Revision 7350
Added by ben leinfelder over 12 years ago
| src/edu/ucsb/nceas/metacat/DocumentImpl.java | ||
|---|---|---|
| 2679 | 2679 |
// the file and merge the differences manually. |
| 2680 | 2680 |
|
| 2681 | 2681 |
// check for 'write' permission for 'user' to update this document |
| 2682 |
if (!hasWritePermission(user, groups, accnum)) {
|
|
| 2682 |
// use the previous revision to check the permissions |
|
| 2683 |
String docIdWithoutRev = DocumentUtil.getSmartDocId(accnum); |
|
| 2684 |
int latestRev = DBUtil.getLatestRevisionInDocumentTable(docIdWithoutRev); |
|
| 2685 |
String latestDocId = docIdWithoutRev + PropertyService.getProperty("document.accNumSeparator") + latestRev;
|
|
| 2686 |
if (!hasWritePermission(user, groups, latestDocId)) {
|
|
| 2683 | 2687 |
throw new Exception( |
| 2684 | 2688 |
"User " + user |
| 2685 | 2689 |
+ " does not have permission to update XML Document #" |
| ... | ... | |
| 2803 | 2807 |
// use the previous revision to check the permissions |
| 2804 | 2808 |
String docIdWithoutRev = DocumentUtil.getSmartDocId(accnum); |
| 2805 | 2809 |
int latestRev = DBUtil.getLatestRevisionInDocumentTable(docIdWithoutRev); |
| 2806 |
String latestDocId = docIdWithoutRev + "." + latestRev;
|
|
| 2810 |
String latestDocId = docIdWithoutRev + PropertyService.getProperty("document.accNumSeparator") + latestRev;
|
|
| 2807 | 2811 |
if (!hasWritePermission(user, groups, latestDocId) |
| 2808 | 2812 |
&& !AuthUtil.isAdministrator(user, groups)) {
|
| 2809 | 2813 |
throw new Exception( |
Also available in: Unified diff
when updating a document on a remote server, we still need to use the previous docid to check that the user has permissions to do so (rather than the new id that is obsoleting the old id). This was discovered by M Servilla at LTER.