Mercurial > lada > lada-server

diff src/main/java/de/intevation/lada/rest/StatusService.java @ 833:fa922101a462

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Refactored Authorization. * Introduced "authorizer" * Attribute and datatype depended authorization
author Raimund Renkert <raimund.renkert@intevation.de>
date Fri, 08 Jan 2016 12:05:26 +0100
parents 5bdd1631a451
children 2fe625c91ab3
line wrap: on
line diff
--- a/src/main/java/de/intevation/lada/rest/StatusService.java	Fri Dec 18 18:01:00 2015 +0100
+++ b/src/main/java/de/intevation/lada/rest/StatusService.java	Fri Jan 08 12:05:26 2016 +0100
@@ -146,10 +146,12 @@
             LMessung.class,
             id,
             "land");
-        if (!authorization.isAuthorized(authorization.getInfo(request), messung)) {
-            if (!authorization.isAuthorized(id, LMessung.class)) {
-                return new Response(false, 697, null);
-            }
+        if (!authorization.isAuthorized(
+            request,
+            messung,
+            RequestMethod.GET,
+            LMessung.class)) {
+            return new Response(false, 697, null);
         }
 
         QueryBuilder<LStatusProtokoll> builder =
@@ -227,14 +229,6 @@
         @Context HttpServletRequest request,
         LStatusProtokoll status
     ) {
-        if (!authorization.isAuthorized(
-                request,
-                status,
-                RequestMethod.POST,
-                LStatusProtokoll.class)
-        ) {
-            return new Response(false, 699, null);
-        }
         UserInfo userInfo = authorization.getInfo(request);
         LMessung messung = defaultRepo.getByIdPlain(
             LMessung.class, status.getMessungsId(), "land");
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)