Revision 5376
Added by berkley over 14 years ago
test/edu/ucsb/nceas/metacat/dataone/CrudServiceTest.java | ||
---|---|---|
128 | 128 |
} |
129 | 129 |
catch(Exception e) |
130 | 130 |
{ |
131 |
//System.out.println("Exception in testCreateAndGet (this *should* happen): " + e.getMessage()); |
|
132 | 131 |
} |
132 |
|
|
133 |
try |
|
134 |
{ |
|
135 |
CrudService cs = CrudService.getInstance(); |
|
136 |
AuthToken token = new AuthToken("somefakesessionid"); |
|
137 |
//create a doc |
|
138 |
Identifier id = createDoc(token, getTestDoc()); |
|
139 |
fail("exception should have been thrown."); |
|
140 |
} |
|
141 |
catch(Exception e) |
|
142 |
{ |
|
143 |
} |
|
133 | 144 |
} |
134 | 145 |
|
135 | 146 |
/** |
src/edu/ucsb/nceas/metacat/restservice/ResourceHandler.java | ||
---|---|---|
538 | 538 |
* @param guid ID of data object to be read |
539 | 539 |
*/ |
540 | 540 |
private void getObject(String guid) { |
541 |
//hack...fix this |
|
542 |
//CrudService cs = new CrudService(servletContext, request, response); |
|
543 | 541 |
CrudService cs = CrudService.getInstance(); |
544 | 542 |
cs.setParamsFromRequest(request); |
545 |
//System.out.println("sessionId: " + sessionId); |
|
546 | 543 |
AuthToken token = new AuthToken(sessionId); |
547 | 544 |
OutputStream out = null; |
548 | 545 |
try { |
... | ... | |
796 | 793 |
throw new IdentifierNotUnique("1000", "Identifier is already in use: " + guid); |
797 | 794 |
} |
798 | 795 |
|
799 |
// TODO: access control -- should be in CrudService et al. I think |
|
800 |
//if (username != null && !username.equals("public")) { |
|
801 |
if (username != null) { |
|
802 |
logMetacat.debug("Commence creation..."); |
|
803 |
AuthToken token = null; |
|
804 |
IBindingFactory bfact = |
|
805 |
BindingDirectory.getFactory(SystemMetadata.class); |
|
806 |
IUnmarshallingContext uctx = bfact.createUnmarshallingContext(); |
|
807 |
SystemMetadata m = (SystemMetadata) uctx.unmarshalDocument(sysmeta, null); |
|
796 |
logMetacat.debug("Commence creation..."); |
|
797 |
AuthToken token = null; |
|
798 |
IBindingFactory bfact = |
|
799 |
BindingDirectory.getFactory(SystemMetadata.class); |
|
800 |
IUnmarshallingContext uctx = bfact.createUnmarshallingContext(); |
|
801 |
SystemMetadata m = (SystemMetadata) uctx.unmarshalDocument(sysmeta, null); |
|
802 |
|
|
803 |
CrudService cs = CrudService.getInstance(); |
|
804 |
cs.setParamsFromRequest(request); |
|
805 |
Identifier id = new Identifier(); |
|
806 |
id.setValue(guid); |
|
807 |
cs.create(token, id, object, m); |
|
808 | 808 |
|
809 |
CrudService cs = CrudService.getInstance(); |
|
810 |
cs.setParamsFromRequest(request); |
|
811 |
Identifier id = new Identifier(); |
|
812 |
id.setValue(guid); |
|
813 |
cs.create(token, id, object, m); |
|
814 |
|
|
815 |
} else { |
|
816 |
logMetacat.debug("Unauthorized to create."); |
|
817 |
throw new NotAuthorized("1000", "Permission denied for user " + username); |
|
818 |
} |
|
819 | 809 |
} else if (action.equals(FUNCTION_NAME_UPDATE)) { //handle updates |
820 | 810 |
IdentifierManager im = IdentifierManager.getInstance(); |
821 | 811 |
CrudService cs = CrudService.getInstance(); |
src/edu/ucsb/nceas/metacat/dataone/CrudService.java | ||
---|---|---|
212 | 212 |
String username = sessionData.getUserName(); |
213 | 213 |
String[] groups = sessionData.getGroupNames(); |
214 | 214 |
|
215 |
if (username == null || username.equals("public")) |
|
216 |
{ |
|
217 |
throw new NotAuthorized("1000", "User " + username + " is not authorized to create content." + |
|
218 |
" If you are not logged in, please do so and retry the request."); |
|
219 |
} |
|
220 |
|
|
215 | 221 |
// verify that guid == SystemMetadata.getIdentifier() |
216 | 222 |
logMetacat.debug("Comparing guid|sysmeta_guid: " + guid.getValue() + "|" + sysmeta.getIdentifier().getValue()); |
217 | 223 |
if (!guid.getValue().equals(sysmeta.getIdentifier().getValue())) { |
Also available in: Unified diff
moved authentication checking out of ResourceHandler and into CrudService