+                 IdentifierManager.getInstance().removeMapping(id.getValue(), localId);
                  logMetacat.info("D1NodeService.removeSystemMeta - the identifier "+id.getValue()+" and local id "+localId+" have been removed from the identifier table since the object creation failed");
+              }
           } catch (Exception e) {
-            tao
+              logMetacat.warn("D1NodeService.removeSysteMeta - can't decide if the mapping of  the pid "+id.getValue()+" exists on the identifier table.");
             tao
             tao
             tao
   /*
    * Roll-back method when inserting data object fails.
    */
   protected void removeSolrIndex(SystemMetadata sysMeta) {
       sysMeta.setSerialVersion(sysMeta.getSerialVersion().add(BigInteger.ONE));
       sysMeta.setArchived(true);
       sysMeta.setDateSysMetadataModified(Calendar.getInstance().getTime());
       try {
           MetacatSolrIndex.getInstance().submit(sysMeta.getIdentifier(), sysMeta, null, false);
       } catch (Exception e) {
           logMetacat.warn("Can't remove the solr index for pid "+sysMeta.getIdentifier().getValue());
+      }
+  }
             cjones
-            cjones
+  /**
    * Return the log records associated with a given event between the start and
    * end dates listed given a particular Subject listed in the Session
+   *
    * @param session - the Session object containing the credentials for the Subject
    * @param fromDate - the start date of the desired log records
    * @param toDate - the end date of the desired log records
    * @param event - restrict log records of a specific event type
    * @param start - zero based offset from the first record in the
    *                set of matching log records. Used to assist with
    *                paging the response.
    * @param count - maximum number of log records to return in the response.
    *                Used to assist with paging the response.
+   *
    * @return the desired log records
+   *
    * @throws InvalidToken
    * @throws ServiceFailure
    * @throws NotAuthorized
    * @throws InvalidRequest
    * @throws NotImplemented
    */
   public Log getLogRecords(Session session, Date fromDate, Date toDate,
-            leinfelder
+      String event, String pidFilter, Integer start, Integer count) throws InvalidToken, ServiceFailure,
-            cjones
+      NotAuthorized, InvalidRequest, NotImplemented {
             cjones
-            leinfelder
+	  // only admin access to this method
 	  // see https://redmine.dataone.org/issues/2855
 	  if (!isAdminAuthorized(session)) {
 		  throw new NotAuthorized("1460", "Only the CN or admin is allowed to harvest logs from this node");
+	  }
-            tao
+    Log log = new Log();
-            cjones
+    IdentifierManager im = IdentifierManager.getInstance();
     EventLog el = EventLog.getInstance();
-            cjones
+    if ( fromDate == null ) {
-            cjones
+      logMetacat.debug("setting fromdate from null");
       fromDate = new Date(1);
+    }
-            cjones
+    if ( toDate == null ) {
-            cjones
+      logMetacat.debug("setting todate from null");
       toDate = new Date();
+    }
             leinfelder
-            cjones
+    if ( start == null ) {
-            leinfelder
+    	start = 0;
             cjones
     if ( count == null ) {
     	count = 1000;
+    }
             leinfelder
     // safeguard against large requests
     if (count > MAXIMUM_DB_RECORD_COUNT) {
     	count = MAXIMUM_DB_RECORD_COUNT;
+    }
             cjones
-            leinfelder
+    String[] filterDocid = null;
-            tao
+    if (pidFilter != null && !pidFilter.trim().equals("")) {
         //check if the given identifier is a sid. If it is sid, choose the current pid of the sid.
         Identifier pid = new Identifier();
         pid.setValue(pidFilter);
         String serviceFailureCode = "1490";
         Identifier sid = getPIDForSID(pid, serviceFailureCode);
         if(sid != null) {
             pid = sid;
+        }
         pidFilter = pid.getValue();
-            leinfelder
+		try {
 	      String localId = im.getLocalId(pidFilter);
 	      filterDocid = new String[] {localId};
 	    } catch (Exception ex) {
 	    	String msg = "Could not find localId for given pidFilter '" + pidFilter + "'";
 	        logMetacat.warn(msg, ex);
 	        //throw new InvalidRequest("1480", msg);
-            tao
+	        return log; //return 0 record
             leinfelder
+    }
-            cjones
+    logMetacat.debug("fromDate: " + fromDate);
     logMetacat.debug("toDate: " + toDate);
             leinfelder
-            tao
+    log = el.getD1Report(null, null, filterDocid, event,
-            cjones
+        new java.sql.Timestamp(fromDate.getTime()),
-            leinfelder
+        new java.sql.Timestamp(toDate.getTime()), false, start, count);
             leinfelder
-            cjones
+    logMetacat.info("getLogRecords");
     return log;
+  }
             cjones
-            cjones
+  /**
    * Return the object identified by the given object identifier
+   *
    * @param session - the Session object containing the credentials for the Subject
    * @param pid - the object identifier for the given object
+   *
    * TODO: The D1 Authorization API doesn't provide information on which
    * authentication system the Subject belongs to, and so it's not possible to
    * discern which Person or Group is a valid KNB LDAP DN.  Fix this.
+   *
    * @return inputStream - the input stream of the given object
+   *
    * @throws InvalidToken
    * @throws ServiceFailure
    * @throws NotAuthorized
    * @throws InvalidRequest
    * @throws NotImplemented
    */
   public InputStream get(Session session, Identifier pid)
     throws InvalidToken, ServiceFailure, NotAuthorized, NotFound,
-            cjones
+    NotImplemented {
             cjones
-            tao
+    String serviceFailureCode = "1030";
     Identifier sid = getPIDForSID(pid, serviceFailureCode);
     if(sid != null) {
         pid = sid;
             tao
-            cjones
+    InputStream inputStream = null; // bytes to be returned
-            cjones
+    handler = new MetacatHandler(new Timer());
-            cjones
+    boolean allowed = false;
     String localId; // the metacat docid for the pid
             cjones
-            cjones
+    // get the local docid from Metacat
     try {
       localId = IdentifierManager.getInstance().getLocalId(pid.getValue());
-            cjones
+    } catch (McdbDocNotFoundException e) {
       throw new NotFound("1020", "The object specified by " +
-            cjones
+                         pid.getValue() +
-            leinfelder
+                         " does not exist at this node.");
-            tao
+    } catch (SQLException e) {
         throw new ServiceFailure("1030", "The object specified by "+ pid.getValue()+
                                   " couldn't be identified at this node since "+e.getMessage());
             cjones
     // check for authorization
-            leinfelder
+    try {
 		allowed = isAuthorized(session, pid, Permission.READ);
 	} catch (InvalidRequest e) {
 		throw new ServiceFailure("1030", e.getDescription());
+	}
             cjones
     // if the person is authorized, perform the read
-            leinfelder
+    if (allowed) {
-            cjones
+      try {
-            leinfelder
+        inputStream = handler.read(localId);
-            tao
+      } catch (McdbDocNotFoundException de) {
           String error ="";
           if(EventLog.getInstance().isDeleted(localId)) {
                 error=DELETEDMESSAGE;
+          }
           throw new NotFound("1020", "The object specified by " +
                            pid.getValue() +
                            " does not exist at this node. "+error);
-            leinfelder
+      } catch (Exception e) {
-            tao
+        throw new ServiceFailure("1030", "The object specified by " +
-            cjones
+            pid.getValue() +
-            tao
+            " could not be returned due to error: " +
             e.getMessage()+". ");
             cjones
             cjones
             cjones
-            cjones
+    // if we fail to set the input stream
     if ( inputStream == null ) {
-            tao
+        String error ="";
         if(EventLog.getInstance().isDeleted(localId)) {
               error=DELETEDMESSAGE;
+        }
         throw new NotFound("1020", "The object specified by " +
-            cjones
+                         pid.getValue() +
-            tao
+                         " does not exist at this node. "+error);
             cjones
-            leinfelder
+	// log the read event
-            leinfelder
+    String principal = Constants.SUBJECT_PUBLIC;
-            leinfelder
+    if (session != null && session.getSubject() != null) {
-            leinfelder
+    	principal = session.getSubject().getValue();
+    }
-            leinfelder
+    EventLog.getInstance().log(request.getRemoteAddr(), request.getHeader("User-Agent"), principal, localId, "read");
             leinfelder
-            cjones
+    return inputStream;
+  }
             cjones
-            cjones
+  /**
    * Return the system metadata for a given object
+   *
    * @param session - the Session object containing the credentials for the Subject
    * @param pid - the object identifier for the given object
+   *
    * @return inputStream - the input stream of the given system metadata object
+   *
    * @throws InvalidToken
    * @throws ServiceFailure
    * @throws NotAuthorized
    * @throws NotFound
    * @throws InvalidRequest
    * @throws NotImplemented
    */
-            cjones
+    public SystemMetadata getSystemMetadata(Session session, Identifier pid)
         throws InvalidToken, ServiceFailure, NotAuthorized, NotFound,
         NotImplemented {
-            tao
+        String serviceFailureCode = "1090";
         Identifier sid = getPIDForSID(pid, serviceFailureCode);
         if(sid != null) {
             pid = sid;
+        }
-            cjones
+        boolean isAuthorized = false;
         SystemMetadata systemMetadata = null;
         List<Replica> replicaList = null;
         NodeReference replicaNodeRef = null;
         List<Node> nodeListBySubject = null;
         Subject subject = null;
             cjones
-            cjones
+        if (session != null ) {
             subject = session.getSubject();
+        }
             cjones
-            leinfelder
+        // check normal authorization
         BaseException originalAuthorizationException = null;
         if (!isAuthorized) {
             try {
                 isAuthorized = isAuthorized(session, pid, Permission.READ);
             cjones
-            leinfelder
+            } catch (InvalidRequest e) {
                 throw new ServiceFailure("1090", e.getDescription());
             } catch (NotAuthorized nae) {
             	// catch this for later
             	originalAuthorizationException = nae;
+			}
+        }
             cjones
-            leinfelder
+        // get the system metadata first because we need the replica list for auth
         systemMetadata = HazelcastService.getInstance().getSystemMetadataMap().get(pid);
         // check the replica information to expand access to MNs that might need it
         if (!isAuthorized) {
 	        try {
 	            // if MNs are listed as replicas, allow access
 	            if ( systemMetadata != null ) {
 	                replicaList = systemMetadata.getReplicaList();
 	                // only check if there are in fact replicas listed
 	                if ( replicaList != null ) {
 	                    if ( subject != null ) {
 	                        // get the list of nodes with a matching node subject
 	                        try {
 	                            nodeListBySubject = listNodesBySubject(session.getSubject());
 	                        } catch (BaseException e) {
 	                            // Unexpected error contacting the CN via D1Client
 	                            String msg = "Caught an unexpected error while trying "
 	                                    + "to potentially authorize system metadata access "
 	                                    + "based on the session subject. The error was "
 	                                    + e.getMessage();
 	                            logMetacat.error(msg);
 	                            if (logMetacat.isDebugEnabled()) {
 	                                e.printStackTrace();
+	                            }
 	                            // isAuthorized is still false
+	                        }
+	                    }
 	                    if (nodeListBySubject != null) {
 	                        // compare node ids to replica node ids
 	                        outer: for (Replica replica : replicaList) {
 	                            replicaNodeRef = replica.getReplicaMemberNode();
 	                            for (Node node : nodeListBySubject) {
 	                                if (node.getIdentifier().equals(replicaNodeRef)) {
 	                                    // node id via session subject matches a replica node
 	                                    isAuthorized = true;
 	                                    break outer;
+	                                }
+	                            }
+	                        }
+	                    }
+	                }
+	            }
 	            // if we still aren't authorized, then we are done
 	            if (!isAuthorized) {
 	                throw new NotAuthorized("1400", Permission.READ
 	                        + " not allowed on " + pid.getValue());
+	            }
             cjones
-            leinfelder
+	        } catch (RuntimeException e) {
 	        	e.printStackTrace();
 	            // convert hazelcast RuntimeException to ServiceFailure
 	            throw new ServiceFailure("1090", "Unexpected error getting system metadata for: " +
 	                pid.getValue());
+	        }
             cjones
             leinfelder
-            cjones
+        // It wasn't in the map
         if ( systemMetadata == null ) {
-            tao
+            String error ="";
             String localId = null;
             try {
                 localId = IdentifierManager.getInstance().getLocalId(pid.getValue());
              } catch (Exception e) {
                 logMetacat.warn("Couldn't find the local id for the pid "+pid.getValue());
+            }
             if(localId != null && EventLog.getInstance().isDeleted(localId)) {
                 error = DELETEDMESSAGE;
-            tao
+            } else if (localId == null && EventLog.getInstance().isDeleted(pid.getValue())) {
                 error = DELETEDMESSAGE;
             tao
             throw new NotFound("1420", "No record found for: " + pid.getValue()+". "+error);
             cjones
         return systemMetadata;
+    }
             cjones
             tao
     /**
      * Test if the specified session represents the authoritative member node for the
      * given object specified by the identifier. According the the DataONE documentation,
      * the authoritative member node has all the rights of the *rightsHolder*.
