/ - Diff - Metacat - Ecoinformatics Redmine

« Previous | Next »

Revision 6571

Added by Chris Jones over 12 years ago

Add setAccessPolicy() to CNodeService since the CN should only make changes to access policies for objects registered with the D1 system. Increment the serial version after locling and getting the most up to fdate system metadata.
Note: CCIT meeting decision says the serial version of the system metadata (during the change) should equal the current serial version, but setAccessPolicy() does not pass in the entire system metadata object, so there's no way to check. For now, increment the latest system metadata from the hzSystemMetadata map.

     import org.dataone.service.exceptions.NotImplemented;
     import org.dataone.service.exceptions.ServiceFailure;
     import org.dataone.service.exceptions.UnsupportedType;
     import org.dataone.service.types.v1.AccessPolicy;
     import org.dataone.service.types.v1.Checksum;
     import org.dataone.service.types.v1.Identifier;
     import org.dataone.service.types.v1.Node;
-...
+      }
       /**
        * Set access for a given object using the object identifier and a Subject
        * under a given Session.
+       *
        * @param session - the Session object containing the credentials for the Subject
        * @param pid - the object identifier for the given object to apply the policy
        * @param policy - the access policy to be applied
+       *
        * @return true if the application of the policy succeeds
        * @throws InvalidToken
        * @throws ServiceFailure
        * @throws NotFound
        * @throws NotAuthorized
        * @throws NotImplemented
        * @throws InvalidRequest
        */
       public boolean setAccessPolicy(Session session, Identifier pid,
           AccessPolicy accessPolicy)
           throws InvalidToken, ServiceFailure, NotFound, NotAuthorized,
           NotImplemented, InvalidRequest {
           boolean success = false;
           // get the subject
           Subject subject = session.getSubject();
           // are we allowed to do this?
           if (!isAuthorized(session, pid, Permission.CHANGE_PERMISSION)) {
               throw new NotAuthorized("4420", "not allowed by " + subject.getValue() +
               " on " + pid.getValue());
+          }
           SystemMetadata systemMetadata = null;
           try {
               HazelcastService.getInstance().getSystemMetadataMap().lock(pid);
               systemMetadata = HazelcastService.getInstance().getSystemMetadataMap().get(pid);
           } catch (Exception e) {
               // convert Hazelcast RuntimeException to NotFound
               throw new NotFound("4400", "No record found for: " + pid);
+          }
           // set the access policy
           systemMetadata.setAccessPolicy(accessPolicy);
           // update the system metadata
           try {
               // TODO: consult authoritative MN on current sysmeta serial version?
               systemMetadata.setSerialVersion(systemMetadata.getSerialVersion().add(BigInteger.ONE));
               systemMetadata.setDateSysMetadataModified(Calendar.getInstance().getTime());
               HazelcastService.getInstance().getSystemMetadataMap().put(systemMetadata.getIdentifier(), systemMetadata);
               HazelcastService.getInstance().getSystemMetadataMap().unlock(systemMetadata.getIdentifier());
           } catch (Exception e) {
               // convert Hazelcast RuntimeException to ServiceFailure
               throw new ServiceFailure("4430", e.getMessage());
           } finally {
               HazelcastService.getInstance().getSystemMetadataMap().unlock(systemMetadata.getIdentifier());
+          }
         // TODO: how do we know if the map was persisted?
         success = true;
         return success;
+      }
+    }

Also available in: Unified diff

Project

General

Profile

Metacat

Revision 6571

Added by Chris Jones over 12 years ago