Project

General

Profile

« Previous | Next » 

Revision 8774

Added by ben leinfelder almost 10 years ago

use a non-public rightsHolder for both EML and Annotation test documents now that the RDF subprocessor checks each annotation to see that it came from a user that as write permission for the object being annotated.

View differences:

metacat-index/src/test/resources/eml-system-meta-example.xml
1 
<?xml version="1.0" encoding="UTF-8"?><d1:systemMetadata xmlns:d1="http://ns.dataone.org/service/types/v1"><identifier>urn:uuid:606a19dd-b531-4bf4-b5a5-6d06c3d39098</identifier><formatId>eml://ecoinformatics.org/eml-2.1.1</formatId><size>585</size><checksum algorithm="MD5">e4860c218a14597ac3cacf75b621328b</checksum><rightsHolder>public</rightsHolder><accessPolicy><allow><subject>public</subject><permission>read</permission></allow></accessPolicy><replicationPolicy replicationAllowed="true" numberReplicas="2"/><archived>false</archived><dateSysMetadataModified>2013-04-11T17:54:25.462+00:00</dateSysMetadataModified><authoritativeMemberNode>TBD</authoritativeMemberNode></d1:systemMetadata>
1 
<?xml version="1.0" encoding="UTF-8"?><d1:systemMetadata xmlns:d1="http://ns.dataone.org/service/types/v1"><identifier>urn:uuid:606a19dd-b531-4bf4-b5a5-6d06c3d39098</identifier><formatId>eml://ecoinformatics.org/eml-2.1.1</formatId><size>585</size><checksum algorithm="MD5">e4860c218a14597ac3cacf75b621328b</checksum><rightsHolder>cn=test,dc=dataone,dc=org</rightsHolder><accessPolicy><allow><subject>public</subject><permission>read</permission></allow><allow><subject>cn=test,dc=dataone,dc=org</subject><permission>write</permission></allow></accessPolicy><replicationPolicy replicationAllowed="true" numberReplicas="2"/><archived>false</archived><dateSysMetadataModified>2013-04-11T17:54:25.462+00:00</dateSysMetadataModified><authoritativeMemberNode>TBD</authoritativeMemberNode></d1:systemMetadata>
metacat-index/src/main/java/edu/ucsb/nceas/metacat/index/annotation/RdfXmlSubprocessor.java
21 21 
import java.io.InputStream;
22 22 
import java.net.MalformedURLException;
23 23 
import java.util.ArrayList;
24 
import java.util.Arrays;
24 25 
import java.util.Date;
25 26 
import java.util.HashMap;
27 
import java.util.HashSet;
26 28 
import java.util.Iterator;
27 29 
import java.util.List;
28 30 
import java.util.Map;
......
55 57 
import org.dataone.cn.indexer.solrhttp.SolrElementField;
56 58 
import org.dataone.service.exceptions.NotFound;
57 59 
import org.dataone.service.exceptions.UnsupportedType;
60 
import org.dataone.service.types.v1.Permission;
61 
import org.dataone.service.types.v1.Subject;
62 
import org.dataone.service.types.v1.util.AccessUtil;
63 
import org.dataone.service.types.v1.util.AuthUtils;
58 64 
import org.dataone.service.util.DateTimeMarshaller;
59 65 
import org.w3c.dom.Document;
60 66 
import org.xml.sax.SAXException;
......
72 78 

  		




  73
  79
  
    
import edu.ucsb.nceas.metacat.common.SolrServerFactory;


  		




  74
  80
  
    
import edu.ucsb.nceas.metacat.common.query.SolrQueryServiceController;


  		




  
  81
  
    
import edu.ucsb.nceas.metacat.index.DistributedMapsFactory;


  		




  75
  82
  
    

  		




  76
  83
  
    

  		




  77
  84
  
    
/**


  		




  ......




  147
  154
  
    
					// find the index document we are trying to augment with the annotation


  		




  148
  155
  
    
					if (solution.contains("pid")) {


  		




  149
  156
  
    
						String id = solution.getLiteral("pid").getString();


  		




  
  157
  
    
						


  		




  
  158
  
    
						// check if anyone with permissions on the annotation document has write permission on the document we are annotating


  		




  
  159
  
    
						boolean statementAuthorized = false;


  		




  
  160
  
    
						try {


  		




  
  161
  
    
							HashMap<Subject, Set<Permission>> annotationPermissionMap = AccessUtil.getPermissionMap(DistributedMapsFactory.getSystemMetadata(name).getAccessPolicy());


  		




  
  162
  
    
							annotationPermissionMap.put(DistributedMapsFactory.getSystemMetadata(name).getRightsHolder(), new HashSet<Permission>(Arrays.asList(Permission.CHANGE_PERMISSION)));


  		




  
  163
  
    
							statementAuthorized = AuthUtils.isAuthorized(annotationPermissionMap.keySet(), Permission.WRITE, DistributedMapsFactory.getSystemMetadata(id));


  		




  
  164
  
    
						} catch (Exception e) {


  		




  
  165
  
    
							log.warn("Could not check for assertion permission on original pid: " + id, e);


  		




  
  166
  
    
						}


  		




  
  167
  
    
						if (!statementAuthorized) {	


  		




  
  168
  
    
							continue;


  		




  
  169
  
    
						}


  		




  
  170
  
    
						


  		




  
  171
  
    
						// otherwise carry on with the indexing


  		




  150
  172
  
    
						solrDoc = documentsToIndex.get(id);


  		




  151
  173
  
    
						if (solrDoc == null) {


  		




  152
  174
  
    
							solrDoc = new SolrDoc();


  		












Also available in:  Unified diff