Mercurial > lada > lada-server
annotate src/main/java/de/intevation/lada/util/auth/NetzbetreiberAuthorizer.java @ 957:4657811fd133
Allow a user only to manipulate Ort with own Netzbetreiber.
| author | Tom Gottfried <tom@intevation.de> |
|---|---|
| date | Wed, 25 May 2016 18:21:54 +0200 |
| parents | b09a1da741c4 |
| children | 391ef3356b60 |
| rev | line source |
|---|---|
|
849
d0a591b3eade
Added missing file header.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
841
diff
changeset
|
1 /* Copyright (C) 2013 by Bundesamt fuer Strahlenschutz |
|
d0a591b3eade
Added missing file header.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
841
diff
changeset
|
2 * Software engineering by Intevation GmbH |
|
d0a591b3eade
Added missing file header.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
841
diff
changeset
|
3 * |
|
d0a591b3eade
Added missing file header.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
841
diff
changeset
|
4 * This file is Free Software under the GNU GPL (v>=3) |
|
d0a591b3eade
Added missing file header.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
841
diff
changeset
|
5 * and comes with ABSOLUTELY NO WARRANTY! Check out |
|
d0a591b3eade
Added missing file header.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
841
diff
changeset
|
6 * the documentation coming with IMIS-Labordaten-Application for details. |
|
d0a591b3eade
Added missing file header.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
841
diff
changeset
|
7 */ |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
8 package de.intevation.lada.util.auth; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
9 |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
10 import java.lang.reflect.InvocationTargetException; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
11 import java.lang.reflect.Method; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
12 |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
13 import de.intevation.lada.util.rest.RequestMethod; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
14 import de.intevation.lada.util.rest.Response; |
|
957
4657811fd133
Allow a user only to manipulate Ort with own Netzbetreiber.
Tom Gottfried <tom@intevation.de>
parents:
951
diff
changeset
|
15 import de.intevation.lada.model.stamm.Ort; |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
16 |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
17 public class NetzbetreiberAuthorizer extends BaseAuthorizer { |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
18 |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
19 @Override |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
20 public <T> boolean isAuthorized( |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
21 Object data, |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
22 RequestMethod method, |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
23 UserInfo userInfo, |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
24 Class<T> clazz |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
25 ) { |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
26 Method m; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
27 try { |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
28 m = clazz.getMethod("getNetzbetreiberId"); |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
29 } catch (NoSuchMethodException | SecurityException e1) { |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
30 return false; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
31 } |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
32 String id; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
33 try { |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
34 id = (String) m.invoke(data); |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
35 } catch (IllegalAccessException | |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
36 IllegalArgumentException | |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
37 InvocationTargetException e |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
38 ) { |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
39 return false; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
40 } |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
41 return (method == RequestMethod.POST || |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
42 method == RequestMethod.PUT || |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
43 method == RequestMethod.DELETE) && |
|
951
b09a1da741c4
Allow users to create a stammdaten ort.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
849
diff
changeset
|
44 (userInfo.getFunktionenForNetzbetreiber(id).contains(4) || |
|
957
4657811fd133
Allow a user only to manipulate Ort with own Netzbetreiber.
Tom Gottfried <tom@intevation.de>
parents:
951
diff
changeset
|
45 // XXX: this currently allows any user, regardless of function, |
|
4657811fd133
Allow a user only to manipulate Ort with own Netzbetreiber.
Tom Gottfried <tom@intevation.de>
parents:
951
diff
changeset
|
46 // to manipulate and delete any ort of his own netzbetreiber! |
|
4657811fd133
Allow a user only to manipulate Ort with own Netzbetreiber.
Tom Gottfried <tom@intevation.de>
parents:
951
diff
changeset
|
47 clazz.getName().equals("de.intevation.lada.model.stamm.Ort") && |
|
4657811fd133
Allow a user only to manipulate Ort with own Netzbetreiber.
Tom Gottfried <tom@intevation.de>
parents:
951
diff
changeset
|
48 userInfo.getNetzbetreiber().contains( |
|
4657811fd133
Allow a user only to manipulate Ort with own Netzbetreiber.
Tom Gottfried <tom@intevation.de>
parents:
951
diff
changeset
|
49 ((Ort)data).getNetzbetreiberId())); |
|
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
50 } |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
51 |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
52 @Override |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
53 public <T> Response filter( |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
54 Response data, |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
55 UserInfo userInfo, |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
56 Class<T> clazz |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
57 ) { |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
58 return data; |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
59 } |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
60 |
|
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
61 } |