      * @param session - the Session object containing the credentials for the Subject
      * @param pid - the Identifier of the data object
      * @return true if the session represents the authoritative mn.
      * @throws ServiceFailure
      * @throws NotImplemented
      */
     public boolean isAuthoritativeMNodeAdmin(Session session, Identifier pid) {
         boolean allowed = false;
         //check the parameters
         if(session == null) {
             logMetacat.debug("D1NodeService.isAuthoritativeMNodeAdmin - the session object is null and return false.");
             return allowed;
         } else if (pid == null || pid.getValue() == null || pid.getValue().trim().equals("")) {
             logMetacat.debug("D1NodeService.isAuthoritativeMNodeAdmin - the Identifier object is null (not being specified) and return false.");
             return allowed;
+        }
         //Get the subject from the session
         Subject subject = session.getSubject();
         if(subject != null) {
             //Get the authoritative member node info from the system metadata
             SystemMetadata sysMeta = HazelcastService.getInstance().getSystemMetadataMap().get(pid);
             if(sysMeta != null) {
                 NodeReference authoritativeMNode = sysMeta.getAuthoritativeMemberNode();
                 if(authoritativeMNode != null) {
                         CNode cn = null;
                         try {
                             cn = D1Client.getCN();
-            leinfelder
+                        } catch (BaseException e) {
-            tao
+                            logMetacat.error("D1NodeService.isAuthoritativeMNodeAdmin - couldn't connect to the CN since "+
                                             e.getDescription()+ ". The false value will be returned for the AuthoritativeMNodeAdmin.");
                             return allowed;
+                        }
                         if(cn != null) {
                             List<Node> nodes = null;
                             try {
                                 nodes = cn.listNodes().getNodeList();
                             } catch (NotImplemented e) {
                                 logMetacat.error("D1NodeService.isAuthoritativeMNodeAdmin - couldn't get the member nodes list from the CN since "+e.getDescription()+
                                                 ". The false value will be returned for the AuthoritativeMNodeAdmin.");
                                 return allowed;
                             } catch (ServiceFailure ee) {
                                 logMetacat.error("D1NodeService.isAuthoritativeMNodeAdmin - couldn't get the member nodes list from the CN since "+ee.getDescription()+
                                                 ". The false value will be returned for the AuthoritativeMNodeAdmin.");
                                 return allowed;
+                            }
                             if(nodes != null) {
                                 for(Node node : nodes) {
                                     //find the authoritative node and get its subjects
                                     if (node.getType() == NodeType.MN && node.getIdentifier() != null && node.getIdentifier().equals(authoritativeMNode)) {
                                         List<Subject> nodeSubjects = node.getSubjectList();
                                         if(nodeSubjects != null) {
                                             // check if the session subject is in the node subject list
                                             for (Subject nodeSubject : nodeSubjects) {
                                                 logMetacat.debug("D1NodeService.isAuthoritativeMNodeAdmin(), comparing subjects: " +
                                                     nodeSubject.getValue() + " and " + subject.getValue());
                                                 if ( nodeSubject != null && nodeSubject.equals(subject) ) {
                                                     allowed = true; // subject of session == target node subject
                                                     break;
+                                                }
+                                            }
+                                        }
+                                    }
+                                }
+                            }
+                        }
+                }
+            }
+        }
         return allowed;
+    }
-            cjones
+  /**
-            cjones
+   * Test if the user identified by the provided token has administrative authorization
+   *
    * @param session - the Session object containing the credentials for the Subject
+   *
-            tao
+   * @return true if the user is admin (mn itself or a cn )
             cjones
    * @throws ServiceFailure
    * @throws InvalidToken
    * @throws NotFound
    * @throws NotAuthorized
    * @throws NotImplemented
    */
-            leinfelder
+  public boolean isAdminAuthorized(Session session)
-            leinfelder
+      throws ServiceFailure, InvalidToken, NotAuthorized,
-            cjones
+      NotImplemented {
       boolean allowed = false;
             leinfelder
       // must have a session in order to check admin
       if (session == null) {
-            leinfelder
+         logMetacat.debug("In isAdminAuthorized(), session is null ");
          return false;
             leinfelder
-            cjones
+      logMetacat.debug("In isAdminAuthorized(), checking CN or MN authorization for " +
-            leinfelder
+           session.getSubject().getValue());
             cjones
-            leinfelder
+      // check if this is the node calling itself (MN)
-            tao
+      try {
           allowed = isNodeAdmin(session);
       } catch (Exception e) {
           logMetacat.warn("We can't determine if the session is a node subject. But we will contiune to check if it is a cn subject.");
+      }
             cjones
             tao
-            leinfelder
+      // check the CN list
       if (!allowed) {
-            tao
+	      allowed = isCNAdmin(session);
+      }
       return allowed;
+  }
   /*
    * Determine if the specified session is a CN or not. Return true if it is; otherwise false.
    */
   protected boolean isCNAdmin (Session session) {
       boolean allowed = false;
       List<Node> nodes = null;
-            tao
+      logMetacat.debug("D1NodeService.isCNAdmin - the beginning");
-            tao
+      try {
           // are we allowed to do this? only CNs are allowed
           CNode cn = D1Client.getCN();
-            tao
+          logMetacat.debug("D1NodeService.isCNAdmin - after getting the cn.");
-            tao
+          nodes = cn.listNodes().getNodeList();
-            tao
+          logMetacat.debug("D1NodeService.isCNAdmin - after getting the node list.");
             cjones
-            tao
+      catch (Throwable e) {
-            tao
+          logMetacat.warn("Couldn't get the node list from the cn since "+e.getMessage()+". So we can't determine if the subject is a CN.");
-            tao
+          return false;
+      }
       if ( nodes == null ) {
           return false;
           //throw new ServiceFailure("4852", "Couldn't get node list.");
+      }
             cjones
-            tao
+      // find the node in the node list
       for ( Node node : nodes ) {
           NodeReference nodeReference = node.getIdentifier();
-            tao
+          logMetacat.debug("In isCNAdmin(), a Node reference from the CN node list is: " + nodeReference.getValue());
             tao
           Subject subject = session.getSubject();
           if (node.getType() == NodeType.CN) {
               List<Subject> nodeSubjects = node.getSubjectList();
               // check if the session subject is in the node subject list
               for (Subject nodeSubject : nodeSubjects) {
-            tao
+                  logMetacat.debug("In isCNAdmin(), comparing subjects: " +
-            tao
+                      nodeSubject.getValue() + " and the user " + subject.getValue());
-            tao
+                  if ( nodeSubject.equals(subject) ) {
                       allowed = true; // subject of session == target node subject
                       break;
+                  }
+              }
+          }
+      }
-            tao
+      logMetacat.debug("D1NodeService.isCNAdmin. Is it a cn admin? "+allowed);
-            cjones
+      return allowed;
+  }
   /**
-            leinfelder
+   * Test if the user identified by the provided token has administrative authorization
    * on this node because they are calling themselves
+   *
    * @param session - the Session object containing the credentials for the Subject
+   *
    * @return true if the user is this node
    * @throws ServiceFailure
    * @throws NotImplemented
    */
   public boolean isNodeAdmin(Session session) throws NotImplemented, ServiceFailure {
       boolean allowed = false;
       // must have a session in order to check admin
       if (session == null) {
          logMetacat.debug("In isNodeAdmin(), session is null ");
          return false;
+      }
-            tao
+      logMetacat.debug("In isNodeAdmin(), MN authorization for the user " +
-            leinfelder
+           session.getSubject().getValue());
       Node node = MNodeService.getInstance(request).getCapabilities();
       NodeReference nodeReference = node.getIdentifier();
       logMetacat.debug("In isNodeAdmin(), Node reference is: " + nodeReference.getValue());
       Subject subject = session.getSubject();
       if (node.getType() == NodeType.MN) {
           List<Subject> nodeSubjects = node.getSubjectList();
           // check if the session subject is in the node subject list
           for (Subject nodeSubject : nodeSubjects) {
               logMetacat.debug("In isNodeAdmin(), comparing subjects: " +
-            tao
+                  nodeSubject.getValue() + " and the user" + subject.getValue());
-            leinfelder
+              if ( nodeSubject.equals(subject) ) {
                   allowed = true; // subject of session == this node's subect
                   break;
+              }
+          }
+      }
-            tao
+      logMetacat.debug("In is NodeAdmin method. Is this a node admin? "+allowed);
-            leinfelder
+      return allowed;
+  }
   /**
-            cjones
+   * Test if the user identified by the provided token has authorization
-            cjones
+   * for the operation on the specified object.
-            tao
+   * Allowed subjects include:
    * 1. CNs
    * 2. Authoritative node
    * 3. Owner of the object
    * 4. Users with the specified permission in the access rules.
             cjones
    * @param session - the Session object containing the credentials for the Subject
    * @param pid - The identifer of the resource for which access is being checked
    * @param operation - The type of operation which is being requested for the given pid
+   *
    * @return true if the operation is allowed
+   *
    * @throws ServiceFailure
    * @throws InvalidToken
    * @throws NotFound
    * @throws NotAuthorized
    * @throws NotImplemented
    * @throws InvalidRequest
    */
   public boolean isAuthorized(Session session, Identifier pid, Permission permission)
     throws ServiceFailure, InvalidToken, NotFound, NotAuthorized,
-            leinfelder
+    NotImplemented, InvalidRequest {
             cjones
-            cjones
+    boolean allowed = false;
-            leinfelder
+    if (permission == null) {
     	throw new InvalidRequest("1761", "Permission was not provided or is invalid");
+    }
-            cjones
+    // always allow CN access
-            leinfelder
+    if ( isAdminAuthorized(session) ) {
-            cjones
+        allowed = true;
         return allowed;
+    }
-            tao
+    String serviceFailureCode = "1760";
     Identifier sid = getPIDForSID(pid, serviceFailureCode);
     if(sid != null) {
         pid = sid;
+    }
-            tao
+    // the authoritative member node of the pid always has the access as well.
     if (isAuthoritativeMNodeAdmin(session, pid)) {
         allowed = true;
         return allowed;
+    }
-            tao
+    //is it the owner of the object or the access rules allow the user?
     allowed = userHasPermission(session,  pid, permission );
             leinfelder
-            leinfelder
+    // throw or return?
-            cjones
+    if (!allowed) {
-            tao
+     // track the identities we have checked against
       StringBuffer includedSubjects = new StringBuffer();
       Set<Subject> subjects = AuthUtils.authorizedClientSubjects(session);
       for (Subject s: subjects) {
              includedSubjects.append(s.getValue() + "; ");
+        }
       throw new NotAuthorized("1820", permission + " not allowed on " + pid.getValue() + " for subject[s]: " + includedSubjects.toString() );
             cjones
             leinfelder
-            cjones
+    return allowed;
             cjones
             cjones
             tao
-            cjones
+  /*
-            tao
+   * Determine if a user has the permission to perform the specified permission.
    * 1. Owner can have any permission.
