DataONEorg · csjx · Jul 8, 2020 · Jul 8, 2020 · Jul 8, 2020
diff --git a/src/main/java/org/dataone/bookkeeper/api/Usage.java b/src/main/java/org/dataone/bookkeeper/api/Usage.java
@@ -49,8 +49,8 @@ public class Usage {
     @NotNull
     private Double quantity;
 
-    /*  The status of the quota usage, either active or archived */
-    @Pattern(regexp = "active|archived")
+    /*  The status of the quota usage, either active or inactive */
+    @Pattern(regexp = "active|inactive")
     private String status;
 
     /*  The identifier of the node the quota usage occurred on. */
@@ -68,8 +68,8 @@ public Usage() {
      * @param quotaId  the identifier of the associated quota
      * @param instanceId  the identifier of the instance object using a portion of the quota
      * @param quantity  the quantity of the quota used
-     * @param status  the usage status, either active or archived
-     * @param nodeId the usage status, either active or archived
+     * @param status  the usage status, either active or inactive
+     * @param nodeId the member node identifier
      */
     public Usage(Integer id,
                  @NotEmpty @NotNull @Pattern(regexp = "usage") String object,
@@ -169,15 +169,15 @@ public void setQuantity(@NotNull Double quantity) {
 
     /**
      * Get the usage status
-     * @return status  the usage status, either active or archived
+     * @return status  the usage status, either active or inactive
      */
     public String getStatus() {
         return status;
     }
 
     /**
      * Set the usage status
-     * @param status  the usage status, either active or archived
+     * @param status  the usage status, either active or inactive
      */
     public void setStatus(String status) {
         this.status = status;

diff --git a/src/main/java/org/dataone/bookkeeper/resources/CustomersResource.java b/src/main/java/org/dataone/bookkeeper/resources/CustomersResource.java
@@ -169,7 +169,7 @@ public Customer create(@Context SecurityContext context,
             customer = customerStore.getCustomer(id);
         } catch (Exception e) {
             String message = "Couldn't insert the customer: " + e.getMessage();
-            throw new WebApplicationException(message, Response.Status.EXPECTATION_FAILED);
+            throw new WebApplicationException(message, Response.Status.INTERNAL_SERVER_ERROR);
         }
         return customer;
     }
@@ -252,7 +252,7 @@ public Customer update(@Context SecurityContext context,
             Integer id = customerStore.update(customer);
         } catch (Exception e) {
             String message = "Couldn't update the customer: " + e.getMessage();
-            throw new WebApplicationException(message, Response.Status.EXPECTATION_FAILED);
+            throw new WebApplicationException(message, Response.Status.INTERNAL_SERVER_ERROR);
         }
         return customer;
     }

diff --git a/src/main/java/org/dataone/bookkeeper/resources/OrdersResource.java b/src/main/java/org/dataone/bookkeeper/resources/OrdersResource.java
@@ -163,7 +163,7 @@ public OrderList listOrders(
             }
         } catch (Exception e) {
             String message = "Couldn't list orders: " + e.getMessage();
-            throw new WebApplicationException(message, Response.Status.EXPECTATION_FAILED);
+            throw new WebApplicationException(message, Response.Status.INTERNAL_SERVER_ERROR);
         }
 
         // TODO: Incorporate paging params - new OrderList(start, count, total, orders)
@@ -216,7 +216,7 @@ public Order create(@Context SecurityContext context,
             order = orderStore.getOrder(id);
         } catch (Exception e) {
             String message = "Couldn't insert the order: " + e.getMessage();
-            throw new WebApplicationException(message, Response.Status.EXPECTATION_FAILED);
+            throw new WebApplicationException(message, Response.Status.INTERNAL_SERVER_ERROR);
         }
         return order;
     }
@@ -284,7 +284,7 @@ public Order update(@Context SecurityContext context,
         if ( ! isAdmin ) {
             if ( ! existing.getCustomer().equals(caller.getId()) ) {
                 throw new WebApplicationException(
-                    "Customer doesn't have access to this order.", Response.Status.EXPECTATION_FAILED
+                    "Customer doesn't have access to this order.", Response.Status.UNAUTHORIZED
                 );
             }
         }
@@ -322,7 +322,7 @@ public Order update(@Context SecurityContext context,
             orderStore.update(order);
         } catch (Exception e) {
             String message = "Couldn't update the order: " + e.getMessage();
-            throw new WebApplicationException(message, Response.Status.EXPECTATION_FAILED);
+            throw new WebApplicationException(message, Response.Status.INTERNAL_SERVER_ERROR);
         }
         return order;
     }
@@ -357,7 +357,7 @@ public Order pay(@Context SecurityContext context,
             if ( ! isAdmin ) {
                 if ( ! order.getCustomer().equals(caller.getId()) ) {
                     throw new WebApplicationException(
-                        "Customer doesn't have access to this order.", Response.Status.EXPECTATION_FAILED
+                        "Customer doesn't have access to this order.", Response.Status.UNAUTHORIZED
                     );
                 }
             }
@@ -431,7 +431,7 @@ public Order pay(@Context SecurityContext context,
 
