CSPACE-1946: TEMPORARILY commenting out the block, in SecurityInterceptor, that check...

diff --git a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java
index 0a40c3f5c56ec8c42502bd20a6908d0279ff2a74..194c6c1db8fdf7c6ec9f57749c36314bf6181b5c 100644 (file)
--- a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java
@@ -74,6 +74,9 @@ public class SecurityInterceptor implements PreProcessInterceptor {
 //        if (uriPath.startsWith("dimensions")) {
         AuthZ authZ = AuthZ.get();
         CSpaceResource res = new URIResourceImpl(resName, httpMethod);
+/*
+  TEMPORARILY commented out by Aron per Sanjay's suggestion in CSPACE-1946.
+  NOTE: This effectively DISABLES authorization checks at the services layer.
         if (!authZ.isAccessAllowed(res)) {
             logger.error("Access to " + res.getId() + " is NOT allowed to "
                     + " user=" + AuthN.get().getUserId());
@@ -81,6 +84,7 @@ public class SecurityInterceptor implements PreProcessInterceptor {
                     Response.Status.FORBIDDEN).entity(uriPath + " " + httpMethod).type("text/plain").build();
             throw new WebApplicationException(response);
         }
+*/
         if (logger.isDebugEnabled()) {
             logger.debug("Access to " + res.getId() + " is allowed to "
                     + " user=" + AuthN.get().getUserId());