    * 2. Access table allow the user has the permission
    */
-            tao
+  public static boolean userHasPermission(Session userSession, Identifier pid, Permission permission ) throws NotFound, ServiceFailure, NotImplemented, InvalidRequest, InvalidToken, NotAuthorized {
-            tao
+      boolean allowed = false;
       // permissions are hierarchical
       List<Permission> expandedPermissions = null;
       // get the subject[s] from the session
       //defer to the shared util for recursively compiling the subjects
       Set<Subject> subjects = AuthUtils.authorizedClientSubjects(userSession);
       // get the system metadata
       String pidStr = pid.getValue();
       SystemMetadata systemMetadata = null;
       try {
           systemMetadata = HazelcastService.getInstance().getSystemMetadataMap().get(pid);
       } catch (Exception e) {
           // convert Hazelcast RuntimeException to NotFound
           logMetacat.error("An error occurred while getting system metadata for identifier " +
-            tao
+              pid.getValue() + ". The error message was: " + e.getMessage(), e);
           throw new ServiceFailure("1090", "Can't get the system metadata for " + pidStr+ " since "+e.getMessage());
             tao
+      }
       // throw not found if it was not found
       if (systemMetadata == null) {
           String localId = null;
           String error = "No system metadata could be found for given PID: " + pidStr;
           try {
               localId = IdentifierManager.getInstance().getLocalId(pid.getValue());
            } catch (Exception e) {
               logMetacat.warn("Couldn't find the local id for the pid "+pidStr);
+          }
           if(localId != null && EventLog.getInstance().isDeleted(localId)) {
               error = error + ". "+DELETEDMESSAGE;
           } else if (localId == null && EventLog.getInstance().isDeleted(pid.getValue())) {
               error = error + ". "+DELETEDMESSAGE;
+          }
           throw new NotFound("1800", error);
+      }
       // do we own it?
       for (Subject s: subjects) {
         logMetacat.debug("Comparing \t" +
                          systemMetadata.getRightsHolder().getValue() +
                          " \tagainst \t" + s.getValue());
           //includedSubjects.append(s.getValue() + "; ");
           allowed = systemMetadata.getRightsHolder().equals(s);
           if (allowed) {
               return allowed;
-            tao
+          } else {
               //check if the rightHolder is a group name. If it is, any member of the group can be considered a the right holder.
               allowed = expandRightsHolder(systemMetadata.getRightsHolder(), s);
               if(allowed) {
                   return allowed;
+              }
             tao
+      }
       // otherwise check the access rules
       try {
           List<AccessRule> allows = systemMetadata.getAccessPolicy().getAllowList();
           search: // label break
           for (AccessRule accessRule: allows) {
             for (Subject s: subjects) {
               logMetacat.debug("Checking allow access rule for subject: " + s.getValue());
               if (accessRule.getSubjectList().contains(s)) {
                   logMetacat.debug("Access rule contains subject: " + s.getValue());
                   for (Permission p: accessRule.getPermissionList()) {
                       logMetacat.debug("Checking permission: " + p.xmlValue());
                       expandedPermissions = expandPermissions(p);
                       allowed = expandedPermissions.contains(permission);
                       if (allowed) {
                           logMetacat.info("Permission granted: " + p.xmlValue() + " to " + s.getValue());
                           break search; //label break
+                      }
+                  }
+              }
+            }
+          }
       } catch (Exception e) {
           // catch all for errors - safe side should be to deny the access
           logMetacat.error("Problem checking authorization - defaulting to deny", e);
           allowed = false;
+      }
       return allowed;
+  }
             tao
   /**
    * Check if the given userSession is the member of the right holder group (if the right holder is a group subject).
    * If the right holder is not a group, it will be false of course.
    * @param rightHolder the subject of the right holder.
    * @param userSession the subject will be compared
    * @return true if the user session is a member of the right holder group; false otherwise.
  * @throws NotImplemented
  * @throws ServiceFailure
  * @throws NotAuthorized
  * @throws InvalidToken
  * @throws InvalidRequest
    */
   public static boolean expandRightsHolder(Subject rightHolder, Subject userSession) throws ServiceFailure, NotImplemented, InvalidRequest, InvalidToken, NotAuthorized {
       boolean is = false;
       if(rightHolder != null && userSession != null && rightHolder.getValue() != null && !rightHolder.getValue().trim().equals("") && userSession.getValue() != null && !userSession.getValue().trim().equals("")) {
           CNode cn = D1Client.getCN();
-            tao
+          logMetacat.debug("D1NodeService.expandRightHolder - at the start of method: after getting the cn node and cn node is "+cn.getNodeBaseServiceUrl());
-            tao
+          String query= rightHolder.getValue();
           int start =0;
-            tao
+          int count= 200;
-            tao
+          String status = null;
           Session session = null;
           SubjectInfo subjects = cn.listSubjects(session, query, status, start, count);
             tao
           while(subjects != null) {
-            tao
+              logMetacat.debug("D1NodeService.expandRightHolder - search the subject "+query+" in the cn and the returned result is not null");
               List<Group> groups = subjects.getGroupList();
-            tao
+              is = isInGroups(userSession, rightHolder, groups);
               if(is) {
                   //since we find it, return it.
                   return is;
               } else {
                   //decide if we need to try the page query for another trying.
                   int sizeOfGroups = 0;
                   if(groups != null) {
                      sizeOfGroups  = groups.size();
             tao
-            tao
+                  List<Person> persons = subjects.getPersonList();
                   int sizeOfPersons = 0;
                   if(persons != null) {
                       sizeOfPersons = persons.size();
+                  }
                   int totalSize = sizeOfGroups+sizeOfPersons;
                   //logMetacat.debug("D1NodeService.expandRightHolder - search the subject "+query+" in the cn and the size of return result is "+totalSize);
                  //we can't find the target on the first query, maybe query again.
                   if(totalSize == count) {
                       start = start+count;
                       logMetacat.debug("D1NodeService.expandRightHolder - search the subject "+query+" in the cn and the size of return result equals the count "+totalSize+" .And we didn't find the target in the this query. So we have to use the page query with the start number "+start);
                       subjects = cn.listSubjects(session, query, status, start, count);
                   } else if (totalSize < count){
                       logMetacat.debug("D1NodeService.expandRightHolder - we are already at the end of the returned restult since the size of returned results "+totalSize+
                           " is less than the count "+count+". So we have to break the loop and finish the try.");
                       break;
                   } else if (totalSize >count) {
                       logMetacat.warn("D1NodeService.expandRightHolder - Something is wrong on the implementation of the method listSubject since the size of returned results "+totalSize+
                               " is greater than the count "+count+". So we have to break the loop and finish the try.");
                       break;
+                  }
             tao
             tao
+          }
           //logMetacat.debug("D1NodeService.expandRightHolder - search the subject "+query+" in the cn and the returned result is null");
-            tao
+          if(!is) {
               logMetacat.debug("D1NodeService.expandRightHolder - We can NOT find any member in the group "+query+" (if it is a group) matches the user "+userSession.getValue());
+          }
       } else {
           logMetacat.debug("D1NodeService.expandRightHolder - We can't determine if the use subject is a member of the right holder group since one of them is null or blank");
+      }
       return is;
+  }
             tao
-            tao
+  /*
-            tao
+   * If the given useSession is a member of a group which is in the given list of groups and has the name of righHolder.
    */
   private static boolean isInGroups(Subject userSession, Subject rightHolder, List<Group> groups) {
       boolean is = false;
       if(groups != null) {
           logMetacat.debug("D1NodeService.isInGroups -  the given groups' (the returned result including groups) size is "+groups.size());
           for(Group group : groups) {
               //logMetacat.debug("D1NodeService.expandRightHolder - group has the subject "+group.getSubject().getValue());
               if(group != null && group.getSubject() != null && group.getSubject().equals(rightHolder)) {
                   logMetacat.debug("D1NodeService.isInGroups - there is a group in the list having the subjecct "+group.getSubject().getValue()+" which matches the right holder's subject "+rightHolder.getValue());
                   List<Subject> members = group.getHasMemberList();
                   if(members != null ){
                       logMetacat.debug("D1NodeService.isInGroups - the group "+group.getSubject().getValue()+" in the cn has members");
                       for(Subject member : members) {
                           logMetacat.debug("D1NodeService.isInGroups - compare the member "+member.getValue()+" with the user "+userSession.getValue());
                           if(member.getValue() != null && !member.getValue().trim().equals("") && userSession.getValue() != null && member.getValue().equals(userSession.getValue())) {
                               logMetacat.debug("D1NodeService.isInGroups - Find it! The member "+member.getValue()+" in the group "+group.getSubject().getValue()+" matches the user "+userSession.getValue());
                               is = true;
                               return is;
+                          }
+                      }
+                  }
                   break;//we found the group but can't find the member matches the user. so break it.
+              }
+          }
       } else {
           logMetacat.debug("D1NodeService.isInGroups -  the given group is null (the returned result does NOT have a group");
+      }
       return is;
+  }
   /*
-            cjones
+   * parse a logEntry and get the relevant field from it
+   *
    * @param fieldname
    * @param entry
    * @return
    */
   private String getLogEntryField(String fieldname, String entry) {
     String begin = "<" + fieldname + ">";
     String end = "</" + fieldname + ">";
     // logMetacat.debug("looking for " + begin + " and " + end +
     // " in entry " + entry);
     String s = entry.substring(entry.indexOf(begin) + begin.length(), entry
         .indexOf(end));
     logMetacat.debug("entry " + fieldname + " : " + s);
     return s;
+  }
             cjones
-            cjones
+  /**
-            cjones
+   * Determine if a given object should be treated as an XML science metadata
    * object.
+   *
    * @param sysmeta - the SystemMetadata describing the object
    * @return true if the object should be treated as science metadata
    */
-            leinfelder
+  public static boolean isScienceMetadata(SystemMetadata sysmeta) {
             cjones
     ObjectFormat objectFormat = null;
     boolean isScienceMetadata = false;
     try {
-            leinfelder
+      objectFormat = ObjectFormatCache.getInstance().getFormat(sysmeta.getFormatId());
-            leinfelder
+      if ( objectFormat.getFormatType().equals("METADATA") ) {
-            cjones
+      	isScienceMetadata = true;
+      }
             cjones
-            tao
+    /*} catch (ServiceFailure e) {
-            cjones
+      logMetacat.debug("There was a problem determining if the object identified by" +
           sysmeta.getIdentifier().getValue() +
-            tao
+          " is science metadata: " + e.getMessage());*/
             cjones
     } catch (NotFound e) {
-            cjones
+      logMetacat.debug("There was a problem determining if the object identified by" +
-            cjones
+          sysmeta.getIdentifier().getValue() +
           " is science metadata: " + e.getMessage());
+    }
     return isScienceMetadata;
             cjones
             cjones
   /**
-            leinfelder
+   * Check fro whitespace in the given pid.
