/src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java - Annotate - Metacat - Ecoinformatics Redmine

metacat/src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java @ 7512

-            cjones
+/**
  *  '$RCSfile$'
  *  Copyright: 2000-2011 Regents of the University of California and the
  *              National Center for Ecological Analysis and Synthesis
+ *
  *   '$Author$'
  *     '$Date$'
+ *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
  * (at your option) any later version.
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 package edu.ucsb.nceas.metacat.dataone;
-            cjones
+import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.FileOutputStream;
 import java.io.IOException;
-            cjones
+import java.io.InputStream;
-            cjones
+import java.io.OutputStream;
-            cjones
+import java.sql.SQLException;
-            leinfelder
+import java.util.ArrayList;
-            leinfelder
+import java.util.Calendar;
-            cjones
+import java.util.Date;
-            cjones
+import java.util.Hashtable;
-            leinfelder
+import java.util.List;
-            leinfelder
+import java.util.Set;
-            cjones
+import java.util.Timer;
             cjones
-            leinfelder
+import javax.servlet.http.HttpServletRequest;
             cjones
-            cjones
+import org.apache.commons.io.IOUtils;
-            leinfelder
+import org.apache.log4j.Logger;
-            cjones
+import org.dataone.client.CNode;
 import org.dataone.client.D1Client;
-            cjones
+import org.dataone.client.ObjectFormatCache;
-            cjones
+import org.dataone.service.exceptions.BaseException;
-            cjones
+import org.dataone.service.exceptions.IdentifierNotUnique;
 import org.dataone.service.exceptions.InsufficientResources;
-            cjones
+import org.dataone.service.exceptions.InvalidRequest;
-            cjones
+import org.dataone.service.exceptions.InvalidSystemMetadata;
-            cjones
+import org.dataone.service.exceptions.InvalidToken;
 import org.dataone.service.exceptions.NotAuthorized;
 import org.dataone.service.exceptions.NotFound;
 import org.dataone.service.exceptions.NotImplemented;
 import org.dataone.service.exceptions.ServiceFailure;
-            cjones
+import org.dataone.service.exceptions.UnsupportedType;
-            leinfelder
+import org.dataone.service.types.v1.AccessRule;
-            leinfelder
+import org.dataone.service.types.v1.DescribeResponse;
-            leinfelder
+import org.dataone.service.types.v1.Event;
-            leinfelder
+import org.dataone.service.types.v1.Group;
-            leinfelder
+import org.dataone.service.types.v1.Identifier;
 import org.dataone.service.types.v1.Log;
-            cjones
+import org.dataone.service.types.v1.Node;
-            leinfelder
+import org.dataone.service.types.v1.NodeReference;
-            cjones
+import org.dataone.service.types.v1.NodeType;
-            leinfelder
+import org.dataone.service.types.v1.ObjectFormat;
 import org.dataone.service.types.v1.Permission;
-            cjones
+import org.dataone.service.types.v1.Replica;
-            leinfelder
+import org.dataone.service.types.v1.Session;
 import org.dataone.service.types.v1.Subject;
 import org.dataone.service.types.v1.SystemMetadata;
-            leinfelder
+import org.dataone.service.types.v1.util.AuthUtils;
-            leinfelder
+import org.dataone.service.types.v1.util.ChecksumUtil;
-            leinfelder
+import org.dataone.service.util.Constants;
             cjones
-            cjones
+import edu.ucsb.nceas.metacat.AccessionNumberException;
 import edu.ucsb.nceas.metacat.DocumentImpl;
-            leinfelder
+import edu.ucsb.nceas.metacat.EventLog;
 import edu.ucsb.nceas.metacat.IdentifierManager;
-            leinfelder
+import edu.ucsb.nceas.metacat.McdbDocNotFoundException;
-            cjones
+import edu.ucsb.nceas.metacat.MetacatHandler;
-            leinfelder
+import edu.ucsb.nceas.metacat.client.InsufficientKarmaException;
-            leinfelder
+import edu.ucsb.nceas.metacat.database.DBConnection;
 import edu.ucsb.nceas.metacat.database.DBConnectionPool;
-            leinfelder
+import edu.ucsb.nceas.metacat.dataone.hazelcast.HazelcastService;
-            cjones
+import edu.ucsb.nceas.metacat.properties.PropertyService;
-            cjones
+import edu.ucsb.nceas.metacat.replication.ForceReplicationHandler;
-            cjones
+import edu.ucsb.nceas.utilities.PropertyNotFoundException;
             leinfelder
-            cjones
+public abstract class D1NodeService {
             cjones
-            cjones
+  private static Logger logMetacat = Logger.getLogger(D1NodeService.class);
             leinfelder
-            leinfelder
+  /** For logging the operations */
   protected HttpServletRequest request;
             cjones
-            cjones
+  /* reference to the metacat handler */
-            leinfelder
+  protected MetacatHandler handler;
             cjones
-            cjones
+  /* parameters set in the incoming request */
   private Hashtable<String, String[]> params;
             leinfelder
   /**
-            leinfelder
+   * limit paged results sets to a configured maximum
    */
   protected static int MAXIMUM_DB_RECORD_COUNT = 7000;
   static {
 		try {
 			MAXIMUM_DB_RECORD_COUNT = Integer.valueOf(PropertyService.getProperty("database.webResultsetSize"));
 		} catch (Exception e) {
 			logMetacat.warn("Could not set MAXIMUM_DB_RECORD_COUNT", e);
+		}
+	}
   /**
-            leinfelder
+   * out-of-band session object to be used when not passed in as a method parameter
    */
   protected Session session;
             cjones
-            cjones
+  /**
    * Constructor - used to set the metacatUrl from a subclass extending D1NodeService
+   *
    * @param metacatUrl - the URL of the metacat service, including the ending /d1
    */
-            leinfelder
+  public D1NodeService(HttpServletRequest request) {
 		this.request = request;
+	}
             leinfelder
-            cjones
+  /**
-            leinfelder
+   * retrieve the out-of-band session
    * @return
    */
   	public Session getSession() {
 		return session;
+	}
   	/**
   	 * Set the out-of-band session
   	 * @param session
   	 */
 	public void setSession(Session session) {
 		this.session = session;
+	}
   /**
-            leinfelder
+   * This method provides a lighter weight mechanism than
    * getSystemMetadata() for a client to determine basic
    * properties of the referenced object.
+   *
    * @param session - the Session object containing the credentials for the Subject
    * @param pid - the identifier of the object to be described
+   *
    * @return describeResponse - A set of values providing a basic description
    *                            of the object.
