| 65 |
65 |
import org.dataone.client.v2.formats.ObjectFormatCache;
|
| 66 |
66 |
import org.dataone.configuration.Settings;
|
| 67 |
67 |
import org.dataone.ore.ResourceMapFactory;
|
|
68 |
import org.dataone.service.util.Constants;
|
| 68 |
69 |
import org.dataone.service.util.TypeMarshaller;
|
| 69 |
70 |
import org.dataone.service.exceptions.IdentifierNotUnique;
|
| 70 |
71 |
import org.dataone.service.exceptions.InsufficientResources;
|
| ... | ... | |
| 984 |
985 |
guid.setValue("testIsAuthorized." + System.currentTimeMillis());
|
| 985 |
986 |
InputStream object = new ByteArrayInputStream("test".getBytes("UTF-8"));
|
| 986 |
987 |
SystemMetadata sysmeta = createSystemMetadata(guid, session.getSubject(), object);
|
|
988 |
//non-public readable
|
|
989 |
AccessPolicy accessPolicy = new AccessPolicy();
|
|
990 |
AccessRule allow = new AccessRule();
|
|
991 |
allow.addPermission(Permission.READ);
|
|
992 |
Subject subject = new Subject();
|
|
993 |
subject.setValue("cn=test2,dc=dataone,dc=org");
|
|
994 |
allow.addSubject(subject);
|
|
995 |
accessPolicy.addAllow(allow);
|
|
996 |
sysmeta.setAccessPolicy(accessPolicy);
|
| 987 |
997 |
Identifier pid =
|
| 988 |
998 |
MNodeService.getInstance(request).create(session, guid, object, sysmeta);
|
| 989 |
999 |
boolean isAuthorized =
|
| 990 |
1000 |
MNodeService.getInstance(request).isAuthorized(session, pid, Permission.READ);
|
| 991 |
1001 |
assertEquals(isAuthorized, true);
|
|
1002 |
isAuthorized =
|
|
1003 |
MNodeService.getInstance(request).isAuthorized(session, pid, Permission.WRITE);
|
|
1004 |
assertEquals(isAuthorized, true);
|
|
1005 |
try {
|
|
1006 |
isAuthorized =
|
|
1007 |
MNodeService.getInstance(request).isAuthorized(null, pid, Permission.READ);
|
|
1008 |
fail("we can reach here");
|
|
1009 |
} catch(NotAuthorized ee) {
|
|
1010 |
|
|
1011 |
}
|
| 992 |
1012 |
|
|
1013 |
|
|
1014 |
Session session2= getAnotherSession();
|
|
1015 |
isAuthorized =
|
|
1016 |
MNodeService.getInstance(request).isAuthorized(session2, pid, Permission.READ);
|
|
1017 |
assertEquals(isAuthorized, true);
|
|
1018 |
|
|
1019 |
try {
|
|
1020 |
isAuthorized =
|
|
1021 |
MNodeService.getInstance(request).isAuthorized(session2, pid, Permission.WRITE);
|
|
1022 |
fail("we can reach here");
|
|
1023 |
} catch(NotAuthorized ee) {
|
|
1024 |
|
|
1025 |
}
|
|
1026 |
|
|
1027 |
|
|
1028 |
try {
|
|
1029 |
isAuthorized =
|
|
1030 |
MNodeService.getInstance(request).isAuthorized(session2, pid, Permission.CHANGE_PERMISSION);
|
|
1031 |
fail("we can reach here");
|
|
1032 |
} catch(NotAuthorized ee) {
|
|
1033 |
|
|
1034 |
}
|
|
1035 |
|
|
1036 |
|
| 993 |
1037 |
} catch (UnsupportedEncodingException e) {
|
| 994 |
1038 |
e.printStackTrace();
|
| 995 |
1039 |
fail("Unexpected error: " + e.getMessage());
|
| ... | ... | |
| 1062 |
1106 |
MNodeService.getInstance(request).isAuthorized(null, pid, Permission.CHANGE_PERMISSION);
|
| 1063 |
1107 |
assertEquals(isAuthorized, false);
|
| 1064 |
1108 |
|
|
1109 |
//test write by another session
|
|
1110 |
Session session2 = getAnotherSession();
|
|
1111 |
isAuthorized =
|
|
1112 |
MNodeService.getInstance(request).isAuthorized(session2, pid, Permission.WRITE);
|
|
1113 |
assertEquals(isAuthorized, false);
|
|
1114 |
|
| 1065 |
1115 |
// test as admin
|
| 1066 |
1116 |
isAuthorized =
|
| 1067 |
1117 |
MNodeService.getInstance(request).isAuthorized(getMNSession(), pid, Permission.CHANGE_PERMISSION);
|
| 1068 |
1118 |
assertEquals(isAuthorized, true);
|
|
1119 |
// test as cn
|
|
1120 |
isAuthorized =
|
|
1121 |
MNodeService.getInstance(request).isAuthorized(getCNSession(), pid, Permission.CHANGE_PERMISSION);
|
|
1122 |
assertEquals(isAuthorized, true);
|
| 1069 |
1123 |
|
| 1070 |
1124 |
} catch (Exception e) {
|
| 1071 |
1125 |
e.printStackTrace();
|
Add more scenario for check isAuthorized.