    * null pids are also invalid by default
    * @param pid
    * @return
    */
   public static boolean isValidIdentifier(Identifier pid) {
 	  if (pid != null && pid.getValue() != null && pid.getValue().length() > 0) {
-            leinfelder
+		  return !pid.getValue().matches(".*\\s+.*");
             leinfelder
 	  return false;
+  }
   /**
-            cjones
+   * Insert or update an XML document into Metacat
+   *
    * @param xml - the XML document to insert or update
    * @param pid - the identifier to be used for the resulting object
+   *
    * @return localId - the resulting docid of the document created or updated
+   *
    */
-            leinfelder
+  public String insertOrUpdateDocument(InputStream xmlStream, String encoding,  Identifier pid,
-            tao
+    Session session, String insertOrUpdate, String formatId, Checksum checksum)
-            tao
+    throws ServiceFailure, IOException, PropertyNotFoundException{
             cjones
   	logMetacat.debug("Starting to insert xml document...");
     IdentifierManager im = IdentifierManager.getInstance();
     // generate pid/localId pair for sysmeta
     String localId = null;
-            leinfelder
+    byte[] xmlBytes  = IOUtils.toByteArray(xmlStream);
     IOUtils.closeQuietly(xmlStream);
-            tao
+    String xmlStr = new String(xmlBytes, encoding);
-            cjones
+    if(insertOrUpdate.equals("insert")) {
       localId = im.generateLocalId(pid.getValue(), 1);
     } else {
       //localid should already exist in the identifier table, so just find it
       try {
         logMetacat.debug("Updating pid " + pid.getValue());
         logMetacat.debug("looking in identifier table for pid " + pid.getValue());
         localId = im.getLocalId(pid.getValue());
         logMetacat.debug("localId: " + localId);
         //increment the revision
         String docid = localId.substring(0, localId.lastIndexOf("."));
         String revS = localId.substring(localId.lastIndexOf(".") + 1, localId.length());
         int rev = new Integer(revS).intValue();
         rev++;
         docid = docid + "." + rev;
         localId = docid;
         logMetacat.debug("incremented localId: " + localId);
       } catch(McdbDocNotFoundException e) {
         throw new ServiceFailure("1030", "D1NodeService.insertOrUpdateDocument(): " +
             "pid " + pid.getValue() +
             " should have been in the identifier table, but it wasn't: " +
             e.getMessage());
-            tao
+      } catch (SQLException e) {
           throw new ServiceFailure("1030", "D1NodeService.insertOrUpdateDocument() -"+
                      " couldn't identify if the pid "+pid.getValue()+" is in the identifier table since "+e.getMessage());
             cjones
+    }
-            tao
+    Hashtable<String, String[]> params = new Hashtable<String, String[]>();
-            cjones
+    String[] action = new String[1];
     action[0] = insertOrUpdate;
     params.put("action", action);
     String[] docid = new String[1];
     docid[0] = localId;
     params.put("docid", docid);
     String[] doctext = new String[1];
-            tao
+    doctext[0] = xmlStr;
-            cjones
+    params.put("doctext", doctext);
-            leinfelder
+    String username = Constants.SUBJECT_PUBLIC;
-            cjones
+    String[] groupnames = null;
-            leinfelder
+    if (session != null ) {
     	username = session.getSubject().getValue();
-            leinfelder
+    	Set<Subject> otherSubjects = AuthUtils.authorizedClientSubjects(session);
     	if (otherSubjects != null) {
 			groupnames = new String[otherSubjects.size()];
 			int i = 0;
 			Iterator<Subject> iter = otherSubjects.iterator();
 			while (iter.hasNext()) {
 				groupnames[i] = iter.next().getValue();
 				i++;
+			}
             leinfelder
             cjones
     // do the insert or update action
-            leinfelder
+    handler = new MetacatHandler(new Timer());
-            leinfelder
+    String result = handler.handleInsertOrUpdateAction(request.getRemoteAddr(), request.getHeader("User-Agent"), null,
-            tao
+                        null, params, username, groupnames, false, false, xmlBytes, formatId, checksum);
-            tao
+    boolean isScienceMetadata = true;
     if(result.indexOf("<error>") != -1 || !IdentifierManager.getInstance().objectFileExists(localId, isScienceMetadata)) {
-            cjones
+    	String detailCode = "";
     	if ( insertOrUpdate.equals("insert") ) {
-            leinfelder
+    		// make sure to remove the mapping so that subsequent attempts do not fail with IdentifierNotUnique
     		im.removeMapping(pid.getValue(), localId);
-            cjones
+    		detailCode = "1190";
     	} else if ( insertOrUpdate.equals("update") ) {
     		detailCode = "1310";
+    	}
-            tao
+    	logMetacat.error("D1NodeService.insertOrUpdateDocument - Error inserting or updating document: "+pid.getValue()+" since "+result);
-            cjones
+        throw new ServiceFailure(detailCode,
-            tao
+          "Error inserting or updating document: " +pid.getValue()+" since "+ result);
             cjones
-            tao
+    logMetacat.info("D1NodeService.insertOrUpdateDocument - Finsished inserting xml document with local id " + localId +" and its pid is "+pid.getValue());
             cjones
     return localId;
+  }
   /**
    * Insert a data document
+   *
-            cjones
+   * @param object
    * @param pid
    * @param sessionData
    * @throws ServiceFailure
    * @returns localId of the data object inserted
    */
   public String insertDataObject(InputStream object, Identifier pid,
-            tao
+          Session session, Checksum checksum) throws ServiceFailure, InvalidSystemMetadata {
             cjones
-            leinfelder
+    String username = Constants.SUBJECT_PUBLIC;
-            cjones
+    String[] groupnames = null;
-            leinfelder
+    if (session != null ) {
     	username = session.getSubject().getValue();
-            leinfelder
+    	Set<Subject> otherSubjects = AuthUtils.authorizedClientSubjects(session);
     	if (otherSubjects != null) {
 			groupnames = new String[otherSubjects.size()];
 			int i = 0;
 			Iterator<Subject> iter = otherSubjects.iterator();
 			while (iter.hasNext()) {
 				groupnames[i] = iter.next().getValue();
 				i++;
+			}
             leinfelder
             cjones
             leinfelder
-            cjones
+    // generate pid/localId pair for object
     logMetacat.debug("Generating a pid/localId mapping");
     IdentifierManager im = IdentifierManager.getInstance();
     String localId = im.generateLocalId(pid.getValue(), 1);
-            leinfelder
+    // Save the data file to disk using "localId" as the name
     String datafilepath = null;
 	try {
 		datafilepath = PropertyService.getProperty("application.datafilepath");
 	} catch (PropertyNotFoundException e) {
 		ServiceFailure sf = new ServiceFailure("1190", "Lookup data file path" + e.getMessage());
 		sf.initCause(e);
 		throw sf;
             cjones
-            leinfelder
+    boolean locked = false;
 	try {
 		locked = DocumentImpl.getDataFileLockGrant(localId);
 	} catch (Exception e) {
 		ServiceFailure sf = new ServiceFailure("1190", "Could not lock file for writing:" + e.getMessage());
 		sf.initCause(e);
 		throw sf;
+	}
             cjones
     logMetacat.debug("Case DATA: starting to write to disk.");
 	if (locked) {
           File dataDirectory = new File(datafilepath);
           dataDirectory.mkdirs();
-            tao
+          File newFile = writeStreamToFile(dataDirectory, localId, object, checksum, pid);
             cjones
           // TODO: Check that the file size matches SystemMetadata
           // long size = newFile.length();
           // if (size == 0) {
           //     throw new IOException("Uploaded file is 0 bytes!");
           // }
           // Register the file in the database (which generates an exception
           // if the localId is not acceptable or other untoward things happen
           try {
             logMetacat.debug("Registering document...");
             DocumentImpl.registerDocument(localId, "BIN", localId,
                     username, groupnames);
-            cjones
+            logMetacat.debug("Registration step completed.");
             cjones
           } catch (SQLException e) {
             //newFile.delete();
             logMetacat.debug("SQLE: " + e.getMessage());
             e.printStackTrace(System.out);
-            cjones
+            throw new ServiceFailure("1190", "Registration failed: " +
             		e.getMessage());
             cjones
           } catch (AccessionNumberException e) {
             //newFile.delete();
             logMetacat.debug("ANE: " + e.getMessage());
             e.printStackTrace(System.out);
-            cjones
+            throw new ServiceFailure("1190", "Registration failed: " +
             	e.getMessage());
             cjones
           } catch (Exception e) {
             //newFile.delete();
             logMetacat.debug("Exception: " + e.getMessage());
             e.printStackTrace(System.out);
-            cjones
+            throw new ServiceFailure("1190", "Registration failed: " +
-            cjones
+            	e.getMessage());
+          }
           logMetacat.debug("Logging the creation event.");
           EventLog.getInstance().log(request.getRemoteAddr(), request.getHeader("User-Agent"), username, localId, "create");
           // Schedule replication for this data file, the "insert" action is important here!
           logMetacat.debug("Scheduling replication.");
           ForceReplicationHandler frh = new ForceReplicationHandler(localId, "insert", false, null);
             leinfelder
             cjones
-            leinfelder
+      return localId;
             cjones
             leinfelder
             cjones
-            cjones
+  /**
    * Insert a systemMetadata document and return its localId
    */
-            leinfelder
+  public void insertSystemMetadata(SystemMetadata sysmeta)
-            cjones
+      throws ServiceFailure {
   	  logMetacat.debug("Starting to insert SystemMetadata...");
       sysmeta.setDateSysMetadataModified(Calendar.getInstance().getTime());
       logMetacat.debug("Inserting new system metadata with modified date " +
           sysmeta.getDateSysMetadataModified());
       //insert the system metadata
       try {
         // note: the calling subclass handles the map hazelcast lock/unlock
       	HazelcastService.getInstance().getSystemMetadataMap().put(sysmeta.getIdentifier(), sysmeta);
-            leinfelder
+      	// submit for indexing
-            leinfelder
+        MetacatSolrIndex.getInstance().submit(sysmeta.getIdentifier(), sysmeta, null, true);
-            cjones
+      } catch (Exception e) {
           throw new ServiceFailure("1190", e.getMessage());
+	    }
             cjones
             tao
   /**
    * Retrieve the list of objects present on the MN that match the calling parameters
+   *
    * @param session - the Session object containing the credentials for the Subject
    * @param startTime - Specifies the beginning of the time range from which
    *                    to return object (>=)
    * @param endTime - Specifies the beginning of the time range from which
    *                  to return object (>=)
    * @param objectFormat - Restrict results to the specified object format
    * @param replicaStatus - Indicates if replicated objects should be returned in the list
    * @param start - The zero-based index of the first value, relative to the
    *                first record of the resultset that matches the parameters.
    * @param count - The maximum number of entries that should be returned in
    *                the response. The Member Node may return less entries
    *                than specified in this value.
+   *
    * @return objectList - the list of objects matching the criteria
+   *
    * @throws InvalidToken
    * @throws ServiceFailure
    * @throws NotAuthorized
    * @throws InvalidRequest
    * @throws NotImplemented
    */
-            tao
+  public ObjectList listObjects(Session session, Date startTime, Date endTime, ObjectFormatIdentifier objectFormatId, Identifier identifier, NodeReference nodeId, Integer start,
-            tao
+          Integer count) throws NotAuthorized, InvalidRequest, NotImplemented, ServiceFailure, InvalidToken {
             cjones
-            tao
+      ObjectList objectList = null;
       try {
           // safeguard against large requests
           if (count == null || count > MAXIMUM_DB_RECORD_COUNT) {
               count = MAXIMUM_DB_RECORD_COUNT;
+          }
-            tao
+          boolean isSid = false;
           if(identifier != null) {
               isSid = IdentifierManager.getInstance().systemMetadataSIDExists(identifier);
+          }
-            tao
+          objectList = IdentifierManager.getInstance().querySystemMetadata(startTime, endTime, objectFormatId, nodeId, start, count, identifier, isSid);
-            tao
+      } catch (Exception e) {
           throw new ServiceFailure("1580", "Error querying system metadata: " + e.getMessage());
+      }
       return objectList;
+  }
             walker
-            cjones
+  /**
-            cjones
+   * Update a systemMetadata document
+   *
    * @param sysMeta - the system metadata object in the system to update
    */
-            cjones
+    protected void updateSystemMetadata(SystemMetadata sysMeta)
         throws ServiceFailure {
         logMetacat.debug("D1NodeService.updateSystemMetadata() called.");
         try {
             HazelcastService.getInstance().getSystemMetadataMap().lock(sysMeta.getIdentifier());
-            tao
+            boolean needUpdateModificationDate = true;
             updateSystemMetadataWithoutLock(sysMeta, needUpdateModificationDate);
-            cjones
+        } catch (Exception e) {
             throw new ServiceFailure("4862", e.getMessage());
         } finally {
             HazelcastService.getInstance().getSystemMetadataMap().unlock(sysMeta.getIdentifier());
+        }
+    }
             leinfelder
-            tao
+    /**
-            tao
+     * Update system metadata without locking the system metadata in hazelcast server. So the caller should lock it first.
