Project

General

Profile

« Previous | Next » 

Revision 7146

defer to AuthUtils for flattening out the equivIdent subject list.
https://redmine.dataone.org/issues/2661

View differences:

src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java
31 31
import java.io.OutputStream;
32 32
import java.sql.SQLException;
33 33
import java.util.ArrayList;
34
import java.util.Arrays;
34 35
import java.util.Calendar;
35 36
import java.util.Date;
36 37
import java.util.Hashtable;
......
71 72
import org.dataone.service.types.v1.NodeType;
72 73
import org.dataone.service.types.v1.ObjectFormat;
73 74
import org.dataone.service.types.v1.Permission;
74
import org.dataone.service.types.v1.Person;
75 75
import org.dataone.service.types.v1.Replica;
76 76
import org.dataone.service.types.v1.Session;
77 77
import org.dataone.service.types.v1.Subject;
78
import org.dataone.service.types.v1.SubjectInfo;
79 78
import org.dataone.service.types.v1.SystemMetadata;
79
import org.dataone.service.types.v1.util.AuthUtils;
80 80
import org.dataone.service.types.v1.util.ChecksumUtil;
81 81

  
82 82
import edu.ucsb.nceas.metacat.AccessionNumberException;
......
903 903
        
904 904
    }
905 905
    
906
    // for the "Verified" symbolic user
907
    Subject verifiedSubject = new Subject();
908
	verifiedSubject.setValue(Constants.SUBJECT_VERIFIED_USER);
909
    
910 906
    // get the subject[s] from the session
911
	List<Subject> subjects = new ArrayList<Subject>();
912
	if (session != null) {
913
		// primary subject
914
		Subject subject = session.getSubject();
915
		if (subject != null) {
916
			subjects.add(subject);
917
		}
918
		// details about the subject
919
		SubjectInfo subjectInfo = session.getSubjectInfo();
920
		if (subjectInfo != null) {
921
			// find subjectInfo for the primary subject
922
			List<Person> personList = subjectInfo.getPersonList();
923
			List<Group> groupList = subjectInfo.getGroupList();
924
			if (personList != null) {
925
				for (Person p : personList) {
926
					  // for every person listed (isVerified is transitive)
927
						logMetacat.debug("checking person");
928
						logMetacat.debug("p.getVerified(): " + p.getVerified());
929
						if (p.getVerified() != null && p.getVerified()) {
930
							// add the verified symbolic user
931
							if (!subjects.contains(verifiedSubject)) {
932
								subjects.add(verifiedSubject);
933
							}
934
						}
935
						// add the equivalent identities
936
						List<Subject> equivList = p.getEquivalentIdentityList();
937
						if (equivList != null) {
938
							for (Subject equivSubject : equivList) {
939
								subjects.add(equivSubject);
940
								// find that entry
941
								for (Person equivPerson: personList) {
942
									if (equivSubject.equals(equivPerson.getSubject())) {
943
										// transitive group membership
944
										if (equivPerson.getIsMemberOfList() != null) {
945
											for (Subject equivGroup: equivPerson.getIsMemberOfList()) {
946
												subjects.add(equivGroup);
947
											}
948
										}
949
										// TODO: is verified transitive?
950
										if (equivPerson.getVerified() != null && equivPerson.getVerified()) {
951
											// add the verified symbolic user
952
											if (!subjects.contains(verifiedSubject)) {
953
												subjects.add(verifiedSubject);
954
											}
955
										}
956
									}
957
								}
958
							}
959
						}
960
						// add the groups they are a member of
961
						List<Subject> memberOfList = p.getIsMemberOfList();
962
						if (memberOfList != null) {
963
							for (Subject g : memberOfList) {
964
								subjects.add(g);
965
							}
966
						}
967
						// look at all the Groups to see if this person has membership defined there
968
						if (groupList != null) {
969
							for (Group group: groupList) {
970
								if (group.getHasMemberList() != null) {
971
									for (Subject member: group.getHasMemberList()) {
972
										// is the person a member?
973
										if (member.equals(p.getSubject())) {
974
											// add this group as a subject to check if it is not already there
975
											if (!subjects.contains(group.getSubject())) {
976
												subjects.add(group.getSubject());
977
											}
978
										}
979
									}
980
								}
981
							}
982
						}
983
						break;
984
				}
985
			}
986
		}
987

  
988
		// add the authenticated symbolic since we have a session
989
		Subject authenticatedSubject = new Subject();
990
		authenticatedSubject.setValue(Constants.SUBJECT_AUTHENTICATED_USER);
991
		subjects.add(authenticatedSubject);
992
	}
993

  
994
    // add public subject for everyone
995
    Subject publicSubject = new Subject();
996
    publicSubject.setValue(Constants.SUBJECT_PUBLIC);
997
    subjects.add(publicSubject);
907
	//defer to the shared util for recursively compiling the subjects	
908
	List<Subject> subjects = Arrays.asList(AuthUtils.authorizedClientSubjects(session));
998 909
    
999 910
    // get the system metadata
1000 911
    String pidStr = pid.getValue();

Also available in: Unified diff