Mercurial > lada > lada-server
comparison src/main/java/de/intevation/lada/rest/MessprogrammService.java @ 1332:65ed13ff9945 2.6.1
Changed authorization for Messprogramm.
* Added 'readonly' flag
* Only user with function '4' and the corresponding 'netzbetreiber' are allowed
to edit.
* User authorized to create a 'probe' are allowed to generate proben.
author | Raimund Renkert <raimund.renkert@intevation.de> |
---|---|
date | Wed, 29 Mar 2017 14:25:56 +0200 |
parents | 4ee336c65ab3 |
children |
comparison
equal
deleted
inserted
replaced
1331:03faaba3c2a3 | 1332:65ed13ff9945 |
---|---|
30 import de.intevation.lada.query.QueryTools; | 30 import de.intevation.lada.query.QueryTools; |
31 import de.intevation.lada.util.annotation.AuthorizationConfig; | 31 import de.intevation.lada.util.annotation.AuthorizationConfig; |
32 import de.intevation.lada.util.annotation.RepositoryConfig; | 32 import de.intevation.lada.util.annotation.RepositoryConfig; |
33 import de.intevation.lada.util.auth.Authorization; | 33 import de.intevation.lada.util.auth.Authorization; |
34 import de.intevation.lada.util.auth.AuthorizationType; | 34 import de.intevation.lada.util.auth.AuthorizationType; |
35 import de.intevation.lada.util.data.QueryBuilder; | |
35 import de.intevation.lada.util.data.Repository; | 36 import de.intevation.lada.util.data.Repository; |
36 import de.intevation.lada.util.data.RepositoryType; | 37 import de.intevation.lada.util.data.RepositoryType; |
37 import de.intevation.lada.util.rest.RequestMethod; | 38 import de.intevation.lada.util.rest.RequestMethod; |
38 import de.intevation.lada.util.rest.Response; | 39 import de.intevation.lada.util.rest.Response; |
39 import de.intevation.lada.validation.Validator; | 40 import de.intevation.lada.validation.Validator; |
93 /** | 94 /** |
94 * The data repository granting read/write access. | 95 * The data repository granting read/write access. |
95 */ | 96 */ |
96 @Inject | 97 @Inject |
97 @RepositoryConfig(type=RepositoryType.RW) | 98 @RepositoryConfig(type=RepositoryType.RW) |
98 private Repository defaultRepo; | 99 private Repository repository; |
99 | 100 |
100 /** | 101 /** |
101 * The authorization module. | 102 * The authorization module. |
102 */ | 103 */ |
103 @Inject | 104 @Inject |
143 @Context UriInfo info, | 144 @Context UriInfo info, |
144 @Context HttpServletRequest request | 145 @Context HttpServletRequest request |
145 ) { | 146 ) { |
146 MultivaluedMap<String, String> params = info.getQueryParameters(); | 147 MultivaluedMap<String, String> params = info.getQueryParameters(); |
147 if (params.isEmpty() || !params.containsKey("qid")) { | 148 if (params.isEmpty() || !params.containsKey("qid")) { |
148 return defaultRepo.getAll(Messprogramm.class, "land"); | 149 return repository.getAll(Messprogramm.class, "land"); |
149 } | 150 } |
150 Integer id = null; | 151 Integer id = null; |
151 try { | 152 try { |
152 id = Integer.valueOf(params.getFirst("qid")); | 153 id = Integer.valueOf(params.getFirst("qid")); |
153 } | 154 } |
166 if (start + limit > result.size()) { | 167 if (start + limit > result.size()) { |
167 end = result.size(); | 168 end = result.size(); |
168 } | 169 } |
169 result = result.subList(start, end); | 170 result = result.subList(start, end); |
170 } | 171 } |
172 QueryBuilder<Messprogramm> mBuilder = new QueryBuilder<Messprogramm>( | |
173 repository.entityManager("land"), Messprogramm.class); | |
174 for (Map<String, Object> entry: result) { | |
175 mBuilder.or("id", (Integer)entry.get("id")); | |
176 } | |
177 Response r = repository.filter(mBuilder.getQuery(), "land"); | |
178 r = authorization.filter(request, r, Messprogramm.class); | |
179 List<Messprogramm> messprogramme = (List<Messprogramm>)r.getData(); | |
180 for (Map<String, Object> entry: result) { | |
181 Integer mId = Integer.valueOf(entry.get("id").toString()); | |
182 setAuthData(messprogramme, entry, mId); | |
183 } | |
184 | |
171 return new Response(true, 200, result, size); | 185 return new Response(true, 200, result, size); |
186 } | |
187 | |
188 private void setAuthData( | |
189 List<Messprogramm> messprogamme, | |
190 Map<String, Object> entry, | |
191 Integer id | |
192 ) { | |
193 for (int i = 0; i < messprogamme.size(); i++) { | |
194 if (id.equals(messprogamme.get(i).getId())) { | |
195 entry.put("readonly", messprogamme.get(i).isReadonly()); | |