      * @param sysMeta
      * @param needUpdateModificationDate
      * @throws ServiceFailure
      */
     private void updateSystemMetadataWithoutLock(SystemMetadata sysMeta, boolean needUpdateModificationDate) throws ServiceFailure {
         logMetacat.debug("D1NodeService.updateSystemMetadataWithoutLock() called.");
         if(needUpdateModificationDate) {
             logMetacat.debug("D1NodeService.updateSystemMetadataWithoutLock() - update the modification date.");
             sysMeta.setDateSysMetadataModified(new Date());
+        }
         // submit for indexing
         try {
             HazelcastService.getInstance().getSystemMetadataMap().put(sysMeta.getIdentifier(), sysMeta);
             MetacatSolrIndex.getInstance().submit(sysMeta.getIdentifier(), sysMeta, null, true);
         } catch (Exception e) {
             throw new ServiceFailure("4862", e.getMessage());
             //logMetacat.warn("D1NodeService.updateSystemMetadataWithoutLock - we can't submit the change of the system metadata to the solr index since "+e.getMessage());
+        }
+    }
     /**
      * Update the system metadata of the specified pid. The caller of this method should lock the system metadata in hazelcast server.
-            tao
+     * @param session - the identity of the client which calls the method
      * @param pid - the identifier of the object which will be updated
      * @param sysmeta - the new system metadata
      * @return
      * @throws NotImplemented
      * @throws NotAuthorized
      * @throws ServiceFailure
      * @throws InvalidRequest
      * @throws InvalidSystemMetadata
      * @throws InvalidToken
      */
-            tao
+	protected boolean updateSystemMetadata(Session session, Identifier pid,
-            tao
+			SystemMetadata sysmeta, boolean needUpdateModificationDate, SystemMetadata currentSysmeta, boolean fromCN) throws NotImplemented, NotAuthorized,
-            leinfelder
+			ServiceFailure, InvalidRequest, InvalidSystemMetadata, InvalidToken {
-            tao
+	  // The lock to be used for this identifier
-            leinfelder
+      Lock lock = null;
             tao
-            leinfelder
+      // verify that guid == SystemMetadata.getIdentifier()
       logMetacat.debug("Comparing guid|sysmeta_guid: " + pid.getValue() +
           "|" + sysmeta.getIdentifier().getValue());
       if (!pid.getValue().equals(sysmeta.getIdentifier().getValue())) {
           throw new InvalidRequest("4863",
               "The identifier in method call (" + pid.getValue() +
               ") does not match identifier in system metadata (" +
               sysmeta.getIdentifier().getValue() + ").");
+      }
-            tao
+      //compare serial version.
             tao
       //check the sid
-            tao
+      //SystemMetadata currentSysmeta = HazelcastService.getInstance().getSystemMetadataMap().get(pid);
-            tao
+      logMetacat.debug("The current dateUploaded is ============"+currentSysmeta.getDateUploaded());
       logMetacat.debug("the dateUploaded in the new system metadata is "+sysmeta.getDateUploaded());
       logMetacat.debug("The current dateUploaded is (by time) ============"+currentSysmeta.getDateUploaded().getTime());
       logMetacat.debug("the dateUploaded in the new system metadata is (by time) "+sysmeta.getDateUploaded().getTime());
-            tao
+      if(currentSysmeta == null ) {
-            tao
+          //do we need throw an exception?
-            tao
+          logMetacat.warn("D1NodeService.updateSystemMetadata: Currently there is no system metadata in this node associated with the pid "+pid.getValue());
-            tao
+      } else {
             tao
-            tao
+          /*BigInteger newVersion = sysmeta.getSerialVersion();
-            tao
+          if(newVersion == null) {
-            tao
+              throw new InvalidRequest("4869", "The serial version can't be null in the new system metadata");
             tao
           BigInteger currentVersion = currentSysmeta.getSerialVersion();
           if(currentVersion != null && newVersion.compareTo(currentVersion) <= 0) {
-            tao
+              throw new InvalidRequest("4869", "The serial version in the new system metadata is "+newVersion.toString()+
-            tao
+                      " which is less than or equals the previous version "+currentVersion.toString()+". This is illegal in the updateSystemMetadata method.");
-            tao
+          }*/
-            tao
+          Identifier currentSid = currentSysmeta.getSeriesId();
           if(currentSid != null) {
-            tao
+              logMetacat.debug("In the branch that the sid is not null in the current system metadata and the current sid is "+currentSid.getValue());
-            tao
+              //new sid must match the current sid
               Identifier newSid = sysmeta.getSeriesId();
               if (!isValidIdentifier(newSid)) {
-            tao
+                  throw new InvalidRequest("4869", "The series id in the system metadata is invalid in the request.");
-            tao
+              } else {
                   if(!newSid.getValue().equals(currentSid.getValue())) {
-            tao
+                      throw new InvalidRequest("4869", "The series id "+newSid.getValue() +" in the system metadata doesn't match the current sid "+currentSid.getValue());
             tao
+              }
           } else {
               //current system metadata doesn't have a sid. So we can have those scenarios
               //1. The new sid may be null as well
               //2. If the new sid does exist, it may be an identifier which hasn't bee used.
               //3. If the new sid does exist, it may be an sid which equals the SID it obsoletes
               //4. If the new sid does exist, it may be an sid which equauls the SID it was obsoleted by
               Identifier newSid = sysmeta.getSeriesId();
               if(newSid != null) {
                   //It matches the rules of the checkSidInModifyingSystemMetadata
                   checkSidInModifyingSystemMetadata(sysmeta, "4956", "4868");
+              }
+          }
-            tao
+          checkModifiedImmutableFields(currentSysmeta, sysmeta);
           checkOneTimeSettableSysmMetaFields(currentSysmeta, sysmeta);
           if(currentSysmeta.getObsoletes() == null && sysmeta.getObsoletes() != null) {
               //we are setting a value to the obsoletes field, so we should make sure if there is not object obsoletes the value
               String obsoletes = existsInObsoletes(sysmeta.getObsoletes());
               if( obsoletes != null) {
                   throw new InvalidSystemMetadata("4956", "There is an object with id "+obsoletes +
                           " already obsoletes the pid "+sysmeta.getObsoletes().getValue() +". You can't set the object "+pid.getValue()+" to obsolete the pid "+sysmeta.getObsoletes().getValue()+" again.");
+              }
             tao
-            tao
+          checkCircularObsoletesChain(sysmeta);
-            tao
+          if(currentSysmeta.getObsoletedBy() == null && sysmeta.getObsoletedBy() != null) {
               //we are setting a value to the obsoletedBy field, so we should make sure that the no another object obsoletes the pid we are updating.
               String obsoletedBy = existsInObsoletedBy(sysmeta.getObsoletedBy());
               if( obsoletedBy != null) {
                   throw new InvalidSystemMetadata("4956", "There is an object with id "+obsoletedBy +
                           " already is obsoleted by the pid "+sysmeta.getObsoletedBy().getValue() +". You can't set the pid "+pid.getValue()+" to be obsoleted by the pid "+sysmeta.getObsoletedBy().getValue()+" again.");
+              }
+          }
-            tao
+          checkCircularObsoletedByChain(sysmeta);
             tao
-            leinfelder
+      // do the actual update
-            tao
+      if(sysmeta.getArchived() != null && sysmeta.getArchived() == true &&
                  ((currentSysmeta.getArchived() != null && currentSysmeta.getArchived() == false ) || currentSysmeta.getArchived() == null)) {
-            tao
+          boolean logArchive = false;//we log it as the update system metadata event. So don't log it again.
-            tao
+          if(fromCN) {
               logMetacat.debug("D1Node.update - this is to archive a cn object "+pid.getValue());
               try {
-            tao
+                  archiveCNObject(logArchive, session, pid, sysmeta, needUpdateModificationDate);
-            tao
+              } catch (NotFound e) {
                   throw new InvalidRequest("4869", "Can't find the pid "+pid.getValue()+" for archive.");
+              }
           } else {
               logMetacat.debug("D1Node.update - this is to archive a MN object "+pid.getValue());
               try {
-            tao
+                  archiveObject(logArchive, session, pid, sysmeta, needUpdateModificationDate);
-            tao
+              } catch (NotFound e) {
                   throw new InvalidRequest("4869", "Can't find the pid "+pid.getValue()+" for archive.");
+              }
+          }
       } else {
           logMetacat.debug("D1Node.update - regularly update the system metadata of the pid "+pid.getValue());
           updateSystemMetadataWithoutLock(sysmeta, needUpdateModificationDate);
+      }
-            leinfelder
+      try {
     	  String localId = IdentifierManager.getInstance().getLocalId(pid.getValue());
     	  EventLog.getInstance().log(request.getRemoteAddr(),
     	          request.getHeader("User-Agent"), session.getSubject().getValue(),
     	          localId, "updateSystemMetadata");
       } catch (McdbDocNotFoundException e) {
     	  // do nothing, no localId to log with
     	  logMetacat.warn("Could not log 'updateSystemMetadata' event because no localId was found for pid: " + pid.getValue());
-            tao
+      } catch (SQLException e) {
           logMetacat.warn("Could not log 'updateSystemMetadata' event because the localId couldn't be identified for the pid: " + pid.getValue());
             leinfelder
       return true;
+	}
             tao
             tao
-            tao
+	/*
 	 * Check if the newMeta modifies an immutable field.
 	 */
-            tao
+	private void checkModifiedImmutableFields(SystemMetadata orgMeta, SystemMetadata newMeta) throws InvalidRequest{
-            tao
+	    logMetacat.debug("in the start of the checkModifiedImmutableFields method");
-            tao
+	    if(orgMeta != null && newMeta != null) {
-            tao
+	        logMetacat.debug("in the checkModifiedImmutableFields method when the org and new system metadata is not null");
-            tao
+	        if(newMeta.getIdentifier() == null) {
-            tao
+	            throw new InvalidRequest("4869", "The new version of the system metadata is invalid since the identifier is null");
             tao
 	        if(!orgMeta.getIdentifier().equals(newMeta.getIdentifier())) {
-            tao
+	            throw new InvalidRequest("4869","The request is trying to modify an immutable field in the SystemMeta: the new system meta's identifier "+newMeta.getIdentifier().getValue()+" is "+
 	                  "different to the orginal one "+orgMeta.getIdentifier().getValue());
             tao
 	        if(newMeta.getSize() == null) {
-            tao
+	            throw new InvalidRequest("4869", "The new version of the system metadata is invalid since the size is null");
             tao
 	        if(!orgMeta.getSize().equals(newMeta.getSize())) {
-            tao
+	            throw new InvalidRequest("4869", "The request is trying to modify an immutable field in the SystemMeta: the new system meta's size "+newMeta.getSize().longValue()+" is "+
 	                      "different to the orginal one "+orgMeta.getSize().longValue());
             tao
 	        if(newMeta.getChecksum()!= null && orgMeta.getChecksum() != null && !orgMeta.getChecksum().getValue().equals(newMeta.getChecksum().getValue())) {
 	            logMetacat.error("The request is trying to modify an immutable field in the SystemMeta: the new system meta's checksum "+newMeta.getChecksum().getValue()+" is "+
                         "different to the orginal one "+orgMeta.getChecksum().getValue());
-            tao
+	            throw new InvalidRequest("4869", "The request is trying to modify an immutable field in the SystemMeta: the new system meta's checksum "+newMeta.getChecksum().getValue()+" is "+
                         "different to the orginal one "+orgMeta.getChecksum().getValue());
             tao
-            tao
+	        if(orgMeta.getSubmitter() != null) {
 	            logMetacat.debug("in the checkModifiedImmutableFields method and orgMeta.getSubmitter is not null and the orginal submiter is "+orgMeta.getSubmitter().getValue());
+	        }
 	        if(newMeta.getSubmitter() != null) {
                 logMetacat.debug("in the checkModifiedImmutableFields method and newMeta.getSubmitter is not null and the submiter in the new system metadata is "+newMeta.getSubmitter().getValue());
+            }
-            tao
+	        if(orgMeta.getSubmitter() != null && newMeta.getSubmitter() != null && !orgMeta.getSubmitter().equals(newMeta.getSubmitter())) {
-            tao
+	            throw new InvalidRequest("4869", "The request is trying to modify an immutable field in the SystemMeta: the new system meta's submitter "+newMeta.getSubmitter().getValue()+" is "+
                         "different to the orginal one "+orgMeta.getSubmitter().getValue());
             tao
-            tao
+	        if(orgMeta.getDateUploaded() != null && newMeta.getDateUploaded() != null && orgMeta.getDateUploaded().getTime() != newMeta.getDateUploaded().getTime()) {
-            tao
+	            throw new InvalidRequest("4869", "The request is trying to modify an immutable field in the SystemMeta: the new system meta's date of uploaded "+newMeta.getDateUploaded()+" is "+
                         "different to the orginal one "+orgMeta.getDateUploaded());
             tao
 	        if(orgMeta.getOriginMemberNode() != null && newMeta.getOriginMemberNode() != null && !orgMeta.getOriginMemberNode().equals(newMeta.getOriginMemberNode())) {
-            tao
+	            throw new InvalidRequest("4869", "The request is trying to modify an immutable field in the SystemMeta: the new system meta's orginal member node  "+newMeta.getOriginMemberNode().getValue()+" is "+
                         "different to the orginal one "+orgMeta.getOriginMemberNode().getValue());
             tao
-            tao
+	        if (orgMeta.getOriginMemberNode() != null && newMeta.getOriginMemberNode() == null ) {
 	            throw new InvalidRequest("4869", "The request is trying to modify an immutable field in the SystemMeta: the new system meta's orginal member node is null and it "+" is "+
                         "different to the orginal one "+orgMeta.getOriginMemberNode().getValue());
+	        }
-            tao
+	        if(orgMeta.getSeriesId() != null && newMeta.getSeriesId() != null && !orgMeta.getSeriesId().equals(newMeta.getSeriesId())) {
-            tao
+                throw new InvalidRequest("4869", "The request is trying to modify an immutable field in the SystemMeta: the new system meta's series id  "+newMeta.getSeriesId().getValue()+" is "+
                         "different to the orginal one "+orgMeta.getSeriesId().getValue());
             tao
+	    }
+	}
             tao
 	/*
 	 * Some fields in the system metadata, such as obsoletes or obsoletedBy can be set only once.
