Skip to content
Permalink
Browse files

Make the MNodeAccessControlTest class work.

  • Loading branch information
taojing2002 committed Feb 1, 2019
1 parent 47cee8c commit 623c75218858000c173f06987ce1d7108fb9ac93
@@ -290,7 +290,8 @@ public Identifier delete(Session session, Identifier pid)

try {
D1AuthHelper authDel = new D1AuthHelper(request, pid, notAuthorizedCode, serviceFailureCode);
authDel.doAuthoritativeMNAuthorization(session, sysmeta);
//authDel.doAuthoritativeMNAuthorization(session, sysmeta);
authDel.doAdminAuthorization(session);
}
catch (NotAuthorized na) {
NotAuthorized na2 = new NotAuthorized(notAuthorizedCode, "The provided identity does not have permission to delete objects on the Node.");
@@ -424,9 +425,13 @@ public Identifier update(Session session, Identifier pid, InputStream object,
// does the subject have WRITE ( == update) priveleges on the pid?
//allowed = isAuthorized(session, pid, Permission.WRITE);
//CN having the permission is allowed; user with the write permission and calling on the authoritative node is allowed.

// get the existing system metadata for the object
SystemMetadata existingSysMeta = getSystemMetadata(session, pid); //this will check permission too.
try {
D1AuthHelper authDel = new D1AuthHelper(request,null,"1200","1310");
authDel.doUpdateAuth(session, sysmeta, Permission.WRITE, this.getCurrentNodeId());
authDel.doUpdateAuth(session, existingSysMeta, Permission.WRITE, this.getCurrentNodeId());
allowed = true;
} catch(ServiceFailure e) {
throw new ServiceFailure("1310", "Can't determine if the client has the permission to update the object with id "+pid.getValue()+" since "+e.getDescription());
} catch(NotAuthorized e) {
@@ -446,8 +451,7 @@ public Identifier update(Session session, Identifier pid, InputStream object,
throw new InvalidSystemMetadata("1300", "The identifier provided in obsoletes does not match old Identifier");
}

// get the existing system metadata for the object
SystemMetadata existingSysMeta = getSystemMetadata(session, pid);

//System.out.println("the archive is "+existingSysMeta.getArchived());
//Base on documentation, we can't update an archived object:
//The update operation MUST fail with Exceptions.InvalidRequest on objects that have the Types.SystemMetadata.archived property set to true.
@@ -1626,6 +1630,7 @@ public boolean systemMetadataChanged(boolean needCheckAuthoriativeNode, Session
}
if (currentLocalSysMeta.getSerialVersion().longValue() <= serialVersion ) {
try {
this.cn = D1Client.getCN();
newSysMeta = cn.getSystemMetadata(null, pid);
} catch (NotFound e) {
// huh? you just said you had it
@@ -283,7 +283,8 @@ private void testMethodsWithGivenHightsHolder(Session rightsHolderSession, Subje
testGetAPI(KNBadmin, id1,sysmeta.getChecksum(),true); //knb can read it
testGetAPI(PISCOManager, id1,sysmeta.getChecksum(),true); //pisco can read it
testGetAPI(nullSession, id1,sysmeta.getChecksum(),true); //nullSession can read it
testIsAuthorized(submitter, id1,Permission.READ,true);
testIsAuthorized(submitter, id1,Permission.READ,true);
testIsAuthorized(submitter, id1,Permission.CHANGE_PERMISSION,false);
testIsAuthorized(publicSession, id1, Permission.READ,true);
testIsAuthorized(KNBadmin, id1,Permission.READ,true);
testIsAuthorized(PISCOManager, id1,Permission.READ,true);
@@ -446,8 +447,8 @@ private void testMethodsWithGivenHightsHolder(Session rightsHolderSession, Subje
testSyncFailed(KNBadmin, failed, false);
testSyncFailed(PISCOManager, failed, false);
testSyncFailed(rightsHolderSession, failed, false);
testSyncFailed(getMNSession(), failed, true);
testSyncFailed(getMNSession(), failed, true);
testSyncFailed(getMNSession(), failed, false);
testSyncFailed(getCNSession(), failed, true);

//11 test system metadata change (needs cn)
testSystemmetadataChanged(nullSession, id7, false);
@@ -663,7 +664,7 @@ private void testUpdateSystemmetadata(Session session, Identifier pid, SystemMet
} else {
try {
boolean result = MNodeService.getInstance(request).updateSystemMetadata(session, pid, newSysmeta);
fail("we should get here since the previous statement should thrown an NotAuthorized exception.");
fail("we should get here since the previous statement should thrown an NotAuthorized exception to pid "+pid.getValue());
} catch (NotAuthorized e) {

}

0 comments on commit 623c752

Please sign in to comment.
You can’t perform that action at this time.