Project

General

Profile

« Previous | Next » 

Revision 7137

no not record EML access rules that use the "denyFirst" permOrder.
https://redmine.dataone.org/issues/2614

View differences:

test/edu/ucsb/nceas/metacattest/AccessControlTest.java
1075 1075
	}
1076 1076

  
1077 1077
	/**
1078
	 * NOTE: as of Metacat 2.0.0, denyFirst permOrder is not supported.
1079
	 * Access rules with denyFirst are ignored and only the document owner 
1080
	 * has access to the object (default).
1081
	 * 
1078 1082
	 * Tests Tests a version 2.0.1 EML document when permission order is
1079 1083
	 * denyFirst, the combination of allow and deny rules affect user to read,
1080 1084
	 * update and delete a document. Here are test cases 1.An user inserts a
......
1132 1136
	 * failure
1133 1137
	 */
1134 1138
	public void test201DenyFirst() {
1135
		debug("\nRunning: test201DenyFirst()");
1139
		debug("\nRunning: test201DenyFirstIgnore()");
1136 1140
		String emlVersion = EML2_0_1;
1137 1141
		try {
1138 1142
			newdocid = generateDocumentId();
1139 1143
			// ====1 inserts a document with access rules (denyFirst) - allow
1140 1144
			// READ rule for another user,
1141 1145
			// deny READ rule for public.
1146
			// all are ignored
1142 1147
			String accessRule1 = generateOneAccessRule(anotheruser, true, true, false,
1143 1148
					false, false);
1144 1149
			String accessRule2 = generateOneAccessRule("public", false, true, false,
......
1161 1166
			debug("logging in as: anotheruser=" + anotheruser + " anotherpassword="
1162 1167
					+ anotherpassword);
1163 1168
			m.login(anotheruser, anotherpassword);
1164
			// succeeds to read this document
1165
			readDocumentIdWhichEqualsDoc(newdocid + ".1", testdocument, SUCCESS, false);
1169
			// fails to read this document
1170
			readDocumentIdWhichEqualsDoc(newdocid + ".1", testdocument, FAILURE, true);
1166 1171
			// fails to update this document
1167 1172
			updateDocumentId(newdocid + ".2", testdocument, FAILURE, true);
1168 1173
			// fails to update access part
......
1201 1206
			debug("logging in as: anotheruser=" + anotheruser + " anotherpassword="
1202 1207
					+ anotherpassword);
1203 1208
			m.login(anotheruser, anotherpassword);
1204
			// succeeds to read this document
1205
			readDocumentIdWhichEqualsDoc(newdocid + ".2", testdocument, SUCCESS, false);
1206
			// succeeds to update this document
1207
			updateDocumentId(newdocid + ".3", testdocument, SUCCESS, false);
1209
			// fails to read this document
1210
			readDocumentIdWhichEqualsDoc(newdocid + ".2", testdocument, FAILURE, true);
1211
			// fails to update this document
1212
			updateDocumentId(newdocid + ".3", testdocument, FAILURE, true);
1208 1213
			// fails to update access part
1209 1214
			testdocument = getTestEmlDoc(
1210 1215
					"Testing user can not read, write and delete a document", emlVersion,
......
1240 1245
			debug("logging in as: anotheruser=" + anotheruser + " anotherpassword="
1241 1246
					+ anotherpassword);
1242 1247
			m.login(anotheruser, anotherpassword);
1243
			// succeeds to read this document
1244
			readDocumentIdWhichEqualsDoc(newdocid + ".4", testdocument, SUCCESS, false);
1245
			// succeeds to update this document
1246
			updateDocumentId(newdocid + ".5", testdocument, SUCCESS, false);
1247
			// succeed to update access part
1248
			// fails to read this document
1249
			readDocumentIdWhichEqualsDoc(newdocid + ".4", testdocument, FAILURE, true);
1250
			// fails to update this document
1251
