Revision 6212
Added by ben leinfelder over 13 years ago
| src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java | ||
|---|---|---|
| 313 | 313 |
* @throws NotImplemented |
| 314 | 314 |
* @throws InvalidRequest |
| 315 | 315 |
*/ |
| 316 |
public boolean isAuthorized(Session session, Identifier pid, Event action)
|
|
| 316 |
public boolean isAuthorized(Session session, Identifier pid, Permission permission)
|
|
| 317 | 317 |
throws ServiceFailure, InvalidToken, NotFound, NotAuthorized, |
| 318 | 318 |
NotImplemented, InvalidRequest {
|
| 319 | 319 |
|
| ... | ... | |
| 333 | 333 |
List<AccessRule> allows = systemMetadata.getAccessPolicy().getAllowList(); |
| 334 | 334 |
for (AccessRule accessRule: allows) {
|
| 335 | 335 |
if (accessRule.getSubjectList().contains(subject)) {
|
| 336 |
List<Permission> permissions = accessRule.getPermissionList(); |
|
| 337 |
for (Permission permission: permissions) {
|
|
| 338 |
// TODO: something better than string comparison |
|
| 339 |
// TODO: reconcile Event vs Permission type |
|
| 340 |
allowed = permission.toString().equals(action.toString()); |
|
| 341 |
if (allowed) {
|
|
| 342 |
break; |
|
| 343 |
} |
|
| 336 |
allowed = accessRule.getPermissionList().contains(permission); |
|
| 337 |
if (allowed) {
|
|
| 338 |
break; |
|
| 344 | 339 |
} |
| 345 | 340 |
} |
| 346 | 341 |
} |
| 347 | 342 |
|
| 348 | 343 |
// TODO: throw or return? |
| 349 | 344 |
if (!allowed) {
|
| 350 |
throw new NotAuthorized("1820", action + "not allowed by " + subject.getValue() + " on " + guid);
|
|
| 345 |
throw new NotAuthorized("1820", permission + "not allowed by " + subject.getValue() + " on " + guid);
|
|
| 351 | 346 |
} |
| 352 | 347 |
return allowed; |
| 353 | 348 |
} |
Also available in: Unified diff
use Permission, not Event for isAuthorized() methods