Revision 7068
Added by Chris Jones about 12 years ago
| CNodeService.java | ||
|---|---|---|
| 136 | 136 |
Subject subject = session.getSubject(); |
| 137 | 137 |
|
| 138 | 138 |
// are we allowed to do this? |
| 139 |
if (!isAdminAuthorized(session, pid, Permission.CHANGE_PERMISSION)) {
|
|
| 140 |
if (!isAuthorized(session, pid, Permission.CHANGE_PERMISSION)) {
|
|
| 141 |
throw new NotAuthorized("4881", Permission.CHANGE_PERMISSION
|
|
| 142 |
+ " not allowed by " + subject.getValue() + " on " |
|
| 143 |
+ pid.getValue()); |
|
| 144 |
|
|
| 145 |
} |
|
| 139 |
if (!isAuthorized(session, pid, Permission.CHANGE_PERMISSION)) {
|
|
| 140 |
throw new NotAuthorized("4881", Permission.CHANGE_PERMISSION
|
|
| 141 |
+ " not allowed by " + subject.getValue() + " on " |
|
| 142 |
+ pid.getValue()); |
|
| 143 |
|
|
| 146 | 144 |
} |
| 147 | 145 |
|
| 148 | 146 |
SystemMetadata systemMetadata = null; |
| ... | ... | |
| 230 | 228 |
Subject subject = session.getSubject(); |
| 231 | 229 |
|
| 232 | 230 |
// are we allowed to do this? |
| 233 |
if (!isAdminAuthorized(session, pid, Permission.WRITE)) {
|
|
| 234 |
boolean isAuthorized = false; |
|
| 235 |
try {
|
|
| 236 |
isAuthorized = isAuthorized(session, pid, Permission.WRITE); |
|
| 237 |
} catch (InvalidRequest e) {
|
|
| 238 |
throw new ServiceFailure("4882", e.getDescription());
|
|
| 239 |
} |
|
| 240 |
if (!isAuthorized) {
|
|
| 241 |
throw new NotAuthorized("4881", Permission.WRITE
|
|
| 242 |
+ " not allowed by " + subject.getValue() + " on " |
|
| 243 |
+ pid.getValue()); |
|
| 231 |
boolean isAuthorized = false; |
|
| 232 |
try {
|
|
| 233 |
isAuthorized = isAuthorized(session, pid, Permission.WRITE); |
|
| 234 |
} catch (InvalidRequest e) {
|
|
| 235 |
throw new ServiceFailure("4882", e.getDescription());
|
|
| 236 |
} |
|
| 237 |
if (!isAuthorized) {
|
|
| 238 |
throw new NotAuthorized("4881", Permission.WRITE
|
|
| 239 |
+ " not allowed by " + subject.getValue() + " on " |
|
| 240 |
+ pid.getValue()); |
|
| 244 | 241 |
|
| 245 |
} |
|
| 246 | 242 |
} |
| 247 | 243 |
|
| 248 | 244 |
SystemMetadata systemMetadata = null; |
| ... | ... | |
| 346 | 342 |
Subject subject = session.getSubject(); |
| 347 | 343 |
|
| 348 | 344 |
// are we allowed to do this? |
| 349 |
if (!isAdminAuthorized(session, pid, Permission.WRITE)) {
|
|
| 350 |
if (!isAuthorized(session, pid, Permission.WRITE)) {
|
|
| 351 |
throw new NotAuthorized("4881", Permission.WRITE
|
|
| 352 |
+ " not allowed by " + subject.getValue() + " on " |
|
| 353 |
+ pid.getValue()); |
|
| 345 |
if (!isAuthorized(session, pid, Permission.WRITE)) {
|
|
| 346 |
throw new NotAuthorized("4881", Permission.WRITE
|
|
| 347 |
+ " not allowed by " + subject.getValue() + " on " |
|
| 348 |
+ pid.getValue()); |
|
| 354 | 349 |
|
| 355 |
} |
|
| 356 | 350 |
} |
| 357 | 351 |
|
| 352 |
|
|
| 358 | 353 |
SystemMetadata systemMetadata = null; |
| 359 | 354 |
try {
|
| 360 | 355 |