         } catch (Exception e) {
             String message = "Couldn't pay the order: " + e.getMessage();
-            throw new WebApplicationException(message, Response.Status.EXPECTATION_FAILED);
+            throw new WebApplicationException(message, Response.Status.INTERNAL_SERVER_ERROR);
         }
         return order;
     }

diff --git a/src/main/java/org/dataone/bookkeeper/resources/ProductsResource.java b/src/main/java/org/dataone/bookkeeper/resources/ProductsResource.java
@@ -140,7 +140,7 @@ public Product create(
             product = productStore.getProduct(id);
         } catch (Exception e) {
             String message = "Couldn't insert the product: " + e.getMessage();
-            throw new WebApplicationException(message, Response.Status.EXPECTATION_FAILED);
+            throw new WebApplicationException(message, Response.Status.INTERNAL_SERVER_ERROR);
         }
         return product;
     }
@@ -197,7 +197,7 @@ public Product update(
             productStore.update(product);
         } catch (Exception e) {
             String message = "Couldn't update the product: " + e.getMessage();
-            throw new WebApplicationException(message, Response.Status.EXPECTATION_FAILED);
+            throw new WebApplicationException(message, Response.Status.INTERNAL_SERVER_ERROR);
         }
         return product;
     }

diff --git a/src/main/java/org/dataone/bookkeeper/resources/QuotasResource.java b/src/main/java/org/dataone/bookkeeper/resources/QuotasResource.java
@@ -136,7 +136,7 @@ public QuotaList listQuotas(
 
                     /* Caller is not admin and is not associated with any of the specified subscribers. */
                     if (subjects.size() == 0) {
-                        throw new WebApplicationException(caller.getSubject() + " requested subscribers don't exist or requestor doesn't have priviledge to view them.", Response.Status.FORBIDDEN);
+                        throw new WebApplicationException("The requested subscribers don't exist or requestor doesn't have priviledge to view them.", Response.Status.FORBIDDEN);
                     }
                 } else {
                     /* Admin caller, so can see quotas for all requested subscribers */
@@ -174,11 +174,18 @@ public QuotaList listQuotas(
                 message += " " + e.getCause();
             }
 
-            throw new WebApplicationException(message, Response.Status.EXPECTATION_FAILED);
+            throw new WebApplicationException(message, Response.Status.INTERNAL_SERVER_ERROR);
         }
 
         if (quotas == null || quotas.size() == 0) {
-            throw new WebApplicationException("The requested quotas were not found or requestor does not have privilege to retrieve them.", Response.Status.NOT_FOUND);
+            if (! isAdmin || isProxy) {
+                // If not an admin user or is a proxy user, we have no way to determine if they didn't have enough
+                // privilege or if the quotas don't exist.
+                throw new WebApplicationException("The requested quotas were not found or requestor does not have privilege to view them.", Response.Status.NOT_FOUND);
+            } else {
+                // Admin user can see any existing quota, so can't be a priv issue.
+                throw new WebApplicationException("The requested quotas were not found.", Response.Status.NOT_FOUND);
+            }
         }
 
         // TODO: Incorporate paging params - new QuotaList(start, count, total, quotas)
@@ -209,7 +216,7 @@ public Quota create(
             quota = quotaStore.getQuota(id);
         } catch (Exception e) {
             String message = "Couldn't insert the quota: " + e.getMessage();
-            throw new WebApplicationException(message, Response.Status.EXPECTATION_FAILED);
+            throw new WebApplicationException(message, Response.Status.INTERNAL_SERVER_ERROR);
         }
         return quota;
     }
@@ -283,7 +290,7 @@ public Quota update(
             updatedQuota = quotaStore.update(quota);
         } catch (Exception e) {
             String message = "Couldn't update the quota: " + e.getMessage();
-            throw new WebApplicationException(message, Response.Status.EXPECTATION_FAILED);
+            throw new WebApplicationException(message, Response.Status.INTERNAL_SERVER_ERROR);
         }
         return updatedQuota;
     }

diff --git a/src/main/java/org/dataone/bookkeeper/resources/UsagesResource.java b/src/main/java/org/dataone/bookkeeper/resources/UsagesResource.java
@@ -129,7 +129,7 @@ public UsageList listUsages(@Context SecurityContext context,
 
