Project

General

Profile

« Previous | Next » 

Revision 7029

Added by ben leinfelder over 12 years ago

throw InvalidToken when an invalid Permission is passed in. THis requires that internal calls to the method also check for this exception.
https://redmine.dataone.org/issues/2388

View differences:

src/edu/ucsb/nceas/metacat/dataone/MNodeService.java
210 210 
        }
211 211 

  		




  212
  212
  
    
        // does the subject have DELETE (a D1 CHANGE_PERMISSION level) priveleges on the pid?


  		




  213
  
  
    
        allowed = isAuthorized(session, pid, Permission.CHANGE_PERMISSION);


  		




  
  213
  
    
        try {


  		




  
  214
  
    
			allowed = isAuthorized(session, pid, Permission.CHANGE_PERMISSION);


  		




  
  215
  
    
		} catch (InvalidRequest e) {


  		




  
  216
  
    
            throw new ServiceFailure("1350", e.getDescription());


  		




  
  217
  
    
		}


  		




  214
  218
  
    
            


  		




  215
  219
  
    

  		




  216
  220
  
    
        if (allowed) {


  		












  

    
      src/edu/ucsb/nceas/metacat/dataone/CNodeService.java
    
  





  231
  231
  
    

  		




  232
  232
  
    
		// are we allowed to do this?


  		




  233
  233
  
    
		if (!isAdminAuthorized(session, pid, Permission.WRITE)) {


  		




  234
  
  
    
			if (!isAuthorized(session, pid, Permission.WRITE)) {


  		




  
  234
  
    
			boolean isAuthorized = false;


  		




  
  235
  
    
			try {


  		




  
  236
  
    
				isAuthorized = isAuthorized(session, pid, Permission.WRITE);


  		




  
  237
  
    
			} catch (InvalidRequest e) {


  		




  
  238
  
    
				throw new ServiceFailure("4882", e.getDescription());


  		




  
  239
  
    
			}


  		




  
  240
  
    
			if (!isAuthorized) {


  		




  235
  241
  
    
				throw new NotAuthorized("4881", Permission.WRITE


  		




  236
  242
  
    
						+ " not allowed by " + subject.getValue() + " on "


  		




  237
  243
  
    
						+ pid.getValue());


  		




  ......




  597
  603
  
    
  public Checksum getChecksum(Session session, Identifier pid)


  		




  598
  604
  
    
    throws InvalidToken, ServiceFailure, NotAuthorized, NotFound, 


  		




  599
  605
  
    
    NotImplemented {


  		




  600
  
  
    
            


  		




  601
  
  
    
    if (!isAuthorized(session, pid, Permission.READ)) {


  		




  
  606
  
    
    


  		




  
  607
  
    
	boolean isAuthorized = false;


  		




  
  608
  
    
	try {


  		




  
  609
  
    
		isAuthorized = isAuthorized(session, pid, Permission.READ);


  		




  
  610
  
    
	} catch (InvalidRequest e) {


  		




  
  611
  
    
		throw new ServiceFailure("1410", e.getDescription());


  		




  
  612
  
    
	}  


  		




  
  613
  
    
    if (!isAuthorized) {


  		




  602
  614
  
    
        throw new NotAuthorized("1400", Permission.READ + " not allowed on " + pid.getValue());  


  		




  603
  615
  
    
    }


  		




  604
  616
  
    
    


  		












  

    
      src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java
    
  





  524
  524
  
    
    }


  		




  525
  525
  
    
    


  		




  526
  526
  
    
    // check for authorization


  		




  527
  
  
    
    allowed = isAuthorized(session, pid, Permission.READ);


  		




  
  527
  
    
    try {


  		




  
  528
  
    
		allowed = isAuthorized(session, pid, Permission.READ);


  		




  
  529
  
    
	} catch (InvalidRequest e) {


  		




  
  530
  
    
		throw new ServiceFailure("1030", e.getDescription());


  		




  
  531
  
    
	}


  		




  528
  532
  
    
    


  		




  529
  533
  
    
    // if the person is authorized, perform the read


  		




  530
  534
  
    
    if (allowed) {


  		




  ......




  574
  578
  
    
      throws InvalidToken, ServiceFailure, NotAuthorized, NotFound,


  		




  575
  579
  
    
      NotImplemented {


  		




  576
  580
  
    
      


  		




  577
  
  
    
      if (!isAuthorized(session, pid, Permission.READ)) {


  		




  
  581
  
    
	  boolean isAuthorized = false;


  		




  
  582
  
    
	  try {


  		




  
  583
  
    
		isAuthorized = isAuthorized(session, pid, Permission.READ);


  		




  
  584
  
    
	  } catch (InvalidRequest e) {


  		




  
  585
  
    
		throw new ServiceFailure("1090", e.getDescription());


  		




  
  586
  
    
	  }


  		




  
  587
  
    
	  


  		




  
  588
  
    
      if (!isAuthorized) {


  		




  578
  589
  
    
        throw new NotAuthorized("1400", Permission.READ + " not allowed on " + pid.getValue());  


  		




  579
  590
  
    
      }


  		




  580
  591
  
    
      SystemMetadata systemMetadata = null;


  		




  ......




  666
  677
  
    
   */


  		




  667
  678
  
    
  public boolean isAuthorized(Session session, Identifier pid, Permission permission)


  		




  668
  679
  
    
    throws ServiceFailure, InvalidToken, NotFound, NotAuthorized,


  		




  669
  
  
    
    NotImplemented {


  		




  
  680
  
    
    NotImplemented, InvalidRequest {


  		




  670
  681
  
    

  		




  671
  682
  
    
    boolean allowed = false;


  		




  672
  683
  
    
    


  		




  
  684
  
    
    if (permission == null) {


  		




  
  685
  
    
    	throw new InvalidRequest("1761", "Permission was not provided or is invalid");


  		




  
  686
  
    
    }


  		




  
  687
  
    
    


  		




  673
  688
  
    
    // permissions are hierarchical


  		




  674
  689
  
    
    List<Permission> expandedPermissions = null;


  		




  675
  690
  
    
    


  		












Also available in:  Unified diff