Mercurial > lada > lada-server
view src/main/java/de/intevation/lada/util/auth/MessprogrammAuthorizer.java @ 1332:65ed13ff9945 2.6.1
Changed authorization for Messprogramm.
* Added 'readonly' flag
* Only user with function '4' and the corresponding 'netzbetreiber' are allowed
to edit.
* User authorized to create a 'probe' are allowed to generate proben.
author | Raimund Renkert <raimund.renkert@intevation.de> |
---|---|
date | Wed, 29 Mar 2017 14:25:56 +0200 |
parents | cf1eb19f896b |
children |
line wrap: on
line source
/* Copyright (C) 2013 by Bundesamt fuer Strahlenschutz * Software engineering by Intevation GmbH * * This file is Free Software under the GNU GPL (v>=3) * and comes with ABSOLUTELY NO WARRANTY! Check out * the documentation coming with IMIS-Labordaten-Application for details. */ package de.intevation.lada.util.auth; import java.util.ArrayList; import java.util.List; import javax.inject.Inject; import de.intevation.lada.model.land.Messprogramm; import de.intevation.lada.model.land.MessprogrammMmt; import de.intevation.lada.model.stammdaten.MessStelle; import de.intevation.lada.util.annotation.RepositoryConfig; import de.intevation.lada.util.data.Repository; import de.intevation.lada.util.data.RepositoryType; import de.intevation.lada.util.rest.RequestMethod; import de.intevation.lada.util.rest.Response; public class MessprogrammAuthorizer implements Authorizer { @Inject @RepositoryConfig(type=RepositoryType.RO) private Repository repository; @Override public <T> boolean isAuthorized( Object data, RequestMethod method, UserInfo userInfo, Class<T> clazz ) { if (method == RequestMethod.GET) { // Allow read access to everybody return true; } Messprogramm messprogramm = null; if (data instanceof Messprogramm) { messprogramm = (Messprogramm)data; } else if (data instanceof MessprogrammMmt) { messprogramm = repository.getByIdPlain( Messprogramm.class, ((MessprogrammMmt)data).getMessprogrammId(), "land"); } MessStelle mst = repository.getByIdPlain( MessStelle.class, messprogramm.getMstId(), "stamm"); if (userInfo.getFunktionenForNetzbetreiber( mst.getNetzbetreiberId()).contains(4)) { return true; } return false; } @Override public <T> Response filter( Response data, UserInfo userInfo, Class<T> clazz ) { if (data.getData() instanceof List<?> && !clazz.getSimpleName().equals("MessprogrammMmt")) { List<Messprogramm> messprogramme = new ArrayList<Messprogramm>(); for (Messprogramm messprogramm :(List<Messprogramm>)data.getData()) { messprogramme.add(setAuthData(userInfo, messprogramm)); } data.setData(messprogramme); } else if (data.getData() instanceof Messprogramm) { Messprogramm messprogramm = (Messprogramm)data.getData(); data.setData(setAuthData(userInfo, messprogramm)); } return data; } /** * Set authorization data for the current probe object. * * @param userInfo The user information. * @param probe The probe object. * @return The probe. */ private Messprogramm setAuthData(UserInfo userInfo, Messprogramm messprogramm) { MessStelle mst = repository.getByIdPlain(MessStelle.class, messprogramm.getMstId(), "stamm"); if (userInfo.getFunktionenForNetzbetreiber( mst.getNetzbetreiberId()).contains(4)) { messprogramm.setReadonly(false); return messprogramm; } else { messprogramm.setReadonly(true); } return messprogramm; } }