Revision 6194
Added by ben leinfelder almost 13 years ago
| CNodeService.java | ||
|---|---|---|
| 25 | 25 |
|
| 26 | 26 |
import java.io.InputStream; |
| 27 | 27 |
import java.util.Date; |
| 28 |
import java.util.List; |
|
| 28 | 29 |
|
| 29 | 30 |
import org.apache.log4j.Logger; |
| 30 | 31 |
import org.dataone.service.cn.CNAuthorization; |
| 31 | 32 |
import org.dataone.service.cn.CNCore; |
| 32 |
import org.dataone.service.cn.CNIdentity; |
|
| 33 | 33 |
import org.dataone.service.cn.CNRead; |
| 34 | 34 |
import org.dataone.service.cn.CNRegister; |
| 35 | 35 |
import org.dataone.service.cn.CNReplication; |
| 36 | 36 |
import org.dataone.service.exceptions.IdentifierNotUnique; |
| 37 | 37 |
import org.dataone.service.exceptions.InsufficientResources; |
| 38 |
import org.dataone.service.exceptions.InvalidCredentials; |
|
| 39 | 38 |
import org.dataone.service.exceptions.InvalidRequest; |
| 40 | 39 |
import org.dataone.service.exceptions.InvalidSystemMetadata; |
| 41 | 40 |
import org.dataone.service.exceptions.InvalidToken; |
| ... | ... | |
| 45 | 44 |
import org.dataone.service.exceptions.ServiceFailure; |
| 46 | 45 |
import org.dataone.service.exceptions.UnsupportedType; |
| 47 | 46 |
import org.dataone.service.types.AccessPolicy; |
| 47 |
import org.dataone.service.types.AccessRule; |
|
| 48 | 48 |
import org.dataone.service.types.Checksum; |
| 49 | 49 |
import org.dataone.service.types.Event; |
| 50 | 50 |
import org.dataone.service.types.Identifier; |
| ... | ... | |
| 57 | 57 |
import org.dataone.service.types.ObjectFormatList; |
| 58 | 58 |
import org.dataone.service.types.ObjectList; |
| 59 | 59 |
import org.dataone.service.types.ObjectLocationList; |
| 60 |
import org.dataone.service.types.Person;
|
|
| 60 |
import org.dataone.service.types.Permission;
|
|
| 61 | 61 |
import org.dataone.service.types.QueryType; |
| 62 | 62 |
import org.dataone.service.types.ReplicationPolicy; |
| 63 | 63 |
import org.dataone.service.types.ReplicationStatus; |
| 64 | 64 |
import org.dataone.service.types.Session; |
| 65 | 65 |
import org.dataone.service.types.Subject; |
| 66 |
import org.dataone.service.types.SubjectList; |
|
| 67 | 66 |
import org.dataone.service.types.SystemMetadata; |
| 68 | 67 |
|
| 69 | 68 |
import edu.ucsb.nceas.metacat.EventLog; |
| 70 | 69 |
import edu.ucsb.nceas.metacat.IdentifierManager; |
| 70 |
import edu.ucsb.nceas.metacat.McdbDocNotFoundException; |
|
| 71 | 71 |
import edu.ucsb.nceas.metacat.replication.ForceReplicationSystemMetadataHandler; |
| 72 | 72 |
|
| 73 | 73 |
/** |
| ... | ... | |
| 568 | 568 |
} |
| 569 | 569 |
|
| 570 | 570 |
/** |
| 571 |
* Test if the user identified by the provided token has authorization |
|
| 572 |
* for operation on the specified object. |
|
| 573 |
* |
|
| 574 |
* @param session - the Session object containing the credentials for the Subject |
|
| 575 |
* @param pid - The identifer of the resource for which access is being checked |
|
| 576 |
* @param operation - The type of operation which is being requested for the given pid |
|
| 577 |
* |
|
| 578 |
* @return true if the operation is allowed |
|
| 579 |
* |
|
| 580 |
* @throws ServiceFailure |
|
| 581 |