+   *
    * @throws InvalidToken
    * @throws ServiceFailure
    * @throws NotAuthorized
    * @throws NotFound
    * @throws NotImplemented
    * @throws InvalidRequest
    */
   public DescribeResponse describe(Session session, Identifier pid)
       throws InvalidToken, ServiceFailure, NotAuthorized, NotFound, NotImplemented {
     // get system metadata and construct the describe response
       SystemMetadata sysmeta = getSystemMetadata(session, pid);
       DescribeResponse describeResponse =
       	new DescribeResponse(sysmeta.getFormatId(), sysmeta.getSize(),
       			sysmeta.getDateSysMetadataModified(),
       			sysmeta.getChecksum(), sysmeta.getSerialVersion());
       return describeResponse;
+  }
   /**
-            leinfelder
+   * Deletes an object from the Member Node, where the object is either a
    * data object or a science metadata object.
+   *
    * @param session - the Session object containing the credentials for the Subject
    * @param pid - The object identifier to be deleted
+   *
    * @return pid - the identifier of the object used for the deletion
+   *
    * @throws InvalidToken
    * @throws ServiceFailure
    * @throws NotAuthorized
    * @throws NotFound
    * @throws NotImplemented
    * @throws InvalidRequest
    */
   public Identifier delete(Session session, Identifier pid)
       throws InvalidToken, ServiceFailure, NotAuthorized, NotFound, NotImplemented {
       String localId = null;
       if (session == null) {
       	throw new InvalidToken("1330", "No session has been provided");
+      }
-            leinfelder
+      // just for logging purposes
       String username = session.getSubject().getValue();
             leinfelder
       // do we have a valid pid?
       if (pid == null || pid.getValue().trim().equals("")) {
           throw new ServiceFailure("1350", "The provided identifier was invalid.");
+      }
       // check for the existing identifier
       try {
           localId = IdentifierManager.getInstance().getLocalId(pid.getValue());
       } catch (McdbDocNotFoundException e) {
           throw new NotFound("1340", "The object with the provided " + "identifier was not found.");
+      }
             leinfelder
-            leinfelder
+      try {
-            leinfelder
+          // delete the document, as admin
           DocumentImpl.delete(localId, null, null, null, true);
           EventLog.getInstance().log(request.getRemoteAddr(), request.getHeader("User-Agent"), username, localId, Event.DELETE.xmlValue());
           // archive it
-            leinfelder
+          // DocumentImpl.delete() now sets this
           // see https://redmine.dataone.org/issues/3406
 //          SystemMetadata sysMeta = HazelcastService.getInstance().getSystemMetadataMap().get(pid);
 //          sysMeta.setArchived(true);
 //          sysMeta.setDateSysMetadataModified(Calendar.getInstance().getTime());
 //          HazelcastService.getInstance().getSystemMetadataMap().put(pid, sysMeta);
             leinfelder
-            leinfelder
+      } catch (McdbDocNotFoundException e) {
           throw new NotFound("1340", "The provided identifier was invalid.");
             leinfelder
-            leinfelder
+      } catch (SQLException e) {
           throw new ServiceFailure("1350", "There was a problem deleting the object." + "The error message was: " + e.getMessage());
             leinfelder
-            leinfelder
+      } catch (InsufficientKarmaException e) {
-            cjones
+          if ( logMetacat.isDebugEnabled() ) {
               e.printStackTrace();
+          }
-            leinfelder
+          throw new NotAuthorized("1320", "The provided identity does not have " + "permission to DELETE objects on the Member Node.");
             cjones
-            leinfelder
+      } catch (Exception e) { // for some reason DocumentImpl throws a general Exception
           throw new ServiceFailure("1350", "There was a problem deleting the object." + "The error message was: " + e.getMessage());
             leinfelder
       return pid;
+  }
   /**
-            leinfelder
+   * Low level, "are you alive" operation. A valid ping response is
    * indicated by a HTTP status of 200.
+   *
    * @return true if the service is alive
+   *
    * @throws NotImplemented
    * @throws ServiceFailure
    * @throws InsufficientResources
    */
   public Date ping()
       throws NotImplemented, ServiceFailure, InsufficientResources {
       // test if we can get a database connection
       int serialNumber = -1;
       DBConnection dbConn = null;
       try {
           dbConn = DBConnectionPool.getDBConnection("MNodeService.ping");
           serialNumber = dbConn.getCheckOutSerialNumber();
       } catch (SQLException e) {
       	ServiceFailure sf = new ServiceFailure("", e.getMessage());
       	sf.initCause(e);
           throw sf;
       } finally {
           // Return the database connection
           DBConnectionPool.returnDBConnection(dbConn, serialNumber);
+      }
       return Calendar.getInstance().getTime();
+  }
   /**
-            cjones
+   * Adds a new object to the Node, where the object is either a data
    * object or a science metadata object. This method is called by clients
    * to create new data objects on Member Nodes or internally for Coordinating
    * Nodes
+   *
    * @param session - the Session object containing the credentials for the Subject
    * @param pid - The object identifier to be created
    * @param object - the object bytes
    * @param sysmeta - the system metadata that describes the object
+   *
    * @return pid - the object identifier created
+   *
    * @throws InvalidToken
    * @throws ServiceFailure
    * @throws NotAuthorized
    * @throws IdentifierNotUnique
    * @throws UnsupportedType
    * @throws InsufficientResources
    * @throws InvalidSystemMetadata
    * @throws NotImplemented
    * @throws InvalidRequest
    */
   public Identifier create(Session session, Identifier pid, InputStream object,
     SystemMetadata sysmeta)
     throws InvalidToken, ServiceFailure, NotAuthorized, IdentifierNotUnique,
     UnsupportedType, InsufficientResources, InvalidSystemMetadata,
     NotImplemented, InvalidRequest {
             cjones
-            cjones
+    Identifier resultPid = null;
     String localId = null;
     boolean allowed = false;
-            leinfelder
+    // check for null session
     if (session == null) {
     	throw new InvalidToken("4894", "Session is required to WRITE to the Node.");
+    }
     Subject subject = session.getSubject();
-            leinfelder
+    Subject publicSubject = new Subject();
     publicSubject.setValue(Constants.SUBJECT_PUBLIC);
 	// be sure the user is authenticated for create()
-            leinfelder
+    if (subject == null || subject.getValue() == null ||
-            leinfelder
+        subject.equals(publicSubject) ) {
-            cjones
+      throw new NotAuthorized("1100", "The provided identity does not have " +
-            leinfelder
+        "permission to WRITE to the Node.");
             cjones
+    }
-            leinfelder
+    // verify the pid is valid format
-            leinfelder
+    if (!isValidIdentifier(pid)) {
-            leinfelder
+    	throw new InvalidRequest("1202", "The provided identifier is invalid.");
+    }
-            cjones
+    // verify that pid == SystemMetadata.getIdentifier()
     logMetacat.debug("Comparing pid|sysmeta_pid: " +
       pid.getValue() + "|" + sysmeta.getIdentifier().getValue());
     if (!pid.getValue().equals(sysmeta.getIdentifier().getValue())) {
         throw new InvalidSystemMetadata("1180",
             "The supplied system metadata is invalid. " +
             "The identifier " + pid.getValue() + " does not match identifier" +
             "in the system metadata identified by " +
             sysmeta.getIdentifier().getValue() + ".");
+    }
-            leinfelder
+    logMetacat.debug("Checking if identifier exists: " + pid.getValue());
-            cjones
+    // Check that the identifier does not already exist
-            leinfelder
+    if (IdentifierManager.getInstance().identifierExists(pid.getValue())) {
 	    	throw new IdentifierNotUnique("1120",
 			          "The requested identifier " + pid.getValue() +
 			          " is already used by another object and" +
 			          "therefore can not be used for this object. Clients should choose" +
 			          "a new identifier that is unique and retry the operation or " +
-            leinfelder
+			          "use CN.reserveIdentifier() to reserve one.");
             leinfelder
             cjones
             leinfelder
-            leinfelder
+    // TODO: this probably needs to be refined more
-            cjones
+    try {
       allowed = isAuthorized(session, pid, Permission.WRITE);
     } catch (NotFound e) {
       // The identifier doesn't exist, writing should be fine.
