Revision 6866
Added by Chris Jones almost 13 years ago
| src/edu/ucsb/nceas/metacat/dataone/CNodeService.java | ||
|---|---|---|
| 133 | 133 |
Subject subject = session.getSubject(); |
| 134 | 134 |
|
| 135 | 135 |
// are we allowed to do this? |
| 136 |
if (!isAuthorized(session, pid, Permission.CHANGE_PERMISSION)) {
|
|
| 137 |
throw new NotAuthorized("4881", Permission.CHANGE_PERMISSION +
|
|
| 138 |
" not allowed by " + subject.getValue() + " on " + pid.getValue()); |
|
| 139 |
} |
|
| 140 |
|
|
| 141 |
SystemMetadata systemMetadata = null; |
|
| 136 |
if (!isAdminAuthorized(session, pid, Permission.CHANGE_PERMISSION)) {
|
|
| 137 |
if (!isAuthorized(session, pid, Permission.CHANGE_PERMISSION)) {
|
|
| 138 |
throw new NotAuthorized("4881", Permission.CHANGE_PERMISSION
|
|
| 139 |
+ " not allowed by " + subject.getValue() + " on " |
|
| 140 |
+ pid.getValue()); |
|
| 141 |
} |
|
| 142 |
} |
|
| 143 |
SystemMetadata systemMetadata = null; |
|
| 142 | 144 |
try {
|
| 143 | 145 |
lock = HazelcastService.getInstance().getLock(pid.getValue()); |
| 144 | 146 |
lock.lock(); |
| ... | ... | |
| 286 | 288 |
} |
| 287 | 289 |
} |
| 288 | 290 |
|
| 289 |
if ( !allowed ) {
|
|
| 291 |
if ( !allowed && !isAdminAuthorized(session, pid, Permission.WRITE)) {
|
|
| 290 | 292 |
String msg = "The subject identified by " + subject.getValue() + |
| 291 | 293 |
" does not have permission to set the replication status for " + |
| 292 | 294 |
"the replica identified by " + targetNode.getValue() + "."; |
| ... | ... | |
| 824 | 826 |
Subject subject = session.getSubject(); |
| 825 | 827 |
|
| 826 | 828 |
// are we allowed to do this? |
| 827 |
if (!isAuthorized(session, pid, Permission.CHANGE_PERMISSION)) {
|
|
| 828 |
throw new NotAuthorized("4440", "not allowed by " + subject.getValue() + " on " + pid.getValue());
|
|
| 829 |
} |
|
| 830 |
|
|
| 831 |
SystemMetadata systemMetadata = null; |
|
| 829 |
if (!isAdminAuthorized(session, pid, Permission.CHANGE_PERMISSION)) {
|
|
| 830 |
if (!isAuthorized(session, pid, Permission.CHANGE_PERMISSION)) {
|
|
| 831 |
throw new NotAuthorized("4440", "not allowed by "
|
|
| 832 |
+ subject.getValue() + " on " + pid.getValue()); |
|
| 833 |
} |
|
| 834 |
} |
|
| 835 |
SystemMetadata systemMetadata = null; |
|
| 832 | 836 |
try {
|
| 833 | 837 |
lock = HazelcastService.getInstance().getLock(pid.getValue()); |
| 834 | 838 |
|
| ... | ... | |
| 1198 | 1202 |
|
| 1199 | 1203 |
// are we allowed to do this? |
| 1200 | 1204 |
try {
|
| 1201 |
// what is the controlling permission? |
|
| 1202 |
if (!isAuthorized(session, pid, Permission.WRITE)) {
|
|
| 1203 |
throw new NotAuthorized("4851", "not allowed by " + subject.getValue() +
|
|
| 1204 |
" on " + pid.getValue()); |
|
| 1205 |
if (!isAdminAuthorized(session, pid, Permission.WRITE)) {
|
|
| 1206 |
// what is the controlling permission? |
|
| 1207 |
if (!isAuthorized(session, pid, Permission.WRITE)) {
|
|
| 1208 |
throw new NotAuthorized("4851", "not allowed by "
|
|
| 1209 |
+ subject.getValue() + " on " + pid.getValue()); |
|
| 1210 |
} |
|
| 1205 | 1211 |
} |
| 1206 | 1212 |
|
| 1207 | 1213 |
} catch (InvalidToken e) {
|
Also available in: Unified diff
Modify CNReplication methods setReplicationStatus(), updateReplicationMetadata() and setReplicationPolicy() to allow administrative access from a Coordinating Node by calling isAdminAuthorized().