Project

General

Profile

Revision 6571

Added by Chris Jones about 9 years ago

Add setAccessPolicy() to CNodeService since the CN should only make changes to access policies for objects registered with the D1 system. Increment the serial version after locling and getting the most up to fdate system metadata.
Note: CCIT meeting decision says the serial version of the system metadata (during the change) should equal the current serial version, but setAccessPolicy() does not pass in the entire system metadata object, so there's no way to check. For now, increment the latest system metadata from the hzSystemMetadata map.

View differences:

src/edu/ucsb/nceas/metacat/dataone/CNodeService.java
51 51
import org.dataone.service.exceptions.NotImplemented;
52 52
import org.dataone.service.exceptions.ServiceFailure;
53 53
import org.dataone.service.exceptions.UnsupportedType;
54
import org.dataone.service.types.v1.AccessPolicy;
54 55
import org.dataone.service.types.v1.Checksum;
55 56
import org.dataone.service.types.v1.Identifier;
56 57
import org.dataone.service.types.v1.Node;
......
982 983

  
983 984
  }
984 985

  
986
  /**
987
   * Set access for a given object using the object identifier and a Subject
988
   * under a given Session.
989
   * 
990
   * @param session - the Session object containing the credentials for the Subject
991
   * @param pid - the object identifier for the given object to apply the policy
992
   * @param policy - the access policy to be applied
993
   * 
994
   * @return true if the application of the policy succeeds
995
   * @throws InvalidToken
996
   * @throws ServiceFailure
997
   * @throws NotFound
998
   * @throws NotAuthorized
999
   * @throws NotImplemented
1000
   * @throws InvalidRequest
1001
   */
1002
  public boolean setAccessPolicy(Session session, Identifier pid, 
1003
      AccessPolicy accessPolicy) 
1004
      throws InvalidToken, ServiceFailure, NotFound, NotAuthorized, 
1005
      NotImplemented, InvalidRequest {
1006
      
1007
      boolean success = false;
1008
      
1009
      // get the subject
1010
      Subject subject = session.getSubject();
1011
      
1012
      // are we allowed to do this?
1013
      if (!isAuthorized(session, pid, Permission.CHANGE_PERMISSION)) {
1014
          throw new NotAuthorized("4420", "not allowed by " + subject.getValue() + 
1015
          " on " + pid.getValue());  
1016
      }
1017
      
1018
      SystemMetadata systemMetadata = null;
1019
      
1020
      try {
1021
          HazelcastService.getInstance().getSystemMetadataMap().lock(pid);
1022
          systemMetadata = HazelcastService.getInstance().getSystemMetadataMap().get(pid);
1023

  
1024
      } catch (Exception e) {
1025
          // convert Hazelcast RuntimeException to NotFound
1026
          throw new NotFound("4400", "No record found for: " + pid);
1027
        
1028
      }
1029
          
1030
      // set the access policy
1031
      systemMetadata.setAccessPolicy(accessPolicy);
1032
      
1033
      // update the system metadata
1034
      try {
1035
          // TODO: consult authoritative MN on current sysmeta serial version?
1036
          systemMetadata.setSerialVersion(systemMetadata.getSerialVersion().add(BigInteger.ONE));
1037
          systemMetadata.setDateSysMetadataModified(Calendar.getInstance().getTime());
1038
          HazelcastService.getInstance().getSystemMetadataMap().put(systemMetadata.getIdentifier(), systemMetadata);
1039
          HazelcastService.getInstance().getSystemMetadataMap().unlock(systemMetadata.getIdentifier());
1040
        
1041
      } catch (Exception e) {
1042
          // convert Hazelcast RuntimeException to ServiceFailure
1043
          throw new ServiceFailure("4430", e.getMessage());
1044
        
1045
      } finally {
1046
          HazelcastService.getInstance().getSystemMetadataMap().unlock(systemMetadata.getIdentifier());
1047
        
1048
      }
1049
    
1050
    // TODO: how do we know if the map was persisted?
1051
    success = true;
1052
    
1053
    return success;
1054
  }
1055

  
985 1056
}

Also available in: Unified diff