Project

General

Profile

« Previous | Next » 

Revision 9175

Added by Jing Tao about 9 years ago

Add the check of permission to update the system metadata.

View differences:

src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java
1000 1000 
  /**
1001 1001 
   * Test if the user identified by the provided token has authorization
1002 1002 
   * for the operation on the specified object.
1003 
   * Allowed subjects include:
1004 
   * 1. CNs
1005 
   * 2. Authoritative node
1006 
   * 3. Owner of the object
1007 
   * 4. Users with the specified permission in the access rules.
1003 1008 
   *
1004 1009 
   * @param session - the Session object containing the credentials for the Subject
1005 1010 
   * @param pid - The identifer of the resource for which access is being checked
......
1514 1519
1515 1520 
		// The lock to be used for this identifier
1516 1521 
      Lock lock = null;
1522 
      if(pid == null || pid.getValue() == null) {
1523 
          throw new InvalidRequest("4863", "Please specify the id in the updateSystemMetadata request ") ;
1524 
      }
1517 1525 

  		




  1518
  1526
  
    
      // TODO: control who can call this?


  		




  1519
  1527
  
    
      if (session == null) {


  		




  1520
  1528
  
    
          //TODO: many of the thrown exceptions do not use the correct error codes


  		




  1521
  1529
  
    
          //check these against the docs and correct them


  		




  1522
  
  
    
          throw new NotAuthorized("4861", "No Session - could not authorize for registration." +


  		




  
  1530
  
    
          throw new NotAuthorized("4861", "No Session - could not authorize for updating system metadata." +


  		




  1523
  1531
  
    
                  "  If you are not logged in, please do so and retry the request.");


  		




  
  1532
  
    
      } else {


  		




  
  1533
  
    
          try {


  		




  
  1534
  
    
              boolean allow = isAuthorized(session, pid, Permission.CHANGE_PERMISSION);


  		




  
  1535
  
    
              if(!allow) {


  		




  
  1536
  
    
                  throw new NotAuthorized("4861", "The client -"+ session.getSubject().getValue()+ "is not authorized for updating the system metadata of the object "+pid.getValue());


  		




  
  1537
  
    
              }


  		




  
  1538
  
    
          } catch (NotFound e) {


  		




  
  1539
  
    
              throw new InvalidRequest("4863", "Can't determine if the client has the permission to update the system metacat of the object with id "+pid.getValue()+" since "+e.getDescription());


  		




  
  1540
  
    
          }


  		




  
  1541
  
    
          


  		




  1524
  1542
  
    
      }


  		




  1525
  1543
  
    
      


  		




  1526
  1544
  
    
      // verify that guid == SystemMetadata.getIdentifier()


  		












Also available in:  Unified diff