Mercurial > lada > lada-server
view src/main/java/de/intevation/lada/util/auth/DefaultAuthorization.java @ 1292:588f6deae24a
Fix authorization for OrtszuordnungMp and friends.
Setting readonly equal to owner implied an owner cannot edit its own
objects. That was probably not intended. As many of the conditionals
actually evaluated to doing nothing, those were removed.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Wed, 08 Feb 2017 19:56:01 +0100 |
parents | 657f35a7467d |
children |
line wrap: on
line source
/* Copyright (C) 2013 by Bundesamt fuer Strahlenschutz * Software engineering by Intevation GmbH * * This file is Free Software under the GNU GPL (v>=3) * and comes with ABSOLUTELY NO WARRANTY! Check out * the documentation coming with IMIS-Labordaten-Application for details. */ package de.intevation.lada.util.auth; import javax.ejb.Stateless; import de.intevation.lada.util.annotation.AuthorizationConfig; import de.intevation.lada.util.rest.RequestMethod; import de.intevation.lada.util.rest.Response; /** * Default implementation of the authorization. * * @author <a href="mailto:rrenkert@intevation.de">Raimund Renkert</a> */ @Stateless @AuthorizationConfig(type=AuthorizationType.NONE) public class DefaultAuthorization implements Authorization { /** * Get the user infomation. * * @return An empty UserInfo object. */ @Override public UserInfo getInfo(Object source) { return new UserInfo(); } /** * Filter the data embedded in 'data'. * * @param source The HTTP request. * @param data The response data object. * @param clazz The type of the embedded data. * * @return Unfiltered response data object. */ @Override public <T> Response filter(Object source, Response data, Class<T> clazz) { return data; } /** * Get the authorization status. * * @param source The HTTP request * @param data The requested data * @param method The HTTP request method * @param clazz The type of the embedded data. * * @return true */ @Override public <T> boolean isAuthorized( Object source, Object data, RequestMethod method, Class<T> clazz) { return true; } /** * Get the R/W status of a probe object by id. * * @param probeId The probe id. * * @return false */ @Override public boolean isReadOnly(Integer probeId) { return false; } /** * Get the authorization status. * * @param userInfo The user information * @param data The response data object. * * @return true */ @Override public <T> boolean isAuthorized( UserInfo userInfo, Object data, Class<T> clazz) { return true; } /** * Get the authorization status. * * @param userInfo The user information * @param data The response data object. * * @return true */ @Override public <T> boolean isAuthorizedOnNew( UserInfo userInfo, Object data, Class<T> clazz) { return true; } }