From efba3228785da8cba02ed39f7beaa348d0b0854d Mon Sep 17 00:00:00 2001
From: juanf <juanf>
Date: Tue, 12 Jul 2016 11:14:18 +0000
Subject: [PATCH] SSDM-3834 : The storage confirmed flag don't stop non
 admin/etl server users for creating datasets, but will stop updates and
 deletes

SVN: 36811
---
 .../v3/executor/dataset/DeleteDataSetExecutor.java  | 12 +++++++++++-
 .../v3/executor/dataset/UpdateDataSetExecutor.java  | 13 ++++++++++++-
 ...aSetByExperimentOrSampleIdentifierValidator.java |  4 ----
 3 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/DeleteDataSetExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/DeleteDataSetExecutor.java
index 069575b237b..dda39378f94 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/DeleteDataSetExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/DeleteDataSetExecutor.java
@@ -37,6 +37,7 @@ import ch.systemsx.cisd.openbis.generic.server.business.bo.ITrashBO;
 import ch.systemsx.cisd.openbis.generic.shared.dto.DataPE;
 import ch.systemsx.cisd.openbis.generic.shared.dto.DataSetRelationshipPE;
 import ch.systemsx.cisd.openbis.generic.shared.dto.DeletionPE;
+import ch.systemsx.cisd.openbis.generic.shared.dto.ExternalDataPE;
 import ch.systemsx.cisd.openbis.generic.shared.dto.Session;
 import ch.systemsx.cisd.openbis.generic.shared.util.RelationshipUtils;
 
@@ -60,7 +61,16 @@ public class DeleteDataSetExecutor extends AbstractDeleteEntityExecutor<IDeletio
     @Override
     protected void checkAccess(IOperationContext context, IDataSetId entityId, DataPE entity)
     {
-        if (false == new SimpleSpaceValidator().doValidation(context.getSession().tryGetPerson(), entity.getSpace()))
+        boolean isStorageConfirmed;
+        if (entity instanceof ExternalDataPE)
+        {
+            isStorageConfirmed = ((ExternalDataPE) entity).isStorageConfirmation();
+        } else
+        {
+            isStorageConfirmed = true;
+        }
+
+        if (isStorageConfirmed && false == new SimpleSpaceValidator().doValidation(context.getSession().tryGetPerson(), entity.getSpace()))
         {
             throw new UnauthorizedObjectAccessException(entityId);
         }
diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/UpdateDataSetExecutor.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/UpdateDataSetExecutor.java
index 4971b5c52bb..507ac13b9f3 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/UpdateDataSetExecutor.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/asapi/v3/executor/dataset/UpdateDataSetExecutor.java
@@ -41,6 +41,7 @@ import ch.systemsx.cisd.openbis.generic.server.authorization.validator.DataSetPE
 import ch.systemsx.cisd.openbis.generic.server.business.bo.DataAccessExceptionTranslator;
 import ch.systemsx.cisd.openbis.generic.server.dataaccess.IDAOFactory;
 import ch.systemsx.cisd.openbis.generic.shared.dto.DataPE;
+import ch.systemsx.cisd.openbis.generic.shared.dto.ExternalDataPE;
 import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
 import ch.systemsx.cisd.openbis.generic.shared.dto.properties.EntityKind;
 import ch.systemsx.cisd.openbis.generic.shared.util.RelationshipUtils;
@@ -100,7 +101,17 @@ public class UpdateDataSetExecutor extends AbstractUpdateEntityExecutor<DataSetU
     @Override
     protected void checkAccess(IOperationContext context, IDataSetId id, DataPE entity)
     {
-        if (false == new DataSetPEByExperimentOrSampleIdentifierValidator().doValidation(context.getSession().tryGetPerson(), entity))
+        boolean isStorageConfirmed;
+        if (entity instanceof ExternalDataPE)
+        {
+            isStorageConfirmed = ((ExternalDataPE) entity).isStorageConfirmation();
+        } else
+        {
+            isStorageConfirmed = true;
+        }
+
+        if (isStorageConfirmed
+                && false == new DataSetPEByExperimentOrSampleIdentifierValidator().doValidation(context.getSession().tryGetPerson(), entity))
         {
             throw new UnauthorizedObjectAccessException(id);
         }
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/validator/AbstractDataSetByExperimentOrSampleIdentifierValidator.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/validator/AbstractDataSetByExperimentOrSampleIdentifierValidator.java
index ff4c3d90bd3..55699dfaf54 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/validator/AbstractDataSetByExperimentOrSampleIdentifierValidator.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/validator/AbstractDataSetByExperimentOrSampleIdentifierValidator.java
@@ -33,10 +33,6 @@ public abstract class AbstractDataSetByExperimentOrSampleIdentifierValidator<DAT
     @Override
     public boolean doValidation(PersonPE person, final DATA_SET dataSet)
     {
-        if (StorageConfirmedForAdminValidator.isValid(person, isStorageConfirmed(dataSet)) == false)
-        {
-            return false;
-        }
         if (getExperimentIdentifier(dataSet) != null)
         {
             return experimentValidator.isValid(person, new IIdentifierHolder()
-- 
GitLab