Revision 7157
Added by ben leinfelder about 12 years ago
| src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java | ||
|---|---|---|
| 170 | 170 |
|
| 171 | 171 |
String localId = null; |
| 172 | 172 |
boolean allowed = false; |
| 173 |
String username = Constants.SUBJECT_PUBLIC; |
|
| 174 |
String[] groupnames = null; |
|
| 175 | 173 |
if (session == null) {
|
| 176 | 174 |
throw new InvalidToken("1330", "No session has been provided");
|
| 177 |
} else {
|
|
| 178 |
username = session.getSubject().getValue(); |
|
| 179 |
if (session.getSubjectInfo() != null) {
|
|
| 180 |
List<Group> groupList = session.getSubjectInfo().getGroupList(); |
|
| 181 |
if (groupList != null) {
|
|
| 182 |
groupnames = new String[groupList.size()]; |
|
| 183 |
for (int i = 0; i > groupList.size(); i++) {
|
|
| 184 |
groupnames[i] = groupList.get(i).getGroupName(); |
|
| 185 |
} |
|
| 186 |
} |
|
| 187 |
} |
|
| 188 | 175 |
} |
| 176 |
// just for logging purposes |
|
| 177 |
String username = session.getSubject().getValue(); |
|
| 189 | 178 |
|
| 190 | 179 |
// do we have a valid pid? |
| 191 | 180 |
if (pid == null || pid.getValue().trim().equals("")) {
|
| ... | ... | |
| 199 | 188 |
throw new NotFound("1340", "The object with the provided " + "identifier was not found.");
|
| 200 | 189 |
} |
| 201 | 190 |
|
| 202 |
// does the subject have DELETE (a D1 CHANGE_PERMISSION level) priveleges on the pid? |
|
| 191 |
// only admin is allowed a full delete |
|
| 192 |
allowed = isAdminAuthorized(session); |
|
| 193 |
if (!allowed) {
|
|
| 194 |
throw new NotAuthorized("1320", "The provided identity does not have " + "permission to DELETE objects on the Member Node.");
|
|
| 195 |
} |
|
| 196 |
|
|
| 203 | 197 |
try {
|
| 204 |
allowed = isAuthorized(session, pid, Permission.CHANGE_PERMISSION); |
|
| 205 |
} catch (InvalidRequest e) {
|
|
| 206 |
throw new ServiceFailure("1350", e.getDescription());
|
|
| 207 |
} |
|
| 198 |
// delete the document, as admin |
|
| 199 |
DocumentImpl.delete(localId, null, null, null, true); |
|
| 200 |
EventLog.getInstance().log(request.getRemoteAddr(), request.getHeader("User-Agent"), username, localId, Event.DELETE.xmlValue());
|
|
| 201 |
|
|
| 202 |
// archive it |
|
| 203 |
SystemMetadata sysMeta = HazelcastService.getInstance().getSystemMetadataMap().get(pid); |
|
| 204 |
sysMeta.setArchived(true); |
|
| 205 |
sysMeta.setDateSysMetadataModified(Calendar.getInstance().getTime()); |
|
| 206 |
HazelcastService.getInstance().getSystemMetadataMap().put(pid, sysMeta); |
|
| 208 | 207 |
|
| 208 |
} catch (McdbDocNotFoundException e) {
|
|
| 209 |
throw new NotFound("1340", "The provided identifier was invalid.");
|
|
| 209 | 210 |
|
| 210 |
if (allowed) {
|
|
| 211 |
try {
|
|
| 212 |
// delete the document |
|
| 213 |
DocumentImpl.delete(localId, username, groupnames, null, true); |
|
| 214 |
EventLog.getInstance().log(request.getRemoteAddr(), request.getHeader("User-Agent"), username, localId, Event.DELETE.xmlValue());
|
|
| 211 |
} catch (SQLException e) {
|
|
| 212 |
throw new ServiceFailure("1350", "There was a problem deleting the object." + "The error message was: " + e.getMessage());
|
|
| 215 | 213 |
|
| 216 |
// archive it |
|
| 217 |
SystemMetadata sysMeta = HazelcastService.getInstance().getSystemMetadataMap().get(pid); |
|
| 218 |
sysMeta.setArchived(true); |
|
| 219 |
sysMeta.setDateSysMetadataModified(Calendar.getInstance().getTime()); |
|
| 220 |
HazelcastService.getInstance().getSystemMetadataMap().put(pid, sysMeta); |
|
| 221 |
|
|
| 222 |
} catch (McdbDocNotFoundException e) {
|
|
| 223 |
throw new NotFound("1340", "The provided identifier was invalid.");
|
|
| 214 |
} catch (InsufficientKarmaException e) {
|
|
| 215 |
throw new NotAuthorized("1320", "The provided identity does not have " + "permission to DELETE objects on the Member Node.");
|
|
| 224 | 216 |
|
| 225 |
} catch (SQLException e) {
|
|
| 226 |
throw new ServiceFailure("1350", "There was a problem deleting the object." + "The error message was: " + e.getMessage());
|
|
| 227 |
|
|
| 228 |
} catch (InsufficientKarmaException e) {
|
|
| 229 |
throw new NotAuthorized("1320", "The provided identity does not have " + "permission to DELETE objects on the Member Node.");
|
|
| 230 |
|
|
| 231 |
} catch (Exception e) { // for some reason DocumentImpl throws a general Exception
|
|
| 232 |
throw new ServiceFailure("1350", "There was a problem deleting the object." + "The error message was: " + e.getMessage());
|
|
| 233 |
} |
|
| 234 |
|
|
| 235 |
} else {
|
|
| 236 |
throw new NotAuthorized("1320", "The provided identity does not have " + "permission to DELETE objects on the Member Node.");
|
|
| 217 |
} catch (Exception e) { // for some reason DocumentImpl throws a general Exception
|
|
| 218 |
throw new ServiceFailure("1350", "There was a problem deleting the object." + "The error message was: " + e.getMessage());
|
|
| 237 | 219 |
} |
| 238 | 220 |
|
| 239 | 221 |
return pid; |
Also available in: Unified diff
only admin users can call MN/CN.delete(). This is limited to any CN and only the MN that is calling itself