Revision 7029
Added by ben leinfelder about 12 years ago
CNodeService.java | ||
---|---|---|
231 | 231 |
|
232 | 232 |
// are we allowed to do this? |
233 | 233 |
if (!isAdminAuthorized(session, pid, Permission.WRITE)) { |
234 |
if (!isAuthorized(session, pid, Permission.WRITE)) { |
|
234 |
boolean isAuthorized = false; |
|
235 |
try { |
|
236 |
isAuthorized = isAuthorized(session, pid, Permission.WRITE); |
|
237 |
} catch (InvalidRequest e) { |
|
238 |
throw new ServiceFailure("4882", e.getDescription()); |
|
239 |
} |
|
240 |
if (!isAuthorized) { |
|
235 | 241 |
throw new NotAuthorized("4881", Permission.WRITE |
236 | 242 |
+ " not allowed by " + subject.getValue() + " on " |
237 | 243 |
+ pid.getValue()); |
... | ... | |
597 | 603 |
public Checksum getChecksum(Session session, Identifier pid) |
598 | 604 |
throws InvalidToken, ServiceFailure, NotAuthorized, NotFound, |
599 | 605 |
NotImplemented { |
600 |
|
|
601 |
if (!isAuthorized(session, pid, Permission.READ)) { |
|
606 |
|
|
607 |
boolean isAuthorized = false; |
|
608 |
try { |
|
609 |
isAuthorized = isAuthorized(session, pid, Permission.READ); |
|
610 |
} catch (InvalidRequest e) { |
|
611 |
throw new ServiceFailure("1410", e.getDescription()); |
|
612 |
} |
|
613 |
if (!isAuthorized) { |
|
602 | 614 |
throw new NotAuthorized("1400", Permission.READ + " not allowed on " + pid.getValue()); |
603 | 615 |
} |
604 | 616 |
|
Also available in: Unified diff
throw InvalidToken when an invalid Permission is passed in. THis requires that internal calls to the method also check for this exception.
https://redmine.dataone.org/issues/2388