       allowed = true;
+    }
-            leinfelder
+    // verify checksum, only if we can reset the inputstream
     if (object.markSupported()) {
-            leinfelder
+        logMetacat.debug("Checking checksum for: " + pid.getValue());
-            leinfelder
+	    String checksumAlgorithm = sysmeta.getChecksum().getAlgorithm();
 	    String checksumValue = sysmeta.getChecksum().getValue();
 	    try {
 			String computedChecksumValue = ChecksumUtil.checksum(object, checksumAlgorithm).getValue();
 			// it's very important that we don't consume the stream
 			object.reset();
 			if (!computedChecksumValue.equals(checksumValue)) {
-            leinfelder
+			    logMetacat.error("Checksum for " + pid.getValue() + " does not match system metadata, computed = " + computedChecksumValue );
-            leinfelder
+				throw new InvalidSystemMetadata("4896", "Checksum given does not match that of the object");
+			}
 		} catch (Exception e) {
 			String msg = "Error verifying checksum values";
 	      	logMetacat.error(msg, e);
 	        throw new ServiceFailure("1190", msg + ": " + e.getMessage());
+		}
     } else {
     	logMetacat.warn("mark is not supported on the object's input stream - cannot verify checksum without consuming stream");
+    }
-            cjones
+    // we have the go ahead
     if ( allowed ) {
-            leinfelder
+        logMetacat.debug("Allowed to insert: " + pid.getValue());
-            cjones
+      // Science metadata (XML) or science data object?
       // TODO: there are cases where certain object formats are science metadata
       // but are not XML (netCDF ...).  Handle this.
       if ( isScienceMetadata(sysmeta) ) {
         // CASE METADATA:
       	String objectAsXML = "";
         try {
 	        objectAsXML = IOUtils.toString(object, "UTF-8");
 	        localId = insertOrUpdateDocument(objectAsXML, pid, session, "insert");
 	        //localId = im.getLocalId(pid.getValue());
         } catch (IOException e) {
         	String msg = "The Node is unable to create the object. " +
           "There was a problem converting the object to XML";
         	logMetacat.info(msg);
           throw new ServiceFailure("1190", msg + ": " + e.getMessage());
+        }
-            leinfelder
+      } else {
 	      // DEFAULT CASE: DATA (needs to be checked and completed)
 	      localId = insertDataObject(object, pid, session);
+      }
             cjones
             leinfelder
-            leinfelder
+    logMetacat.debug("Done inserting new object: " + pid.getValue());
-            leinfelder
+    // save the sysmeta
-            leinfelder
+    try {
-            cjones
+      // lock and unlock of the pid happens in the subclass
-            leinfelder
+    	HazelcastService.getInstance().getSystemMetadataMap().put(sysmeta.getIdentifier(), sysmeta);
             cjones
-            leinfelder
+    } catch (Exception e) {
-            leinfelder
+    	logMetacat.error("Problem creating system metadata: " + pid.getValue(), e);
-            leinfelder
+        throw new ServiceFailure("1190", e.getMessage());
+	}
             leinfelder
-            cjones
+    // setting the resulting identifier failed
-            leinfelder
+    if (localId == null ) {
       throw new ServiceFailure("1190", "The Node is unable to create the object. ");
             cjones
             leinfelder
-            leinfelder
+    resultPid = pid;
-            leinfelder
+    logMetacat.debug("create() complete for object: " + pid.getValue());
-            cjones
+    return resultPid;
+  }
-            cjones
+  /**
    * Return the log records associated with a given event between the start and
    * end dates listed given a particular Subject listed in the Session
+   *
    * @param session - the Session object containing the credentials for the Subject
    * @param fromDate - the start date of the desired log records
    * @param toDate - the end date of the desired log records
    * @param event - restrict log records of a specific event type
    * @param start - zero based offset from the first record in the
    *                set of matching log records. Used to assist with
    *                paging the response.
    * @param count - maximum number of log records to return in the response.
    *                Used to assist with paging the response.
+   *
    * @return the desired log records
+   *
    * @throws InvalidToken
    * @throws ServiceFailure
    * @throws NotAuthorized
    * @throws InvalidRequest
    * @throws NotImplemented
    */
   public Log getLogRecords(Session session, Date fromDate, Date toDate,
-            leinfelder
+      Event event, String pidFilter, Integer start, Integer count) throws InvalidToken, ServiceFailure,
-            cjones
+      NotAuthorized, InvalidRequest, NotImplemented {
             cjones
-            leinfelder
+	  // only admin access to this method
 	  // see https://redmine.dataone.org/issues/2855
 	  if (!isAdminAuthorized(session)) {
 		  throw new NotAuthorized("1460", "Only the CN or admin is allowed to harvest logs from this node");
+	  }
-            cjones
+    IdentifierManager im = IdentifierManager.getInstance();
     EventLog el = EventLog.getInstance();
-            cjones
+    if ( fromDate == null ) {
-            cjones
+      logMetacat.debug("setting fromdate from null");
       fromDate = new Date(1);
+    }
-            cjones
+    if ( toDate == null ) {
-            cjones
+      logMetacat.debug("setting todate from null");
       toDate = new Date();
+    }
             leinfelder
-            cjones
+    if ( start == null ) {
-            leinfelder
+    	start = 0;
             cjones
     if ( count == null ) {
     	count = 1000;
+    }
             leinfelder
     // safeguard against large requests
     if (count > MAXIMUM_DB_RECORD_COUNT) {
     	count = MAXIMUM_DB_RECORD_COUNT;
+    }
             cjones
-            leinfelder
+    String[] filterDocid = null;
     if (pidFilter != null) {
 		try {
 	      String localId = im.getLocalId(pidFilter);
 	      filterDocid = new String[] {localId};
 	    } catch (Exception ex) {
 	    	String msg = "Could not find localId for given pidFilter '" + pidFilter + "'";
 	        logMetacat.warn(msg, ex);
 	        //throw new InvalidRequest("1480", msg);
+	    }
+    }
-            cjones
+    logMetacat.debug("fromDate: " + fromDate);
     logMetacat.debug("toDate: " + toDate);
             leinfelder
-            leinfelder
+    Log log = el.getD1Report(null, null, filterDocid, event,
-            cjones
+        new java.sql.Timestamp(fromDate.getTime()),
-            leinfelder
+        new java.sql.Timestamp(toDate.getTime()), false, start, count);
             leinfelder
-            cjones
+    logMetacat.info("getLogRecords");
     return log;
+  }
             cjones
-            cjones
+  /**
    * Return the object identified by the given object identifier
+   *
    * @param session - the Session object containing the credentials for the Subject
    * @param pid - the object identifier for the given object
+   *
    * TODO: The D1 Authorization API doesn't provide information on which
    * authentication system the Subject belongs to, and so it's not possible to
    * discern which Person or Group is a valid KNB LDAP DN.  Fix this.
