Revision 7234
Added by ben leinfelder about 12 years ago
| src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java | ||
|---|---|---|
| 432 | 432 |
Event event, String pidFilter, Integer start, Integer count) throws InvalidToken, ServiceFailure, |
| 433 | 433 |
NotAuthorized, InvalidRequest, NotImplemented {
|
| 434 | 434 |
|
| 435 |
|
|
| 435 |
// only admin access to this method |
|
| 436 |
// see https://redmine.dataone.org/issues/2855 |
|
| 437 |
if (!isAdminAuthorized(session)) {
|
|
| 438 |
throw new NotAuthorized("1460", "Only the CN or admin is allowed to harvest logs from this node");
|
|
| 439 |
|
|
| 440 |
} |
|
| 441 |
|
|
| 436 | 442 |
Log log = new Log(); |
| 437 | 443 |
List<LogEntry> logs = new Vector<LogEntry>(); |
| 438 | 444 |
IdentifierManager im = IdentifierManager.getInstance(); |
| ... | ... | |
| 476 | 482 |
new java.sql.Timestamp(toDate.getTime()), false); |
| 477 | 483 |
|
| 478 | 484 |
logMetacat.debug("report: " + report);
|
| 485 |
|
|
| 486 |
NodeReference memberNode = new NodeReference(); |
|
| 487 |
String nodeId = "localhost"; |
|
| 488 |
try {
|
|
| 489 |
nodeId = PropertyService.getProperty("dataone.nodeId");
|
|
| 490 |
} catch (PropertyNotFoundException e1) {
|
|
| 491 |
// TODO Auto-generated catch block |
|
| 492 |
e1.printStackTrace(); |
|
| 493 |
} |
|
| 494 |
memberNode.setValue(nodeId); |
|
| 479 | 495 |
|
| 480 | 496 |
String logEntry = "<logEntry>"; |
| 481 | 497 |
String endLogEntry = "</logEntry>"; |
| ... | ... | |
| 534 | 550 |
// skip it if the pid can't be found |
| 535 | 551 |
continue; |
| 536 | 552 |
} |
| 537 |
|
|
| 538 |
// skip if we are not allowed to read the document in question |
|
| 539 |
// https://redmine.dataone.org/issues/2444 |
|
| 540 |
boolean allowed = false; |
|
| 541 |
try {
|
|
| 542 |
allowed = isAuthorized(session, identifier, Permission.READ); |
|
| 543 |
} catch (NotAuthorized ignore) {}
|
|
| 544 |
catch (NotFound nf) {
|
|
| 545 |
logMetacat.warn("Could not check authorization for pid: " + identifier.getValue(), nf);
|
|
| 546 |
} |
|
| 547 |
if (!allowed) {
|
|
| 548 |
logMetacat.debug(Permission.READ + " not allowed on document: " + identifier.getValue()); |
|
| 549 |
continue; |
|
| 550 |
} |
|
| 551 | 553 |
|
| 552 | 554 |
le.setIdentifier(identifier); |
| 553 | 555 |
le.setIpAddress(ipAddress); |
| 554 | 556 |
Date logDate = DateTimeMarshaller.deserializeDateToUTC(dateLogged); |
| 555 | 557 |
le.setDateLogged(logDate); |
| 556 |
NodeReference memberNode = new NodeReference(); |
|
| 557 |
String nodeId = "localhost"; |
|
| 558 |
try {
|
|
| 559 |
nodeId = PropertyService.getProperty("dataone.nodeId");
|
|
| 560 |
} catch (PropertyNotFoundException e1) {
|
|
| 561 |
// TODO Auto-generated catch block |
|
| 562 |
e1.printStackTrace(); |
|
| 563 |
} |
|
| 564 |
memberNode.setValue(nodeId); |
|
| 565 | 558 |
le.setNodeIdentifier(memberNode); |
| 566 | 559 |
Subject princ = new Subject(); |
| 567 | 560 |
princ.setValue(principal); |
Also available in: Unified diff
restrict getLogRecrods (both MN and CN) to be called only by admin users (the CN)
https://redmine.dataone.org/issues/2855