Revision 6571
Added by Chris Jones about 13 years ago
src/edu/ucsb/nceas/metacat/dataone/CNodeService.java | ||
---|---|---|
51 | 51 |
import org.dataone.service.exceptions.NotImplemented; |
52 | 52 |
import org.dataone.service.exceptions.ServiceFailure; |
53 | 53 |
import org.dataone.service.exceptions.UnsupportedType; |
54 |
import org.dataone.service.types.v1.AccessPolicy; |
|
54 | 55 |
import org.dataone.service.types.v1.Checksum; |
55 | 56 |
import org.dataone.service.types.v1.Identifier; |
56 | 57 |
import org.dataone.service.types.v1.Node; |
... | ... | |
982 | 983 |
|
983 | 984 |
} |
984 | 985 |
|
986 |
/** |
|
987 |
* Set access for a given object using the object identifier and a Subject |
|
988 |
* under a given Session. |
|
989 |
* |
|
990 |
* @param session - the Session object containing the credentials for the Subject |
|
991 |
* @param pid - the object identifier for the given object to apply the policy |
|
992 |
* @param policy - the access policy to be applied |
|
993 |
* |
|
994 |
* @return true if the application of the policy succeeds |
|
995 |
* @throws InvalidToken |
|
996 |
* @throws ServiceFailure |
|
997 |
* @throws NotFound |
|
998 |
* @throws NotAuthorized |
|
999 |
* @throws NotImplemented |
|
1000 |
* @throws InvalidRequest |
|
1001 |
*/ |
|
1002 |
public boolean setAccessPolicy(Session session, Identifier pid, |
|
1003 |
AccessPolicy accessPolicy) |
|
1004 |
throws InvalidToken, ServiceFailure, NotFound, NotAuthorized, |
|
1005 |
NotImplemented, InvalidRequest { |
|
1006 |
|
|
1007 |
boolean success = false; |
|
1008 |
|
|
1009 |
// get the subject |
|
1010 |
Subject subject = session.getSubject(); |
|
1011 |
|
|
1012 |
// are we allowed to do this? |
|
1013 |
if (!isAuthorized(session, pid, Permission.CHANGE_PERMISSION)) { |
|
1014 |
throw new NotAuthorized("4420", "not allowed by " + subject.getValue() + |
|
1015 |
" on " + pid.getValue()); |
|
1016 |
} |
|
1017 |
|
|
1018 |
SystemMetadata systemMetadata = null; |
|
1019 |
|
|
1020 |
try { |
|
1021 |
HazelcastService.getInstance().getSystemMetadataMap().lock(pid); |
|
1022 |
systemMetadata = HazelcastService.getInstance().getSystemMetadataMap().get(pid); |
|
1023 |
|
|
1024 |
} catch (Exception e) { |
|
1025 |
// convert Hazelcast RuntimeException to NotFound |
|
1026 |
throw new NotFound("4400", "No record found for: " + pid); |
|
1027 |
|
|
1028 |
} |
|
1029 |
|
|
1030 |
// set the access policy |
|
1031 |
systemMetadata.setAccessPolicy(accessPolicy); |
|
1032 |
|
|
1033 |
// update the system metadata |
|
1034 |
try { |
|
1035 |
// TODO: consult authoritative MN on current sysmeta serial version? |
|
1036 |
systemMetadata.setSerialVersion(systemMetadata.getSerialVersion().add(BigInteger.ONE)); |
|
1037 |
systemMetadata.setDateSysMetadataModified(Calendar.getInstance().getTime()); |
|
1038 |
HazelcastService.getInstance().getSystemMetadataMap().put(systemMetadata.getIdentifier(), systemMetadata); |
|
1039 |
HazelcastService.getInstance().getSystemMetadataMap().unlock(systemMetadata.getIdentifier()); |
|
1040 |
|
|
1041 |
} catch (Exception e) { |
|
1042 |
// convert Hazelcast RuntimeException to ServiceFailure |
|
1043 |
throw new ServiceFailure("4430", e.getMessage()); |
|
1044 |
|
|
1045 |
} finally { |
|
1046 |
HazelcastService.getInstance().getSystemMetadataMap().unlock(systemMetadata.getIdentifier()); |
|
1047 |
|
|
1048 |
} |
|
1049 |
|
|
1050 |
// TODO: how do we know if the map was persisted? |
|
1051 |
success = true; |
|
1052 |
|
|
1053 |
return success; |
|
1054 |
} |
|
1055 |
|
|
985 | 1056 |
} |
Also available in: Unified diff
Add setAccessPolicy() to CNodeService since the CN should only make changes to access policies for objects registered with the D1 system. Increment the serial version after locling and getting the most up to fdate system metadata.
Note: CCIT meeting decision says the serial version of the system metadata (during the change) should equal the current serial version, but setAccessPolicy() does not pass in the entire system metadata object, so there's no way to check. For now, increment the latest system metadata from the hzSystemMetadata map.