lock = HazelcastService.getInstance().getLock(pid.getValue()); |
| ... | ... | |
| 520 | 515 |
} |
| 521 | 516 |
} |
| 522 | 517 |
|
| 523 |
if ( !isAdminAuthorized(session, pid, Permission.WRITE) ) {
|
|
| 518 |
if ( !isAuthorized(session, pid, Permission.WRITE) ) {
|
|
| 524 | 519 |
if (!allowed) {
|
| 525 | 520 |
String msg = "The subject identified by " |
| 526 | 521 |
+ subject.getValue() |
| ... | ... | |
| 991 | 986 |
Subject subject = session.getSubject(); |
| 992 | 987 |
|
| 993 | 988 |
// are we allowed to do this? |
| 994 |
if (!isAdminAuthorized(session, pid, Permission.CHANGE_PERMISSION)) {
|
|
| 995 |
if (!isAuthorized(session, pid, Permission.CHANGE_PERMISSION)) {
|
|
| 996 |
throw new NotAuthorized("4440", "not allowed by "
|
|
| 997 |
+ subject.getValue() + " on " + pid.getValue()); |
|
| 998 |
|
|
| 999 |
} |
|
| 989 |
if (!isAuthorized(session, pid, Permission.CHANGE_PERMISSION)) {
|
|
| 990 |
throw new NotAuthorized("4440", "not allowed by "
|
|
| 991 |
+ subject.getValue() + " on " + pid.getValue()); |
|
| 992 |
|
|
| 1000 | 993 |
} |
| 1001 | 994 |
|
| 1002 | 995 |
SystemMetadata systemMetadata = null; |
| ... | ... | |
| 1288 | 1281 |
// get the subject |
| 1289 | 1282 |
Subject subject = session.getSubject(); |
| 1290 | 1283 |
|
| 1291 |
if (!isAdminAuthorized(session, pid, Permission.CHANGE_PERMISSION)) {
|
|
| 1292 |
// are we allowed to do this? |
|
| 1293 |
if (!isAuthorized(session, pid, Permission.CHANGE_PERMISSION)) {
|
|
| 1294 |
throw new NotAuthorized("4420", "not allowed by "
|
|
| 1295 |
+ subject.getValue() + " on " + pid.getValue()); |
|
| 1296 |
} |
|
| 1284 |
// are we allowed to do this? |
|
| 1285 |
if (!isAuthorized(session, pid, Permission.CHANGE_PERMISSION)) {
|
|
| 1286 |
throw new NotAuthorized("4420", "not allowed by "
|
|
| 1287 |
+ subject.getValue() + " on " + pid.getValue()); |
|
| 1297 | 1288 |
} |
| 1298 | 1289 |
|
| 1299 | 1290 |
try {
|
| ... | ... | |
| 1384 | 1375 |
|
| 1385 | 1376 |
// are we allowed to do this? |
| 1386 | 1377 |
try {
|
| 1387 |
if (!isAdminAuthorized(session, pid, Permission.WRITE)) {
|
|
| 1388 |
// what is the controlling permission?
|
|
| 1389 |
if (!isAuthorized(session, pid, Permission.WRITE)) {
|
|
| 1390 |
throw new NotAuthorized("4851", "not allowed by "
|
|
| 1391 |
+ subject.getValue() + " on " + pid.getValue());
|
|
| 1392 |
}
|
|
| 1393 |
} |
|
| 1378 |
|
|
| 1379 |
// what is the controlling permission? |
|
| 1380 |
if (!isAuthorized(session, pid, Permission.WRITE)) {
|
|
| 1381 |
throw new NotAuthorized("4851", "not allowed by "
|
|
| 1382 |
+ subject.getValue() + " on " + pid.getValue()); |
|
| 1383 |
} |
|
| 1384 |
|
|
| 1394 | 1385 |
|
| 1395 | 1386 |
} catch (InvalidToken e) {
|
| 1396 | 1387 |
throw new NotAuthorized("4851", "not allowed by " + subject.getValue() +
|
Also available in: Unified diff
Remove individual calls to isAdminAuthorized() in favor of the centralized isAuthorized() call that handles it now.