			updateDocumentId(newdocid + ".5", testdocument, FAILURE, true);
1252
			// fails to update access part
1248 1253
			testdocument = getTestEmlDoc(
1249 1254
					"Testing user can not read, write and delete a document", emlVersion,
1250 1255
					null, null, null, null, getAccessBlock(anotheruser, true, true, true,
1251 1256
							true, true), null, null, null, null);
1252
			updateDocumentId(newdocid + ".6", testdocument, SUCCESS, false);
1253
			// succeeds to delete the document
1254
			deleteDocumentId(newdocid + ".6", SUCCESS, false);
1257
			updateDocumentId(newdocid + ".6", testdocument, FAILURE, true);
1258
			// fails to delete the document
1259
			deleteDocumentId(newdocid + ".6", FAILURE, true);
1255 1260
			// logout
1256 1261
			debug("logging out");
1257 1262
			m.logout();
......
1282 1287
			debug("logging in as: anotheruser=" + anotheruser + " anotherpassword="
1283 1288
					+ anotherpassword);
1284 1289
			m.login(anotheruser, anotherpassword);
1285
			// succeeds to read this document
1286
			readDocumentIdWhichEqualsDoc(newdocid + ".1", testdocument, SUCCESS, false);
1287
			// succeeds to update this document
1288
			updateDocumentId(newdocid + ".2", testdocument, SUCCESS, false);
1290
			// fails to read this document
1291
			readDocumentIdWhichEqualsDoc(newdocid + ".1", testdocument, FAILURE, true);
1292
			// fails to update this document
1293
			updateDocumentId(newdocid + ".2", testdocument, FAILURE, true);
1289 1294
			// fails to update access part
1290 1295
			testdocument = getTestEmlDoc(
1291 1296
					"Testing user can not read, write and delete a document", emlVersion,
......
1323 1328
			debug("logging in as: anotheruser=" + anotheruser + " anotherpassword="
1324 1329
					+ anotherpassword);
1325 1330
			m.login(anotheruser, anotherpassword);
1326
			// succeeds to read this document
1327
			readDocumentIdWhichEqualsDoc(newdocid + ".10", testdocument, SUCCESS, false);
1328
			// succeed to update this document
1329
			updateDocumentId(newdocid + ".11", testdocument, SUCCESS, false);
1331
			// fails to read this document
1332
			readDocumentIdWhichEqualsDoc(newdocid + ".10", testdocument, FAILURE, true);
1333
			// fails to update this document
1334
			updateDocumentId(newdocid + ".11", testdocument, FAILURE, true);
1330 1335
			// fails to update access part
1331 1336
			testdocument = getTestEmlDoc(
1332 1337
					"Testing user can not read, write and delete a document", emlVersion,
......
1367 1372
			debug("logging in as: anotheruser=" + anotheruser + " anotherpassword="
1368 1373
					+ anotherpassword);
1369 1374
			m.login(anotheruser, anotherpassword);
1370
			// succeeds to read this document
1371
			readDocumentIdWhichEqualsDoc(newdocid + ".13", testdocument, SUCCESS, false);
1375
			// fails to read this document
1376
			readDocumentIdWhichEqualsDoc(newdocid + ".13", testdocument, FAILURE, true);
1372 1377
			// fails to update this document
1373 1378
			updateDocumentId(newdocid + ".14", testdocument, FAILURE, true);
1374 1379
			// fails to update access part
......
1411 1416
			debug("logging in as: anotheruser=" + anotheruser + " anotherpassword="
1412 1417
					+ anotherpassword);
1413 1418
			m.login(anotheruser, anotherpassword);
1414
			// succeeds to read this document
1415
			readDocumentIdWhichEqualsDoc(newdocid + ".14", testdocument, SUCCESS, false);
1416
			// succeeds to update this document
1417
			updateDocumentId(newdocid + ".15", testdocument, SUCCESS, false);
1419
			// fails to read this document
