Notify each replica MN when critical portions of system metadata change so the MN can pull the latest copy into its store. AccessPolicy and RightsHolder changes are the most critical for the MN to keep updated on.
Only allow CNs to call MN.synchronizationFailed() by calling isAdminAuthorized(). The pid must also be valid.
Modify CNodeService.setReplicationStatus() slightly to restrict MN-based calls to only set the status to COMPLETED. The CNs should be setting failures or invalidations, or the status can remain at QUEUED or REQUESTED, and the MNAuditTask can revisit those replicas as needed.
Add a notifyReplicaNodes() method that calls MNStorage.systemMetadataChanged() on MN replica nodes for a given object identifier. This will be called when there are changes to AccessPolicy and rights holder since these are critical access metadata for an MN, but they can only be changed on the CN.
Add some debugging statements in isAuthorized().
In setReplicationStatus(), first check for a replica target MN subject match with the session subject. If this fails, look to see if CN admin access is allowed. Otherwise throw NotAuthorized. Addresses https://redmine.dataone.org/issues/2494
do not allow "Metacat-conforming" identifiers to be used. "test.1.001" is interpreted as "test.1.1" which renders "test.1.002" unusable unless a traditional Metacat "update" is used for that id/revision which contradicts the DataONE use of Identifiers that have no lexical requirements for revisions.
check for session when checking administrative authorization
Remove individual calls to isAdminAuthorized() in favor of the centralized isAuthorized() call that handles it now.
Incorporate isAdminAuthorized() into isAuthorized() for blanket CN access to objects.
View revisions
Also available in: Atom