SSDM-3834 : The storage confirmed flag don't stop non admin/etl server users...

SSDM-3834 : The storage confirmed flag don't stop non admin/etl server users for creating datasets, but will stop updates and deletes

SVN: 36811

openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/DeleteDataSetExecutor.java

@@ -37,6 +37,7 @@ import ch.systemsx.cisd.openbis.generic.server.business.bo.ITrashBO;
 import ch.systemsx.cisd.openbis.generic.shared.dto.DataPE;
 import ch.systemsx.cisd.openbis.generic.shared.dto.DataSetRelationshipPE;
 import ch.systemsx.cisd.openbis.generic.shared.dto.DeletionPE;
+import ch.systemsx.cisd.openbis.generic.shared.dto.ExternalDataPE;
 import ch.systemsx.cisd.openbis.generic.shared.dto.Session;
 import ch.systemsx.cisd.openbis.generic.shared.util.RelationshipUtils;
 
@@ -60,7 +61,16 @@ public class DeleteDataSetExecutor extends AbstractDeleteEntityExecutor<IDeletio
     @Override
     protected void checkAccess(IOperationContext context, IDataSetId entityId, DataPE entity)
     {
-        if (false == new SimpleSpaceValidator().doValidation(context.getSession().tryGetPerson(), entity.getSpace()))
+        boolean isStorageConfirmed;
+        if (entity instanceof ExternalDataPE)
+        {
+            isStorageConfirmed = ((ExternalDataPE) entity).isStorageConfirmation();
+        } else
+        {
+            isStorageConfirmed = true;
+        }
+
+        if (isStorageConfirmed && false == new SimpleSpaceValidator().doValidation(context.getSession().tryGetPerson(), entity.getSpace()))
         {
             throw new UnauthorizedObjectAccessException(entityId);
         }

openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/UpdateDataSetExecutor.java

@@ -41,6 +41,7 @@ import ch.systemsx.cisd.openbis.generic.server.authorization.validator.DataSetPE
 import ch.systemsx.cisd.openbis.generic.server.business.bo.DataAccessExceptionTranslator;
 import ch.systemsx.cisd.openbis.generic.server.dataaccess.IDAOFactory;
 import ch.systemsx.cisd.openbis.generic.shared.dto.DataPE;
+import ch.systemsx.cisd.openbis.generic.shared.dto.ExternalDataPE;
 import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
 import ch.systemsx.cisd.openbis.generic.shared.dto.properties.EntityKind;
 import ch.systemsx.cisd.openbis.generic.shared.util.RelationshipUtils;
@@ -100,7 +101,17 @@ public class UpdateDataSetExecutor extends AbstractUpdateEntityExecutor<DataSetU
     @Override
     protected void checkAccess(IOperationContext context, IDataSetId id, DataPE entity)
     {
-        if (false == new DataSetPEByExperimentOrSampleIdentifierValidator().doValidation(context.getSession().tryGetPerson(), entity))
+        boolean isStorageConfirmed;
+        if (entity instanceof ExternalDataPE)
+        {
+            isStorageConfirmed = ((ExternalDataPE) entity).isStorageConfirmation();
+        } else
+        {
+            isStorageConfirmed = true;
+        }
+
+        if (isStorageConfirmed
+                && false == new DataSetPEByExperimentOrSampleIdentifierValidator().doValidation(context.getSession().tryGetPerson(), entity))
         {
             throw new UnauthorizedObjectAccessException(id);
         }

openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/validator/AbstractDataSetByExperimentOrSampleIdentifierValidator.java

@@ -33,10 +33,6 @@ public abstract class AbstractDataSetByExperimentOrSampleIdentifierValidator<DAT
     @Override
     public boolean doValidation(PersonPE person, final DATA_SET dataSet)
     {
-        if (StorageConfirmedForAdminValidator.isValid(person, isStorageConfirmed(dataSet)) == false)
-        {
-            return false;
-        }
         if (getExperimentIdentifier(dataSet) != null)
         {
             return experimentValidator.isValid(person, new IIdentifierHolder()