- if( trans.user().equals(add.mechid)
- || trans.fish(new AAFPermission(add.ns + ACCESS, "*", "read"))
- || trans.fish(new AAFPermission(add.ns+CERTMAN,add.ca,"read"))
- || trans.fish(new AAFPermission(add.ns+CERTMAN,add.ca,"request"))
- || (trans.org().validate(trans,Organization.Policy.OWNS_MECHID,null,add.mechid))==null) {
+ if (trans.user().equals(add.mechid)
+ || trans.fish(root_read_permission,
+ new AAFPermission(add.ns,ACCESS, "*", "read"),
+ new AAFPermission(add.ns,CERTMAN, add.ca, "read"),
+ new AAFPermission(add.ns,CERTMAN, add.ca, "request"))
+ || (trans.org().validate(trans, Organization.Policy.OWNS_MECHID, null, add.mechid)) == null) {