Mercurial > lada > lada-server
diff src/main/java/de/intevation/lada/rest/MessprogrammService.java @ 1332:65ed13ff9945 2.6.1
Changed authorization for Messprogramm.
* Added 'readonly' flag
* Only user with function '4' and the corresponding 'netzbetreiber' are allowed
to edit.
* User authorized to create a 'probe' are allowed to generate proben.
author | Raimund Renkert <raimund.renkert@intevation.de> |
---|---|
date | Wed, 29 Mar 2017 14:25:56 +0200 |
parents | 4ee336c65ab3 |
children |
line wrap: on
line diff
--- a/src/main/java/de/intevation/lada/rest/MessprogrammService.java Mon Mar 27 17:04:32 2017 +0200 +++ b/src/main/java/de/intevation/lada/rest/MessprogrammService.java Wed Mar 29 14:25:56 2017 +0200 @@ -32,6 +32,7 @@ import de.intevation.lada.util.annotation.RepositoryConfig; import de.intevation.lada.util.auth.Authorization; import de.intevation.lada.util.auth.AuthorizationType; +import de.intevation.lada.util.data.QueryBuilder; import de.intevation.lada.util.data.Repository; import de.intevation.lada.util.data.RepositoryType; import de.intevation.lada.util.rest.RequestMethod; @@ -95,7 +96,7 @@ */ @Inject @RepositoryConfig(type=RepositoryType.RW) - private Repository defaultRepo; + private Repository repository; /** * The authorization module. @@ -145,7 +146,7 @@ ) { MultivaluedMap<String, String> params = info.getQueryParameters(); if (params.isEmpty() || !params.containsKey("qid")) { - return defaultRepo.getAll(Messprogramm.class, "land"); + return repository.getAll(Messprogramm.class, "land"); } Integer id = null; try { @@ -168,9 +169,35 @@ } result = result.subList(start, end); } + QueryBuilder<Messprogramm> mBuilder = new QueryBuilder<Messprogramm>( + repository.entityManager("land"), Messprogramm.class); + for (Map<String, Object> entry: result) { + mBuilder.or("id", (Integer)entry.get("id")); + } + Response r = repository.filter(mBuilder.getQuery(), "land"); + r = authorization.filter(request, r, Messprogramm.class); + List<Messprogramm> messprogramme = (List<Messprogramm>)r.getData(); + for (Map<String, Object> entry: result) { + Integer mId = Integer.valueOf(entry.get("id").toString()); + setAuthData(messprogramme, entry, mId); + } + return new Response(true, 200, result, size); } + private void setAuthData( + List<Messprogramm> messprogamme, + Map<String, Object> entry, + Integer id + ) { + for (int i = 0; i < messprogamme.size(); i++) { + if (id.equals(messprogamme.get(i).getId())) { + entry.put("readonly", messprogamme.get(i).isReadonly()); + return; + } + } + } + /** * Get a Messprogramm object by id. * <p> @@ -189,7 +216,7 @@ ) { return authorization.filter( request, - defaultRepo.getById(Messprogramm.class, Integer.valueOf(id), "land"), + repository.getById(Messprogramm.class, Integer.valueOf(id), "land"), Messprogramm.class); } @@ -254,10 +281,10 @@ messprogramm = factory.findUmweltId(messprogramm); } /* Persist the new messprogramm object*/ - Response response = defaultRepo.create(messprogramm, "land"); + Response response = repository.create(messprogramm, "land"); Messprogramm ret = (Messprogramm)response.getData(); Response created = - defaultRepo.getById(Messprogramm.class, ret.getId(), "land"); + repository.getById(Messprogramm.class, ret.getId(), "land"); return authorization.filter( request, new Response(true, 200, created.getData()), @@ -325,11 +352,11 @@ if (messprogramm.getUmwId() == null || messprogramm.getUmwId().equals("")) { messprogramm = factory.findUmweltId(messprogramm); } - Response response = defaultRepo.update(messprogramm, "land"); + Response response = repository.update(messprogramm, "land"); if (!response.getSuccess()) { return response; } - Response updated = defaultRepo.getById( + Response updated = repository.getById( Messprogramm.class, ((Messprogramm)response.getData()).getId(), "land"); return authorization.filter( @@ -354,9 +381,9 @@ @Context HttpServletRequest request, @PathParam("id") String id ) { - /* Get the messung object by id*/ + /* Get the messprogamm object by id*/ Response messprogramm = - defaultRepo.getById(Messprogramm.class, Integer.valueOf(id), "land"); + repository.getById(Messprogramm.class, Integer.valueOf(id), "land"); Messprogramm messprogrammObj = (Messprogramm)messprogramm.getData(); if (!authorization.isAuthorized( request, @@ -367,7 +394,7 @@ return new Response(false, 699, null); } /* Delete the messprogramm object*/ - Response response = defaultRepo.delete(messprogrammObj, "land"); + Response response = repository.delete(messprogrammObj, "land"); return response; } }