+   *
    * @return inputStream - the input stream of the given object
+   *
    * @throws InvalidToken
    * @throws ServiceFailure
    * @throws NotAuthorized
    * @throws InvalidRequest
    * @throws NotImplemented
    */
   public InputStream get(Session session, Identifier pid)
     throws InvalidToken, ServiceFailure, NotAuthorized, NotFound,
-            cjones
+    NotImplemented {
             cjones
-            cjones
+    InputStream inputStream = null; // bytes to be returned
-            cjones
+    handler = new MetacatHandler(new Timer());
-            cjones
+    boolean allowed = false;
     String localId; // the metacat docid for the pid
             cjones
-            cjones
+    // get the local docid from Metacat
     try {
       localId = IdentifierManager.getInstance().getLocalId(pid.getValue());
-            cjones
+    } catch (McdbDocNotFoundException e) {
       throw new NotFound("1020", "The object specified by " +
-            cjones
+                         pid.getValue() +
-            leinfelder
+                         " does not exist at this node.");
             cjones
     // check for authorization
-            leinfelder
+    try {
 		allowed = isAuthorized(session, pid, Permission.READ);
 	} catch (InvalidRequest e) {
 		throw new ServiceFailure("1030", e.getDescription());
+	}
             cjones
     // if the person is authorized, perform the read
-            leinfelder
+    if (allowed) {
-            cjones
+      try {
-            leinfelder
+        inputStream = handler.read(localId);
       } catch (Exception e) {
-            leinfelder
+        throw new NotFound("1020", "The object specified by " +
-            cjones
+            pid.getValue() +
-            leinfelder
+            "could not be returned due to error: " +
-            cjones
+            e.getMessage());
+      }
             cjones
             cjones
-            cjones
+    // if we fail to set the input stream
     if ( inputStream == null ) {
-            cjones
+      throw new NotFound("1020", "The object specified by " +
                          pid.getValue() +
                          "does not exist at this node.");
             cjones
-            leinfelder
+	// log the read event
-            leinfelder
+    String principal = Constants.SUBJECT_PUBLIC;
-            leinfelder
+    if (session != null && session.getSubject() != null) {
-            leinfelder
+    	principal = session.getSubject().getValue();
+    }
-            leinfelder
+    EventLog.getInstance().log(request.getRemoteAddr(), request.getHeader("User-Agent"), principal, localId, "read");
             leinfelder
-            cjones
+    return inputStream;
+  }
             cjones
-            cjones
+  /**
    * Return the system metadata for a given object
+   *
    * @param session - the Session object containing the credentials for the Subject
    * @param pid - the object identifier for the given object
+   *
    * @return inputStream - the input stream of the given system metadata object
+   *
    * @throws InvalidToken
    * @throws ServiceFailure
    * @throws NotAuthorized
    * @throws NotFound
    * @throws InvalidRequest
    * @throws NotImplemented
    */
-            cjones
+    public SystemMetadata getSystemMetadata(Session session, Identifier pid)
         throws InvalidToken, ServiceFailure, NotAuthorized, NotFound,
         NotImplemented {
         boolean isAuthorized = false;
         SystemMetadata systemMetadata = null;
         List<Replica> replicaList = null;
         NodeReference replicaNodeRef = null;
         List<Node> nodeListBySubject = null;
         Subject subject = null;
             cjones
-            cjones
+        if (session != null ) {
             subject = session.getSubject();
+        }
             cjones
-            leinfelder
+        // check normal authorization
         BaseException originalAuthorizationException = null;
         if (!isAuthorized) {
             try {
                 isAuthorized = isAuthorized(session, pid, Permission.READ);
             cjones
-            leinfelder
+            } catch (InvalidRequest e) {
                 throw new ServiceFailure("1090", e.getDescription());
             } catch (NotAuthorized nae) {
             	// catch this for later
             	originalAuthorizationException = nae;
+			}
+        }
             cjones
-            leinfelder
+        // get the system metadata first because we need the replica list for auth
         systemMetadata = HazelcastService.getInstance().getSystemMetadataMap().get(pid);
         // check the replica information to expand access to MNs that might need it
         if (!isAuthorized) {
 	        try {
 	            // if MNs are listed as replicas, allow access
 	            if ( systemMetadata != null ) {
 	                replicaList = systemMetadata.getReplicaList();
 	                // only check if there are in fact replicas listed
 	                if ( replicaList != null ) {
 	                    if ( subject != null ) {
 	                        // get the list of nodes with a matching node subject
 	                        try {
 	                            nodeListBySubject = listNodesBySubject(session.getSubject());
 	                        } catch (BaseException e) {
 	                            // Unexpected error contacting the CN via D1Client
 	                            String msg = "Caught an unexpected error while trying "
 	                                    + "to potentially authorize system metadata access "
 	                                    + "based on the session subject. The error was "
 	                                    + e.getMessage();
 	                            logMetacat.error(msg);
 	                            if (logMetacat.isDebugEnabled()) {
 	                                e.printStackTrace();
+	                            }
 	                            // isAuthorized is still false
+	                        }
+	                    }
 	                    if (nodeListBySubject != null) {
 	                        // compare node ids to replica node ids
 	                        outer: for (Replica replica : replicaList) {
 	                            replicaNodeRef = replica.getReplicaMemberNode();
 	                            for (Node node : nodeListBySubject) {
 	                                if (node.getIdentifier().equals(replicaNodeRef)) {
 	                                    // node id via session subject matches a replica node
 	                                    isAuthorized = true;
 	                                    break outer;
+	                                }
+	                            }
+	                        }
+	                    }
+	                }
+	            }
 	            // if we still aren't authorized, then we are done
 	            if (!isAuthorized) {
 	                throw new NotAuthorized("1400", Permission.READ
 	                        + " not allowed on " + pid.getValue());
+	            }
             cjones
-            leinfelder
+	        } catch (RuntimeException e) {
 	        	e.printStackTrace();
 	            // convert hazelcast RuntimeException to ServiceFailure
 	            throw new ServiceFailure("1090", "Unexpected error getting system metadata for: " +
 	                pid.getValue());
+	        }
