Project

General

Profile

« Previous | Next » 

Revision 8774

use a non-public rightsHolder for both EML and Annotation test documents now that the RDF subprocessor checks each annotation to see that it came from a user that as write permission for the object being annotated.

View differences:

RdfXmlSubprocessor.java
21 21
import java.io.InputStream;
22 22
import java.net.MalformedURLException;
23 23
import java.util.ArrayList;
24
import java.util.Arrays;
24 25
import java.util.Date;
25 26
import java.util.HashMap;
27
import java.util.HashSet;
26 28
import java.util.Iterator;
27 29
import java.util.List;
28 30
import java.util.Map;
......
55 57
import org.dataone.cn.indexer.solrhttp.SolrElementField;
56 58
import org.dataone.service.exceptions.NotFound;
57 59
import org.dataone.service.exceptions.UnsupportedType;
60
import org.dataone.service.types.v1.Permission;
61
import org.dataone.service.types.v1.Subject;
62
import org.dataone.service.types.v1.util.AccessUtil;
63
import org.dataone.service.types.v1.util.AuthUtils;
58 64
import org.dataone.service.util.DateTimeMarshaller;
59 65
import org.w3c.dom.Document;
60 66
import org.xml.sax.SAXException;
......
72 78

  
73 79
import edu.ucsb.nceas.metacat.common.SolrServerFactory;
74 80
import edu.ucsb.nceas.metacat.common.query.SolrQueryServiceController;
81
import edu.ucsb.nceas.metacat.index.DistributedMapsFactory;
75 82

  
76 83

  
77 84
/**
......
147 154
					// find the index document we are trying to augment with the annotation
148 155
					if (solution.contains("pid")) {
149 156
						String id = solution.getLiteral("pid").getString();
157
						
158
						// check if anyone with permissions on the annotation document has write permission on the document we are annotating
159
						boolean statementAuthorized = false;
160
						try {
161
							HashMap<Subject, Set<Permission>> annotationPermissionMap = AccessUtil.getPermissionMap(DistributedMapsFactory.getSystemMetadata(name).getAccessPolicy());
162
							annotationPermissionMap.put(DistributedMapsFactory.getSystemMetadata(name).getRightsHolder(), new HashSet<Permission>(Arrays.asList(Permission.CHANGE_PERMISSION)));
163
							statementAuthorized = AuthUtils.isAuthorized(annotationPermissionMap.keySet(), Permission.WRITE, DistributedMapsFactory.getSystemMetadata(id));
164
						} catch (Exception e) {
165
							log.warn("Could not check for assertion permission on original pid: " + id, e);
166
						}
167
						if (!statementAuthorized) {	
168
							continue;
169
						}
170
						
171
						// otherwise carry on with the indexing
150 172
						solrDoc = documentsToIndex.get(id);
151 173
						if (solrDoc == null) {
152 174
							solrDoc = new SolrDoc();

Also available in: Unified diff