/ - Diff - Metacat - Ecoinformatics Redmine

« Previous | Next »

Revision 9700

Added by Chris Jones about 8 years ago

Merge changes from the 2.6.0 branch in MNodeService.allowUpdating() so it honors the localhost MN certificate.

refs https://projects.ecoinformatics.org/ecoinfo/issues/7018

          * Rules are:
          * 1. If the session has an cn object, it is allowed.
          * 2. If it is not a cn object, the client should have approperate permission and it should also happen on the authorative node.
          * 3. If it's the authoritative node, the MN Admin Subject is allowed.
          */
         private boolean allowUpdating(Session session, Identifier pid, Permission permission) throws NotAuthorized, NotFound, InvalidRequest {
             boolean allow = false;
             if(isCNAdmin (session)) {
             if( isCNAdmin (session) ) {
                 allow = true;
             } else {
                 if(isAuthoritativeNode(pid)) {
                     if(userHasPermission(session, pid, permission)) {
                 if( isAuthoritativeNode(pid) ) {
                 	try {
     					return isNodeAdmin(session);
     				} catch (NotImplemented e) {
     					logMetacat.debug("Failed to authorize the Member Node Admin Subject: " + e.getMessage());
     				} catch (ServiceFailure e) {
     					logMetacat.debug("Failed to authorize the Member Node Admin Subject: " + e.getMessage());
+    				}
                 	if ( userHasPermission(session, pid, permission) ) {
                         allow = true;
                     } else {
                         allow = false;
+                    }
                 } else {
                     throw new NotAuthorized("4861", "Client can only call the request on the authoritative memember node.");
+                }
+            }
             return allow;

Also available in: Unified diff

Project

General

Profile

Metacat

Revision 9700

Added by Chris Jones about 8 years ago