1420
			readDocumentIdWhichEqualsDoc(newdocid + ".14", testdocument, FAILURE, true);
1421
			// fails to update this document
1422
			updateDocumentId(newdocid + ".15", testdocument, FAILURE, true);
1418 1423
			// fails to update access part
1419 1424
			testdocument = getTestEmlDoc(
1420 1425
					"Testing user can not read, write and delete a document", emlVersion,
......
1454 1459
			debug("logging in as: anotheruser=" + anotheruser + " anotherpassword="
1455 1460
					+ anotherpassword);
1456 1461
			m.login(anotheruser, anotherpassword);
1457
			// succeeds to read this document
1458
			readDocumentIdWhichEqualsDoc(newdocid + ".16", testdocument, SUCCESS, false);
1459
			// succeeds to update this document
1460
			updateDocumentId(newdocid + ".17", testdocument, SUCCESS, false);
1461
			// succeeds to update access part
1462
			// fails to read this document
1463
			readDocumentIdWhichEqualsDoc(newdocid + ".16", testdocument, FAILURE, true);
1464
			// fails to update this document
1465
			updateDocumentId(newdocid + ".17", testdocument, FAILURE, true);
1466
			// fails to update access part
1462 1467
			testdocument = getTestEmlDoc(
1463 1468
					"Testing user can not read, write and delete a document", emlVersion,
1464 1469
					null, null, null, null, getAccessBlock(anotheruser, true, true, true,
1465 1470
							true, true), null, null, null, null);
1466
			updateDocumentId(newdocid + ".18", testdocument, SUCCESS, false);
1467
			// succeeds to delete the document
1468
			deleteDocumentId(newdocid + ".18", SUCCESS, false);
1471
			updateDocumentId(newdocid + ".18", testdocument, FAILURE, true);
1472
			// fails to delete the document
1473
			deleteDocumentId(newdocid + ".18", FAILURE, true);
1469 1474
			// logout
1470 1475
			debug("logging out");
1471 1476
			m.logout();
......
1499 1504
			debug("logging in as: anotheruser=" + anotheruser + " anotherpassword="
1500 1505
					+ anotherpassword);
1501 1506
			m.login(anotheruser, anotherpassword);
1502
			// succeed to read this document
1503
			readDocumentIdWhichEqualsDoc(newdocid + ".1", testdocument, SUCCESS, false);
1504
			// succeeds to update this document
1505
			updateDocumentId(newdocid + ".20", testdocument, SUCCESS, false);
1507
			// fails to read this document
1508
			readDocumentIdWhichEqualsDoc(newdocid + ".1", testdocument, FAILURE, true);
1509
			// fails to update this document
1510
			updateDocumentId(newdocid + ".20", testdocument, FAILURE, true);
1506 1511
			// fails to update access part
1507 1512
			testdocument = getTestEmlDoc(
1508 1513
					"Testing user can not read, write and delete a document", emlVersion,
......
1543 1548
			debug("logging in as: anotheruser=" + anotheruser + " anotherpassword="
1544 1549
					+ anotherpassword);
1545 1550
			m.login(anotheruser, anotherpassword);
1546
			// succeeds to read this document
1547
			readDocumentIdWhichEqualsDoc(newdocid + ".21", testdocument, SUCCESS, false);
1548
			// succeeds to update this document
1549
			updateDocumentId(newdocid + ".22", testdocument, SUCCESS, false);
1551
			// fails to read this document
1552
			readDocumentIdWhichEqualsDoc(newdocid + ".21", testdocument, FAILURE, true);
1553
			// fails to update this document
1554
			updateDocumentId(newdocid + ".22", testdocument, FAILURE, true);
1550 1555
			// fails to update access part
1551 1556
			testdocument = getTestEmlDoc(
1552 1557
					"Testing user can not read, write and delete a document", emlVersion,
......
1568 1573
	}
1569 1574

