Revision 7146
Added by ben leinfelder almost 12 years ago
| D1NodeService.java | ||
|---|---|---|
| 31 | 31 |
import java.io.OutputStream; |
| 32 | 32 |
import java.sql.SQLException; |
| 33 | 33 |
import java.util.ArrayList; |
| 34 |
import java.util.Arrays; |
|
| 34 | 35 |
import java.util.Calendar; |
| 35 | 36 |
import java.util.Date; |
| 36 | 37 |
import java.util.Hashtable; |
| ... | ... | |
| 71 | 72 |
import org.dataone.service.types.v1.NodeType; |
| 72 | 73 |
import org.dataone.service.types.v1.ObjectFormat; |
| 73 | 74 |
import org.dataone.service.types.v1.Permission; |
| 74 |
import org.dataone.service.types.v1.Person; |
|
| 75 | 75 |
import org.dataone.service.types.v1.Replica; |
| 76 | 76 |
import org.dataone.service.types.v1.Session; |
| 77 | 77 |
import org.dataone.service.types.v1.Subject; |
| 78 |
import org.dataone.service.types.v1.SubjectInfo; |
|
| 79 | 78 |
import org.dataone.service.types.v1.SystemMetadata; |
| 79 |
import org.dataone.service.types.v1.util.AuthUtils; |
|
| 80 | 80 |
import org.dataone.service.types.v1.util.ChecksumUtil; |
| 81 | 81 |
|
| 82 | 82 |
import edu.ucsb.nceas.metacat.AccessionNumberException; |
| ... | ... | |
| 903 | 903 |
|
| 904 | 904 |
} |
| 905 | 905 |
|
| 906 |
// for the "Verified" symbolic user |
|
| 907 |
Subject verifiedSubject = new Subject(); |
|
| 908 |
verifiedSubject.setValue(Constants.SUBJECT_VERIFIED_USER); |
|
| 909 |
|
|
| 910 | 906 |
// get the subject[s] from the session |
| 911 |
List<Subject> subjects = new ArrayList<Subject>(); |
|
| 912 |
if (session != null) {
|
|
| 913 |
// primary subject |
|
| 914 |
Subject subject = session.getSubject(); |
|
| 915 |
if (subject != null) {
|
|
| 916 |
subjects.add(subject); |
|
| 917 |
} |
|
| 918 |
// details about the subject |
|
| 919 |
SubjectInfo subjectInfo = session.getSubjectInfo(); |
|
| 920 |
if (subjectInfo != null) {
|
|
| 921 |
// find subjectInfo for the primary subject |
|
| 922 |
List<Person> personList = subjectInfo.getPersonList(); |
|
| 923 |
List<Group> groupList = subjectInfo.getGroupList(); |
|
| 924 |
if (personList != null) {
|
|
| 925 |
for (Person p : personList) {
|
|
| 926 |
// for every person listed (isVerified is transitive) |
|
| 927 |
logMetacat.debug("checking person");
|
|
| 928 |
logMetacat.debug("p.getVerified(): " + p.getVerified());
|
|
| 929 |
if (p.getVerified() != null && p.getVerified()) {
|
|
| 930 |
// add the verified symbolic user |
|
| 931 |
if (!subjects.contains(verifiedSubject)) {
|
|
| 932 |
subjects.add(verifiedSubject); |
|
| 933 |
} |
|
| 934 |
} |
|
| 935 |
// add the equivalent identities |
|
| 936 |
List<Subject> equivList = p.getEquivalentIdentityList(); |
|
| 937 |
if (equivList != null) {
|
|
| 938 |
for (Subject equivSubject : equivList) {
|
|
| 939 |
subjects.add(equivSubject); |
|
| 940 |
// find that entry |
|
| 941 |
for (Person equivPerson: personList) {
|
|
| 942 |
if (equivSubject.equals(equivPerson.getSubject())) {
|
|
| 943 |
// transitive group membership |
|
| 944 |
if (equivPerson.getIsMemberOfList() != null) {
|
|
| 945 |
for (Subject equivGroup: equivPerson.getIsMemberOfList()) {
|
|
| 946 |
subjects.add(equivGroup); |
|
| 947 |
} |
|
| 948 |
} |
|
| 949 |
// TODO: is verified transitive? |
|
| 950 |
if (equivPerson.getVerified() != null && equivPerson.getVerified()) {
|
|
| 951 |
// add the verified symbolic user |
|
| 952 |
if (!subjects.contains(verifiedSubject)) {
|
|
| 953 |
subjects.add(verifiedSubject); |
|
| 954 |
} |
|
| 955 |
} |
|
| 956 |
} |
|
| 957 |
} |
|
| 958 |
} |
|
| 959 |
} |
|
| 960 |
// add the groups they are a member of |
|
| 961 |
List<Subject> memberOfList = p.getIsMemberOfList(); |
|
| 962 |
if (memberOfList != null) {
|
|
| 963 |
for (Subject g : memberOfList) {
|
|
| 964 |
subjects.add(g); |
|
| 965 |
} |
|
| 966 |
} |
|
| 967 |
// look at all the Groups to see if this person has membership defined there |
|
| 968 |
if (groupList != null) {
|
|
| 969 |
for (Group group: groupList) {
|
|
| 970 |
if (group.getHasMemberList() != null) {
|
|
| 971 |
for (Subject member: group.getHasMemberList()) {
|
|
| 972 |
// is the person a member? |
|
| 973 |
if (member.equals(p.getSubject())) {
|
|
| 974 |
// add this group as a subject to check if it is not already there |
|
| 975 |
if (!subjects.contains(group.getSubject())) {
|
|
| 976 |
subjects.add(group.getSubject()); |
|
| 977 |
} |
|
| 978 |
} |
|
| 979 |
} |
|
| 980 |
} |
|
| 981 |
} |
|
| 982 |
} |
|
| 983 |
break; |
|
| 984 |
} |
|
| 985 |
} |
|
| 986 |
} |
|
| 987 |
|
|
| 988 |
// add the authenticated symbolic since we have a session |
|
| 989 |
Subject authenticatedSubject = new Subject(); |
|
| 990 |
authenticatedSubject.setValue(Constants.SUBJECT_AUTHENTICATED_USER); |
|
| 991 |
subjects.add(authenticatedSubject); |
|
| 992 |
} |
|
| 993 |
|
|
| 994 |
// add public subject for everyone |
|
| 995 |
Subject publicSubject = new Subject(); |
|
| 996 |
publicSubject.setValue(Constants.SUBJECT_PUBLIC); |
|
| 997 |
subjects.add(publicSubject); |
|
| 907 |
//defer to the shared util for recursively compiling the subjects |
|
| 908 |
List<Subject> subjects = Arrays.asList(AuthUtils.authorizedClientSubjects(session)); |
|
| 998 | 909 |
|
| 999 | 910 |
// get the system metadata |
| 1000 | 911 |
String pidStr = pid.getValue(); |
Also available in: Unified diff
defer to AuthUtils for flattening out the equivIdent subject list.
https://redmine.dataone.org/issues/2661