From 9d41d5e720108a04cdb0e7e8fdf505652c99783b Mon Sep 17 00:00:00 2001
From: Patrick Dowler <pdowler.cadc@gmail.com>
Date: Tue, 17 Sep 2024 11:59:49 -0700
Subject: [PATCH 1/3] cadc-vos-server: fix admin permission check change to
 allow admin to update an allocation so quota can be updated

---
 cadc-vos-server/build.gradle                          |  2 +-
 .../vospace/server/actions/UpdateNodeAction.java      | 11 +++++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/cadc-vos-server/build.gradle b/cadc-vos-server/build.gradle
index 83220ae1..d7fc5267 100644
--- a/cadc-vos-server/build.gradle
+++ b/cadc-vos-server/build.gradle
@@ -16,7 +16,7 @@ sourceCompatibility = 11
 
 group = 'org.opencadc'
 
-version = '2.0.17'
+version = '2.0.18'
 
 description = 'OpenCADC VOSpace server'
 def git_url = 'https://github.com/opencadc/vos'
diff --git a/cadc-vos-server/src/main/java/org/opencadc/vospace/server/actions/UpdateNodeAction.java b/cadc-vos-server/src/main/java/org/opencadc/vospace/server/actions/UpdateNodeAction.java
index 49e63be5..4cf69796 100644
--- a/cadc-vos-server/src/main/java/org/opencadc/vospace/server/actions/UpdateNodeAction.java
+++ b/cadc-vos-server/src/main/java/org/opencadc/vospace/server/actions/UpdateNodeAction.java
@@ -122,7 +122,12 @@ public void doAction() throws Exception {
         }
 
         Subject caller = AuthenticationUtil.getCurrentSubject();
-        if (!voSpaceAuthorizer.hasSingleNodeWritePermission(serverNode, caller)) {
+        if (serverNode instanceof ContainerNode 
+                && nodePersistence.isAllocation((ContainerNode) serverNode) 
+                && Utils.isAdmin(caller, nodePersistence)) {
+            log.debug("write permission granted to admin " + caller);
+        } else if (!voSpaceAuthorizer.hasSingleNodeWritePermission(serverNode, caller)) {
+            log.debug("write permission denied to " + caller);
             throw NodeFault.PermissionDenied.getStatus(Utils.getPath(serverNode));
         }
 
@@ -141,7 +146,9 @@ public void doAction() throws Exception {
 
     public static Node updateProperties(Node serverNode, Node clientNode, NodePersistence nodePersistence, Subject caller)
             throws Exception {
-        // merge change request
+        // merge properties that are Node fields and in Node.properties set
+        // TODO: admin could in principle change owner
+        
         if (clientNode.clearReadOnlyGroups || !clientNode.getReadOnlyGroup().isEmpty()) {
             serverNode.getReadOnlyGroup().clear();
             serverNode.getReadOnlyGroup().addAll(clientNode.getReadOnlyGroup());

From 51506544a9b1bbfe4a48958ab1b49908c42dddec Mon Sep 17 00:00:00 2001
From: Patrick Dowler <pdowler.cadc@gmail.com>
Date: Tue, 17 Sep 2024 12:24:54 -0700
Subject: [PATCH 2/3] cavern: update dependency and version for admin
 permission fix

---
 cavern/VERSION      | 2 +-
 cavern/build.gradle | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cavern/VERSION b/cavern/VERSION
index 2a1b4491..18da25a3 100644
--- a/cavern/VERSION
+++ b/cavern/VERSION
@@ -1,6 +1,6 @@
 ## deployable containers have a semantic and build tag
 # semantic version tag: major.minor
 # build version tag: timestamp
-VER=0.7.12
+VER=0.7.13
 TAGS="${VER} ${VER}-$(date -u +"%Y%m%dT%H%M%S")"
 unset VER
diff --git a/cavern/build.gradle b/cavern/build.gradle
index 4ca24b99..dea9bdbb 100644
--- a/cavern/build.gradle
+++ b/cavern/build.gradle
@@ -43,7 +43,7 @@ dependencies {
     implementation 'org.opencadc:cadc-dali:[1.0,)'
     implementation 'org.opencadc:cadc-pkg-server:[1.2.3,)'
     implementation 'org.opencadc:cadc-vos:[2.0.7,)'
-    implementation 'org.opencadc:cadc-vos-server:[2.0.17,)'
+    implementation 'org.opencadc:cadc-vos-server:[2.0.18,)'
 
     runtimeOnly 'org.opencadc:cadc-access-control-identity:[1.2.0,)'
 

From 382dc1887c3f5f0608612e2f30a0e025ef15d3b2 Mon Sep 17 00:00:00 2001
From: Patrick Dowler <pdowler.cadc@gmail.com>
Date: Tue, 17 Sep 2024 12:35:01 -0700
Subject: [PATCH 3/3] added extra explanatory comment

---
 .../org/opencadc/vospace/server/actions/UpdateNodeAction.java    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cadc-vos-server/src/main/java/org/opencadc/vospace/server/actions/UpdateNodeAction.java b/cadc-vos-server/src/main/java/org/opencadc/vospace/server/actions/UpdateNodeAction.java
index 4cf69796..e8d752fe 100644
--- a/cadc-vos-server/src/main/java/org/opencadc/vospace/server/actions/UpdateNodeAction.java
+++ b/cadc-vos-server/src/main/java/org/opencadc/vospace/server/actions/UpdateNodeAction.java
@@ -125,6 +125,7 @@ public void doAction() throws Exception {
         if (serverNode instanceof ContainerNode 
                 && nodePersistence.isAllocation((ContainerNode) serverNode) 
                 && Utils.isAdmin(caller, nodePersistence)) {
+            // allow admin to update node properties: quota
             log.debug("write permission granted to admin " + caller);
         } else if (!voSpaceAuthorizer.hasSingleNodeWritePermission(serverNode, caller)) {
             log.debug("write permission denied to " + caller);