Mercurial > lada > lada-server
annotate src/main/java/de/intevation/lada/util/auth/NetzbetreiberAuthorizer.java @ 1292:588f6deae24a
Fix authorization for OrtszuordnungMp and friends.
Setting readonly equal to owner implied an owner cannot edit its own
objects. That was probably not intended. As many of the conditionals
actually evaluated to doing nothing, those were removed.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Wed, 08 Feb 2017 19:56:01 +0100 |
parents | 7730d9cfc22e |
children |
rev | line source |
---|---|
849
d0a591b3eade
Added missing file header.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
841
diff
changeset
|
1 /* Copyright (C) 2013 by Bundesamt fuer Strahlenschutz |
d0a591b3eade
Added missing file header.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
841
diff
changeset
|
2 * Software engineering by Intevation GmbH |
d0a591b3eade
Added missing file header.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
841
diff
changeset
|
3 * |
d0a591b3eade
Added missing file header.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
841
diff
changeset
|
4 * This file is Free Software under the GNU GPL (v>=3) |
d0a591b3eade
Added missing file header.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
841
diff
changeset
|
5 * and comes with ABSOLUTELY NO WARRANTY! Check out |
d0a591b3eade
Added missing file header.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
841
diff
changeset
|
6 * the documentation coming with IMIS-Labordaten-Application for details. |
d0a591b3eade
Added missing file header.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
841
diff
changeset
|
7 */ |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
8 package de.intevation.lada.util.auth; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
9 |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
10 import java.lang.reflect.InvocationTargetException; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
11 import java.lang.reflect.Method; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
12 |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
13 import de.intevation.lada.util.rest.RequestMethod; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
14 import de.intevation.lada.util.rest.Response; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
15 |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
16 public class NetzbetreiberAuthorizer extends BaseAuthorizer { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
17 |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
18 @Override |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
19 public <T> boolean isAuthorized( |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
20 Object data, |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
21 RequestMethod method, |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
22 UserInfo userInfo, |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
23 Class<T> clazz |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
24 ) { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
25 Method m; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
26 try { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
27 m = clazz.getMethod("getNetzbetreiberId"); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
28 } catch (NoSuchMethodException | SecurityException e1) { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
29 return false; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
30 } |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
31 String id; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
32 try { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
33 id = (String) m.invoke(data); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
34 } catch (IllegalAccessException | |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
35 IllegalArgumentException | |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
36 InvocationTargetException e |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
37 ) { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
38 return false; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
39 } |
1088 | 40 return (method == RequestMethod.POST |
41 || method == RequestMethod.PUT | |
42 || method == RequestMethod.DELETE | |
43 ) && ( | |
44 userInfo.getFunktionenForNetzbetreiber(id).contains(4) | |
957
4657811fd133
Allow a user only to manipulate Ort with own Netzbetreiber.
Tom Gottfried <tom@intevation.de>
parents:
951
diff
changeset
|
45 // XXX: this currently allows any user, regardless of function, |
4657811fd133
Allow a user only to manipulate Ort with own Netzbetreiber.
Tom Gottfried <tom@intevation.de>
parents:
951
diff
changeset
|
46 // to manipulate and delete any ort of his own netzbetreiber! |
1142
7730d9cfc22e
Fixed namespace for stammdaten ort in authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
1088
diff
changeset
|
47 || clazz.getName().equals("de.intevation.lada.model.stammdaten.Ort") |
1088 | 48 && userInfo.getNetzbetreiber().contains(id) |
49 ); | |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
50 } |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
51 |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
52 @Override |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
53 public <T> Response filter( |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
54 Response data, |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
55 UserInfo userInfo, |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
56 Class<T> clazz |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
57 ) { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
58 return data; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
59 } |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
60 |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
61 } |