             cjones
             leinfelder
-            cjones
+        // It wasn't in the map
         if ( systemMetadata == null ) {
             throw new NotFound("1420", "No record found for: " + pid.getValue());
+        }
         return systemMetadata;
+    }
             cjones
-            cjones
+  /**
-            cjones
+   * Test if the user identified by the provided token has administrative authorization
+   *
    * @param session - the Session object containing the credentials for the Subject
+   *
-            leinfelder
+   * @return true if the user is admin
             cjones
    * @throws ServiceFailure
    * @throws InvalidToken
    * @throws NotFound
    * @throws NotAuthorized
    * @throws NotImplemented
    */
-            leinfelder
+  public boolean isAdminAuthorized(Session session)
-            leinfelder
+      throws ServiceFailure, InvalidToken, NotAuthorized,
-            cjones
+      NotImplemented {
       boolean allowed = false;
             leinfelder
       // must have a session in order to check admin
       if (session == null) {
-            leinfelder
+         logMetacat.debug("In isAdminAuthorized(), session is null ");
          return false;
             leinfelder
-            cjones
+      logMetacat.debug("In isAdminAuthorized(), checking CN or MN authorization for " +
-            leinfelder
+           session.getSubject().getValue());
             cjones
-            leinfelder
+      // check if this is the node calling itself (MN)
       allowed = isNodeAdmin(session);
             cjones
-            leinfelder
+      // check the CN list
       if (!allowed) {
 	      // are we allowed to do this? only CNs are allowed
 	      CNode cn = D1Client.getCN();
 	      List<Node> nodes = cn.listNodes().getNodeList();
 	      if ( nodes == null ) {
 	          throw new ServiceFailure("4852", "Couldn't get node list.");
+	      }
 	      // find the node in the node list
 	      for ( Node node : nodes ) {
 	          NodeReference nodeReference = node.getIdentifier();
 	          logMetacat.debug("In isAdminAuthorized(), Node reference is: " + nodeReference.getValue());
 	          Subject subject = session.getSubject();
 	          if (node.getType() == NodeType.CN) {
 	              List<Subject> nodeSubjects = node.getSubjectList();
 	              // check if the session subject is in the node subject list
 	              for (Subject nodeSubject : nodeSubjects) {
 	                  logMetacat.debug("In isAdminAuthorized(), comparing subjects: " +
 	                      nodeSubject.getValue() + " and " + subject.getValue());
 	                  if ( nodeSubject.equals(subject) ) {
 	                      allowed = true; // subject of session == target node subject
 	                      break;
+	                  }
+	              }
+	          }
+	      }
             cjones
       return allowed;
+  }
   /**
-            leinfelder
+   * Test if the user identified by the provided token has administrative authorization
    * on this node because they are calling themselves
+   *
    * @param session - the Session object containing the credentials for the Subject
+   *
    * @return true if the user is this node
    * @throws ServiceFailure
    * @throws NotImplemented
    */
   public boolean isNodeAdmin(Session session) throws NotImplemented, ServiceFailure {
       boolean allowed = false;
       // must have a session in order to check admin
       if (session == null) {
          logMetacat.debug("In isNodeAdmin(), session is null ");
          return false;
+      }
       logMetacat.debug("In isNodeAdmin(), MN authorization for " +
            session.getSubject().getValue());
       Node node = MNodeService.getInstance(request).getCapabilities();
       NodeReference nodeReference = node.getIdentifier();
       logMetacat.debug("In isNodeAdmin(), Node reference is: " + nodeReference.getValue());
       Subject subject = session.getSubject();
       if (node.getType() == NodeType.MN) {
           List<Subject> nodeSubjects = node.getSubjectList();
           // check if the session subject is in the node subject list
           for (Subject nodeSubject : nodeSubjects) {
               logMetacat.debug("In isNodeAdmin(), comparing subjects: " +
                   nodeSubject.getValue() + " and " + subject.getValue());
               if ( nodeSubject.equals(subject) ) {
                   allowed = true; // subject of session == this node's subect
                   break;
+              }
+          }
+      }
       return allowed;
+  }
   /**
-            cjones
+   * Test if the user identified by the provided token has authorization
-            cjones
+   * for the operation on the specified object.
             cjones
    * @param session - the Session object containing the credentials for the Subject
    * @param pid - The identifer of the resource for which access is being checked
    * @param operation - The type of operation which is being requested for the given pid
+   *
    * @return true if the operation is allowed
+   *
    * @throws ServiceFailure
    * @throws InvalidToken
    * @throws NotFound
    * @throws NotAuthorized
    * @throws NotImplemented
    * @throws InvalidRequest
    */
   public boolean isAuthorized(Session session, Identifier pid, Permission permission)
     throws ServiceFailure, InvalidToken, NotFound, NotAuthorized,
-            leinfelder
+    NotImplemented, InvalidRequest {
             cjones
-            cjones
+    boolean allowed = false;
-            leinfelder
+    if (permission == null) {
     	throw new InvalidRequest("1761", "Permission was not provided or is invalid");
+    }
-            leinfelder
+    // permissions are hierarchical
-            leinfelder
+    List<Permission> expandedPermissions = null;
             leinfelder
-            cjones
+    // always allow CN access
-            leinfelder
+    if ( isAdminAuthorized(session) ) {
-            cjones
+        allowed = true;
         return allowed;
+    }
-            leinfelder
+    // get the subject[s] from the session
-            leinfelder
+	//defer to the shared util for recursively compiling the subjects
-            leinfelder
+	Set<Subject> subjects = AuthUtils.authorizedClientSubjects(session);
             leinfelder
-            leinfelder
+	// track the identities we have checked against
 	StringBuffer includedSubjects = new StringBuffer();
-            cjones
+    // get the system metadata
-            cjones
+    String pidStr = pid.getValue();
-            cjones
+    SystemMetadata systemMetadata = null;
     try {
-            cjones
+        systemMetadata = HazelcastService.getInstance().getSystemMetadataMap().get(pid);
     } catch (Exception e) {
         // convert Hazelcast RuntimeException to NotFound
         logMetacat.error("An error occurred while getting system metadata for identifier " +
             pid.getValue() + ". The error message was: " + e.getMessage());
         throw new NotFound("1800", "No record found for " + pidStr);
             cjones
             leinfelder
     // throw not found if it was not found
     if (systemMetadata == null) {
-            leinfelder
+    	throw new NotFound("1800", "No system metadata could be found for given PID: " + pidStr);
             leinfelder
             leinfelder
-            leinfelder
+    // do we own it?
