Project

General

Profile

Revision 7234

restrict getLogRecrods (both MN and CN) to be called only by admin users (the CN)
https://redmine.dataone.org/issues/2855

View differences:

src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java
432 432
      Event event, String pidFilter, Integer start, Integer count) throws InvalidToken, ServiceFailure,
433 433
      NotAuthorized, InvalidRequest, NotImplemented {
434 434

  
435

  
435
	  // only admin access to this method
436
	  // see https://redmine.dataone.org/issues/2855
437
	  if (!isAdminAuthorized(session)) {
438
		  throw new NotAuthorized("1460", "Only the CN or admin is allowed to harvest logs from this node");
439
		  
440
	  }
441
	  
436 442
    Log log = new Log();
437 443
    List<LogEntry> logs = new Vector<LogEntry>();
438 444
    IdentifierManager im = IdentifierManager.getInstance();
......
476 482
        new java.sql.Timestamp(toDate.getTime()), false);
477 483

  
478 484
    logMetacat.debug("report: " + report);
485
    
486
    NodeReference memberNode = new NodeReference();
487
    String nodeId = "localhost";
488
    try {
489
        nodeId = PropertyService.getProperty("dataone.nodeId");
490
    } catch (PropertyNotFoundException e1) {
491
        // TODO Auto-generated catch block
492
        e1.printStackTrace();
493
    }
494
    memberNode.setValue(nodeId);
479 495

  
480 496
    String logEntry = "<logEntry>";
481 497
    String endLogEntry = "</logEntry>";
......
534 550
        // skip it if the pid can't be found
535 551
        continue;
536 552
      }
537

  
538
      // skip if we are not allowed to read the document in question
539
      // https://redmine.dataone.org/issues/2444
540
      boolean allowed = false;
541
      try {
542
    	  allowed = isAuthorized(session, identifier, Permission.READ);
543
      } catch (NotAuthorized ignore) {}
544
      catch (NotFound nf) {
545
    	  logMetacat.warn("Could not check authorization for pid: " + identifier.getValue(), nf);
546
      }
547
      if (!allowed) {
548
    	  logMetacat.debug(Permission.READ + " not allowed on document: " + identifier.getValue());
549
    	  continue;
550
      }
551 553
      
552 554
      le.setIdentifier(identifier);
553 555
      le.setIpAddress(ipAddress);
554 556
      Date logDate = DateTimeMarshaller.deserializeDateToUTC(dateLogged);
555 557
      le.setDateLogged(logDate);
556
      NodeReference memberNode = new NodeReference();
557
      String nodeId = "localhost";
558
      try {
559
          nodeId = PropertyService.getProperty("dataone.nodeId");
560
      } catch (PropertyNotFoundException e1) {
561
          // TODO Auto-generated catch block
562
          e1.printStackTrace();
563
      }
564
      memberNode.setValue(nodeId);
565 558
      le.setNodeIdentifier(memberNode);
566 559
      Subject princ = new Subject();
567 560
      princ.setValue(principal);

Also available in: Unified diff