Revision 7234
Added by ben leinfelder over 12 years ago
src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java | ||
---|---|---|
432 | 432 |
Event event, String pidFilter, Integer start, Integer count) throws InvalidToken, ServiceFailure, |
433 | 433 |
NotAuthorized, InvalidRequest, NotImplemented { |
434 | 434 |
|
435 |
|
|
435 |
// only admin access to this method |
|
436 |
// see https://redmine.dataone.org/issues/2855 |
|
437 |
if (!isAdminAuthorized(session)) { |
|
438 |
throw new NotAuthorized("1460", "Only the CN or admin is allowed to harvest logs from this node"); |
|
439 |
|
|
440 |
} |
|
441 |
|
|
436 | 442 |
Log log = new Log(); |
437 | 443 |
List<LogEntry> logs = new Vector<LogEntry>(); |
438 | 444 |
IdentifierManager im = IdentifierManager.getInstance(); |
... | ... | |
476 | 482 |
new java.sql.Timestamp(toDate.getTime()), false); |
477 | 483 |
|
478 | 484 |
logMetacat.debug("report: " + report); |
485 |
|
|
486 |
NodeReference memberNode = new NodeReference(); |
|
487 |
String nodeId = "localhost"; |
|
488 |
try { |
|
489 |
nodeId = PropertyService.getProperty("dataone.nodeId"); |
|
490 |
} catch (PropertyNotFoundException e1) { |
|
491 |
// TODO Auto-generated catch block |
|
492 |
e1.printStackTrace(); |
|
493 |
} |
|
494 |
memberNode.setValue(nodeId); |
|
479 | 495 |
|
480 | 496 |
String logEntry = "<logEntry>"; |
481 | 497 |
String endLogEntry = "</logEntry>"; |
... | ... | |
534 | 550 |
// skip it if the pid can't be found |
535 | 551 |
continue; |
536 | 552 |
} |
537 |
|
|
538 |
// skip if we are not allowed to read the document in question |
|
539 |
// https://redmine.dataone.org/issues/2444 |
|
540 |
boolean allowed = false; |
|
541 |
try { |
|
542 |
allowed = isAuthorized(session, identifier, Permission.READ); |
|
543 |
} catch (NotAuthorized ignore) {} |
|
544 |
catch (NotFound nf) { |
|
545 |
logMetacat.warn("Could not check authorization for pid: " + identifier.getValue(), nf); |
|
546 |
} |
|
547 |
if (!allowed) { |
|
548 |
logMetacat.debug(Permission.READ + " not allowed on document: " + identifier.getValue()); |
|
549 |
continue; |
|
550 |
} |
|
551 | 553 |
|
552 | 554 |
le.setIdentifier(identifier); |
553 | 555 |
le.setIpAddress(ipAddress); |
554 | 556 |
Date logDate = DateTimeMarshaller.deserializeDateToUTC(dateLogged); |
555 | 557 |
le.setDateLogged(logDate); |
556 |
NodeReference memberNode = new NodeReference(); |
|
557 |
String nodeId = "localhost"; |
|
558 |
try { |
|
559 |
nodeId = PropertyService.getProperty("dataone.nodeId"); |
|
560 |
} catch (PropertyNotFoundException e1) { |
|
561 |
// TODO Auto-generated catch block |
|
562 |
e1.printStackTrace(); |
|
563 |
} |
|
564 |
memberNode.setValue(nodeId); |
|
565 | 558 |
le.setNodeIdentifier(memberNode); |
566 | 559 |
Subject princ = new Subject(); |
567 | 560 |
princ.setValue(principal); |
Also available in: Unified diff
restrict getLogRecrods (both MN and CN) to be called only by admin users (the CN)
https://redmine.dataone.org/issues/2855