Mercurial > lada > lada-server
comparison src/main/java/de/intevation/lada/rest/StatusService.java @ 833:fa922101a462
Refactored Authorization.
* Introduced "authorizer"
* Attribute and datatype depended authorization
| author | Raimund Renkert <raimund.renkert@intevation.de> |
|---|---|
| date | Fri, 08 Jan 2016 12:05:26 +0100 |
| parents | 5bdd1631a451 |
| children | 2fe625c91ab3 |
comparison
equal
deleted
inserted
replaced
| 832:59c51da59b30 | 833:fa922101a462 |
|---|---|
| 144 } | 144 } |
| 145 LMessung messung = defaultRepo.getByIdPlain( | 145 LMessung messung = defaultRepo.getByIdPlain( |
| 146 LMessung.class, | 146 LMessung.class, |
| 147 id, | 147 id, |
| 148 "land"); | 148 "land"); |
| 149 if (!authorization.isAuthorized(authorization.getInfo(request), messung)) { | 149 if (!authorization.isAuthorized( |
| 150 if (!authorization.isAuthorized(id, LMessung.class)) { | 150 request, |
| 151 return new Response(false, 697, null); | 151 messung, |
| 152 } | 152 RequestMethod.GET, |
| 153 LMessung.class)) { | |
| 154 return new Response(false, 697, null); | |
| 153 } | 155 } |
| 154 | 156 |
| 155 QueryBuilder<LStatusProtokoll> builder = | 157 QueryBuilder<LStatusProtokoll> builder = |
| 156 new QueryBuilder<LStatusProtokoll>( | 158 new QueryBuilder<LStatusProtokoll>( |
| 157 defaultRepo.entityManager("land"), | 159 defaultRepo.entityManager("land"), |
| 225 public Response create( | 227 public Response create( |
| 226 @Context HttpHeaders headers, | 228 @Context HttpHeaders headers, |
| 227 @Context HttpServletRequest request, | 229 @Context HttpServletRequest request, |
| 228 LStatusProtokoll status | 230 LStatusProtokoll status |
| 229 ) { | 231 ) { |
| 230 if (!authorization.isAuthorized( | |
| 231 request, | |
| 232 status, | |
| 233 RequestMethod.POST, | |
| 234 LStatusProtokoll.class) | |
| 235 ) { | |
| 236 return new Response(false, 699, null); | |
| 237 } | |
| 238 UserInfo userInfo = authorization.getInfo(request); | 232 UserInfo userInfo = authorization.getInfo(request); |
| 239 LMessung messung = defaultRepo.getByIdPlain( | 233 LMessung messung = defaultRepo.getByIdPlain( |
| 240 LMessung.class, status.getMessungsId(), "land"); | 234 LMessung.class, status.getMessungsId(), "land"); |
| 241 boolean next = false; | 235 boolean next = false; |
| 242 boolean change = false; | 236 boolean change = false; |