Mercurial > lada > lada-server
annotate src/main/java/de/intevation/lada/util/auth/MessungAuthorizer.java @ 864:cbf6a15115dc
Allow users with funktion 1 to edit status if statuswert = 4.
author | Raimund Renkert <raimund.renkert@intevation.de> |
---|---|
date | Thu, 04 Feb 2016 17:29:32 +0100 |
parents | 04bec189ca19 |
children | bf49eadf8dee |
rev | line source |
---|---|
849
d0a591b3eade
Added missing file header.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
833
diff
changeset
|
1 /* Copyright (C) 2013 by Bundesamt fuer Strahlenschutz |
d0a591b3eade
Added missing file header.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
833
diff
changeset
|
2 * Software engineering by Intevation GmbH |
d0a591b3eade
Added missing file header.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
833
diff
changeset
|
3 * |
d0a591b3eade
Added missing file header.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
833
diff
changeset
|
4 * This file is Free Software under the GNU GPL (v>=3) |
d0a591b3eade
Added missing file header.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
833
diff
changeset
|
5 * and comes with ABSOLUTELY NO WARRANTY! Check out |
d0a591b3eade
Added missing file header.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
833
diff
changeset
|
6 * the documentation coming with IMIS-Labordaten-Application for details. |
d0a591b3eade
Added missing file header.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
833
diff
changeset
|
7 */ |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
8 package de.intevation.lada.util.auth; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
9 |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
10 import java.util.ArrayList; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
11 import java.util.List; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
12 |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
13 import de.intevation.lada.model.land.LMessung; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
14 import de.intevation.lada.model.land.LProbe; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
15 import de.intevation.lada.model.land.LStatusProtokoll; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
16 import de.intevation.lada.model.stamm.AuthLstUmw; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
17 import de.intevation.lada.util.data.QueryBuilder; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
18 import de.intevation.lada.util.rest.RequestMethod; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
19 import de.intevation.lada.util.rest.Response; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
20 |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
21 public class MessungAuthorizer extends BaseAuthorizer { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
22 |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
23 @Override |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
24 public <T> boolean isAuthorized( |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
25 Object data, |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
26 RequestMethod method, |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
27 UserInfo userInfo, |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
28 Class<T> clazz |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
29 ) { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
30 LMessung messung = (LMessung)data; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
31 Response response = |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
32 repository.getById(LProbe.class, messung.getProbeId(), "land"); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
33 LProbe probe = (LProbe)response.getData(); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
34 if (method == RequestMethod.PUT || |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
35 method == RequestMethod.DELETE) { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
36 return !this.isMessungReadOnly(messung.getId()) && |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
37 getAuthorization(userInfo, probe); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
38 } |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
39 return getAuthorization(userInfo, probe); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
40 } |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
41 |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
42 @SuppressWarnings("unchecked") |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
43 @Override |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
44 public <T> Response filter( |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
45 Response data, |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
46 UserInfo userInfo, |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
47 Class<T> clazz |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
48 ) { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
49 if (data.getData() instanceof List<?>) { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
50 List<LMessung> messungen = new ArrayList<LMessung>(); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
51 for (LMessung messung :(List<LMessung>)data.getData()) { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
52 messungen.add(setAuthData(userInfo, messung)); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
53 } |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
54 data.setData(messungen); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
55 } |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
56 else if (data.getData() instanceof LMessung) { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
57 LMessung messung = (LMessung)data.getData(); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
58 data.setData(setAuthData(userInfo, messung)); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
59 } |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
60 return data; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
61 } |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
62 |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
63 /** |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
64 * Authorize a sinle messung object. |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
65 * |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
66 * @param userInfo The user information. |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
67 * @param messung The messung object. |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
