Mercurial > lada > lada-server
diff src/main/java/de/intevation/lada/rest/StatusService.java @ 833:fa922101a462
Refactored Authorization.
* Introduced "authorizer"
* Attribute and datatype depended authorization
author | Raimund Renkert <raimund.renkert@intevation.de> |
---|---|
date | Fri, 08 Jan 2016 12:05:26 +0100 |
parents | 5bdd1631a451 |
children | 2fe625c91ab3 |
line wrap: on
line diff
--- a/src/main/java/de/intevation/lada/rest/StatusService.java Fri Dec 18 18:01:00 2015 +0100 +++ b/src/main/java/de/intevation/lada/rest/StatusService.java Fri Jan 08 12:05:26 2016 +0100 @@ -146,10 +146,12 @@ LMessung.class, id, "land"); - if (!authorization.isAuthorized(authorization.getInfo(request), messung)) { - if (!authorization.isAuthorized(id, LMessung.class)) { - return new Response(false, 697, null); - } + if (!authorization.isAuthorized( + request, + messung, + RequestMethod.GET, + LMessung.class)) { + return new Response(false, 697, null); } QueryBuilder<LStatusProtokoll> builder = @@ -227,14 +229,6 @@ @Context HttpServletRequest request, LStatusProtokoll status ) { - if (!authorization.isAuthorized( - request, - status, - RequestMethod.POST, - LStatusProtokoll.class) - ) { - return new Response(false, 699, null); - } UserInfo userInfo = authorization.getInfo(request); LMessung messung = defaultRepo.getByIdPlain( LMessung.class, status.getMessungsId(), "land");