  
1570 1575
	/**
1576
	 * NOTE: as of Metacat 2.0.0, denyFirst permOrder is not supported.
1577
	 * Access rules with denyFirst are ignored and only the document owner 
1578
	 * has access to the object (default).
1579
	 * 
1571 1580
	 * Tests Tests a version 2.1.0 EML document when permission order is
1572 1581
	 * denyFirst, the combination of allow and deny rules affect user to read,
1573 1582
	 * update and delete a document. Here are test cases 
......
1640 1649
	 * this document - failure.
1641 1650
	 */
1642 1651
	public void test210DenyFirst() {
1643
		debug("\nRunning: test210DenyFirst()");
1652
		debug("\nRunning: test210DenyFirstIgnore()");
1644 1653
		String emlVersion = EML2_1_0;
1645 1654
		try {
1646 1655
			newdocid = generateDocumentId();
......
1669 1678
			debug("logging in as: anotheruser=" + anotheruser + " anotherpassword="
1670 1679
					+ anotherpassword);
1671 1680
			m.login(anotheruser, anotherpassword);
1672
			// succeeds to read this document
1673
			readDocumentIdWhichEqualsDoc(newdocid + ".1", testdocument, SUCCESS, false);
1681
			// fails to read this document
1682
			readDocumentIdWhichEqualsDoc(newdocid + ".1", testdocument, FAILURE, true);
1674 1683
			// fails to update this document
1675 1684
			updateDocumentId(newdocid + ".2", testdocument, FAILURE, true);
1676 1685
			// fails to update access part
......
1709 1718
			debug("logging in as: anotheruser=" + anotheruser + " anotherpassword="
1710 1719
					+ anotherpassword);
1711 1720
			m.login(anotheruser, anotherpassword);
1712
			// succeeds to read this document
1713
			readDocumentIdWhichEqualsDoc(newdocid + ".2", testdocument, SUCCESS, false);
1714
			// succeeds to update this document
1715
			updateDocumentId(newdocid + ".3", testdocument, SUCCESS, false);
1721
			// fails to read this document
1722
			readDocumentIdWhichEqualsDoc(newdocid + ".2", testdocument, FAILURE, true);
1723
			// fails to update this document
1724
			updateDocumentId(newdocid + ".3", testdocument, FAILURE, true);
1716 1725
			// fails to update access part
1717 1726
			testdocument = getTestEmlDoc(
1718 1727
					"Testing user can not read, write and delete a document", emlVersion,
......
1748 1757
			debug("logging in as: anotheruser=" + anotheruser + " anotherpassword="
1749 1758
					+ anotherpassword);
1750 1759
			m.login(anotheruser, anotherpassword);
1751
			// succeeds to read this document
1752
			readDocumentIdWhichEqualsDoc(newdocid + ".4", testdocument, SUCCESS, false);
1753
			// succeeds to update this document
1754
			updateDocumentId(newdocid + ".5", testdocument, SUCCESS, false);
1755
			// succeed to update access part
1760
			// fails to read this document
1761
			readDocumentIdWhichEqualsDoc(newdocid + ".4", testdocument, FAILURE, true);
1762
			// fails to update this document
1763
			updateDocumentId(newdocid + ".5", testdocument, FAILURE, true);
1764
			// fails to update access part
1756 1765
			testdocument = getTestEmlDoc(
1757 1766
					"Testing user can not read, write and delete a document", emlVersion,
1758 1767
					null, null, null, null, getAccessBlock(anotheruser, true, true, true,
1759 1768
							true, true), null, null, null, null);
1760
			updateDocumentId(newdocid + ".6", testdocument, SUCCESS, false);
1761