68 * @return The messung. |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
69 */ |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
70 private LMessung setAuthData( |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
71 UserInfo userInfo, |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
72 LMessung messung |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
73 ) { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
74 LProbe probe = |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
75 (LProbe)repository.getById( |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
76 LProbe.class, messung.getProbeId(), "land").getData(); |
861
68348c675b13
Since LST has no netzbetreiberId, check if the user belongs to a LST in
Raimund Renkert <raimund.renkert@intevation.de>
parents:
849
diff
changeset
|
77 if (!userInfo.getNetzbetreiber().contains(probe.getNetzbetreiberId()) && |
68348c675b13
Since LST has no netzbetreiberId, check if the user belongs to a LST in
Raimund Renkert <raimund.renkert@intevation.de>
parents:
849
diff
changeset
|
78 !userInfo.getFunktionen().contains(3)) { |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
79 messung.setOwner(false); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
80 messung.setReadonly(true); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
81 return messung; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
82 } |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
83 if (userInfo.getMessstellen().contains(probe.getMstId())) { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
84 messung.setOwner(true); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
85 } |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
86 else { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
87 messung.setOwner(false); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
88 } |
862
04bec189ca19
Check if current status stufe is lower or equal to the users funktion.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
861
diff
changeset
|
89 LStatusProtokoll status = repository.getByIdPlain( |
04bec189ca19
Check if current status stufe is lower or equal to the users funktion.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
861
diff
changeset
|
90 LStatusProtokoll.class, |
04bec189ca19
Check if current status stufe is lower or equal to the users funktion.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
861
diff
changeset
|
91 messung.getStatus(), |
04bec189ca19
Check if current status stufe is lower or equal to the users funktion.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
861
diff
changeset
|
92 "land"); |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
93 if (messung.getStatus() == null) { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
94 messung.setReadonly(false); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
95 } |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
96 else { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
97 messung.setReadonly( |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
98 status.getStatusWert() != 0 && status.getStatusWert() != 4); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
99 } |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
100 |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
101 boolean statusEdit = false; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
102 if (userInfo.getFunktionen().contains(3)) { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
103 QueryBuilder<AuthLstUmw> lstFilter = new QueryBuilder<AuthLstUmw>( |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
104 repository.entityManager("stamm"), |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
105 AuthLstUmw.class); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
106 lstFilter.or("lstId", userInfo.getMessstellen()); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
107 List<AuthLstUmw> lsts = |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
108 repository.filterPlain(lstFilter.getQuery(), "stamm"); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
109 for (int i = 0; i < lsts.size(); i++) { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
110 if (lsts.get(i).getUmwId().equals(probe.getUmwId())) { |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
111 statusEdit = true; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
112 } |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
113 } |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
114 } |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
115 else if (userInfo.getFunktionen().contains(2) && |
862
04bec189ca19
Check if current status stufe is lower or equal to the users funktion.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
861
diff
changeset
|
116 userInfo.getNetzbetreiber().contains(probe.getNetzbetreiberId()) && |
04bec189ca19
Check if current status stufe is lower or equal to the users funktion.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
861
diff
changeset
|
117 status.getStatusStufe() <= 2) { |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
118 statusEdit = true; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
119 } |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
120 else if (userInfo.getFunktionen().contains(1) && |
862
04bec189ca19
Check if current status stufe is lower or equal to the users funktion.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
861
diff
changeset
|
121 userInfo.getMessstellen().contains(probe.getMstId()) && |
864
cbf6a15115dc
Allow users with funktion 1 to edit status if statuswert = 4.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
862
diff
changeset
|
122 (status.getStatusStufe() <= 1 || status.getStatusWert() == 4) |
862
04bec189ca19
Check if current status stufe is lower or equal to the users funktion.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
861
diff
changeset
|
123 ) { |
833
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
124 statusEdit = true; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
125 } |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
126 messung.setStatusEdit(statusEdit); |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
127 |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
128 return messung; |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
129 } |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
130 |
fa922101a462
Refactored Authorization.
Raimund Renkert <raimund.renkert@intevation.de>
parents:
diff
changeset
|
131 } |