Project

General

Profile

« Previous | Next » 

Revision 7029

throw InvalidToken when an invalid Permission is passed in. THis requires that internal calls to the method also check for this exception.
https://redmine.dataone.org/issues/2388

View differences:

src/edu/ucsb/nceas/metacat/dataone/MNodeService.java
210 210
        }
211 211

  
212 212
        // does the subject have DELETE (a D1 CHANGE_PERMISSION level) priveleges on the pid?
213
        allowed = isAuthorized(session, pid, Permission.CHANGE_PERMISSION);
213
        try {
214
			allowed = isAuthorized(session, pid, Permission.CHANGE_PERMISSION);
215
		} catch (InvalidRequest e) {
216
            throw new ServiceFailure("1350", e.getDescription());
217
		}
214 218
            
215 219

  
216 220
        if (allowed) {
src/edu/ucsb/nceas/metacat/dataone/CNodeService.java
231 231

  
232 232
		// are we allowed to do this?
233 233
		if (!isAdminAuthorized(session, pid, Permission.WRITE)) {
234
			if (!isAuthorized(session, pid, Permission.WRITE)) {
234
			boolean isAuthorized = false;
235
			try {
236
				isAuthorized = isAuthorized(session, pid, Permission.WRITE);
237
			} catch (InvalidRequest e) {
238
				throw new ServiceFailure("4882", e.getDescription());
239
			}
240
			if (!isAuthorized) {
235 241
				throw new NotAuthorized("4881", Permission.WRITE
236 242
						+ " not allowed by " + subject.getValue() + " on "
237 243
						+ pid.getValue());
......
597 603
  public Checksum getChecksum(Session session, Identifier pid)
598 604
    throws InvalidToken, ServiceFailure, NotAuthorized, NotFound, 
599 605
    NotImplemented {
600
            
601
    if (!isAuthorized(session, pid, Permission.READ)) {
606
    
607
	boolean isAuthorized = false;
608
	try {
609
		isAuthorized = isAuthorized(session, pid, Permission.READ);
610
	} catch (InvalidRequest e) {
611
		throw new ServiceFailure("1410", e.getDescription());
612
	}  
613
    if (!isAuthorized) {
602 614
        throw new NotAuthorized("1400", Permission.READ + " not allowed on " + pid.getValue());  
603 615
    }
604 616
    
src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java
524 524
    }
525 525
    
526 526
    // check for authorization
527
    allowed = isAuthorized(session, pid, Permission.READ);
527
    try {
528
		allowed = isAuthorized(session, pid, Permission.READ);
529
	} catch (InvalidRequest e) {
530
		throw new ServiceFailure("1030", e.getDescription());
531
	}
528 532
    
529 533
    // if the person is authorized, perform the read
530 534
    if (allowed) {
......
574 578
      throws InvalidToken, ServiceFailure, NotAuthorized, NotFound,
575 579
      NotImplemented {
576 580
      
577
      if (!isAuthorized(session, pid, Permission.READ)) {
581
	  boolean isAuthorized = false;
582
	  try {
583
		isAuthorized = isAuthorized(session, pid, Permission.READ);
584
	  } catch (InvalidRequest e) {
585
		throw new ServiceFailure("1090", e.getDescription());
586
	  }
587
	  
588
      if (!isAuthorized) {
578 589
        throw new NotAuthorized("1400", Permission.READ + " not allowed on " + pid.getValue());  
579 590
      }
580 591
      SystemMetadata systemMetadata = null;
......
666 677
   */
667 678
  public boolean isAuthorized(Session session, Identifier pid, Permission permission)
668 679
    throws ServiceFailure, InvalidToken, NotFound, NotAuthorized,
669
    NotImplemented {
680
    NotImplemented, InvalidRequest {
670 681

  
671 682
    boolean allowed = false;
672 683
    
684
    if (permission == null) {
685
    	throw new InvalidRequest("1761", "Permission was not provided or is invalid");
686
    }
687
    
673 688
    // permissions are hierarchical
674 689
    List<Permission> expandedPermissions = null;
675 690
    

Also available in: Unified diff