			// succeeds to delete the document
1762
			deleteDocumentId(newdocid + ".6", SUCCESS, false);
1769
			updateDocumentId(newdocid + ".6", testdocument, FAILURE, true);
1770
			// fails to delete the document
1771
			deleteDocumentId(newdocid + ".6", FAILURE, true);
1763 1772
			// logout
1764 1773
			debug("logging out");
1765 1774
			m.logout();
......
1790 1799
			debug("logging in as: anotheruser=" + anotheruser + " anotherpassword="
1791 1800
					+ anotherpassword);
1792 1801
			m.login(anotheruser, anotherpassword);
1793
			// succeeds to read this document
1794
			readDocumentIdWhichEqualsDoc(newdocid + ".1", testdocument, SUCCESS, false);
1795
			// succeeds to update this document
1796
			updateDocumentId(newdocid + ".2", testdocument, SUCCESS, false);
1802
			// fails to read this document
1803
			readDocumentIdWhichEqualsDoc(newdocid + ".1", testdocument, FAILURE, true);
1804
			// fails to update this document
1805
			updateDocumentId(newdocid + ".2", testdocument, FAILURE, true);
1797 1806
			// fails to update access part
1798 1807
			testdocument = getTestEmlDoc(
1799 1808
					"Testing user can not read, write and delete a document", emlVersion,
......
1831 1840
			debug("logging in as: anotheruser=" + anotheruser + " anotherpassword="
1832 1841
					+ anotherpassword);
1833 1842
			m.login(anotheruser, anotherpassword);
1834
			// succeeds to read this document
1835
			readDocumentIdWhichEqualsDoc(newdocid + ".10", testdocument, SUCCESS, false);
1836
			// succeed to update this document
1837
			updateDocumentId(newdocid + ".11", testdocument, SUCCESS, false);
1843
			// fails to read this document
1844
			readDocumentIdWhichEqualsDoc(newdocid + ".10", testdocument, FAILURE, true);
1845
			// fails to update this document
1846
			updateDocumentId(newdocid + ".11", testdocument, FAILURE, true);
1838 1847
			// fails to update access part
1839 1848
			testdocument = getTestEmlDoc(
1840 1849
					"Testing user can not read, write and delete a document", emlVersion,
......
1875 1884
			debug("logging in as: anotheruser=" + anotheruser + " anotherpassword="
1876 1885
					+ anotherpassword);
1877 1886
			m.login(anotheruser, anotherpassword);
1878
			// succeeds to read this document
1879
			readDocumentIdWhichEqualsDoc(newdocid + ".13", testdocument, SUCCESS, false);
1887
			// fails to read this document
1888
			readDocumentIdWhichEqualsDoc(newdocid + ".13", testdocument, FAILURE, true);
1880 1889
			// fails to update this document
1881 1890
			updateDocumentId(newdocid + ".14", testdocument, FAILURE, true);
1882 1891
			// fails to update access part
......
1919 1928
			debug("logging in as: anotheruser=" + anotheruser + " anotherpassword="
1920 1929
					+ anotherpassword);
1921 1930
			m.login(anotheruser, anotherpassword);
1922
			// succeeds to read this document
1923
			readDocumentIdWhichEqualsDoc(newdocid + ".14", testdocument, SUCCESS, false);
1924
			// succeeds to update this document
1925
			updateDocumentId(newdocid + ".15", testdocument, SUCCESS, false);
1931
			// fails to read this document
1932
			readDocumentIdWhichEqualsDoc(newdocid + ".14", testdocument, FAILURE, true);
1933
			// fails to update this document
1934
			updateDocumentId(newdocid + ".15", testdocument, FAILURE, true);
1926 1935
			// fails to update access part