196 return; | |
197 } | |
198 } | |
172 } | 199 } |
173 | 200 |
174 /** | 201 /** |
175 * Get a Messprogramm object by id. | 202 * Get a Messprogramm object by id. |
176 * <p> | 203 * <p> |
187 @Context HttpServletRequest request, | 214 @Context HttpServletRequest request, |
188 @PathParam("id") String id | 215 @PathParam("id") String id |
189 ) { | 216 ) { |
190 return authorization.filter( | 217 return authorization.filter( |
191 request, | 218 request, |
192 defaultRepo.getById(Messprogramm.class, Integer.valueOf(id), "land"), | 219 repository.getById(Messprogramm.class, Integer.valueOf(id), "land"), |
193 Messprogramm.class); | 220 Messprogramm.class); |
194 } | 221 } |
195 | 222 |
196 /** | 223 /** |
197 * Create a Messprogramm object. | 224 * Create a Messprogramm object. |
252 | 279 |
253 if (messprogramm.getUmwId() == null || messprogramm.getUmwId().length() == 0) { | 280 if (messprogramm.getUmwId() == null || messprogramm.getUmwId().length() == 0) { |
254 messprogramm = factory.findUmweltId(messprogramm); | 281 messprogramm = factory.findUmweltId(messprogramm); |
255 } | 282 } |
256 /* Persist the new messprogramm object*/ | 283 /* Persist the new messprogramm object*/ |
257 Response response = defaultRepo.create(messprogramm, "land"); | 284 Response response = repository.create(messprogramm, "land"); |
258 Messprogramm ret = (Messprogramm)response.getData(); | 285 Messprogramm ret = (Messprogramm)response.getData(); |
259 Response created = | 286 Response created = |
260 defaultRepo.getById(Messprogramm.class, ret.getId(), "land"); | 287 repository.getById(Messprogramm.class, ret.getId(), "land"); |
261 return authorization.filter( | 288 return authorization.filter( |
262 request, | 289 request, |
263 new Response(true, 200, created.getData()), | 290 new Response(true, 200, created.getData()), |
264 Messprogramm.class); | 291 Messprogramm.class); |
265 } | 292 } |
323 } | 350 } |
324 | 351 |
325 if (messprogramm.getUmwId() == null || messprogramm.getUmwId().equals("")) { | 352 if (messprogramm.getUmwId() == null || messprogramm.getUmwId().equals("")) { |
326 messprogramm = factory.findUmweltId(messprogramm); | 353 messprogramm = factory.findUmweltId(messprogramm); |
327 } | 354 } |
328 Response response = defaultRepo.update(messprogramm, "land"); | 355 Response response = repository.update(messprogramm, "land"); |
329 if (!response.getSuccess()) { | 356 if (!response.getSuccess()) { |
330 return response; | 357 return response; |
331 } | 358 } |
332 Response updated = defaultRepo.getById( | 359 Response updated = repository.getById( |
333 Messprogramm.class, | 360 Messprogramm.class, |
334 ((Messprogramm)response.getData()).getId(), "land"); | 361 ((Messprogramm)response.getData()).getId(), "land"); |
335 return authorization.filter( | 362 return authorization.filter( |
336 request, | 363 request, |
337 updated, | 364 updated, |
352 @Produces(MediaType.APPLICATION_JSON) | 379 @Produces(MediaType.APPLICATION_JSON) |
353 public Response delete( | 380 public Response delete( |
354 @Context HttpServletRequest request, | 381 @Context HttpServletRequest request, |
355 @PathParam("id") String id | 382 @PathParam("id") String id |
356 ) { | 383 ) { |
357 /* Get the messung object by id*/ | 384 /* Get the messprogamm object by id*/ |
358 Response messprogramm = | 385 Response messprogramm = |
359 defaultRepo.getById(Messprogramm.class, Integer.valueOf(id), "land"); | 386 repository.getById(Messprogramm.class, Integer.valueOf(id), "land"); |
360 Messprogramm messprogrammObj = (Messprogramm)messprogramm.getData(); | 387 Messprogramm messprogrammObj = (Messprogramm)messprogramm.getData(); |
361 if (!authorization.isAuthorized( | 388 if (!authorization.isAuthorized( |
362 request, | 389 request, |
363 messprogrammObj, | 390 messprogrammObj, |
364 RequestMethod.DELETE, | 391 RequestMethod.DELETE, |
365 Messprogramm.class) | 392 Messprogramm.class) |
366 ) { | 393 ) { |
367 return new Response(false, 699, null); | 394 return new Response(false, 699, null); |
368 } | 395 } |
369 /* Delete the messprogramm object*/ | 396 /* Delete the messprogramm object*/ |
370 Response response = defaultRepo.delete(messprogrammObj, "land"); | 397 Response response = repository.delete(messprogrammObj, "land"); |
371 return response; | 398 return response; |
372 } | 399 } |
373 } | 400 } |