Make the MNodeAccessControlTest class work.

NCEAS · Feb 1, 2019 · 623c75218858000c173f06987ce1d7108fb9ac93 · 623c752
1 parent 47cee8c
commit 623c75218858000c173f06987ce1d7108fb9ac93
Unified Split

Showing with 14 additions and 8 deletions.

+9 −4 src/edu/ucsb/nceas/metacat/dataone/MNodeService.java

+5 −4 test/edu/ucsb/nceas/metacat/dataone/MNodeAccessControlTest.java
diff --git a/src/edu/ucsb/nceas/metacat/dataone/MNodeService.java b/src/edu/ucsb/nceas/metacat/dataone/MNodeService.java
@@ -290,7 +290,8 @@ public Identifier delete(Session session, Identifier pid)
 
         try {
             D1AuthHelper authDel = new D1AuthHelper(request, pid, notAuthorizedCode, serviceFailureCode);
-            authDel.doAuthoritativeMNAuthorization(session, sysmeta);
+            //authDel.doAuthoritativeMNAuthorization(session, sysmeta);
+            authDel.doAdminAuthorization(session);
         }
         catch (NotAuthorized na) {
             NotAuthorized na2 = new NotAuthorized(notAuthorizedCode, "The provided identity does not have permission to delete objects on the Node.");
@@ -424,9 +425,13 @@ public Identifier update(Session session, Identifier pid, InputStream object,
         // does the subject have WRITE ( == update) priveleges on the pid?
         //allowed = isAuthorized(session, pid, Permission.WRITE);
         //CN having the permission is allowed; user with the write permission and calling on the authoritative node is allowed.
+
+        // get the existing system metadata for the object
+        SystemMetadata existingSysMeta = getSystemMetadata(session, pid); //this will check permission too.
         try {
             D1AuthHelper authDel = new D1AuthHelper(request,null,"1200","1310");
-            authDel.doUpdateAuth(session, sysmeta, Permission.WRITE, this.getCurrentNodeId());
+            authDel.doUpdateAuth(session, existingSysMeta, Permission.WRITE, this.getCurrentNodeId());
+            allowed = true;
         } catch(ServiceFailure e) {
             throw new ServiceFailure("1310", "Can't determine if the client has the permission to update the object with id "+pid.getValue()+" since "+e.getDescription());
         } catch(NotAuthorized e) {
@@ -446,8 +451,7 @@ public Identifier update(Session session, Identifier pid, InputStream object,
                 throw new InvalidSystemMetadata("1300", "The identifier provided in obsoletes does not match old Identifier");
             }
 
-            // get the existing system metadata for the object
-            SystemMetadata existingSysMeta = getSystemMetadata(session, pid);
+
             //System.out.println("the archive is "+existingSysMeta.getArchived());
             //Base on documentation, we can't update an archived object:
             //The update operation MUST fail with Exceptions.InvalidRequest on objects that have the Types.SystemMetadata.archived property set to true.
@@ -1626,6 +1630,7 @@ public boolean systemMetadataChanged(boolean needCheckAuthoriativeNode, Session
             }
             if (currentLocalSysMeta.getSerialVersion().longValue() <= serialVersion ) {
                 try {
+                    this.cn = D1Client.getCN();
                     newSysMeta = cn.getSystemMetadata(null, pid);
                 } catch (NotFound e) {
                     // huh? you just said you had it

diff --git a/test/edu/ucsb/nceas/metacat/dataone/MNodeAccessControlTest.java b/test/edu/ucsb/nceas/metacat/dataone/MNodeAccessControlTest.java
@@ -283,7 +283,8 @@ private void testMethodsWithGivenHightsHolder(Session rightsHolderSession, Subje
         testGetAPI(KNBadmin, id1,sysmeta.getChecksum(),true); //knb can read it
         testGetAPI(PISCOManager, id1,sysmeta.getChecksum(),true); //pisco can read it
         testGetAPI(nullSession, id1,sysmeta.getChecksum(),true); //nullSession can read it
-        testIsAuthorized(submitter, id1,Permission.READ,true); 
+        testIsAuthorized(submitter, id1,Permission.READ,true);
+        testIsAuthorized(submitter, id1,Permission.CHANGE_PERMISSION,false); 
         testIsAuthorized(publicSession, id1, Permission.READ,true); 
         testIsAuthorized(KNBadmin, id1,Permission.READ,true); 
         testIsAuthorized(PISCOManager, id1,Permission.READ,true); 
@@ -446,8 +447,8 @@ private void testMethodsWithGivenHightsHolder(Session rightsHolderSession, Subje
         testSyncFailed(KNBadmin, failed, false);
         testSyncFailed(PISCOManager, failed, false);
         testSyncFailed(rightsHolderSession, failed, false);
-        testSyncFailed(getMNSession(), failed, true);
-        testSyncFailed(getMNSession(), failed, true);
+        testSyncFailed(getMNSession(), failed, false);
+        testSyncFailed(getCNSession(), failed, true);
 
         //11 test system metadata change (needs cn)
         testSystemmetadataChanged(nullSession, id7, false);
@@ -663,7 +664,7 @@ private void testUpdateSystemmetadata(Session session, Identifier pid, SystemMet
          } else {
              try {
                  boolean result = MNodeService.getInstance(request).updateSystemMetadata(session, pid, newSysmeta);
-                 fail("we should get here since the previous statement should thrown an NotAuthorized exception.");
+                 fail("we should get here since the previous statement should thrown an NotAuthorized exception to pid "+pid.getValue());
              } catch (NotAuthorized e) {
 
              }