1927 1936
			testdocument = getTestEmlDoc(
1928 1937
					"Testing user can not read, write and delete a document", emlVersion,
......
1962 1971
			debug("logging in as: anotheruser=" + anotheruser + " anotherpassword="
1963 1972
					+ anotherpassword);
1964 1973
			m.login(anotheruser, anotherpassword);
1965
			// succeeds to read this document
1966
			readDocumentIdWhichEqualsDoc(newdocid + ".16", testdocument, SUCCESS, false);
1967
			// succeeds to update this document
1968
			updateDocumentId(newdocid + ".17", testdocument, SUCCESS, false);
1969
			// succeeds to update access part
1974
			// fails to read this document
1975
			readDocumentIdWhichEqualsDoc(newdocid + ".16", testdocument, FAILURE, true);
1976
			// fails to update this document
1977
			updateDocumentId(newdocid + ".17", testdocument, FAILURE, true);
1978
			// fails to update access part
1970 1979
			testdocument = getTestEmlDoc(
1971 1980
					"Testing user can not read, write and delete a document", emlVersion,
1972 1981
					null, null, null, null, getAccessBlock(anotheruser, true, true, true,
1973 1982
							true, true), null, null, null, null);
1974
			updateDocumentId(newdocid + ".18", testdocument, SUCCESS, false);
1975
			// succeeds to delete the document
1976
			deleteDocumentId(newdocid + ".18", SUCCESS, false);
1983
			updateDocumentId(newdocid + ".18", testdocument, FAILURE, true);
1984
			// fails to delete the document
1985
			deleteDocumentId(newdocid + ".18", FAILURE, true);
1977 1986
			// logout
1978 1987
			debug("logging out");
1979 1988
			m.logout();
......
2007 2016
			debug("logging in as: anotheruser=" + anotheruser + " anotherpassword="
2008 2017
					+ anotherpassword);
2009 2018
			m.login(anotheruser, anotherpassword);
2010
			// succeed to read this document
2011
			readDocumentIdWhichEqualsDoc(newdocid + ".1", testdocument, SUCCESS, false);
2012
			// succeeds to update this document
2013
			updateDocumentId(newdocid + ".20", testdocument, SUCCESS, false);
2019
			// fails to read this document
2020
			readDocumentIdWhichEqualsDoc(newdocid + ".1", testdocument, FAILURE, true);
2021
			// fails to update this document
2022
			updateDocumentId(newdocid + ".20", testdocument, FAILURE, true);
2014 2023
			// fails to update access part
2015 2024
			testdocument = getTestEmlDoc(
2016 2025
					"Testing user can not read, write and delete a document", emlVersion,
......
2051 2060
			debug("logging in as: anotheruser=" + anotheruser + " anotherpassword="
2052 2061
					+ anotherpassword);
2053 2062
			m.login(anotheruser, anotherpassword);
2054
			// succeeds to read this document
2055
			readDocumentIdWhichEqualsDoc(newdocid + ".21", testdocument, SUCCESS, false);
2056
			// succeeds to update this document
2057
			updateDocumentId(newdocid + ".22", testdocument, SUCCESS, false);
2063
			// fails to read this document
2064
			readDocumentIdWhichEqualsDoc(newdocid + ".21", testdocument, FAILURE, true);
2065
			// fails to update this document
2066
			updateDocumentId(newdocid + ".22", testdocument, FAILURE, true);
2058 2067
			// fails to update access part
2059 2068
			testdocument = getTestEmlDoc(
2060 2069
					"Testing user can not read, write and delete a document", emlVersion,
src/edu/ucsb/nceas/metacat/DBSAXHandler.java
142 142