* @throws InvalidToken |
|
| 582 |
* @throws NotFound |
|
| 583 |
* @throws NotAuthorized |
|
| 584 |
* @throws NotImplemented |
|
| 585 |
* @throws InvalidRequest |
|
| 586 |
*/ |
|
| 587 |
@Override |
|
| 588 |
public boolean isAuthorized(Session session, Identifier pid, Event action) |
|
| 589 |
throws ServiceFailure, InvalidToken, NotFound, NotAuthorized, |
|
| 590 |
NotImplemented, InvalidRequest {
|
|
| 591 |
|
|
| 592 |
return false; |
|
| 593 |
} |
|
| 594 |
|
|
| 595 |
/** |
|
| 596 |
* Sets the access permissions for an object identified by pid |
|
| 597 |
* |
|
| 598 |
* @param session - the Session object containing the credentials for the Subject |
|
| 599 |
* @param pid - The identifer of the resource to set access on |
|
| 600 |
* @param accessPolicy - The access policy to be applied for the object |
|
| 601 |
* |
|
| 602 |
* @return true if the operation is allowed |
|
| 603 |
* |
|
| 604 |
* @throws ServiceFailure |
|
| 605 |
* @throws InvalidToken |
|
| 606 |
* @throws NotFound |
|
| 607 |
* @throws NotAuthorized |
|
| 608 |
* @throws NotImplemented |
|
| 609 |
* @throws InvalidRequest |
|
| 610 |
*/ |
|
| 611 |
@Override |
|
| 612 |
public boolean setAccessPolicy(Session session, Identifier pid, |
|
| 613 |
AccessPolicy accessPolicy) throws InvalidToken, NotFound, NotImplemented, |
|
| 614 |
NotAuthorized, ServiceFailure, InvalidRequest {
|
|
| 615 |
|
|
| 616 |
return super.setAccessPolicy(session, pid, accessPolicy); |
|
| 617 |
} |
|
| 618 |
|
|
| 619 |
/** |
|
| 620 | 571 |
* Changes ownership (RightsHolder) of the specified object to the |
| 621 | 572 |
* subject specified by userId |
| 622 | 573 |
* |
| ... | ... | |
| 637 | 588 |
public Identifier setOwner(Session session, Identifier pid, Subject userId) |
| 638 | 589 |
throws InvalidToken, ServiceFailure, NotFound, NotAuthorized, |
| 639 | 590 |
NotImplemented, InvalidRequest {
|
| 591 |
|
|
| 592 |
// get the subject |
|
| 593 |
Subject subject = session.getSubject(); |
|
| 594 |
// get the system metadata |
|
| 595 |
String guid = pid.getValue(); |
|
| 596 |
|
|
| 597 |
// are we allowed to do this? |
|
| 598 |
if (!hasPermission(session, pid, Permission.CHANGE_PERMISSION)) {
|
|
| 599 |
throw new NotAuthorized("4440", "not allowed by " + subject.getValue() + " on " + guid);
|
|
| 600 |
} |
|
| 601 |
|
|
| 602 |
SystemMetadata systemMetadata = null; |
|
| 603 |
try {
|
|
| 604 |
systemMetadata = IdentifierManager.getInstance().getSystemMetadata(guid); |
|
| 605 |
} catch (McdbDocNotFoundException e) {
|
|
| 606 |
throw new NotFound("4460", "No record found for: " + guid);
|
|
| 607 |
} |
|
| 608 |
|
|
| 609 |
// set the new rights holder |
|
| 610 |
systemMetadata.setRightsHolder(userId); |
|
| 611 |
|
|
| 612 |
// update the metadata |
|
| 613 |
try {
|
|
| 614 |
IdentifierManager.getInstance().updateSystemMetadata(systemMetadata); |
|
| 615 |
} catch (McdbDocNotFoundException e) {
|
|
| 616 |
throw new ServiceFailure("4490", e.getMessage());
|
|
| 617 |
} |
|
| 640 | 618 |
|
| 641 |
return null;
|
|
| 619 |
return pid;
|
|
| 642 | 620 |
} |
| 643 | 621 |
|
| 644 | 622 |
} |
Also available in: Unified diff
implement CNAuthorization