                     /* Caller is not admin and is not associated with any of the specified subscribers. */
                     if (subjects.size() == 0) {
-                        throw new WebApplicationException(caller.getSubject() + " requested subscribers don't exist or requestor doesn't have priviledge to view them.", Response.Status.FORBIDDEN);
+                        throw new WebApplicationException("The requested subscribers don't exist or requestor doesn't have privilege to view them.", Response.Status.FORBIDDEN);
                     }
                 } else {
                     /* Admin caller, so can see quotas for all requested subscribers */
@@ -168,7 +168,7 @@ public UsageList listUsages(@Context SecurityContext context,
                     usage = usageStore.findUsageByInstanceIdQuotaIdAndSubjects(instanceId, quotaId, subjects);
                 }
                 if(usage == null) {
-                    throw new WebApplicationException("The requested usage was not found or requestor does not have privilege to retrieve it.", Response.Status.NOT_FOUND);
+                    usages = null;
                 } else {
                     usages = new ArrayList<>();
                     usages.add(usage);
@@ -204,7 +204,14 @@ public UsageList listUsages(@Context SecurityContext context,
             }
 
             if (usages == null || usages.size() == 0) {
-                throw new WebApplicationException("The requested usages were not found or requestor does not have privilege to retrieve them.", Response.Status.NOT_FOUND);
+                if (! isAdmin || isProxy) {
+                    // If not an admin user or is a proxy user, we have no way to determine if they didn't have enough
+                    // privilege or if the usage doesn't exist.
+                    throw new WebApplicationException("The requested usages were not found or requestor does not have privilege to view them.", Response.Status.NOT_FOUND);
+                } else {
+                    // Admin user can see any existing usage, so can't be a priv issue.
+                    throw new WebApplicationException("The requested usage was not found.", Response.Status.NOT_FOUND);
+                }
             } else {
                 // Filter by status, if requested.
                 if(status != null) {
@@ -260,7 +267,7 @@ public Usage create(
                 usage = usageStore.getUsage(id);
             } catch (Exception e) {
                 String message = "Couldn't insert the usage: " + e.getMessage();
-                throw new WebApplicationException(message, Response.Status.EXPECTATION_FAILED);
+                throw new WebApplicationException(message, Response.Status.INTERNAL_SERVER_ERROR);
             }
             return usage;
         } else {
@@ -315,7 +322,7 @@ public Usage retrieve(
             }
         } catch (Exception e) {
             String message = "The requested usage could not be retrieved: " + e.getMessage();
-            throw new WebApplicationException(message, Response.Status.EXPECTATION_FAILED);
+            throw new WebApplicationException(message, Response.Status.INTERNAL_SERVER_ERROR);
         }
     }
 
@@ -349,7 +356,7 @@ public Usage update(
                 updatedUsage = usageStore.update(usage);
             } catch (Exception e) {
                 String message = "Couldn't update the usage: " + e.getMessage();
-                throw new WebApplicationException(message, Response.Status.EXPECTATION_FAILED);
+                throw new WebApplicationException(message, Response.Status.INTERNAL_SERVER_ERROR);
             }
         } else {
             throw new WebApplicationException("Admin privilege is required to update a usage, " + caller.getSubject() + " is not authorized.", Response.Status.FORBIDDEN);

