Mercurial > lada > lada-server
comparison src/main/java/de/intevation/lada/rest/MessprogrammService.java @ 1332:65ed13ff9945 2.6.1
Changed authorization for Messprogramm.
* Added 'readonly' flag
* Only user with function '4' and the corresponding 'netzbetreiber' are allowed
to edit.
* User authorized to create a 'probe' are allowed to generate proben.
| author | Raimund Renkert <raimund.renkert@intevation.de> |
|---|---|
| date | Wed, 29 Mar 2017 14:25:56 +0200 |
| parents | 4ee336c65ab3 |
| children |
comparison
equal
deleted
inserted
replaced
| 1331:03faaba3c2a3 | 1332:65ed13ff9945 |
|---|---|
| 30 import de.intevation.lada.query.QueryTools; | 30 import de.intevation.lada.query.QueryTools; |
| 31 import de.intevation.lada.util.annotation.AuthorizationConfig; | 31 import de.intevation.lada.util.annotation.AuthorizationConfig; |
| 32 import de.intevation.lada.util.annotation.RepositoryConfig; | 32 import de.intevation.lada.util.annotation.RepositoryConfig; |
| 33 import de.intevation.lada.util.auth.Authorization; | 33 import de.intevation.lada.util.auth.Authorization; |
| 34 import de.intevation.lada.util.auth.AuthorizationType; | 34 import de.intevation.lada.util.auth.AuthorizationType; |
| 35 import de.intevation.lada.util.data.QueryBuilder; | |
| 35 import de.intevation.lada.util.data.Repository; | 36 import de.intevation.lada.util.data.Repository; |
| 36 import de.intevation.lada.util.data.RepositoryType; | 37 import de.intevation.lada.util.data.RepositoryType; |
| 37 import de.intevation.lada.util.rest.RequestMethod; | 38 import de.intevation.lada.util.rest.RequestMethod; |
| 38 import de.intevation.lada.util.rest.Response; | 39 import de.intevation.lada.util.rest.Response; |
| 39 import de.intevation.lada.validation.Validator; | 40 import de.intevation.lada.validation.Validator; |
| 93 /** | 94 /** |
| 94 * The data repository granting read/write access. | 95 * The data repository granting read/write access. |
| 95 */ | 96 */ |
| 96 @Inject | 97 @Inject |
| 97 @RepositoryConfig(type=RepositoryType.RW) | 98 @RepositoryConfig(type=RepositoryType.RW) |
| 98 private Repository defaultRepo; | 99 private Repository repository; |
| 99 | 100 |
| 100 /** | 101 /** |
| 101 * The authorization module. | 102 * The authorization module. |
| 102 */ | 103 */ |
| 103 @Inject | 104 @Inject |
| 143 @Context UriInfo info, | 144 @Context UriInfo info, |
| 144 @Context HttpServletRequest request | 145 @Context HttpServletRequest request |
| 145 ) { | 146 ) { |
| 146 MultivaluedMap<String, String> params = info.getQueryParameters(); | 147 MultivaluedMap<String, String> params = info.getQueryParameters(); |
| 147 if (params.isEmpty() || !params.containsKey("qid")) { | 148 if (params.isEmpty() || !params.containsKey("qid")) { |
| 148 return defaultRepo.getAll(Messprogramm.class, "land"); | 149 return repository.getAll(Messprogramm.class, "land"); |
| 149 } | 150 } |
| 150 Integer id = null; | 151 Integer id = null; |
| 151 try { | 152 try { |
| 152 id = Integer.valueOf(params.getFirst("qid")); | 153 id = Integer.valueOf(params.getFirst("qid")); |
| 153 } | 154 } |
| 166 if (start + limit > result.size()) { | 167 if (start + limit > result.size()) { |
| 167 end = result.size(); | 168 end = result.size(); |
| 168 } | 169 } |
| 169 result = result.subList(start, end); | 170 result = result.subList(start, end); |
| 170 } | 171 } |
| 172 QueryBuilder<Messprogramm> mBuilder = new QueryBuilder<Messprogramm>( | |
| 173 repository.entityManager("land"), Messprogramm.class); | |
| 174 for (Map<String, Object> entry: result) { | |
| 175 mBuilder.or("id", (Integer)entry.get("id")); | |
| 176 } | |
| 177 Response r = repository.filter(mBuilder.getQuery(), "land"); | |
| 178 r = authorization.filter(request, r, Messprogramm.class); | |
| 179 List<Messprogramm> messprogramme = (List<Messprogramm>)r.getData(); | |
| 180 for (Map<String, Object> entry: result) { | |
| 181 Integer mId = Integer.valueOf(entry.get("id").toString()); | |
| 182 setAuthData(messprogramme, entry, mId); | |
| 183 } | |
| 184 | |
| 171 return new Response(true, 200, result, size); | 185 return new Response(true, 200, result, size); |
| 186 } | |
| 187 | |
| 188 private void setAuthData( | |
| 189 List<Messprogramm> messprogamme, | |
| 190 Map<String, Object> entry, | |
| 191 Integer id | |
| 192 ) { | |
| 193 for (int i = 0; i < messprogamme.size(); i++) { | |
| 194 if (id.equals(messprogamme.get(i).getId())) { | |
| 195 entry.put("readonly", messprogamme.get(i).isReadonly()); | |