     for (Subject s: subjects) {
-            cjones
+      logMetacat.debug("Comparing \t" +
                        systemMetadata.getRightsHolder().getValue() +
                        " \tagainst \t" + s.getValue());
-            leinfelder
+      	includedSubjects.append(s.getValue() + "; ");
-            leinfelder
+    	allowed = systemMetadata.getRightsHolder().equals(s);
-            leinfelder
+    	if (allowed) {
     		return allowed;
+    	}
+    }
     // otherwise check the access rules
-            leinfelder
+    try {
 	    List<AccessRule> allows = systemMetadata.getAccessPolicy().getAllowList();
-            leinfelder
+	    search: // label break
-            leinfelder
+	    for (AccessRule accessRule: allows) {
 	      for (Subject s: subjects) {
-            leinfelder
+	        logMetacat.debug("Checking allow access rule for subject: " + s.getValue());
-            leinfelder
+	        if (accessRule.getSubjectList().contains(s)) {
-            leinfelder
+	        	logMetacat.debug("Access rule contains subject: " + s.getValue());
-            leinfelder
+	        	for (Permission p: accessRule.getPermissionList()) {
-            leinfelder
+		        	logMetacat.debug("Checking permission: " + p.xmlValue());
-            leinfelder
+	        		expandedPermissions = expandPermissions(p);
 	        		allowed = expandedPermissions.contains(permission);
 	        		if (allowed) {
-            leinfelder
+			        	logMetacat.info("Permission granted: " + p.xmlValue() + " to " + s.getValue());
-            leinfelder
+	        			break search; //label break
+	        		}
             leinfelder
             leinfelder
+	      }
+	    }
     } catch (Exception e) {
     	// catch all for errors - safe side should be to deny the access
     	logMetacat.error("Problem checking authorization - defaulting to deny", e);
 		allowed = false;
             cjones
+    }
             cjones
-            leinfelder
+    // throw or return?
-            cjones
+    if (!allowed) {
-            leinfelder
+      throw new NotAuthorized("1820", permission + " not allowed on " + pidStr + " for subject[s]: " + includedSubjects.toString() );
             cjones
             leinfelder
-            cjones
+    return allowed;
             cjones
             cjones
-            cjones
+  /*
-            cjones
+   * parse a logEntry and get the relevant field from it
+   *
    * @param fieldname
    * @param entry
    * @return
    */
   private String getLogEntryField(String fieldname, String entry) {
     String begin = "<" + fieldname + ">";
     String end = "</" + fieldname + ">";
     // logMetacat.debug("looking for " + begin + " and " + end +
     // " in entry " + entry);
     String s = entry.substring(entry.indexOf(begin) + begin.length(), entry
         .indexOf(end));
     logMetacat.debug("entry " + fieldname + " : " + s);
     return s;
+  }
             cjones
-            cjones
+  /**
-            cjones
+   * Determine if a given object should be treated as an XML science metadata
    * object.
+   *
    * @param sysmeta - the SystemMetadata describing the object
    * @return true if the object should be treated as science metadata
    */
-            leinfelder
+  public static boolean isScienceMetadata(SystemMetadata sysmeta) {
             cjones
     ObjectFormat objectFormat = null;
     boolean isScienceMetadata = false;
     try {
-            leinfelder
+      objectFormat = ObjectFormatCache.getInstance().getFormat(sysmeta.getFormatId());
-            leinfelder
+      if ( objectFormat.getFormatType().equals("METADATA") ) {
-            cjones
+      	isScienceMetadata = true;
+      }
             cjones
     } catch (ServiceFailure e) {
       logMetacat.debug("There was a problem determining if the object identified by" +
           sysmeta.getIdentifier().getValue() +
           " is science metadata: " + e.getMessage());
     } catch (NotFound e) {
       logMetacat.debug("There was a problem determining if the object identified by" +
           sysmeta.getIdentifier().getValue() +
           " is science metadata: " + e.getMessage());
+    }
     return isScienceMetadata;
             cjones
             cjones
   /**
-            leinfelder
+   * Check fro whitespace in the given pid.
    * null pids are also invalid by default
    * @param pid
    * @return
    */
   public static boolean isValidIdentifier(Identifier pid) {
 	  if (pid != null && pid.getValue() != null && pid.getValue().length() > 0) {
 		  return !pid.getValue().matches("\\s");
+	  }
 	  return false;
+  }
   /**
-            cjones
+   * Insert or update an XML document into Metacat
+   *
    * @param xml - the XML document to insert or update
    * @param pid - the identifier to be used for the resulting object
+   *
    * @return localId - the resulting docid of the document created or updated
+   *
    */
-            leinfelder
+  public String insertOrUpdateDocument(String xml, Identifier pid,
-            cjones
+    Session session, String insertOrUpdate)
     throws ServiceFailure {
   	logMetacat.debug("Starting to insert xml document...");
     IdentifierManager im = IdentifierManager.getInstance();
     // generate pid/localId pair for sysmeta
     String localId = null;
     if(insertOrUpdate.equals("insert")) {
       localId = im.generateLocalId(pid.getValue(), 1);
     } else {
       //localid should already exist in the identifier table, so just find it
       try {
         logMetacat.debug("Updating pid " + pid.getValue());
         logMetacat.debug("looking in identifier table for pid " + pid.getValue());
         localId = im.getLocalId(pid.getValue());
         logMetacat.debug("localId: " + localId);
         //increment the revision
         String docid = localId.substring(0, localId.lastIndexOf("."));
         String revS = localId.substring(localId.lastIndexOf(".") + 1, localId.length());
         int rev = new Integer(revS).intValue();
         rev++;
         docid = docid + "." + rev;
         localId = docid;
         logMetacat.debug("incremented localId: " + localId);
       } catch(McdbDocNotFoundException e) {
         throw new ServiceFailure("1030", "D1NodeService.insertOrUpdateDocument(): " +
             "pid " + pid.getValue() +
             " should have been in the identifier table, but it wasn't: " +
             e.getMessage());
+      }
+    }
-            leinfelder
+    params = new Hashtable<String, String[]>();
-            cjones
+    String[] action = new String[1];
     action[0] = insertOrUpdate;
     params.put("action", action);
     String[] docid = new String[1];
     docid[0] = localId;
     params.put("docid", docid);
     String[] doctext = new String[1];
     doctext[0] = xml;
     params.put("doctext", doctext);
-            leinfelder
+    String username = Constants.SUBJECT_PUBLIC;
-            cjones
+    String[] groupnames = null;
-            leinfelder
+    if (session != null ) {
     	username = session.getSubject().getValue();
-            leinfelder
+    	if (session.getSubjectInfo() != null) {
     		List<Group> groupList = session.getSubjectInfo().getGroupList();
-            leinfelder
+    		if (groupList != null) {
     			groupnames = new String[groupList.size()];
