Modify CNodeService.setReplicationStatus() slightly to restrict MN-based calls to only set the status to COMPLETED. The CNs should be setting failures or invalidations, or the status can remain at QUEUED or REQUESTED, and the MNAuditTask can revisit those replicas as needed.
Add a notifyReplicaNodes() method that calls MNStorage.systemMetadataChanged() on MN replica nodes for a given object identifier. This will be called when there are changes to AccessPolicy and rights holder since these are critical access metadata for an MN, but they can only be changed on the CN.
Add some debugging statements in isAuthorized().
In setReplicationStatus(), first check for a replica target MN subject match with the session subject. If this fails, look to see if CN admin access is allowed. Otherwise throw NotAuthorized. Addresses https://redmine.dataone.org/issues/2494
do not allow "Metacat-conforming" identifiers to be used. "test.1.001" is interpreted as "test.1.1" which renders "test.1.002" unusable unless a traditional Metacat "update" is used for that id/revision which contradicts the DataONE use of Identifiers that have no lexical requirements for revisions.
check for session when checking administrative authorization
Remove individual calls to isAdminAuthorized() in favor of the centralized isAuthorized() call that handles it now.
Incorporate isAdminAuthorized() into isAuthorized() for blanket CN access to objects.
check for null Session before continuing with setReplicationStatus()https://redmine.dataone.org/issues/2476#note-3
do not attempt to parse empty file for the failure (BaseException serialization). There are cases when this is not given (failure="") when there is not a failure.https://redmine.dataone.org/issues/2476
View revisions
Also available in: Atom