Project

General

Profile

« Previous | Next » 

Revision 7079

Added by ben leinfelder about 12 years ago

use isAdminAuthorized() to check access to CN.create(). Note this method takes a pid and permission parameter and neither is used. Also removed the NotFound exception because it would never come up.

View differences:

src/edu/ucsb/nceas/metacat/dataone/MNodeService.java
918 918 
                throw new NotAuthorized("2162",
919 919 
                        "Not allowed to call synchronizationFailed() on this node.");
920 920 

  		




  921
  
  
    
            } catch (NotFound e) {


  		




  922
  
  
    
                throw new ServiceFailure("2161", 


  		




  923
  
  
    
                        "The identifier specified by " + pid.getValue() + 


  		




  924
  
  
    
                        " was not found on this node.");


  		




  925
  
  
    

  		




  926
  921
  
    
            }


  		




  927
  922
  
    
            


  		




  928
  923
  
    
        } else {


  		












  

    
      src/edu/ucsb/nceas/metacat/dataone/CNodeService.java
    
  





  1233
  1233
  
    
          lock = HazelcastService.getInstance().getLock(pid.getValue());


  		




  1234
  1234
  
    
          // are we allowed?


  		




  1235
  1235
  
    
          boolean isAllowed = false;


  		




  1236
  
  
    
          CNode cn = D1Client.getCN();


  		




  1237
  
  
    
          NodeList nodeList = cn.listNodes();


  		




  1238
  
  
    
          


  		




  1239
  
  
    
          for (Node node : nodeList.getNodeList()) {


  		




  1240
  
  
    
              if ( node.getType().equals(NodeType.CN) ) {


  		




  1241
  
  
    
                  


  		




  1242
  
  
    
                  List<Subject> subjects = node.getSubjectList();


  		




  1243
  
  
    
                  for (Subject subject : subjects) {


  		




  1244
  
  
    
                     if (subject.equals(session.getSubject())) {


  		




  1245
  
  
    
                         isAllowed = true;


  		




  1246
  
  
    
                         break;


  		




  1247
  
  
    
                     }


  		




  1248
  
  
    
                  }


  		




  1249
  
  
    
              } else {


  		




  1250
  
  
    
                  


  		




  1251
  
  
    
              }


  		




  1252
  
  
    
          }


  		




  
  1236
  
    
          isAllowed = isAdminAuthorized(session, pid, Permission.WRITE);


  		




  1253
  1237
  
    

  		




  1254
  1238
  
    
          // proceed if we're called by a CN


  		




  1255
  1239
  
    
          if ( isAllowed ) {


  		












  

    
      src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java
    
  





  748
  748
  
    
   */


  		




  749
  749
  
    
  protected boolean isAdminAuthorized(Session session, Identifier pid,


  		




  750
  750
  
    
      Permission permission) 


  		




  751
  
  
    
      throws ServiceFailure, InvalidToken, NotFound, NotAuthorized,


  		




  
  751
  
    
      throws ServiceFailure, InvalidToken, NotAuthorized,


  		




  752
  752
  
    
      NotImplemented {


  		




  753
  753
  
    

  		




  754
  754
  
    
      boolean allowed = false;


  		












Also available in:  Unified diff