     			for (int i = 0; i > groupList.size(); i++ ) {
     				groupnames[i] = groupList.get(i).getGroupName();
+    			}
+    		}
+    	}
             cjones
     // do the insert or update action
-            leinfelder
+    handler = new MetacatHandler(new Timer());
-            leinfelder
+    String result = handler.handleInsertOrUpdateAction(request.getRemoteAddr(), request.getHeader("User-Agent"), null,
-            leinfelder
+                        null, params, username, groupnames, false, false);
             cjones
     if(result.indexOf("<error>") != -1) {
     	String detailCode = "";
     	if ( insertOrUpdate.equals("insert") ) {
-            leinfelder
+    		// make sure to remove the mapping so that subsequent attempts do not fail with IdentifierNotUnique
     		im.removeMapping(pid.getValue(), localId);
-            cjones
+    		detailCode = "1190";
     	} else if ( insertOrUpdate.equals("update") ) {
     		detailCode = "1310";
+    	}
         throw new ServiceFailure(detailCode,
           "Error inserting or updating document: " + result);
+    }
     logMetacat.debug("Finsished inserting xml document with id " + localId);
     return localId;
+  }
   /**
    * Insert a data document
+   *
    * @param object
    * @param pid
    * @param sessionData
    * @throws ServiceFailure
    * @returns localId of the data object inserted
    */
-            leinfelder
+  public String insertDataObject(InputStream object, Identifier pid,
-            cjones
+          Session session) throws ServiceFailure {
-            leinfelder
+    String username = Constants.SUBJECT_PUBLIC;
-            cjones
+    String[] groupnames = null;
-            leinfelder
+    if (session != null ) {
     	username = session.getSubject().getValue();
-            leinfelder
+    	if (session.getSubjectInfo() != null) {
     		List<Group> groupList = session.getSubjectInfo().getGroupList();
-            leinfelder
+    		if (groupList != null) {
     			groupnames = new String[groupList.size()];
     			for (int i = 0; i > groupList.size(); i++ ) {
     				groupnames[i] = groupList.get(i).getGroupName();
+    			}
+    		}
+    	}
             cjones
     // generate pid/localId pair for object
     logMetacat.debug("Generating a pid/localId mapping");
     IdentifierManager im = IdentifierManager.getInstance();
     String localId = im.generateLocalId(pid.getValue(), 1);
             leinfelder
     // Save the data file to disk using "localId" as the name
     String datafilepath = null;
 	try {
 		datafilepath = PropertyService.getProperty("application.datafilepath");
 	} catch (PropertyNotFoundException e) {
 		ServiceFailure sf = new ServiceFailure("1190", "Lookup data file path" + e.getMessage());
 		sf.initCause(e);
 		throw sf;
+	}
     boolean locked = false;
 	try {
 		locked = DocumentImpl.getDataFileLockGrant(localId);
 	} catch (Exception e) {
 		ServiceFailure sf = new ServiceFailure("1190", "Could not lock file for writing:" + e.getMessage());
 		sf.initCause(e);
 		throw sf;
+	}
     logMetacat.debug("Case DATA: starting to write to disk.");
 	if (locked) {
-            cjones
+          File dataDirectory = new File(datafilepath);
           dataDirectory.mkdirs();
           File newFile = writeStreamToFile(dataDirectory, localId, object);
           // TODO: Check that the file size matches SystemMetadata
           // long size = newFile.length();
           // if (size == 0) {
           //     throw new IOException("Uploaded file is 0 bytes!");
           // }
           // Register the file in the database (which generates an exception
           // if the localId is not acceptable or other untoward things happen
           try {
             logMetacat.debug("Registering document...");
             DocumentImpl.registerDocument(localId, "BIN", localId,
                     username, groupnames);
             logMetacat.debug("Registration step completed.");
           } catch (SQLException e) {
             //newFile.delete();
             logMetacat.debug("SQLE: " + e.getMessage());
             e.printStackTrace(System.out);
             throw new ServiceFailure("1190", "Registration failed: " +
             		e.getMessage());
           } catch (AccessionNumberException e) {
             //newFile.delete();
             logMetacat.debug("ANE: " + e.getMessage());
             e.printStackTrace(System.out);
             throw new ServiceFailure("1190", "Registration failed: " +
             	e.getMessage());
           } catch (Exception e) {
             //newFile.delete();
             logMetacat.debug("Exception: " + e.getMessage());
             e.printStackTrace(System.out);
             throw new ServiceFailure("1190", "Registration failed: " +
             	e.getMessage());
+          }
           logMetacat.debug("Logging the creation event.");
-            leinfelder
+          EventLog.getInstance().log(request.getRemoteAddr(), request.getHeader("User-Agent"), username, localId, "create");
             cjones
-            leinfelder
+          // Schedule replication for this data file, the "insert" action is important here!
-            cjones
+          logMetacat.debug("Scheduling replication.");
-            leinfelder
+          ForceReplicationHandler frh = new ForceReplicationHandler(localId, "insert", false, null);
             leinfelder
       return localId;
             cjones
+  }
             cjones
-            cjones
+  /**
    * Insert a systemMetadata document and return its localId
    */
-            leinfelder
+  public void insertSystemMetadata(SystemMetadata sysmeta)
-            cjones
+      throws ServiceFailure {
   	  logMetacat.debug("Starting to insert SystemMetadata...");
       sysmeta.setDateSysMetadataModified(Calendar.getInstance().getTime());
       logMetacat.debug("Inserting new system metadata with modified date " +
           sysmeta.getDateSysMetadataModified());
       //insert the system metadata
       try {
         // note: the calling subclass handles the map hazelcast lock/unlock
       	HazelcastService.getInstance().getSystemMetadataMap().put(sysmeta.getIdentifier(), sysmeta);
       } catch (Exception e) {
           throw new ServiceFailure("1190", e.getMessage());
+	    }
             cjones
   /**
-            cjones
+   * Update a systemMetadata document
+   *
    * @param sysMeta - the system metadata object in the system to update
    */
-            cjones
+    protected void updateSystemMetadata(SystemMetadata sysMeta)
         throws ServiceFailure {
         logMetacat.debug("D1NodeService.updateSystemMetadata() called.");
         sysMeta.setDateSysMetadataModified(new Date());
         try {
             HazelcastService.getInstance().getSystemMetadataMap().lock(sysMeta.getIdentifier());
             HazelcastService.getInstance().getSystemMetadataMap().put(sysMeta.getIdentifier(), sysMeta);
         } catch (Exception e) {
             throw new ServiceFailure("4862", e.getMessage());
         } finally {
             HazelcastService.getInstance().getSystemMetadataMap().unlock(sysMeta.getIdentifier());
+        }
+    }
             leinfelder
   /**
    * Given a Permission, returns a list of all permissions that it encompasses
    * Permissions are hierarchical so that WRITE also allows READ.
