Project

General

Profile

Bug #2388

isAuthorized() not throwing InvalidRequest when bad permission passed in

Added by Rob Nahf over 12 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ben Leinfelder
Category:
Metacat
Target version:
-
Start date:
2012-02-23
Due date:
% Done:

100%

Milestone:
CCI-1.0.0
Product Version:
*
Story Points:
Sprint:

Description

mn/isAuthorized/somePID?action=booBoo should throw InvalidRequest, but throws NotAuthorized like the following:

null not allowed on somePID

metacat/restservice/MNResourceHandler.isAuthorized(..) relies on types.v1.Permission.convert(String) to throw exception, but Permission.convert behavior is "garbage in = null out"

public enum Permission ... {

public static Permission convert(String value) {
for (Permission inst : values()) {
if (inst.xmlValue().equals(value)) {
return inst;
}
}
return null;
}
}

Lastly, metacat/dataone/D1NodeService.isAuthorized() does not check for bogus permissions.

History

#1 Updated by Ben Leinfelder over 12 years ago

  • Status changed from New to Closed

Updated Metacat trunk to reflect this change. Not sure where/when it will be deployed next

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)