Project

General

Profile

« Previous | Next » 

Revision 7157

only admin users can call MN/CN.delete(). This is limited to any CN and only the MN that is calling itself

View differences:

src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java
170 170

  
171 171
      String localId = null;
172 172
      boolean allowed = false;
173
      String username = Constants.SUBJECT_PUBLIC;
174
      String[] groupnames = null;
175 173
      if (session == null) {
176 174
      	throw new InvalidToken("1330", "No session has been provided");
177
      } else {
178
          username = session.getSubject().getValue();
179
          if (session.getSubjectInfo() != null) {
180
              List<Group> groupList = session.getSubjectInfo().getGroupList();
181
              if (groupList != null) {
182
                  groupnames = new String[groupList.size()];
183
                  for (int i = 0; i > groupList.size(); i++) {
184
                      groupnames[i] = groupList.get(i).getGroupName();
185
                  }
186
              }
187
          }
188 175
      }
176
      // just for logging purposes
177
      String username = session.getSubject().getValue();
189 178

  
190 179
      // do we have a valid pid?
191 180
      if (pid == null || pid.getValue().trim().equals("")) {
......
199 188
          throw new NotFound("1340", "The object with the provided " + "identifier was not found.");
200 189
      }
201 190

  
202
      // does the subject have DELETE (a D1 CHANGE_PERMISSION level) priveleges on the pid?
191
      // only admin is allowed a full delete
192
      allowed = isAdminAuthorized(session);
193
      if (!allowed) { 
194
          throw new NotAuthorized("1320", "The provided identity does not have " + "permission to DELETE objects on the Member Node.");
195
      }
196
      
203 197
      try {
204
			allowed = isAuthorized(session, pid, Permission.CHANGE_PERMISSION);
205
		} catch (InvalidRequest e) {
206
          throw new ServiceFailure("1350", e.getDescription());
207
		}
198
          // delete the document, as admin
199
          DocumentImpl.delete(localId, null, null, null, true);
200
          EventLog.getInstance().log(request.getRemoteAddr(), request.getHeader("User-Agent"), username, localId, Event.DELETE.xmlValue());
201

  
202
          // archive it
203
          SystemMetadata sysMeta = HazelcastService.getInstance().getSystemMetadataMap().get(pid);
204
          sysMeta.setArchived(true);
205
          sysMeta.setDateSysMetadataModified(Calendar.getInstance().getTime());
206
          HazelcastService.getInstance().getSystemMetadataMap().put(pid, sysMeta);
208 207
          
208
      } catch (McdbDocNotFoundException e) {
209
          throw new NotFound("1340", "The provided identifier was invalid.");
209 210

  
210
      if (allowed) {
211
          try {
212
              // delete the document
213
              DocumentImpl.delete(localId, username, groupnames, null, true);
214
              EventLog.getInstance().log(request.getRemoteAddr(), request.getHeader("User-Agent"), username, localId, Event.DELETE.xmlValue());
211
      } catch (SQLException e) {
212
          throw new ServiceFailure("1350", "There was a problem deleting the object." + "The error message was: " + e.getMessage());
215 213

  
216
              // archive it
217
              SystemMetadata sysMeta = HazelcastService.getInstance().getSystemMetadataMap().get(pid);
218
              sysMeta.setArchived(true);
219
              sysMeta.setDateSysMetadataModified(Calendar.getInstance().getTime());
220
              HazelcastService.getInstance().getSystemMetadataMap().put(pid, sysMeta);
221
              
222
          } catch (McdbDocNotFoundException e) {
223
              throw new NotFound("1340", "The provided identifier was invalid.");
214
      } catch (InsufficientKarmaException e) {
215
          throw new NotAuthorized("1320", "The provided identity does not have " + "permission to DELETE objects on the Member Node.");
224 216

  
225
          } catch (SQLException e) {
226
              throw new ServiceFailure("1350", "There was a problem deleting the object." + "The error message was: " + e.getMessage());
227

  
228
          } catch (InsufficientKarmaException e) {
229
              throw new NotAuthorized("1320", "The provided identity does not have " + "permission to DELETE objects on the Member Node.");
230

  
231
          } catch (Exception e) { // for some reason DocumentImpl throws a general Exception
232
              throw new ServiceFailure("1350", "There was a problem deleting the object." + "The error message was: " + e.getMessage());
233
          }
234

  
235
      } else {
236
          throw new NotAuthorized("1320", "The provided identity does not have " + "permission to DELETE objects on the Member Node.");
217
      } catch (Exception e) { // for some reason DocumentImpl throws a general Exception
218
          throw new ServiceFailure("1350", "There was a problem deleting the object." + "The error message was: " + e.getMessage());
237 219
      }
238 220

  
239 221
      return pid;

Also available in: Unified diff