Revision 7039
Added by Chris Jones about 12 years ago
| D1NodeService.java | ||
|---|---|---|
| 714 | 714 |
List<Person> personList = subjectInfo.getPersonList(); |
| 715 | 715 |
if (personList != null) {
|
| 716 | 716 |
for (Person p : personList) {
|
| 717 |
// for the primary person |
|
| 718 |
if (p.getSubject().equals(subject)) {
|
|
| 717 |
// for every person listed (isVerified is transitive) |
|
| 719 | 718 |
logMetacat.debug("checking person");
|
| 720 | 719 |
logMetacat.debug("p.getVerified(): " + p.getVerified());
|
| 721 | 720 |
if (p.getVerified() != null && p.getVerified()) {
|
| ... | ... | |
| 740 | 739 |
} |
| 741 | 740 |
} |
| 742 | 741 |
break; |
| 743 |
} |
|
| 744 | 742 |
} |
| 745 | 743 |
} |
| 746 | 744 |
} |
| ... | ... | |
| 777 | 775 |
|
| 778 | 776 |
// do we own it? |
| 779 | 777 |
for (Subject s: subjects) {
|
| 778 |
logMetacat.debug("Comparing \t" +
|
|
| 779 |
systemMetadata.getRightsHolder().getValue() + |
|
| 780 |
" \tagainst \t" + s.getValue()); |
|
| 780 | 781 |
allowed = systemMetadata.getRightsHolder().equals(s); |
| 781 | 782 |
if (allowed) {
|
| 782 | 783 |
return allowed; |
| ... | ... | |
| 805 | 806 |
// catch all for errors - safe side should be to deny the access |
| 806 | 807 |
logMetacat.error("Problem checking authorization - defaulting to deny", e);
|
| 807 | 808 |
allowed = false; |
| 808 |
} |
|
| 809 |
|
|
| 810 |
} |
|
| 809 | 811 |
|
| 810 | 812 |
// throw or return? |
| 811 | 813 |
if (!allowed) {
|
Also available in: Unified diff
A minor change to isAuthorized() - compare each Person in the SubjectInfo (not just the primary Subject) since each person could have an equivalent identity mapped to the primary Subject. Add debug logging for the comparison.