Revision 6194
Added by ben leinfelder almost 13 years ago
CNodeService.java | ||
---|---|---|
25 | 25 |
|
26 | 26 |
import java.io.InputStream; |
27 | 27 |
import java.util.Date; |
28 |
import java.util.List; |
|
28 | 29 |
|
29 | 30 |
import org.apache.log4j.Logger; |
30 | 31 |
import org.dataone.service.cn.CNAuthorization; |
31 | 32 |
import org.dataone.service.cn.CNCore; |
32 |
import org.dataone.service.cn.CNIdentity; |
|
33 | 33 |
import org.dataone.service.cn.CNRead; |
34 | 34 |
import org.dataone.service.cn.CNRegister; |
35 | 35 |
import org.dataone.service.cn.CNReplication; |
36 | 36 |
import org.dataone.service.exceptions.IdentifierNotUnique; |
37 | 37 |
import org.dataone.service.exceptions.InsufficientResources; |
38 |
import org.dataone.service.exceptions.InvalidCredentials; |
|
39 | 38 |
import org.dataone.service.exceptions.InvalidRequest; |
40 | 39 |
import org.dataone.service.exceptions.InvalidSystemMetadata; |
41 | 40 |
import org.dataone.service.exceptions.InvalidToken; |
... | ... | |
45 | 44 |
import org.dataone.service.exceptions.ServiceFailure; |
46 | 45 |
import org.dataone.service.exceptions.UnsupportedType; |
47 | 46 |
import org.dataone.service.types.AccessPolicy; |
47 |
import org.dataone.service.types.AccessRule; |
|
48 | 48 |
import org.dataone.service.types.Checksum; |
49 | 49 |
import org.dataone.service.types.Event; |
50 | 50 |
import org.dataone.service.types.Identifier; |
... | ... | |
57 | 57 |
import org.dataone.service.types.ObjectFormatList; |
58 | 58 |
import org.dataone.service.types.ObjectList; |
59 | 59 |
import org.dataone.service.types.ObjectLocationList; |
60 |
import org.dataone.service.types.Person;
|
|
60 |
import org.dataone.service.types.Permission;
|
|
61 | 61 |
import org.dataone.service.types.QueryType; |
62 | 62 |
import org.dataone.service.types.ReplicationPolicy; |
63 | 63 |
import org.dataone.service.types.ReplicationStatus; |
64 | 64 |
import org.dataone.service.types.Session; |
65 | 65 |
import org.dataone.service.types.Subject; |
66 |
import org.dataone.service.types.SubjectList; |
|
67 | 66 |
import org.dataone.service.types.SystemMetadata; |
68 | 67 |
|
69 | 68 |
import edu.ucsb.nceas.metacat.EventLog; |
70 | 69 |
import edu.ucsb.nceas.metacat.IdentifierManager; |
70 |
import edu.ucsb.nceas.metacat.McdbDocNotFoundException; |
|
71 | 71 |
import edu.ucsb.nceas.metacat.replication.ForceReplicationSystemMetadataHandler; |
72 | 72 |
|
73 | 73 |
/** |
... | ... | |
568 | 568 |
} |
569 | 569 |
|
570 | 570 |
/** |
571 |
* Test if the user identified by the provided token has authorization |
|
572 |
* for operation on the specified object. |
|
573 |
* |
|
574 |
* @param session - the Session object containing the credentials for the Subject |
|
575 |
* @param pid - The identifer of the resource for which access is being checked |
|
576 |
* @param operation - The type of operation which is being requested for the given pid |
|
577 |
* |
|
578 |
* @return true if the operation is allowed |
|
579 |
* |
|
580 |
* @throws ServiceFailure |
|
581 |
* @throws InvalidToken |
|
582 |
* @throws NotFound |
|
583 |
* @throws NotAuthorized |
|
584 |
* @throws NotImplemented |
|
585 |
* @throws InvalidRequest |
|
586 |
*/ |
|
587 |
@Override |
|
588 |
public boolean isAuthorized(Session session, Identifier pid, Event action) |
|
589 |
throws ServiceFailure, InvalidToken, NotFound, NotAuthorized, |
|
590 |
NotImplemented, InvalidRequest { |
|
591 |
|
|
592 |
return false; |
|
593 |
} |
|
594 |
|
|
595 |
/** |
|
596 |
* Sets the access permissions for an object identified by pid |
|
597 |
* |
|
598 |
* @param session - the Session object containing the credentials for the Subject |
|
599 |
* @param pid - The identifer of the resource to set access on |
|
600 |
* @param accessPolicy - The access policy to be applied for the object |
|
601 |
* |
|
602 |
* @return true if the operation is allowed |
|
603 |
* |
|
604 |
* @throws ServiceFailure |
|
605 |
* @throws InvalidToken |
|
606 |
* @throws NotFound |
|
607 |
* @throws NotAuthorized |
|
608 |
* @throws NotImplemented |
|
609 |
* @throws InvalidRequest |
|
610 |
*/ |
|
611 |
@Override |
|
612 |
public boolean setAccessPolicy(Session session, Identifier pid, |
|
613 |
AccessPolicy accessPolicy) throws InvalidToken, NotFound, NotImplemented, |
|
614 |
NotAuthorized, ServiceFailure, InvalidRequest { |
|
615 |
|
|
616 |
return super.setAccessPolicy(session, pid, accessPolicy); |
|
617 |
} |
|
618 |
|
|
619 |
/** |
|
620 | 571 |
* Changes ownership (RightsHolder) of the specified object to the |
621 | 572 |
* subject specified by userId |
622 | 573 |
* |
... | ... | |
637 | 588 |
public Identifier setOwner(Session session, Identifier pid, Subject userId) |
638 | 589 |
throws InvalidToken, ServiceFailure, NotFound, NotAuthorized, |
639 | 590 |
NotImplemented, InvalidRequest { |
591 |
|
|
592 |
// get the subject |
|
593 |
Subject subject = session.getSubject(); |
|
594 |
// get the system metadata |
|
595 |
String guid = pid.getValue(); |
|
596 |
|
|
597 |
// are we allowed to do this? |
|
598 |
if (!hasPermission(session, pid, Permission.CHANGE_PERMISSION)) { |
|
599 |
throw new NotAuthorized("4440", "not allowed by " + subject.getValue() + " on " + guid); |
|
600 |
} |
|
601 |
|
|
602 |
SystemMetadata systemMetadata = null; |
|
603 |
try { |
|
604 |
systemMetadata = IdentifierManager.getInstance().getSystemMetadata(guid); |
|
605 |
} catch (McdbDocNotFoundException e) { |
|
606 |
throw new NotFound("4460", "No record found for: " + guid); |
|
607 |
} |
|
608 |
|
|
609 |
// set the new rights holder |
|
610 |
systemMetadata.setRightsHolder(userId); |
|
611 |
|
|
612 |
// update the metadata |
|
613 |
try { |
|
614 |
IdentifierManager.getInstance().updateSystemMetadata(systemMetadata); |
|
615 |
} catch (McdbDocNotFoundException e) { |
|
616 |
throw new ServiceFailure("4490", e.getMessage()); |
|
617 |
} |
|
640 | 618 |
|
641 |
return null;
|
|
619 |
return pid;
|
|
642 | 620 |
} |
643 | 621 |
|
644 | 622 |
} |
Also available in: Unified diff
implement CNAuthorization