Unhelpful error message when trying to create as a denied submitter

[laurenwalker]

I am attempting to submit an object to a Metacat that is configured with a "allowed submitter" list. My identity is not in the allowed submitter list, so I expect an error message when I try to submit an object.

But the error message from Metacat is not very helpful. It is the same message I get when I submit without an auth token:

<?xml version="1.0" encoding="UTF-8"?><error detailCode="1110" errorCode="401" name="InvalidToken">
    <description>Session is required to WRITE to the Node.</description>
</error>

I think it will be helpful, particularly to repository managers, to get a message that the person is not in the allowed submitter list so that the problem can be solved for that user.

[taojing2002]

Hem. Are you sure you used a valid token? Metacat checks if the token is valid before if a user is in the white list. I checked the code and the error message says the user is not allowed to insert or update objects in the node. I can change it to say it is not in the allowed submitter list.

[artntek]

Can't reproduce -- see steps below. Agree with @taojing2002 comment above -- guessing the report is erroneous. Will add text to the error message, indicating reason for insert/update restriction.

STR:

1. Set a blank Allowed Submitters field in the Application Configuration (/metacat/admin?configureType=properties). This means anyone can submit
2. Create and submit (/metacatui/submit) a new dataset
3. Observed: successful upload
4. Set a value (eg cn=drp-submitters,dc=dataone,dc=org ) for Allowed Submitters field in the Application Configuration. This means only people in that group can submit.
5. Create and submit a new dataset

Observed (MB):

Error inserting or updating document: 
urn:uuid:1067ab13-10f8-4b79-b38f-0418cc5bbd93 since <?xml version="1.0"?>
<error>User 'http://orcid.org/<my-orcid>' is not allowed to insert 
and update</error>

[taojing2002]

@artntek Thank you, Matthew. I think Lauren used an invalid token to get a different error message. However, the message still is not very clear - the user is not allowed to insert/update for this specific object or anything, which is our case.

<error>User 'http://orcid.org/<my-orcid>' is not allowed to insert 
and update</error>

If we can explicitly say the user is not in the allowed-user-list on this node, it can be much more helpful.

[taojing2002]

@artntek Sorry, I skipped one line on your comment - you already have the plan to update the error text :)