| 196 return; | |
| 197 } | |
| 198 } | |
| 172 } | 199 } |
| 173 | 200 |
| 174 /** | 201 /** |
| 175 * Get a Messprogramm object by id. | 202 * Get a Messprogramm object by id. |
| 176 * <p> | 203 * <p> |
| 187 @Context HttpServletRequest request, | 214 @Context HttpServletRequest request, |
| 188 @PathParam("id") String id | 215 @PathParam("id") String id |
| 189 ) { | 216 ) { |
| 190 return authorization.filter( | 217 return authorization.filter( |
| 191 request, | 218 request, |
| 192 defaultRepo.getById(Messprogramm.class, Integer.valueOf(id), "land"), | 219 repository.getById(Messprogramm.class, Integer.valueOf(id), "land"), |
| 193 Messprogramm.class); | 220 Messprogramm.class); |
| 194 } | 221 } |
| 195 | 222 |
| 196 /** | 223 /** |
| 197 * Create a Messprogramm object. | 224 * Create a Messprogramm object. |
| 252 | 279 |
| 253 if (messprogramm.getUmwId() == null || messprogramm.getUmwId().length() == 0) { | 280 if (messprogramm.getUmwId() == null || messprogramm.getUmwId().length() == 0) { |
| 254 messprogramm = factory.findUmweltId(messprogramm); | 281 messprogramm = factory.findUmweltId(messprogramm); |
| 255 } | 282 } |
| 256 /* Persist the new messprogramm object*/ | 283 /* Persist the new messprogramm object*/ |
| 257 Response response = defaultRepo.create(messprogramm, "land"); | 284 Response response = repository.create(messprogramm, "land"); |
| 258 Messprogramm ret = (Messprogramm)response.getData(); | 285 Messprogramm ret = (Messprogramm)response.getData(); |
| 259 Response created = | 286 Response created = |
| 260 defaultRepo.getById(Messprogramm.class, ret.getId(), "land"); | 287 repository.getById(Messprogramm.class, ret.getId(), "land"); |
| 261 return authorization.filter( | 288 return authorization.filter( |
| 262 request, | 289 request, |
| 263 new Response(true, 200, created.getData()), | 290 new Response(true, 200, created.getData()), |
| 264 Messprogramm.class); | 291 Messprogramm.class); |
| 265 } | 292 } |
| 323 } | 350 } |
| 324 | 351 |
| 325 if (messprogramm.getUmwId() == null || messprogramm.getUmwId().equals("")) { | 352 if (messprogramm.getUmwId() == null || messprogramm.getUmwId().equals("")) { |
| 326 messprogramm = factory.findUmweltId(messprogramm); | 353 messprogramm = factory.findUmweltId(messprogramm); |
| 327 } | 354 } |
| 328 Response response = defaultRepo.update(messprogramm, "land"); | 355 Response response = repository.update(messprogramm, "land"); |
| 329 if (!response.getSuccess()) { | 356 if (!response.getSuccess()) { |
| 330 return response; | 357 return response; |
| 331 } | 358 } |
| 332 Response updated = defaultRepo.getById( | 359 Response updated = repository.getById( |
| 333 Messprogramm.class, | 360 Messprogramm.class, |
| 334 ((Messprogramm)response.getData()).getId(), "land"); | 361 ((Messprogramm)response.getData()).getId(), "land"); |
| 335 return authorization.filter( | 362 return authorization.filter( |
| 336 request, | 363 request, |
| 337 updated, | 364 updated, |
| 352 @Produces(MediaType.APPLICATION_JSON) | 379 @Produces(MediaType.APPLICATION_JSON) |
| 353 public Response delete( | 380 public Response delete( |
| 354 @Context HttpServletRequest request, | 381 @Context HttpServletRequest request, |
| 355 @PathParam("id") String id | 382 @PathParam("id") String id |
| 356 ) { | 383 ) { |
| 357 /* Get the messung object by id*/ | 384 /* Get the messprogamm object by id*/ |
| 358 Response messprogramm = | 385 Response messprogramm = |
| 359 defaultRepo.getById(Messprogramm.class, Integer.valueOf(id), "land"); | 386 repository.getById(Messprogramm.class, Integer.valueOf(id), "land"); |
| 360 Messprogramm messprogrammObj = (Messprogramm)messprogramm.getData(); | 387 Messprogramm messprogrammObj = (Messprogramm)messprogramm.getData(); |
| 361 if (!authorization.isAuthorized( | 388 if (!authorization.isAuthorized( |
| 362 request, | 389 request, |
| 363 messprogrammObj, | 390 messprogrammObj, |
| 364 RequestMethod.DELETE, | 391 RequestMethod.DELETE, |
| 365 Messprogramm.class) | 392 Messprogramm.class) |
| 366 ) { | 393 ) { |
| 367 return new Response(false, 699, null); | 394 return new Response(false, 699, null); |
| 368 } | 395 } |
| 369 /* Delete the messprogramm object*/ | 396 /* Delete the messprogramm object*/ |
| 370 Response response = defaultRepo.delete(messprogrammObj, "land"); | 397 Response response = repository.delete(messprogrammObj, "land"); |
| 371 return response; | 398 return response; |
| 372 } | 399 } |
| 373 } | 400 } |