Revision 7029
Added by ben leinfelder almost 13 years ago
src/edu/ucsb/nceas/metacat/dataone/MNodeService.java | ||
---|---|---|
210 | 210 |
} |
211 | 211 |
|
212 | 212 |
// does the subject have DELETE (a D1 CHANGE_PERMISSION level) priveleges on the pid? |
213 |
allowed = isAuthorized(session, pid, Permission.CHANGE_PERMISSION); |
|
213 |
try { |
|
214 |
allowed = isAuthorized(session, pid, Permission.CHANGE_PERMISSION); |
|
215 |
} catch (InvalidRequest e) { |
|
216 |
throw new ServiceFailure("1350", e.getDescription()); |
|
217 |
} |
|
214 | 218 |
|
215 | 219 |
|
216 | 220 |
if (allowed) { |
src/edu/ucsb/nceas/metacat/dataone/CNodeService.java | ||
---|---|---|
231 | 231 |
|
232 | 232 |
// are we allowed to do this? |
233 | 233 |
if (!isAdminAuthorized(session, pid, Permission.WRITE)) { |
234 |
if (!isAuthorized(session, pid, Permission.WRITE)) { |
|
234 |
boolean isAuthorized = false; |
|
235 |
try { |
|
236 |
isAuthorized = isAuthorized(session, pid, Permission.WRITE); |
|
237 |
} catch (InvalidRequest e) { |
|
238 |
throw new ServiceFailure("4882", e.getDescription()); |
|
239 |
} |
|
240 |
if (!isAuthorized) { |
|
235 | 241 |
throw new NotAuthorized("4881", Permission.WRITE |
236 | 242 |
+ " not allowed by " + subject.getValue() + " on " |
237 | 243 |
+ pid.getValue()); |
... | ... | |
597 | 603 |
public Checksum getChecksum(Session session, Identifier pid) |
598 | 604 |
throws InvalidToken, ServiceFailure, NotAuthorized, NotFound, |
599 | 605 |
NotImplemented { |
600 |
|
|
601 |
if (!isAuthorized(session, pid, Permission.READ)) { |
|
606 |
|
|
607 |
boolean isAuthorized = false; |
|
608 |
try { |
|
609 |
isAuthorized = isAuthorized(session, pid, Permission.READ); |
|
610 |
} catch (InvalidRequest e) { |
|
611 |
throw new ServiceFailure("1410", e.getDescription()); |
|
612 |
} |
|
613 |
if (!isAuthorized) { |
|
602 | 614 |
throw new NotAuthorized("1400", Permission.READ + " not allowed on " + pid.getValue()); |
603 | 615 |
} |
604 | 616 |
|
src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java | ||
---|---|---|
524 | 524 |
} |
525 | 525 |
|
526 | 526 |
// check for authorization |
527 |
allowed = isAuthorized(session, pid, Permission.READ); |
|
527 |
try { |
|
528 |
allowed = isAuthorized(session, pid, Permission.READ); |
|
529 |
} catch (InvalidRequest e) { |
|
530 |
throw new ServiceFailure("1030", e.getDescription()); |
|
531 |
} |
|
528 | 532 |
|
529 | 533 |
// if the person is authorized, perform the read |
530 | 534 |
if (allowed) { |
... | ... | |
574 | 578 |
throws InvalidToken, ServiceFailure, NotAuthorized, NotFound, |
575 | 579 |
NotImplemented { |
576 | 580 |
|
577 |
if (!isAuthorized(session, pid, Permission.READ)) { |
|
581 |
boolean isAuthorized = false; |
|
582 |
try { |
|
583 |
isAuthorized = isAuthorized(session, pid, Permission.READ); |
|
584 |
} catch (InvalidRequest e) { |
|
585 |
throw new ServiceFailure("1090", e.getDescription()); |
|
586 |
} |
|
587 |
|
|
588 |
if (!isAuthorized) { |
|
578 | 589 |
throw new NotAuthorized("1400", Permission.READ + " not allowed on " + pid.getValue()); |
579 | 590 |
} |
580 | 591 |
SystemMetadata systemMetadata = null; |
... | ... | |
666 | 677 |
*/ |
667 | 678 |
public boolean isAuthorized(Session session, Identifier pid, Permission permission) |
668 | 679 |
throws ServiceFailure, InvalidToken, NotFound, NotAuthorized, |
669 |
NotImplemented { |
|
680 |
NotImplemented, InvalidRequest {
|
|
670 | 681 |
|
671 | 682 |
boolean allowed = false; |
672 | 683 |
|
684 |
if (permission == null) { |
|
685 |
throw new InvalidRequest("1761", "Permission was not provided or is invalid"); |
|
686 |
} |
|
687 |
|
|
673 | 688 |
// permissions are hierarchical |
674 | 689 |
List<Permission> expandedPermissions = null; |
675 | 690 |
|
Also available in: Unified diff
throw InvalidToken when an invalid Permission is passed in. THis requires that internal calls to the method also check for this exception.
https://redmine.dataone.org/issues/2388