  
143 143
    boolean hasTriple = false;
144 144
    
145
	protected boolean writeAccessRules = true;   	   	
145
	protected boolean writeAccessRules = true;   
146
	
147
	protected boolean ignoreDenyFirst = true;
146 148

  
147

  
148 149
    public static final String ECOGRID = "ecogrid://";
149 150

  
150 151
    private Logger logMetacat = Logger.getLogger(DBSAXHandler.class);
src/edu/ucsb/nceas/metacat/Eml200SAXHandler.java
1963 1963
       // will be write into xml_accesssubtee table
1964 1964
       AccessSection newAccess = resolveAccessRuleReference(access);
1965 1965
       String permOrder = newAccess.getPermissionOrder();
1966
       if (permOrder.equals(AccessControlInterface.DENYFIRST) && ignoreDenyFirst) {
1967
    	   logMetacat.warn("Metacat no longer supports EML 'denyFirst' access rules - ignoring this access block");
1968
    	   return;
1969
       }
1966 1970
       Vector accessRule = newAccess.getAccessRules();
1967 1971

  
1968 1972
       if (describeIdList == null || describeIdList.isEmpty())
......
2035 2039
       AccessSection newAccess = resolveAccessRuleReference(topAccessSection);
2036 2040
       //System.out.println("permorder in new level" + newAccess.getPermissionOrder());
2037 2041
       String permOrder = newAccess.getPermissionOrder();
2042
       if (permOrder.equals(AccessControlInterface.DENYFIRST) && ignoreDenyFirst) {
2043
    	   logMetacat.warn("Metacat no longer supports EML 'denyFirst' access rules - ignoring this access block");
2044
    	   return;
2045
       }
2038 2046
       Vector accessRule = newAccess.getAccessRules();
2039 2047
       String subtree     = null;
2040 2048
       
src/edu/ucsb/nceas/metacat/Eml210SAXHandler.java
1215 1215

  
1216 1216
			// if accessSection is not null and is not reference
1217 1217
			if (accessSectionObj.getReferences() == null) {
1218
				// check for denyFirst permOrder
1219
				String permOrder = accessSectionObj.getPermissionOrder();
1220
				if (permOrder.equals(AccessControlInterface.DENYFIRST) && ignoreDenyFirst) {
1221
					logMetacat.warn("Metacat no longer supports EML 'denyFirst' access rules - ignoring this access block");
1222
			    	return;
1223
			    }
1218 1224
				// write the top level access module into xml_accesssubtree to
1219 1225
				// store info and then when update to check if the user can
1220 1226
				// update it or not
......
1242 1248
				for (int i = 0; i < accessObjectList.size(); i++) {
1243 1249
					AccessSection accessObj = accessObjectList.elementAt(i);
1244 1250
					String accessObjId = accessObj.getSubTreeId();
1251
					// check for denyFirst permOrder
1252
					String permOrder = accessObj.getPermissionOrder();
1253
					if (permOrder.equals(AccessControlInterface.DENYFIRST) && ignoreDenyFirst) {
1254
						logMetacat.warn("Metacat no longer supports EML 'denyFirst' access rules - ignoring this access block, subtree id: " + accessObjId);
1255
				    	continue;
1256
				    }
1245 1257
					if (referenceId != null && accessObj != null
1246 1258
							&& referenceId.equals(accessObjId)) {
1247 1259
						// make sure the user didn't change any thing in this
......
1375 1387
				// If the distribution doesn't have an access section, we continue.
1376 1388
				if (accessSection == null) {
1377 1389
					continue;		
1378
				} 
1390
				}
1379 1391
				
1392
				// check for denyFirst permOrder
1393
				String permOrder = accessSection.getPermissionOrder();
1394
				if (permOrder.equals(AccessControlInterface.DENYFIRST) && ignoreDenyFirst) {
1395
					logMetacat.warn("Metacat no longer supports EML 'denyFirst' access rules - ignoring this access block: " + distributionSection.getDataFileName());
1396
			    	continue;
1397
			    }
1398
				
1380 1399
				// We want to check file permissions for all online data updates and inserts, or for 
1381 1400
				// inline updates.
1382 1401
//				if (distributionType == DistributionSection.DATA_DISTRIBUTION
README
58 58
This major release includes support for DataONE.
59 59
*The DataONE v1.0.0 Member Node service APIs are now the preferred method for communicating with Metacat
60 60
*The existing EcoGrid and Metacat Servlet APIs are deprecated.
61
*EML-embedded access control rules using permOrder="denyFirst" are no longer supported (https://redmine.dataone.org/issues/2614) 
61 62
*Bugs fixed include:
62 63
<bugs here>
63 64

  

Also available in: Unified diff