Project

General

Profile

« Previous | Next » 

Revision 6293

Added by ben leinfelder over 13 years ago

beef up isAuthorized method to check for "public" access rules and also for the rights holder

View differences:

src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java
34 34 
import java.util.ArrayList;
35 35 
import java.util.Calendar;
36 36 
import java.util.Date;
37 
import java.util.Enumeration;
38 37 
import java.util.Hashtable;
39 38 
import java.util.List;
40 39 
import java.util.Timer;
41 40 
import java.util.TimerTask;
42 41 
import java.util.Vector;
43 42 

  		




  44
  
  
    
import javax.servlet.http.HttpServletRequest;


  		




  45
  43
  
    

  		




  46
  44
  
    
import org.apache.commons.io.IOUtils;


  		




  47
  45
  
    
import org.apache.log4j.Logger;


  		




  48
  46
  
    
import org.dataone.client.ObjectFormatCache;


  		




  
  47
  
    
import org.dataone.service.Constants;


  		




  49
  48
  
    
import org.dataone.service.exceptions.IdentifierNotUnique;


  		




  50
  49
  
    
import org.dataone.service.exceptions.InsufficientResources;


  		




  51
  50
  
    
import org.dataone.service.exceptions.InvalidRequest;


  		




  ......




  79
  78
  
    
import edu.ucsb.nceas.metacat.McdbDocNotFoundException;


  		




  80
  79
  
    
import edu.ucsb.nceas.metacat.McdbException;


  		




  81
  80
  
    
import edu.ucsb.nceas.metacat.MetacatHandler;


  		




  82
  
  
    
import edu.ucsb.nceas.metacat.client.InsufficientKarmaException;


  		




  83
  81
  
    
import edu.ucsb.nceas.metacat.properties.PropertyService;


  		




  84
  82
  
    
import edu.ucsb.nceas.metacat.replication.ForceReplicationHandler;


  		




  85
  
  
    
import edu.ucsb.nceas.metacat.util.SessionData;


  		




  86
  83
  
    
import edu.ucsb.nceas.metacat.util.SystemUtil;


  		




  87
  84
  
    
import edu.ucsb.nceas.utilities.ParseLSIDException;


  		




  88
  85
  
    
import edu.ucsb.nceas.utilities.PropertyNotFoundException;


  		




  ......




  647
  644
  
    
    	}


  		




  648
  645
  
    
    }


  		




  649
  646
  
    
    


  		




  
  647
  
    
    // add public subject


  		




  
  648
  
    
    Subject publicSubject = new Subject();


  		




  
  649
  
    
    publicSubject.setValue(Constants.PUBLIC_SUBJECT);


  		




  
  650
  
    
    subjects.add(publicSubject);


  		




  
  651
  
    
    


  		




  650
  652
  
    
    // get the system metadata


  		




  651
  653
  
    
    String pidStr = pid.getValue();


  		




  652
  654
  
    
    SystemMetadata systemMetadata = null;


  		




  ......




  656
  658
  
    
      throw new NotFound("1800", "No record found for " + pidStr);


  		




  657
  659
  
    
    }


  		




  658
  660
  
    
	    


  		




  
  661
  
    
    // do we own it?


  		




  
  662
  
    
    for (Subject s: subjects) {


  		




  
  663
  
    
    	allowed = systemMetadata.getRightsHolder().getValue().equals(s.getValue());


  		




  
  664
  
    
    	if (allowed) {


  		




  
  665
  
    
    		return allowed;


  		




  
  666
  
    
    	}


  		




  
  667
  
    
    }    


  		




  
  668
  
    
    


  		




  
  669
  
    
    // otherwise check the access rules


  		




  659
  670
  
    
    try {


  		




  660
  671
  
    
	    List<AccessRule> allows = systemMetadata.getAccessPolicy().getAllowList();


  		




  
  672
  
    
	    search: // label break


  		




  661
  673
  
    
	    for (AccessRule accessRule: allows) {


  		




  662
  674
  
    
	      for (Subject s: subjects) {


  		




  663
  
  
    
	        if (accessRule.getSubjectList().contains(s)) {


  		




  664
  
  
    
	          allowed = accessRule.getPermissionList().contains(permission);


  		




  665
  
  
    
	          if (allowed) {


  		




  666
  
  
    
	        	  break;


  		




  667
  
  
    
	          }


  		




  
  675
  
    
	        //if (accessRule.getSubjectList().contains(s)) {


  		




  
  676
  
    
        	for (Subject ruleSubject: accessRule.getSubjectList()) {


  		




  
  677
  
    
        		if (ruleSubject.getValue().equals(s.getValue())) {


  		




  
  678
  
    
		          allowed = accessRule.getPermissionList().contains(permission);


  		




  
  679
  
    
		          if (allowed) {


  		




  
  680
  
    
		        	  break search; //label break


  		




  
  681
  
    
		          }


  		




  
  682
  
    
        		}


  		




  668
  683
  
    
	        }


  		




  669
  684
  
    
	      }


  		




  670
  685
  
    
	    }


  		












Also available in:  Unified diff