Revision 8774
Added by ben leinfelder almost 10 years ago
RdfXmlSubprocessor.java | ||
---|---|---|
21 | 21 |
import java.io.InputStream; |
22 | 22 |
import java.net.MalformedURLException; |
23 | 23 |
import java.util.ArrayList; |
24 |
import java.util.Arrays; |
|
24 | 25 |
import java.util.Date; |
25 | 26 |
import java.util.HashMap; |
27 |
import java.util.HashSet; |
|
26 | 28 |
import java.util.Iterator; |
27 | 29 |
import java.util.List; |
28 | 30 |
import java.util.Map; |
... | ... | |
55 | 57 |
import org.dataone.cn.indexer.solrhttp.SolrElementField; |
56 | 58 |
import org.dataone.service.exceptions.NotFound; |
57 | 59 |
import org.dataone.service.exceptions.UnsupportedType; |
60 |
import org.dataone.service.types.v1.Permission; |
|
61 |
import org.dataone.service.types.v1.Subject; |
|
62 |
import org.dataone.service.types.v1.util.AccessUtil; |
|
63 |
import org.dataone.service.types.v1.util.AuthUtils; |
|
58 | 64 |
import org.dataone.service.util.DateTimeMarshaller; |
59 | 65 |
import org.w3c.dom.Document; |
60 | 66 |
import org.xml.sax.SAXException; |
... | ... | |
72 | 78 |
|
73 | 79 |
import edu.ucsb.nceas.metacat.common.SolrServerFactory; |
74 | 80 |
import edu.ucsb.nceas.metacat.common.query.SolrQueryServiceController; |
81 |
import edu.ucsb.nceas.metacat.index.DistributedMapsFactory; |
|
75 | 82 |
|
76 | 83 |
|
77 | 84 |
/** |
... | ... | |
147 | 154 |
// find the index document we are trying to augment with the annotation |
148 | 155 |
if (solution.contains("pid")) { |
149 | 156 |
String id = solution.getLiteral("pid").getString(); |
157 |
|
|
158 |
// check if anyone with permissions on the annotation document has write permission on the document we are annotating |
|
159 |
boolean statementAuthorized = false; |
|
160 |
try { |
|
161 |
HashMap<Subject, Set<Permission>> annotationPermissionMap = AccessUtil.getPermissionMap(DistributedMapsFactory.getSystemMetadata(name).getAccessPolicy()); |
|
162 |
annotationPermissionMap.put(DistributedMapsFactory.getSystemMetadata(name).getRightsHolder(), new HashSet<Permission>(Arrays.asList(Permission.CHANGE_PERMISSION))); |
|
163 |
statementAuthorized = AuthUtils.isAuthorized(annotationPermissionMap.keySet(), Permission.WRITE, DistributedMapsFactory.getSystemMetadata(id)); |
|
164 |
} catch (Exception e) { |
|
165 |
log.warn("Could not check for assertion permission on original pid: " + id, e); |
|
166 |
} |
|
167 |
if (!statementAuthorized) { |
|
168 |
continue; |
|
169 |
} |
|
170 |
|
|
171 |
// otherwise carry on with the indexing |
|
150 | 172 |
solrDoc = documentsToIndex.get(id); |
151 | 173 |
if (solrDoc == null) { |
152 | 174 |
solrDoc = new SolrDoc(); |
Also available in: Unified diff
use a non-public rightsHolder for both EML and Annotation test documents now that the RDF subprocessor checks each annotation to see that it came from a user that as write permission for the object being annotated.