Mercurial > lada > lada-server

view src/main/java/de/intevation/lada/util/auth/NetzbetreiberAuthorizer.java @ 833:fa922101a462

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Refactored Authorization. * Introduced "authorizer" * Attribute and datatype depended authorization
author Raimund Renkert <raimund.renkert@intevation.de>
date Fri, 08 Jan 2016 12:05:26 +0100
parents
children bd51cb7b8d20
line wrap: on
line source
package de.intevation.lada.util.auth;

import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;

import de.intevation.lada.util.rest.RequestMethod;
import de.intevation.lada.util.rest.Response;

public class NetzbetreiberAuthorizer extends BaseAuthorizer {

    @Override
    public <T> boolean isAuthorized(
        Object data,
        RequestMethod method,
        UserInfo userInfo,
        Class<T> clazz
    ) {
        Method m;
        try {
            m = clazz.getMethod("getNetzbetreiberId");
        } catch (NoSuchMethodException | SecurityException e1) {
            return false;
        }
        String id;
        try {
            id = (String) m.invoke(data);
        } catch (IllegalAccessException |
            IllegalArgumentException |
            InvocationTargetException e
        ) {
            return false;
        }
        return (method == RequestMethod.POST ||
            method == RequestMethod.PUT ||
            method == RequestMethod.DELETE) &&
            userInfo.getNetzbetreiber().contains(id) &&
            userInfo.getFunktionen().contains(4);
    }

    @Override
    public <T> Response filter(
        Response data,
        UserInfo userInfo,
        Class<T> clazz
    ) {
        return data;
    }

}
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)