    * @param permission
    * @return list of included Permissions for the given permission
    */
   protected List<Permission> expandPermissions(Permission permission) {
 	  	List<Permission> expandedPermissions = new ArrayList<Permission>();
 	    if (permission.equals(Permission.READ)) {
 	    	expandedPermissions.add(Permission.READ);
+	    }
 	    if (permission.equals(Permission.WRITE)) {
 	    	expandedPermissions.add(Permission.READ);
 	    	expandedPermissions.add(Permission.WRITE);
+	    }
 	    if (permission.equals(Permission.CHANGE_PERMISSION)) {
 	    	expandedPermissions.add(Permission.READ);
 	    	expandedPermissions.add(Permission.WRITE);
 	    	expandedPermissions.add(Permission.CHANGE_PERMISSION);
+	    }
 	    return expandedPermissions;
+  }
             cjones
   /*
-            cjones
+   * Write a stream to a file
+   *
    * @param dir - the directory to write to
    * @param fileName - the file name to write to
    * @param data - the object bytes as an input stream
+   *
    * @return newFile - the new file created
+   *
    * @throws ServiceFailure
    */
   private File writeStreamToFile(File dir, String fileName, InputStream data)
     throws ServiceFailure {
     File newFile = new File(dir, fileName);
     logMetacat.debug("Filename for write is: " + newFile.getAbsolutePath());
     try {
         if (newFile.createNewFile()) {
           // write data stream to desired file
           OutputStream os = new FileOutputStream(newFile);
           long length = IOUtils.copyLarge(data, os);
           os.flush();
           os.close();
         } else {
           logMetacat.debug("File creation failed, or file already exists.");
           throw new ServiceFailure("1190", "File already exists: " + fileName);
+        }
     } catch (FileNotFoundException e) {
       logMetacat.debug("FNF: " + e.getMessage());
       throw new ServiceFailure("1190", "File not found: " + fileName + " "
                 + e.getMessage());
     } catch (IOException e) {
       logMetacat.debug("IOE: " + e.getMessage());
       throw new ServiceFailure("1190", "File was not written: " + fileName
                 + " " + e.getMessage());
+    }
     return newFile;
+  }
             cjones
   /*
    * Returns a list of nodes that have been registered with the DataONE infrastructure
    * that match the given session subject
    * @return nodes - List of nodes from the registry with a matching session subject
+   *
    * @throws ServiceFailure
    * @throws NotImplemented
    */
   protected List<Node> listNodesBySubject(Subject subject)
       throws ServiceFailure, NotImplemented {
-            leinfelder
+      List<Node> nodeList = new ArrayList<Node>();
             cjones
       CNode cn = D1Client.getCN();
       List<Node> nodes = cn.listNodes().getNodeList();
       // find the node in the node list
       for ( Node node : nodes ) {
           List<Subject> nodeSubjects = node.getSubjectList();
-            leinfelder
+          if (nodeSubjects != null) {
 	          // check if the session subject is in the node subject list
 	          for (Subject nodeSubject : nodeSubjects) {
 	              if ( nodeSubject.equals(subject) ) { // subject of session == node subject
 	                  nodeList.add(node);
+	              }
+	          }
+          }
             cjones
       return nodeList;
+  }
-            leinfelder
+  /**
-            leinfelder
+   * Archives an object, where the object is either a
    * data object or a science metadata object.
+   *
    * @param session - the Session object containing the credentials for the Subject
    * @param pid - The object identifier to be archived
+   *
    * @return pid - the identifier of the object used for the archiving
+   *
    * @throws InvalidToken
    * @throws ServiceFailure
    * @throws NotAuthorized
    * @throws NotFound
    * @throws NotImplemented
    * @throws InvalidRequest
    */
   public Identifier archive(Session session, Identifier pid)
       throws InvalidToken, ServiceFailure, NotAuthorized, NotFound, NotImplemented {
             cjones
-            leinfelder
+      String localId = null;
       boolean allowed = false;
       String username = Constants.SUBJECT_PUBLIC;
       String[] groupnames = null;
       if (session == null) {
       	throw new InvalidToken("1330", "No session has been provided");
       } else {
           username = session.getSubject().getValue();
           if (session.getSubjectInfo() != null) {
               List<Group> groupList = session.getSubjectInfo().getGroupList();
               if (groupList != null) {
                   groupnames = new String[groupList.size()];
                   for (int i = 0; i > groupList.size(); i++) {
                       groupnames[i] = groupList.get(i).getGroupName();
+                  }
+              }
+          }
+      }
       // do we have a valid pid?
       if (pid == null || pid.getValue().trim().equals("")) {
           throw new ServiceFailure("1350", "The provided identifier was invalid.");
+      }
       // check for the existing identifier
       try {
           localId = IdentifierManager.getInstance().getLocalId(pid.getValue());
       } catch (McdbDocNotFoundException e) {
           throw new NotFound("1340", "The object with the provided " + "identifier was not found.");
+      }
       // does the subject have archive (a D1 CHANGE_PERMISSION level) privileges on the pid?
       try {
 			allowed = isAuthorized(session, pid, Permission.CHANGE_PERMISSION);
 		} catch (InvalidRequest e) {
           throw new ServiceFailure("1350", e.getDescription());
+		}
       if (allowed) {
           try {
               // archive the document
-            cjones
+              DocumentImpl.delete(localId, null, null, null, false);
-            leinfelder
+              EventLog.getInstance().log(request.getRemoteAddr(), request.getHeader("User-Agent"), username, localId, Event.DELETE.xmlValue());
               // archive it
               SystemMetadata sysMeta = HazelcastService.getInstance().getSystemMetadataMap().get(pid);
               sysMeta.setArchived(true);
-            leinfelder
+              sysMeta.setDateSysMetadataModified(Calendar.getInstance().getTime());
-            leinfelder
+              HazelcastService.getInstance().getSystemMetadataMap().put(pid, sysMeta);
           } catch (McdbDocNotFoundException e) {
               throw new NotFound("1340", "The provided identifier was invalid.");
           } catch (SQLException e) {
               throw new ServiceFailure("1350", "There was a problem archiving the object." + "The error message was: " + e.getMessage());
           } catch (InsufficientKarmaException e) {
               throw new NotAuthorized("1320", "The provided identity does not have " + "permission to archive this object.");
           } catch (Exception e) { // for some reason DocumentImpl throws a general Exception
               throw new ServiceFailure("1350", "There was a problem archiving the object." + "The error message was: " + e.getMessage());
+          }
       } else {
           throw new NotAuthorized("1320", "The provided identity does not have " + "permission to archive the object on the Node.");
+      }
       return pid;
+  }
             leinfelder
   public Identifier archive(Identifier pid) throws InvalidToken, ServiceFailure, NotAuthorized, NotFound, NotImplemented {
 	  return archive(null, pid);
+  }
             leinfelder
             cjones

Project

General

Profile

Metacat