 	 * After set, they are not allowed to be changed.
 	 */
 	private void checkOneTimeSettableSysmMetaFields(SystemMetadata orgMeta, SystemMetadata newMeta) throws InvalidRequest {
 	    if(orgMeta.getObsoletedBy() != null ) {
 	        if(newMeta.getObsoletedBy() == null || !orgMeta.getObsoletedBy().equals(newMeta.getObsoletedBy())) {
-            tao
+	            throw new InvalidRequest("4869", "The request is trying to reset the obsoletedBy field in the system metadata of the object "
 	                    + orgMeta.getIdentifier().getValue() +". This is illegal since the obsoletedBy filed is set, you can't change it again.");
             tao
+        }
 	    if(orgMeta.getObsoletes() != null) {
 	        if(newMeta.getObsoletes() == null || !orgMeta.getObsoletes().equals(newMeta.getObsoletes())) {
-            tao
+	            throw new InvalidRequest("4869", "The request is trying to reset the obsoletes field in the system metadata of the object"+
-            tao
+	               orgMeta.getIdentifier().getValue()+". This is illegal since the obsoletes filed is set, you can't change it again.");
             tao
+	    }
+	}
             tao
 	/**
 	 * Try to check the scenario of a circular obsoletes chain:
 	 * A obsoletes B
 	 * B obsoletes C
 	 * C obsoletes A
 	 * @param sys
 	 * @throws InvalidRequest
 	 */
 	private void checkCircularObsoletesChain(SystemMetadata sys) throws InvalidRequest {
 	    if(sys != null && sys.getObsoletes() != null && sys.getObsoletes().getValue() != null && !sys.getObsoletes().getValue().trim().equals("")) {
 	        logMetacat.debug("D1NodeService.checkCircularObsoletesChain - the object "+sys.getIdentifier().getValue() +" obsoletes "+sys.getObsoletes().getValue());
 	        if(sys.getObsoletes().getValue().equals(sys.getIdentifier().getValue())) {
 	            // the obsoletes field points to itself and creates a circular chain
 	            throw new InvalidRequest("4869", "The obsoletes field and identifier of the system metadata has the same value "+sys.getObsoletes().getValue()+
 	                    ". This creates a circular chain and it is illegal.");
 	        } else {
 	            Vector <Identifier> pidList = new Vector<Identifier>();
 	            pidList.add(sys.getIdentifier());
 	            SystemMetadata obsoletesSym = HazelcastService.getInstance().getSystemMetadataMap().get(sys.getObsoletes());
 	            while (obsoletesSym != null && obsoletesSym.getObsoletes() != null && obsoletesSym.getObsoletes().getValue() != null && !obsoletesSym.getObsoletes().getValue().trim().equals("")) {
 	                pidList.add(obsoletesSym.getIdentifier());
 	                logMetacat.debug("D1NodeService.checkCircularObsoletesChain - the object "+obsoletesSym.getIdentifier().getValue() +" obsoletes "+obsoletesSym.getObsoletes().getValue());
 	                /*for(Identifier id: pidList) {
 	                    logMetacat.debug("D1NodeService.checkCircularObsoletesChain - the pid in the chanin"+id.getValue());
 	                }*/
 	                if(pidList.contains(obsoletesSym.getObsoletes())) {
 	                    logMetacat.error("D1NodeService.checkCircularObsoletesChain - when Metacat updated the system metadata of object "+sys.getIdentifier().getValue()+", it found the obsoletes field value "+sys.getObsoletes().getValue()+
 	                            " in its new system metadata creating a circular chain at the object "+obsoletesSym.getObsoletes().getValue()+". This is illegal");
 	                    throw new InvalidRequest("4869", "When Metacat updated the system metadata of object "+sys.getIdentifier().getValue()+", it found the obsoletes field value "+sys.getObsoletes().getValue()+
                                 " in its new system metadata creating a circular chain at the object "+obsoletesSym.getObsoletes().getValue()+". This is illegal");
 	                } else {
 	                    obsoletesSym = HazelcastService.getInstance().getSystemMetadataMap().get(obsoletesSym.getObsoletes());
+	                }
+	            }
+	        }
+	    }
+	}
 	/**
      * Try to check the scenario of a circular obsoletedBy chain:
      * A obsoletedBy B
      * B obsoletedBy C
      * C obsoletedBy A
      * @param sys
      * @throws InvalidRequest
      */
     private void checkCircularObsoletedByChain(SystemMetadata sys) throws InvalidRequest {
         if(sys != null && sys.getObsoletedBy() != null && sys.getObsoletedBy().getValue() != null && !sys.getObsoletedBy().getValue().trim().equals("")) {
             logMetacat.debug("D1NodeService.checkCircularObsoletedByChain - the object "+sys.getIdentifier().getValue() +" is obsoletedBy "+sys.getObsoletedBy().getValue());
             if(sys.getObsoletedBy().getValue().equals(sys.getIdentifier().getValue())) {
                 // the obsoletedBy field points to itself and creates a circular chain
                 throw new InvalidRequest("4869", "The obsoletedBy field and identifier of the system metadata has the same value "+sys.getObsoletedBy().getValue()+
                         ". This creates a circular chain and it is illegal.");
             } else {
                 Vector <Identifier> pidList = new Vector<Identifier>();
                 pidList.add(sys.getIdentifier());
                 SystemMetadata obsoletedBySym = HazelcastService.getInstance().getSystemMetadataMap().get(sys.getObsoletedBy());
                 while (obsoletedBySym != null && obsoletedBySym.getObsoletedBy() != null && obsoletedBySym.getObsoletedBy().getValue() != null && !obsoletedBySym.getObsoletedBy().getValue().trim().equals("")) {
                     pidList.add(obsoletedBySym.getIdentifier());
                     logMetacat.debug("D1NodeService.checkCircularObsoletedByChain - the object "+obsoletedBySym.getIdentifier().getValue() +" is obsoletedBy "+obsoletedBySym.getObsoletedBy().getValue());
                     /*for(Identifier id: pidList) {
                         logMetacat.debug("D1NodeService.checkCircularObsoletedByChain - the pid in the chanin"+id.getValue());
                     }*/
                     if(pidList.contains(obsoletedBySym.getObsoletedBy())) {
                         logMetacat.error("D1NodeService.checkCircularObsoletedByChain - When Metacat updated the system metadata of object "+sys.getIdentifier().getValue()+", it found the obsoletedBy field value "+sys.getObsoletedBy().getValue()+
                                 " in its new system metadata creating a circular chain at the object "+obsoletedBySym.getObsoletedBy().getValue()+". This is illegal");
                         throw new InvalidRequest("4869",  "When Metacat updated the system metadata of object "+sys.getIdentifier().getValue()+", it found the obsoletedBy field value "+sys.getObsoletedBy().getValue()+
                                 " in its new system metadata creating a circular chain at the object "+obsoletedBySym.getObsoletedBy().getValue()+". This is illegal");
                     } else {
                         obsoletedBySym = HazelcastService.getInstance().getSystemMetadataMap().get(obsoletedBySym.getObsoletedBy());
+                    }
+                }
+            }
+        }
+    }
             leinfelder
   /**
    * Given a Permission, returns a list of all permissions that it encompasses
    * Permissions are hierarchical so that WRITE also allows READ.