diff --git a/src/main/resources/db/migrations/V1.12__Create_Usages_Table.sql b/src/main/resources/db/migrations/V1.12__Create_Usages_Table.sql
@@ -28,5 +28,5 @@ COMMENT ON COLUMN usages.object IS 'The serialized object type, set to "usage".'
 COMMENT ON COLUMN usages.quotaId IS 'The quota identifier.';
 COMMENT ON COLUMN usages.instanceId IS 'The instance identifier using a portion of the quota.';
 COMMENT ON COLUMN usages.quantity IS 'The quantity used by the instance, in the quota units.';
-COMMENT ON COLUMN usages.status IS 'The status of the usage, active or archived.';
+COMMENT ON COLUMN usages.status IS 'The status of the usage, active or inactive.';
 COMMENT ON COLUMN usages.nodeId IS 'The quota node identifier".';
diff --git a/src/main/resources/db/migrations/V1.8__Insert_Standard_Products.sql b/src/main/resources/db/migrations/V1.8__Insert_Standard_Products.sql
@@ -98,7 +98,7 @@ VALUES (
     'service',
     'repository',
     'https://products.dataone.org/hostedrepo',
-    '{"features": [{"name": "trusted_data_repository","label": "A Trusted Data Repository","description": "Preserve and share your data, software, and derived products in a dedicated repository system. Built on our robust and expertly managed repository software and hardware, your research products are safely archived and easily accessible."},{"name": "individual_fair_Assessments","label": "Individual FAIR Assessments","description": "Evaluate your metadata with community established FAIR principles. Scores are refreshed with updates to your metadata, helping make your data even more Findable, Accessible, Interoperable, and Reusable."},{"name": "powerful_online_submission","label": "Powerful Online Submission","description": "The user friendly data submission tool helps your researchers efficiently upload and describe their data. Users can easily create detailed metadata to enhance interoperability, reusability, and value of data."},{"name": "comprehensive_search","label": "Comprehensive Search","description": "Quickly find data with detailed search filters, or by navigating the interactive map."},{"name": "usage_metrics","label": "Usage Metrics","description": "Understand how your data are being used over time with view, download, and citation metrics."},{"name": "usage_metrics","label": "Usage Metrics","description": "Understand how your data are being used over time with view, download, and citation metrics."},{"name": "expandable_storage","label": "Expandable Storage","description": "Grow your repository capacity based on your storage needs in 1 TB increments.","quota": {"object": "quota","quotaType": "repository_storage","softLimit": 1048576,"hardLimit": 1153434,"unit": "portal"}},{"name": "geographic_replicas","label": "Geographic Replicas","description": "Your data are replicated to distinct geographic regions for high availability and preservation."},{"name": "api_access","label": "API Access","description": "Programmatically work with your repository through the DataONE tools in R, Python, Matlab, and Java."},{"name": "link_data_and_software","label": "Link data and Software","description": "Easily show how your files relate to each other by providing well-described provenance workflows."},{"name": "private_and_public_access","label": "Private and Public Access","description": "Control access to your datasets\nprior to publication with private groups or just yourself."},{"name": "private_and_public_access","label": "Private and Public Access","description": "Control access to your datasets\nprior to publication with private groups or just yourself."},{"name": "any_file_format","label": "Any File Format","description": "Use the scientific file formats for your community: image, tabular, text, audio, video, and others."},{"name": "share_when_ready","label": "Share When Ready","description": "Keep your dataset private while you document it thoroughly, and then make it public when you are ready."}]}'
+    '{"features": [{"name": "trusted_data_repository","label": "A Trusted Data Repository","description": "Preserve and share your data, software, and derived products in a dedicated repository system. Built on our robust and expertly managed repository software and hardware, your research products are safely inactive and easily accessible."},{"name": "individual_fair_Assessments","label": "Individual FAIR Assessments","description": "Evaluate your metadata with community established FAIR principles. Scores are refreshed with updates to your metadata, helping make your data even more Findable, Accessible, Interoperable, and Reusable."},{"name": "powerful_online_submission","label": "Powerful Online Submission","description": "The user friendly data submission tool helps your researchers efficiently upload and describe their data. Users can easily create detailed metadata to enhance interoperability, reusability, and value of data."},{"name": "comprehensive_search","label": "Comprehensive Search","description": "Quickly find data with detailed search filters, or by navigating the interactive map."},{"name": "usage_metrics","label": "Usage Metrics","description": "Understand how your data are being used over time with view, download, and citation metrics."},{"name": "usage_metrics","label": "Usage Metrics","description": "Understand how your data are being used over time with view, download, and citation metrics."},{"name": "expandable_storage","label": "Expandable Storage","description": "Grow your repository capacity based on your storage needs in 1 TB increments.","quota": {"object": "quota","quotaType": "repository_storage","softLimit": 1048576,"hardLimit": 1153434,"unit": "portal"}},{"name": "geographic_replicas","label": "Geographic Replicas","description": "Your data are replicated to distinct geographic regions for high availability and preservation."},{"name": "api_access","label": "API Access","description": "Programmatically work with your repository through the DataONE tools in R, Python, Matlab, and Java."},{"name": "link_data_and_software","label": "Link data and Software","description": "Easily show how your files relate to each other by providing well-described provenance workflows."},{"name": "private_and_public_access","label": "Private and Public Access","description": "Control access to your datasets\nprior to publication with private groups or just yourself."},{"name": "private_and_public_access","label": "Private and Public Access","description": "Control access to your datasets\nprior to publication with private groups or just yourself."},{"name": "any_file_format","label": "Any File Format","description": "Use the scientific file formats for your community: image, tabular, text, audio, video, and others."},{"name": "share_when_ready","label": "Share When Ready","description": "Keep your dataset private while you document it thoroughly, and then make it public when you are ready."}]}'
 );
 
 -- Archival Storage