Project

General

Profile

« Previous | Next » 

Revision 9700

Added by Chris Jones over 8 years ago

Merge changes from the 2.6.0 branch in MNodeService.allowUpdating() so it honors the localhost MN certificate.

refs https://projects.ecoinformatics.org/ecoinfo/issues/7018

View differences:

src/edu/ucsb/nceas/metacat/dataone/MNodeService.java
2683 2683 
     * Rules are:
2684 2684 
     * 1. If the session has an cn object, it is allowed.
2685 2685 
     * 2. If it is not a cn object, the client should have approperate permission and it should also happen on the authorative node.
2686 
     * 3. If it's the authoritative node, the MN Admin Subject is allowed.
2686 2687 
     */
2687 2688 
    private boolean allowUpdating(Session session, Identifier pid, Permission permission) throws NotAuthorized, NotFound, InvalidRequest {
2688 2689 
        boolean allow = false;
2689 
        if(isCNAdmin (session)) {
2690 
        if( isCNAdmin (session) ) {
2690 2691 
            allow = true;
2692
2691 2693 
        } else {
2692 
            if(isAuthoritativeNode(pid)) {
2693 
                if(userHasPermission(session, pid, permission)) {
2694 
            if( isAuthoritativeNode(pid) ) {
2695
2696 
            	try {
2697 
					return isNodeAdmin(session);
2698
2699 
				} catch (NotImplemented e) {
2700 
					logMetacat.debug("Failed to authorize the Member Node Admin Subject: " + e.getMessage());
2701 

  		




  
  2702
  
    
				} catch (ServiceFailure e) {


  		




  
  2703
  
    
					logMetacat.debug("Failed to authorize the Member Node Admin Subject: " + e.getMessage());


  		




  
  2704
  
    
					


  		




  
  2705
  
    
				}


  		




  
  2706
  
    
            	


  		




  
  2707
  
    
            	if ( userHasPermission(session, pid, permission) ) {


  		




  2694
  2708
  
    
                    allow = true;


  		




  
  2709
  
    
                    


  		




  2695
  2710
  
    
                } else {


  		




  2696
  2711
  
    
                    allow = false;


  		




  
  2712
  
    
                    


  		




  2697
  2713
  
    
                }


  		




  2698
  2714
  
    
            } else {


  		




  2699
  2715
  
    
                throw new NotAuthorized("4861", "Client can only call the request on the authoritative memember node.");


  		




  
  2716
  
    
                


  		




  2700
  2717
  
    
            }


  		




  2701
  2718
  
    
        }


  		




  2702
  2719
  
    
        return allow;


  		




  2703
  2720
  
    

  		












Also available in:  Unified diff