    * @param permission
    * @return list of included Permissions for the given permission
    */
-            leinfelder
+  protected static List<Permission> expandPermissions(Permission permission) {
-            leinfelder
+	  	List<Permission> expandedPermissions = new ArrayList<Permission>();
 	    if (permission.equals(Permission.READ)) {
 	    	expandedPermissions.add(Permission.READ);
+	    }
 	    if (permission.equals(Permission.WRITE)) {
 	    	expandedPermissions.add(Permission.READ);
 	    	expandedPermissions.add(Permission.WRITE);
+	    }
 	    if (permission.equals(Permission.CHANGE_PERMISSION)) {
 	    	expandedPermissions.add(Permission.READ);
 	    	expandedPermissions.add(Permission.WRITE);
 	    	expandedPermissions.add(Permission.CHANGE_PERMISSION);
+	    }
 	    return expandedPermissions;
+  }
             cjones
   /*
-            cjones
+   * Write a stream to a file
+   *
    * @param dir - the directory to write to
    * @param fileName - the file name to write to
    * @param data - the object bytes as an input stream
+   *
    * @return newFile - the new file created
+   *
    * @throws ServiceFailure
    */
-            tao
+  private File writeStreamToFile(File dir, String fileName, InputStream dataStream, Checksum checksum, Identifier pid)
     throws ServiceFailure, InvalidSystemMetadata {
             cjones
     File newFile = new File(dir, fileName);
-            tao
+    logMetacat.debug("Filename for write is: " + newFile.getAbsolutePath()+" for the data object pid "+pid.getValue());
             cjones
     try {
         if (newFile.createNewFile()) {
-            tao
+            String checksumValue = checksum.getValue();
             logMetacat.info("D1NodeService.writeStreamToFile - the checksum value from the system metadata is "+checksumValue+" for the data object "+pid.getValue());
             if(checksumValue == null || checksumValue.trim().equals("")) {
                 logMetacat.error("D1NodeService.writeStreamToFile - the checksum value from the system metadata shouldn't be null or blank for the data object "+pid.getValue());
                 throw new InvalidSystemMetadata("1180", "The checksum value from the system metadata shouldn't be null or blank.");
+            }
             String algorithm = checksum.getAlgorithm();
             logMetacat.info("D1NodeService.writeStreamToFile - the algorithm to calculate the checksum from the system metadata is "+algorithm+" for the data object "+pid.getValue());
             if(algorithm == null || algorithm.trim().equals("")) {
                 logMetacat.error("D1NodeService.writeStreamToFile - the algorithm to calculate the checksum from the system metadata shouldn't be null or blank for the data object "+pid.getValue());
                 throw new InvalidSystemMetadata("1180", "The algorithm to calculate the checksum from the system metadata shouldn't be null or blank.");
+            }
-            tao
+          MessageDigest md = MessageDigest.getInstance(algorithm);
-            cjones
+          // write data stream to desired file
-            tao
+          DigestOutputStream os = new DigestOutputStream( new FileOutputStream(newFile), md);
-            leinfelder
+          long length = IOUtils.copyLarge(dataStream, os);
-            cjones
+          os.flush();
           os.close();
-            tao
+          String localChecksum = DatatypeConverter.printHexBinary(md.digest());
           logMetacat.info("D1NodeService.writeStreamToFile - the check sum calculated from the saved local file is "+localChecksum);
           if(localChecksum == null || localChecksum.trim().equals("") || !localChecksum.equalsIgnoreCase(checksumValue)) {
               logMetacat.error("D1NodeService.writeStreamToFile - the check sum calculated from the saved local file is "+localChecksum+ ". But it doesn't match the value from the system metadata "+checksumValue+" for the object "+pid.getValue());
               boolean success = newFile.delete();
               logMetacat.info("delete the file "+newFile.getAbsolutePath()+" for the object "+pid.getValue()+" sucessfully?"+success);
               throw new InvalidSystemMetadata("1180", "The checksum calculated from the saved local file is "+localChecksum+ ". But it doesn't match the value from the system metadata "+checksumValue+".");
+          }
-            cjones
+        } else {
           logMetacat.debug("File creation failed, or file already exists.");
           throw new ServiceFailure("1190", "File already exists: " + fileName);
+        }
     } catch (FileNotFoundException e) {
-            tao
+      logMetacat.error("FNF: " + e.getMessage()+" for the data object "+pid.getValue(), e);
-            cjones
+      throw new ServiceFailure("1190", "File not found: " + fileName + " "
                 + e.getMessage());
     } catch (IOException e) {
-            tao
+      logMetacat.error("IOE: " + e.getMessage()+" for the data object "+pid.getValue(), e);
-            cjones
+      throw new ServiceFailure("1190", "File was not written: " + fileName
                 + " " + e.getMessage());
-            tao
+    } catch (NoSuchAlgorithmException e) {
         logMetacat.error("D1NodeService.writeStreamToFile - no such checksum algorithm exception " + e.getMessage()+" for the data object "+pid.getValue(), e);
         throw new ServiceFailure("1190", "No such checksum algorithm: "
                 + " " + e.getMessage());
-            leinfelder
+    } finally {
         IOUtils.closeQuietly(dataStream);
             cjones
     return newFile;
+  }
             cjones
   /*
    * Returns a list of nodes that have been registered with the DataONE infrastructure
    * that match the given session subject
    * @return nodes - List of nodes from the registry with a matching session subject
+   *
    * @throws ServiceFailure
    * @throws NotImplemented
    */
   protected List<Node> listNodesBySubject(Subject subject)
       throws ServiceFailure, NotImplemented {
-            leinfelder
+      List<Node> nodeList = new ArrayList<Node>();
             cjones
       CNode cn = D1Client.getCN();
       List<Node> nodes = cn.listNodes().getNodeList();
       // find the node in the node list
       for ( Node node : nodes ) {
           List<Subject> nodeSubjects = node.getSubjectList();
-            leinfelder
+          if (nodeSubjects != null) {
 	          // check if the session subject is in the node subject list
 	          for (Subject nodeSubject : nodeSubjects) {
 	              if ( nodeSubject.equals(subject) ) { // subject of session == node subject
 	                  nodeList.add(node);
+	              }
+	          }
+          }
             cjones
       return nodeList;
+  }
-            leinfelder
+  /**
-            leinfelder
+   * Archives an object, where the object is either a
    * data object or a science metadata object.
-            tao
+   * Note: it doesn't check the authorization; it doesn't lock the system metadata;it only accept pid.
-            leinfelder
+   * @param session - the Session object containing the credentials for the Subject
    * @param pid - The object identifier to be archived
+   *
    * @return pid - the identifier of the object used for the archiving
+   *
    * @throws InvalidToken
    * @throws ServiceFailure
    * @throws NotAuthorized
    * @throws NotFound
    * @throws NotImplemented
    * @throws InvalidRequest
    */
-            tao
+  protected Identifier archiveObject(boolean log, Session session, Identifier pid, SystemMetadata sysMeta, boolean needModifyDate)
-            leinfelder
+      throws InvalidToken, ServiceFailure, NotAuthorized, NotFound, NotImplemented {
             cjones
-            leinfelder
+      String localId = null;
       boolean allowed = false;
       String username = Constants.SUBJECT_PUBLIC;
       if (session == null) {
       	throw new InvalidToken("1330", "No session has been provided");
       } else {
           username = session.getSubject().getValue();
+      }
       // do we have a valid pid?
       if (pid == null || pid.getValue().trim().equals("")) {
           throw new ServiceFailure("1350", "The provided identifier was invalid.");
+      }
             tao
-            tao
+      if(sysMeta == null) {
           throw new NotFound("2911", "There is no system metadata associated with "+pid.getValue());
             tao
             tao
-            leinfelder
+      // check for the existing identifier
       try {
           localId = IdentifierManager.getInstance().getLocalId(pid.getValue());
       } catch (McdbDocNotFoundException e) {
           throw new NotFound("1340", "The object with the provided " + "identifier was not found.");
-            tao
+      } catch (SQLException e) {
           throw new ServiceFailure("1350", "The object with the provided identifier "+pid.getValue()+" couldn't be identified since "+e.getMessage());
             leinfelder
           try {
               // archive the document
-            cjones
+              DocumentImpl.delete(localId, null, null, null, false);
-            tao
+              if(log) {
                    try {
                       EventLog.getInstance().log(request.getRemoteAddr(), request.getHeader("User-Agent"), username, localId, Event.DELETE.xmlValue());
                    } catch (Exception e) {
                       logMetacat.warn("D1NodeService.archiveObject - can't log the delete event since "+e.getMessage());
+                   }
             tao
             tao
             tao
-            leinfelder
+              // archive it
               sysMeta.setArchived(true);
-            tao
+              if(needModifyDate) {
                   sysMeta.setDateSysMetadataModified(Calendar.getInstance().getTime());
                   sysMeta.setSerialVersion(sysMeta.getSerialVersion().add(BigInteger.ONE));
+              }
-            leinfelder
+              HazelcastService.getInstance().getSystemMetadataMap().put(pid, sysMeta);
             tao
-            leinfelder
+              // submit for indexing
-            leinfelder
+              // DocumentImpl call above should do this.
               // see: https://projects.ecoinformatics.org/ecoinfo/issues/6030
               //HazelcastService.getInstance().getIndexQueue().add(sysMeta);
             leinfelder
           } catch (McdbDocNotFoundException e) {
-            tao
+              try {
                   AccessionNumber acc = new AccessionNumber(localId, "NOACTION");
                   String docid = acc.getDocid();
                   int rev = 1;
                   if (acc.getRev() != null) {
                     rev = (new Integer(acc.getRev()).intValue());
+                  }
                   if(IdentifierManager.getInstance().existsInXmlLRevisionTable(docid, rev)) {
                       //somehow the document is in the xml_revision table.
                       // archive it
                       sysMeta.setArchived(true);
                       if(needModifyDate) {
                           sysMeta.setDateSysMetadataModified(Calendar.getInstance().getTime());
                           sysMeta.setSerialVersion(sysMeta.getSerialVersion().add(BigInteger.ONE));
+                      }
                       HazelcastService.getInstance().getSystemMetadataMap().put(pid, sysMeta);
                   } else {
                       throw new NotFound("1340", "The provided identifier "+ pid.getValue()+" is invalid");
+                  }
               } catch (SQLException ee) {
                   ee.printStackTrace();
                   throw new NotFound("1340", "The provided identifier "+ pid.getValue()+" is invalid");
               } catch (AccessionNumberException ee) {
                   ee.printStackTrace();
                   throw new NotFound("1340", "The provided identifier "+ pid.getValue()+" is invalid");
+              }
-            leinfelder
+          } catch (SQLException e) {
               throw new ServiceFailure("1350", "There was a problem archiving the object." + "The error message was: " + e.getMessage());
           } catch (InsufficientKarmaException e) {
               throw new NotAuthorized("1320", "The provided identity does not have " + "permission to archive this object.");
           } catch (Exception e) { // for some reason DocumentImpl throws a general Exception
               throw new ServiceFailure("1350", "There was a problem archiving the object." + "The error message was: " + e.getMessage());
             tao
             leinfelder
       return pid;
+  }
             tao
-            tao
+  /**
    * Archive a object on cn and notify the replica. This method doesn't lock the system metadata map. The caller should lock it.
    * This method doesn't check the authorization; this method only accept a pid.
    * It wouldn't notify the replca that the system metadata has been changed.
    * @param session
    * @param pid
    * @param sysMeta
    * @param notifyReplica
    * @return
    * @throws InvalidToken
    * @throws ServiceFailure
    * @throws NotAuthorized
    * @throws NotFound
    * @throws NotImplemented
    */
-            tao
+  protected void archiveCNObject(boolean log, Session session, Identifier pid, SystemMetadata sysMeta, boolean needModifyDate)
-            tao
+          throws InvalidToken, ServiceFailure, NotAuthorized, NotFound, NotImplemented {
           String localId = null; // The corresponding docid for this pid
           // Check for the existing identifier
           try {
               localId = IdentifierManager.getInstance().getLocalId(pid.getValue());
-            tao
+              archiveObject(log, session, pid, sysMeta, needModifyDate);
             tao
           } catch (McdbDocNotFoundException e) {
               // This object is not registered in the identifier table. Assume it is of formatType DATA,
               // and set the archive flag. (i.e. the *object* doesn't exist on the CN)
               try {
                   if ( sysMeta != null ) {
                     sysMeta.setArchived(true);
                     if (needModifyDate) {
                         sysMeta.setSerialVersion(sysMeta.getSerialVersion().add(BigInteger.ONE));
                         sysMeta.setDateSysMetadataModified(Calendar.getInstance().getTime());
+                    }
                     HazelcastService.getInstance().getSystemMetadataMap().put(pid, sysMeta);
                   } else {
                       throw new ServiceFailure("4972", "Couldn't archive the object " + pid.getValue() +
                           ". Couldn't obtain the system metadata record.");
+                  }
               } catch (RuntimeException re) {
                   throw new ServiceFailure("4972", "Couldn't archive " + pid.getValue() +
                       ". The error message was: " + re.getMessage());
+              }
           } catch (SQLException e) {
               throw new ServiceFailure("4972", "Couldn't archive the object " + pid.getValue() +
                       ". The local id of the object with the identifier can't be identified since "+e.getMessage());
+          }
+    }
             tao
             tao
-            tao
+  /**
    * A utility method for v1 api to check the specified identifier exists as a pid
    * @param identifier  the specified identifier
    * @param serviceFailureCode  the detail error code for the service failure exception
    * @param noFoundCode  the detail error code for the not found exception
    * @throws ServiceFailure
    * @throws NotFound
    */
-            tao
+  public void checkV1SystemMetaPidExist(Identifier identifier, String serviceFailureCode, String serviceFailureMessage,
           String noFoundCode, String notFoundMessage) throws ServiceFailure, NotFound {
-            tao
+      boolean exists = false;
       try {
           exists = IdentifierManager.getInstance().systemMetadataPIDExists(identifier);
       } catch (SQLException e) {
-            tao
+          throw new ServiceFailure(serviceFailureCode, serviceFailureMessage+" since "+e.getMessage());
             tao
       if(!exists) {
-            tao
+         //the v1 method only handles a pid. so it should throw a not-found exception.
           // check if the pid was deleted.
           try {
               String localId = IdentifierManager.getInstance().getLocalId(identifier.getValue());
               if(EventLog.getInstance().isDeleted(localId)) {
                   notFoundMessage=notFoundMessage+" "+DELETEDMESSAGE;
+              }
             } catch (Exception e) {
               logMetacat.info("Couldn't determine if the not-found identifier "+identifier.getValue()+" was deleted since "+e.getMessage());
+            }
             throw new NotFound(noFoundCode, notFoundMessage);
             tao
+  }
   /**
    * Utility method to get the PID for an SID. If the specified identifier is not an SID
    * , null will be returned.
