Revision 9452
Added by ben leinfelder almost 9 years ago
| src/edu/ucsb/nceas/metacat/PermissionController.java | ||
|---|---|---|
| 35 | 35 |
import java.util.Vector; |
| 36 | 36 |
|
| 37 | 37 |
import org.apache.log4j.Logger; |
| 38 |
import org.dataone.service.types.v1.Identifier; |
|
| 39 |
import org.dataone.service.types.v1.Permission; |
|
| 40 |
import org.dataone.service.types.v1.Session; |
|
| 41 |
import org.dataone.service.types.v1.Subject; |
|
| 38 | 42 |
|
| 39 | 43 |
import edu.ucsb.nceas.metacat.accesscontrol.AccessControlList; |
| 40 | 44 |
import edu.ucsb.nceas.metacat.database.DBConnection; |
| 41 | 45 |
import edu.ucsb.nceas.metacat.database.DBConnectionPool; |
| 46 |
import edu.ucsb.nceas.metacat.dataone.D1NodeService; |
|
| 42 | 47 |
import edu.ucsb.nceas.metacat.properties.PropertyService; |
| 43 | 48 |
import edu.ucsb.nceas.metacat.service.SessionService; |
| 44 | 49 |
import edu.ucsb.nceas.metacat.shared.MetacatUtilException; |
| ... | ... | |
| 134 | 139 |
// not much we can do here, except treat them as normal |
| 135 | 140 |
logMetacat.warn("Error checking for administrator: " + e.getMessage(), e);
|
| 136 | 141 |
} |
| 142 |
|
|
| 143 |
// for DataONE rightsHolder permission |
|
| 144 |
boolean isOwner = false; |
|
| 145 |
try {
|
|
| 146 |
Session userSession = new Session(); |
|
| 147 |
Subject subject = new Subject(); |
|
| 148 |
subject.setValue(user); |
|
| 149 |
userSession.setSubject(subject); |
|
| 150 |
Identifier pid = new Identifier(); |
|
| 151 |
pid.setValue(guid); |
|
| 152 |
isOwner = D1NodeService.userHasPermission(userSession, pid, Permission.CHANGE_PERMISSION); |
|
| 153 |
} catch (Exception e) {
|
|
| 154 |
logMetacat.warn("Error checking for DataONE permissions: " + e.getMessage(), e);
|
|
| 155 |
isOwner = false; |
|
| 156 |
} |
|
| 157 |
if (isOwner) {
|
|
| 158 |
return true; |
|
| 159 |
} |
|
| 137 | 160 |
|
| 138 | 161 |
//create a userpackage including user, public and group member |
| 139 | 162 |
userPackage=createUsersPackage(user, groups); |
| src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java | ||
|---|---|---|
| 1142 | 1142 |
* 1. Owner can have any permission. |
| 1143 | 1143 |
* 2. Access table allow the user has the permission |
| 1144 | 1144 |
*/ |
| 1145 |
protected boolean userHasPermission(Session userSession, Identifier pid, Permission permission ) throws NotFound{
|
|
| 1145 |
public static boolean userHasPermission(Session userSession, Identifier pid, Permission permission ) throws NotFound{
|
|
| 1146 | 1146 |
boolean allowed = false; |
| 1147 | 1147 |
// permissions are hierarchical |
| 1148 | 1148 |
List<Permission> expandedPermissions = null; |
| ... | ... | |
| 1840 | 1840 |
* @param permission |
| 1841 | 1841 |
* @return list of included Permissions for the given permission |
| 1842 | 1842 |
*/ |
| 1843 |
protected List<Permission> expandPermissions(Permission permission) {
|
|
| 1843 |
protected static List<Permission> expandPermissions(Permission permission) {
|
|
| 1844 | 1844 |
List<Permission> expandedPermissions = new ArrayList<Permission>(); |
| 1845 | 1845 |
if (permission.equals(Permission.READ)) {
|
| 1846 | 1846 |
expandedPermissions.add(Permission.READ); |
Also available in: Unified diff
include check for d1 rightsholder when checking permissions in original metacat code base. https://redmine.dataone.org/issues/7560