Bug #2388: isAuthorized() not throwing InvalidRequest when bad permission passed in - Infrastructure - DataONE Tasks

Bug #2388

isAuthorized() not throwing InvalidRequest when bad permission passed in

Added by Rob Nahf about 12 years ago. Updated about 12 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Ben Leinfelder

Category:

Metacat

Target version:

Start date:

2012-02-23

Due date:

% Done:

100%

Milestone:

CCI-1.0.0

Product Version:

Story Points:

Sprint:

Description

mn/isAuthorized/somePID?action=booBoo should throw InvalidRequest, but throws NotAuthorized like the following:

null not allowed on somePID

metacat/restservice/MNResourceHandler.isAuthorized(..) relies on types.v1.Permission.convert(String) to throw exception, but Permission.convert behavior is "garbage in = null out"

public enum Permission ... {

public static Permission convert(String value) {
for (Permission inst : values()) {
if (inst.xmlValue().equals(value)) {
return inst;
}
}
return null;
}
}

Lastly, metacat/dataone/D1NodeService.isAuthorized() does not check for bogus permissions.

History

#1 Updated by Ben Leinfelder about 12 years ago

Status changed from New to Closed

Updated Metacat trunk to reflect this change. Not sure where/when it will be deployed next

Also available in: Atom PDF

Project

General

Profile

Infrastructure

Issues

Custom queries

Bug #2388

isAuthorized() not throwing InvalidRequest when bad permission passed in

History

#1 Updated by Ben Leinfelder about 12 years ago