Mercurial > lada > lada-server
comparison src/main/java/de/intevation/lada/util/auth/MessprogrammIdAuthorizer.java @ 1265:a1323ef2c330
Changed ortszuordnungs model in messprogramm.
author | Raimund Renkert <raimund.renkert@intevation.de> |
---|---|
date | Fri, 27 Jan 2017 15:14:12 +0100 |
parents | |
children | d73cfd90ffc0 |
comparison
equal
deleted
inserted
replaced
1264:a0a5111b2aa6 | 1265:a1323ef2c330 |
---|---|
1 /* Copyright (C) 2013 by Bundesamt fuer Strahlenschutz | |
2 * Software engineering by Intevation GmbH | |
3 * | |
4 * This file is Free Software under the GNU GPL (v>=3) | |
5 * and comes with ABSOLUTELY NO WARRANTY! Check out | |
6 * the documentation coming with IMIS-Labordaten-Application for details. | |
7 */ | |
8 package de.intevation.lada.util.auth; | |
9 | |
10 import java.lang.reflect.InvocationTargetException; | |
11 import java.lang.reflect.Method; | |
12 import java.util.ArrayList; | |
13 import java.util.List; | |
14 | |
15 import de.intevation.lada.model.land.Messprogramm; | |
16 import de.intevation.lada.model.land.Probe; | |
17 import de.intevation.lada.model.stammdaten.MessStelle; | |
18 import de.intevation.lada.util.rest.RequestMethod; | |
19 import de.intevation.lada.util.rest.Response; | |
20 | |
21 public class MessprogrammIdAuthorizer extends BaseAuthorizer { | |
22 | |
23 @Override | |
24 public <T> boolean isAuthorized( | |
25 Object data, | |
26 RequestMethod method, | |
27 UserInfo userInfo, | |
28 Class<T> clazz | |
29 ) { | |
30 Method m; | |
31 try { | |
32 m = clazz.getMethod("getMessprogrammId"); | |
33 } catch (NoSuchMethodException | SecurityException e1) { | |
34 return false; | |
35 } | |
36 Integer id; | |
37 try { | |
38 id = (Integer) m.invoke(data); | |
39 } catch (IllegalAccessException | | |
40 IllegalArgumentException | | |
41 InvocationTargetException e | |
42 ) { | |
43 return false; | |
44 } | |
45 Messprogramm messprogramm = | |
46 repository.getByIdPlain(Messprogramm.class, id, "land"); | |
47 if (userInfo.getMessstellen().contains(messprogramm.getMstId())) { | |
48 return true; | |
49 } | |
50 return false; | |
51 } | |
52 | |
53 @SuppressWarnings("unchecked") | |
54 @Override | |
55 public <T> Response filter( | |
56 Response data, | |
57 UserInfo userInfo, | |
58 Class<T> clazz | |
59 ) { | |
60 if (data.getData() instanceof List<?>) { | |
61 List<Object> objects = new ArrayList<Object>(); | |
62 for (Object object :(List<Object>)data.getData()) { | |
63 objects.add(setAuthData(userInfo, object, clazz)); | |
64 } | |
65 data.setData(objects); | |
66 } | |
67 else { | |
68 Object object = data.getData(); | |
69 data.setData(setAuthData(userInfo, object, clazz)); | |
70 } | |
71 return data; | |
72 } | |
73 /** | |
74 * Authorize a single data object that has a probeId Attribute. | |
75 * | |
76 * @param userInfo The user information. | |
77 * @param data The Response object containing the data. | |
78 * @param clazz The data object class. | |
79 * @return A Response object containing the data. | |
80 */ | |
81 private <T> Object setAuthData( | |
82 UserInfo userInfo, | |
83 Object data, | |
84 Class<T> clazz | |
85 ) { | |
86 try { | |
87 Method getProbeId = clazz.getMethod("getProbeId"); | |
88 Integer id = null; | |
89 if (getProbeId != null) { | |
90 id = (Integer) getProbeId.invoke(data); | |
91 } | |
92 else { | |
93 return null; | |
94 } | |
95 Probe probe = | |
96 (Probe)repository.getById(Probe.class, id, "land").getData(); | |
97 | |
98 boolean readOnly = true; | |
99 boolean owner = false; | |
100 MessStelle mst = repository.getByIdPlain(MessStelle.class, probe.getMstId(), "stamm"); | |
101 if (!userInfo.getNetzbetreiber().contains( | |
102 mst.getNetzbetreiberId())) { | |
103 owner = false; | |
104 readOnly = true; | |
105 } | |
106 else { | |
107 if (userInfo.belongsTo(probe.getMstId(), probe.getLaborMstId())) { | |
108 owner = true; | |
109 } | |
110 else { | |
111 owner = false; | |
112 } | |
113 readOnly = this.isProbeReadOnly(id); | |
114 } | |
115 | |
116 Method setOwner = clazz.getMethod("setOwner", boolean.class); | |
117 Method setReadonly = clazz.getMethod("setReadonly", boolean.class); | |
118 setOwner.invoke(data, owner); | |
119 setReadonly.invoke(data, readOnly); | |
120 } catch (NoSuchMethodException | SecurityException | |
121 | IllegalAccessException | IllegalArgumentException | |
122 | InvocationTargetException e) { | |
123 return null; | |
124 } | |
125 return data; | |
126 } | |
127 } |