Project

General

Profile

« Previous | Next » 

Revision 6463

Added by Chris Jones about 13 years ago

Change isNodeAuthorized() to query the hzSystemMetadata map rather than the hzPendingreplicationTasks map. The latter isn't needed for authorization since the ReplicationStatus for each Replica in SystemMetadata lists the status of the replica and can be queried.

View differences:

src/edu/ucsb/nceas/metacat/dataone/CNodeService.java
43 43 
import org.dataone.service.exceptions.ServiceFailure;
44 44 
import org.dataone.service.types.v1.Checksum;
45 45 
import org.dataone.service.types.v1.Identifier;
46 
import org.dataone.service.types.v1.Node;
46 47 
import org.dataone.service.types.v1.NodeList;
47 48 
import org.dataone.service.types.v1.NodeReference;
48 49 
import org.dataone.service.types.v1.ObjectFormat;
......
734 735 
    throws NotImplemented, NotAuthorized, InvalidToken, ServiceFailure,
735 736 
    NotFound, InvalidRequest {
736 737 

  		




  737
  
  
    
	// build a predicate like: 


  		




  738
  
  
    
	    // "pid                    = '{pid}                   ' AND 


  		




  739
  
  
    
	    //  pemission              = '{permission}            ' AND


  		




  740
  
  
    
	    //  originatingNodeSubject = '{originatingNodeSubject}' AND


  		




  741
  
  
    
	    //  targetNodeSubject      = '{targetNodeSubject}     '"


  		




  742
  
  
    
	    boolean isAllowed = false;


  		




  743
  
  
    
	    String query = "";


  		




  744
  
  
    
	    query += "pid = '";


  		




  745
  
  
    
	    query += pid;


  		




  746
  
  
    
	    query += "' AND permission = '";


  		




  747
  
  
    
	    query += replicatePermission.name();


  		




  748
  
  
    
	    query += "' AND originatingNodeSubject = '";


  		




  749
  
  
    
	    query += originatingNodeSession.getSubject().getValue();


  		




  750
  
  
    
	    query += "' AND targetNodeSubject = '";


  		




  751
  
  
    
	    query += targetNodeSubject.getValue();


  		




  752
  
  
    
	    query += "'";


  		




  
  738
  
    
	  boolean isAllowed = false;


  		




  
  739
  
    
	  SystemMetadata sysmeta = null;


  		




  
  740
  
    
    String query = "subject = '" + targetNodeSubject + "'";


  		




  
  741
  
    
    NodeReference targetNode = null;


  		




  
  742
  
    
    


  		




  
  743
  
    
	  try {


  		




  
  744
  
    
	    // get the target node reference from the hzNodes map


  		




  
  745
  
    
	    Set<Node> nodeList = (Set<Node>) 


  		




  
  746
  
    
	      HazelcastService.getInstance().getNodesMap().values(new SqlPredicate(query));


  		




  753
  747
  
    
	    


  		




  754
  
  
    
	    logMetacat.debug("Pending replication task query is: " + query);


  		




  755
  
  
    
	    // search the hzPendingReplicationTasks map for the  originating node subject, 


  		




  756
  
  
    
	    // target node subject, pid, and replicate permission


  		




  
  748
  
    
	    // we should only have one subject DN per node


  		




  
  749
  
    
	    for (Node node : nodeList) {      


  		




  
  750
  
    
	      targetNode = node.getIdentifier();


  		




  
  751
  
    
	      break;


  		




  
  752
  
    
	        


  		




  
  753
  
    
      }


  		




  
  754
  
    
	     //lock, get, and unlock the pid


  		




  
  755
  
    
	    HazelcastService.getInstance().getSystemMetadataMap().lock(pid);


  		




  
  756
  
    
      sysmeta = HazelcastService.getInstance().getSystemMetadataMap().get(pid);


  		




  
  757
  
    
      HazelcastService.getInstance().getSystemMetadataMap().unlock(pid);


  		




  
  758
  
    
	    List<Replica> replicaList = sysmeta.getReplicaList();


  		




  757
  759
  
    
	    


  		




  758
  
  
    
	    Set<CNReplicationTask> tasks = 


  		




  759
  
  
    
	      (Set<CNReplicationTask>) HazelcastService.getInstance().getPendingReplicationTasks().values(new SqlPredicate(query));


  		




  760
  
  
    
	    


  		




  761
  
  
    
	    // do we have a matching task?


  		




  762
  
  
    
	    if ( tasks.size() >= 1 ) {


  		




  763
  
  
    
	      isAllowed = true;


  		




  764
  
  
    
	      


  		




  
  760
  
    
	    // find the replica with the status set to 'requested'


  		




  
  761
  
    
	    for(Replica replica : replicaList) {


  		




  
  762
  
    
	      ReplicationStatus status = replica.getReplicationStatus();


  		




  
  763
  
    
	      NodeReference listedNode = replica.getReplicaMemberNode();


  		




  
  764
  
    
	      if ( listedNode.equals(targetNode) && 


  		




  
  765
  
    
	           status.equals(ReplicationStatus.REQUESTED)) {


  		




  
  766
  
    
	        isAllowed = true;


  		




  
  767
  
    
	        break;


  		




  
  768
  
    
	        


  		




  
  769
  
    
	      }


  		




  765
  770
  
    
	    }


  		




  
  771
  
    

  		




  
  772
  
    
	  } catch(Exception e) {


  		




  
  773
  
    
	    // Catch Hazelcast RuntimeExceptions


  		




  766
  774
  
    
	    


  		




  767
  
  
    
	    return isAllowed;


  		




  
  775
  
    
	  } finally {


  		




  
  776
  
    
	    // always unlock the pid


  		




  
  777
  
    
      HazelcastService.getInstance().getSystemMetadataMap().unlock(pid);


  		




  
  778
  
    

  		




  
  779
  
    
	  }


  		




  
  780
  
    
	    


  		




  
  781
  
    
	  return isAllowed;


  		




  768
  782
  
    
    


  		




  769
  783
  
    
  }


  		




  770
  784
  
    

  		












Also available in:  Unified diff