Mercurial > lada > lada-server

view src/main/java/de/intevation/lada/util/auth/MessprogrammAuthorizer.java @ 1332:65ed13ff9945 2.6.1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Changed authorization for Messprogramm. * Added 'readonly' flag * Only user with function '4' and the corresponding 'netzbetreiber' are allowed to edit. * User authorized to create a 'probe' are allowed to generate proben.
author Raimund Renkert <raimund.renkert@intevation.de>
date Wed, 29 Mar 2017 14:25:56 +0200
parents cf1eb19f896b
children
line wrap: on
line source
/* Copyright (C) 2013 by Bundesamt fuer Strahlenschutz
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU GPL (v>=3)
 * and comes with ABSOLUTELY NO WARRANTY! Check out
 * the documentation coming with IMIS-Labordaten-Application for details.
 */
package de.intevation.lada.util.auth;

import java.util.ArrayList;
import java.util.List;

import javax.inject.Inject;

import de.intevation.lada.model.land.Messprogramm;
import de.intevation.lada.model.land.MessprogrammMmt;
import de.intevation.lada.model.stammdaten.MessStelle;
import de.intevation.lada.util.annotation.RepositoryConfig;
import de.intevation.lada.util.data.Repository;
import de.intevation.lada.util.data.RepositoryType;
import de.intevation.lada.util.rest.RequestMethod;
import de.intevation.lada.util.rest.Response;

public class MessprogrammAuthorizer implements Authorizer {

    @Inject
    @RepositoryConfig(type=RepositoryType.RO)
    private Repository repository;

    @Override
    public <T> boolean isAuthorized(
        Object data,
        RequestMethod method,
        UserInfo userInfo,
        Class<T> clazz
    ) {
        if (method == RequestMethod.GET) {
            // Allow read access to everybody
            return true;
        }
        Messprogramm messprogramm = null;
        if (data instanceof Messprogramm) {
            messprogramm = (Messprogramm)data;
        }
        else if (data instanceof MessprogrammMmt) {
            messprogramm = repository.getByIdPlain(
                Messprogramm.class,
                ((MessprogrammMmt)data).getMessprogrammId(),
                "land");
        }
        MessStelle mst = repository.getByIdPlain(
            MessStelle.class, messprogramm.getMstId(), "stamm");
        if (userInfo.getFunktionenForNetzbetreiber(
                mst.getNetzbetreiberId()).contains(4)) {
            return true;
        }
        return false;
    }

    @Override
    public <T> Response filter(
        Response data,
        UserInfo userInfo,
        Class<T> clazz
    ) {
        if (data.getData() instanceof List<?> &&
            !clazz.getSimpleName().equals("MessprogrammMmt")) {
            List<Messprogramm> messprogramme = new ArrayList<Messprogramm>();
            for (Messprogramm messprogramm :(List<Messprogramm>)data.getData()) {
                messprogramme.add(setAuthData(userInfo, messprogramm));
            }
            data.setData(messprogramme);
        }
        else if (data.getData() instanceof Messprogramm) {
            Messprogramm messprogramm = (Messprogramm)data.getData();
            data.setData(setAuthData(userInfo, messprogramm));
        }
        return data;
    }

    /**
     * Set authorization data for the current probe object.
     *
     * @param userInfo  The user information.
     * @param probe     The probe object.
     * @return The probe.
     */
    private Messprogramm setAuthData(UserInfo userInfo, Messprogramm messprogramm) {
        MessStelle mst = repository.getByIdPlain(MessStelle.class, messprogramm.getMstId(), "stamm");
        if (userInfo.getFunktionenForNetzbetreiber(
                mst.getNetzbetreiberId()).contains(4)) {
            messprogramm.setReadonly(false);
            return messprogramm;
        }
        else {
            messprogramm.setReadonly(true);
        }
        return messprogramm;
    }
}
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)