    * @param sid  the specified sid
    * @param serviceFailureCode  the detail error code for the service failure exception
    * @return the pid for the sid. If the specified identifier is not an SID, null will be returned.
    * @throws ServiceFailure
    */
   protected Identifier getPIDForSID(Identifier sid, String serviceFailureCode) throws ServiceFailure {
       Identifier id = null;
-            tao
+      String serviceFailureMessage = "The PID "+" couldn't be identified for the sid " + sid.getValue();
-            tao
+      try {
           //determine if the given pid is a sid or not.
           if(IdentifierManager.getInstance().systemMetadataSIDExists(sid)) {
               try {
                   //set the header pid for the sid if the identifier is a sid.
                   id = IdentifierManager.getInstance().getHeadPID(sid);
               } catch (SQLException sqle) {
-            tao
+                  throw new ServiceFailure(serviceFailureCode, serviceFailureMessage+" since "+sqle.getMessage());
             tao
+          }
       } catch (SQLException e) {
-            tao
+          throw new ServiceFailure(serviceFailureCode, serviceFailureMessage + " since "+e.getMessage());
             tao
       return id;
+  }
             leinfelder
-            tao
+  /*
    * Determine if the sid is legitimate in CN.create and CN.registerSystemMetadata methods. It also is used as a part of rules of the updateSystemMetadata method. Here are the rules:
    * A. If the sysmeta doesn't have an SID, nothing needs to be checked for the SID.
    * B. If the sysmeta does have an SID, it may be an identifier which doesn't exist in the system.
    * C. If the sysmeta does have an SID and it exists as an SID in the system, those scenarios are acceptable:
    *    i. The sysmeta has an obsoletes field, the SID has the same value as the SID of the system metadata of the obsoleting pid.
    *    ii. The sysmeta has an obsoletedBy field, the SID has the same value as the SID of the system metadata of the obsoletedBy pid.
    */
   protected boolean checkSidInModifyingSystemMetadata(SystemMetadata sysmeta, String invalidSystemMetadataCode, String serviceFailureCode) throws InvalidSystemMetadata, ServiceFailure{
       boolean pass = false;
       if(sysmeta == null) {
           throw new InvalidSystemMetadata(invalidSystemMetadataCode, "The system metadata is null in the request.");
+      }
       Identifier sid = sysmeta.getSeriesId();
       if(sid != null) {
           // the series id exists
           if (!isValidIdentifier(sid)) {
               throw new InvalidSystemMetadata(invalidSystemMetadataCode, "The series id in the system metadata is invalid in the request.");
+          }
           Identifier pid = sysmeta.getIdentifier();
           if (!isValidIdentifier(pid)) {
               throw new InvalidSystemMetadata(invalidSystemMetadataCode, "The pid in the system metadata is invalid in the request.");
+          }
           //the series id equals the pid (new pid hasn't been registered in the system, so IdentifierManager.getInstance().identifierExists method can't exclude this scenario )
           if(sid.getValue().equals(pid.getValue())) {
               throw new InvalidSystemMetadata(invalidSystemMetadataCode, "The series id "+sid.getValue()+" in the system metadata shouldn't have the same value of the pid.");
+          }
           try {
               if (IdentifierManager.getInstance().identifierExists(sid.getValue())) {
                   //the sid exists in system
                   if(sysmeta.getObsoletes() != null) {
                       SystemMetadata obsoletesSysmeta = HazelcastService.getInstance().getSystemMetadataMap().get(sysmeta.getObsoletes());
                       if(obsoletesSysmeta != null) {
                           Identifier obsoletesSid = obsoletesSysmeta.getSeriesId();
                           if(obsoletesSid != null && obsoletesSid.getValue() != null && !obsoletesSid.getValue().trim().equals("")) {
                               if(sid.getValue().equals(obsoletesSid.getValue())) {
                                   pass = true;// the i of rule C
+                              }
+                          }
                       } else {
                            logMetacat.warn("D1NodeService.checkSidInModifyingSystemMetacat - Can't find the system metadata for the pid "+sysmeta.getObsoletes().getValue()+
                                                                          " which is the value of the obsoletes. So we can't check if the sid " +sid.getValue()+" is legitimate ");
+                      }
+                  }
                   if(!pass) {
                       // the sid doesn't match the sid of the obsoleting identifier. So we check the obsoletedBy
                       if(sysmeta.getObsoletedBy() != null) {
                           SystemMetadata obsoletedBySysmeta = HazelcastService.getInstance().getSystemMetadataMap().get(sysmeta.getObsoletedBy());
                           if(obsoletedBySysmeta != null) {
                               Identifier obsoletedBySid = obsoletedBySysmeta.getSeriesId();
                               if(obsoletedBySid != null && obsoletedBySid.getValue() != null && !obsoletedBySid.getValue().trim().equals("")) {
                                   if(sid.getValue().equals(obsoletedBySid.getValue())) {
                                       pass = true;// the ii of the rule C
+                                  }
+                              }
                           } else {
                               logMetacat.warn("D1NodeService.checkSidInModifyingSystemMetacat - Can't find the system metadata for the pid "+sysmeta.getObsoletes().getValue()
                                                                             +" which is the value of the obsoletedBy. So we can't check if the sid "+sid.getValue()+" is legitimate.");
+                          }
+                      }
+                  }
                   if(!pass) {
                       throw new InvalidSystemMetadata(invalidSystemMetadataCode, "The series id "+sid.getValue()+
                               " in the system metadata exists in the system. And it doesn't match either previous object's sid or the next object's sid.");
+                  }
               } else {
                   pass = true; //Rule B
+              }
           } catch (SQLException e) {
               throw new ServiceFailure(serviceFailureCode, "Can't determine if the sid in the system metadata is unique or not since "+e.getMessage());
+          }
       } else {
           //no sid. Rule A.
           pass = true;
+      }
       return pass;
+  }
             tao
   //@Override
   public OptionList listViews(Session arg0) throws InvalidToken,
           ServiceFailure, NotAuthorized, InvalidRequest, NotImplemented {
       OptionList views = new OptionList();
-            tao
+      views.setKey("views");
       views.setDescription("List of views for objects on the node");
-            tao
+      Vector<String> skinNames = null;
       try {
           skinNames = SkinUtil.getSkinNames();
       } catch (PropertyNotFoundException e) {
           throw new ServiceFailure("2841", e.getMessage());
+      }
       for (String skinName: skinNames) {
           views.addOption(skinName);
+      }
       return views;
+  }
   public OptionList listViews() throws InvalidToken,
   ServiceFailure, NotAuthorized, InvalidRequest, NotImplemented {
       return listViews(null);
+  }
             leinfelder
-            tao
+  //@Override
   public InputStream view(Session session, String format, Identifier pid)
           throws InvalidToken, ServiceFailure, NotAuthorized, InvalidRequest,
           NotImplemented, NotFound {
       InputStream resultInputStream = null;
       String serviceFailureCode = "2831";
       Identifier sid = getPIDForSID(pid, serviceFailureCode);
       if(sid != null) {
           pid = sid;
+      }
       SystemMetadata sysMeta = this.getSystemMetadata(session, pid);
       InputStream object = this.get(session, pid);
       try {
           // can only transform metadata, really
           ObjectFormat objectFormat = ObjectFormatCache.getInstance().getFormat(sysMeta.getFormatId());
           if (objectFormat.getFormatType().equals("METADATA")) {
               // transform
               DBTransform transformer = new DBTransform();
               String documentContent = IOUtils.toString(object, "UTF-8");
               String sourceType = objectFormat.getFormatId().getValue();
               String targetType = "-//W3C//HTML//EN";
               ByteArrayOutputStream baos = new ByteArrayOutputStream();
               Writer writer = new OutputStreamWriter(baos , "UTF-8");
               // TODO: include more params?
               Hashtable<String, String[]> params = new Hashtable<String, String[]>();
               String localId = null;
               try {
                   localId = IdentifierManager.getInstance().getLocalId(pid.getValue());
               } catch (McdbDocNotFoundException e) {
                   throw new NotFound("1020", e.getMessage());
+              }
               params.put("qformat", new String[] {format});
               params.put("docid", new String[] {localId});
               params.put("pid", new String[] {pid.getValue()});
               transformer.transformXMLDocument(
                       documentContent ,
                       sourceType,
                       targetType ,
                       format,
                       writer,
                       params,
                       null //sessionid
                       );
               // finally, get the HTML back
               resultInputStream = new ContentTypeByteArrayInputStream(baos.toByteArray());
               ((ContentTypeByteArrayInputStream) resultInputStream).setContentType("text/html");
           } else {
               // just return the raw bytes
               resultInputStream = object;
+          }
       } catch (IOException e) {
           // report as service failure
           ServiceFailure sf = new ServiceFailure("1030", e.getMessage());
           sf.initCause(e);
           throw sf;
       } catch (PropertyNotFoundException e) {
           // report as service failure
           ServiceFailure sf = new ServiceFailure("1030", e.getMessage());
           sf.initCause(e);
           throw sf;
       } catch (SQLException e) {
           // report as service failure
           ServiceFailure sf = new ServiceFailure("1030", e.getMessage());
           sf.initCause(e);
           throw sf;
       } catch (ClassNotFoundException e) {
           // report as service failure
           ServiceFailure sf = new ServiceFailure("1030", e.getMessage());
           sf.initCause(e);
           throw sf;
+      }
       return resultInputStream;
             tao
   /*
    * Determine if the given identifier exists in the obsoletes field in the system metadata table.
    * If the return value is not null, the given identifier exists in the given cloumn. The return value is
    * the guid of the first row.
    */
   protected String existsInObsoletes(Identifier id) throws InvalidRequest, ServiceFailure{
       String guid = existsInFields("obsoletes", id);
       return guid;
+  }
   /*
    * Determine if the given identifier exists in the obsoletes field in the system metadata table.
    * If the return value is not null, the given identifier exists in the given cloumn. The return value is
    * the guid of the first row.
    */
   protected String existsInObsoletedBy(Identifier id) throws InvalidRequest, ServiceFailure{
       String guid = existsInFields("obsoleted_by", id);
       return guid;
+  }
             tao
-            tao
+  /*
    * Determine if the given identifier exists in the given column in the system metadata table.
    * If the return value is not null, the given identifier exists in the given cloumn. The return value is
    * the guid of the first row.
    */
   private String existsInFields(String column, Identifier id) throws InvalidRequest, ServiceFailure {
       String guid = null;
       if(id == null ) {
           throw new InvalidRequest("4863", "The given identifier is null and we can't determine if the guid exists in the field "+column+" in the systemmetadata table");
+      }
       String sql = "SELECT guid FROM systemmetadata WHERE "+column+" = ?";
       int serialNumber = -1;
       DBConnection dbConn = null;
       PreparedStatement stmt = null;
       ResultSet result = null;
       try {
           dbConn =
                   DBConnectionPool.getDBConnection("D1NodeService.existsInFields");
           serialNumber = dbConn.getCheckOutSerialNumber();
           stmt = dbConn.prepareStatement(sql);
           stmt.setString(1, id.getValue());
           result = stmt.executeQuery();
           if(result.next()) {
               guid = result.getString(1);
+          }
           stmt.close();
       } catch (SQLException e) {
           e.printStackTrace();
           throw new ServiceFailure("4862","We can't determine if the id "+id.getValue()+" exists in field "+column+" in the systemmetadata table since "+e.getMessage());
       } finally {
           // Return database connection to the pool
           DBConnectionPool.returnDBConnection(dbConn, serialNumber);
           if(stmt != null) {
               try {
                   stmt.close();
               } catch (SQLException e) {
                   logMetacat.warn("We can close the PreparedStatment in D1NodeService.existsInFields since "+e.getMessage());
+              }
+          }
+      }
       return guid;
+  }
             cjones

Project

General

Profile

Metacat