lada/lada-server: src/main/java/de/intevation/lada/util/auth/NetzbetreiberAuthorizer.java annotate

annotate src/main/java/de/intevation/lada/util/auth/NetzbetreiberAuthorizer.java @ 1292:588f6deae24a

Fix authorization for OrtszuordnungMp and friends. Setting readonly equal to owner implied an owner cannot edit its own objects. That was probably not intended. As many of the conditionals actually evaluated to doing nothing, those were removed.

author	Tom Gottfried <tom@intevation.de>
date	Wed, 08 Feb 2017 19:56:01 +0100
parents	7730d9cfc22e
children

rev	line source
849 d0a591b3eade Added missing file header. Raimund Renkert <raimund.renkert@intevation.de> parents: 841 diff changeset	1 /* Copyright (C) 2013 by Bundesamt fuer Strahlenschutz
d0a591b3eade Added missing file header. Raimund Renkert <raimund.renkert@intevation.de> parents: 841 diff changeset	2 * Software engineering by Intevation GmbH
d0a591b3eade Added missing file header. Raimund Renkert <raimund.renkert@intevation.de> parents: 841 diff changeset	3 *
d0a591b3eade Added missing file header. Raimund Renkert <raimund.renkert@intevation.de> parents: 841 diff changeset	4 * This file is Free Software under the GNU GPL (v>=3)
d0a591b3eade Added missing file header. Raimund Renkert <raimund.renkert@intevation.de> parents: 841 diff changeset	5 * and comes with ABSOLUTELY NO WARRANTY! Check out
d0a591b3eade Added missing file header. Raimund Renkert <raimund.renkert@intevation.de> parents: 841 diff changeset	6 * the documentation coming with IMIS-Labordaten-Application for details.
d0a591b3eade Added missing file header. Raimund Renkert <raimund.renkert@intevation.de> parents: 841 diff changeset	7 */
833 fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	8 package de.intevation.lada.util.auth;
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	9
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	10 import java.lang.reflect.InvocationTargetException;
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	11 import java.lang.reflect.Method;
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	12
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	13 import de.intevation.lada.util.rest.RequestMethod;
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	14 import de.intevation.lada.util.rest.Response;
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	15
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	16 public class NetzbetreiberAuthorizer extends BaseAuthorizer {
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	17
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	18 @Override
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	19 public <T> boolean isAuthorized(
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	20 Object data,
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	21 RequestMethod method,
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	22 UserInfo userInfo,
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	23 Class<T> clazz
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	24 ) {
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	25 Method m;
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	26 try {
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	27 m = clazz.getMethod("getNetzbetreiberId");
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	28 } catch (NoSuchMethodException \| SecurityException e1) {
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	29 return false;
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	30 }
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	31 String id;
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	32 try {
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	33 id = (String) m.invoke(data);
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	34 } catch (IllegalAccessException \|
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	35 IllegalArgumentException \|
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	36 InvocationTargetException e
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	37 ) {
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	38 return false;
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	39 }
1088 cf03bdd59767 Code style. Tom Gottfried <tom@intevation.de> parents: 959 diff changeset	40 return (method == RequestMethod.POST
cf03bdd59767 Code style. Tom Gottfried <tom@intevation.de> parents: 959 diff changeset	41 \|\| method == RequestMethod.PUT
cf03bdd59767 Code style. Tom Gottfried <tom@intevation.de> parents: 959 diff changeset	42 \|\| method == RequestMethod.DELETE
cf03bdd59767 Code style. Tom Gottfried <tom@intevation.de> parents: 959 diff changeset	43 ) && (
cf03bdd59767 Code style. Tom Gottfried <tom@intevation.de> parents: 959 diff changeset	44 userInfo.getFunktionenForNetzbetreiber(id).contains(4)
957 4657811fd133 Allow a user only to manipulate Ort with own Netzbetreiber. Tom Gottfried <tom@intevation.de> parents: 951 diff changeset	45 // XXX: this currently allows any user, regardless of function,
4657811fd133 Allow a user only to manipulate Ort with own Netzbetreiber. Tom Gottfried <tom@intevation.de> parents: 951 diff changeset	46 // to manipulate and delete any ort of his own netzbetreiber!
1142 7730d9cfc22e Fixed namespace for stammdaten ort in authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: 1088 diff changeset	47 \|\| clazz.getName().equals("de.intevation.lada.model.stammdaten.Ort")
1088 cf03bdd59767 Code style. Tom Gottfried <tom@intevation.de> parents: 959 diff changeset	48 && userInfo.getNetzbetreiber().contains(id)
cf03bdd59767 Code style. Tom Gottfried <tom@intevation.de> parents: 959 diff changeset	49 );
833 fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	50 }
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	51
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	52 @Override
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	53 public <T> Response filter(
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	54 Response data,
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	55 UserInfo userInfo,
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	56 Class<T> clazz
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	57 ) {
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	58 return data;
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	59 }
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	60
fa922101a462 Refactored Authorization. Raimund Renkert <raimund.renkert@intevation.de> parents: diff changeset	61 }

Mercurial > lada > lada-server

annotate src/main/java/de/intevation/lada/util/auth/NetzbetreiberAuthorizer.java @ 1292:588f6deae24a