# HG changeset patch # User Raimund Renkert # Date 1373029167 -7200 # Node ID 01148d036b9b2a9123e6a6efcdbb5b6da0003c79 # Parent 0d545e6d18859d0adde3ca65c1c7259c67dddc8f Added new module to authorize operations on objects. diff -r 0d545e6d1885 -r 01148d036b9b src/main/java/de/intevation/lada/auth/Authorization.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/main/java/de/intevation/lada/auth/Authorization.java Fri Jul 05 14:59:27 2013 +0200 @@ -0,0 +1,7 @@ +package de.intevation.lada.auth; + + +public interface Authorization +{ + public boolean isReadOnly(String id); +} diff -r 0d545e6d1885 -r 01148d036b9b src/main/java/de/intevation/lada/auth/DataAuthorization.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/main/java/de/intevation/lada/auth/DataAuthorization.java Fri Jul 05 14:59:27 2013 +0200 @@ -0,0 +1,47 @@ +package de.intevation.lada.auth; + +import java.util.List; + +import javax.enterprise.context.ApplicationScoped; +import javax.inject.Inject; +import javax.inject.Named; + +import de.intevation.lada.data.QueryBuilder; +import de.intevation.lada.data.Repository; +import de.intevation.lada.model.LMessung; +import de.intevation.lada.rest.Response; + +@ApplicationScoped +@Named("dataauthorization") +public class DataAuthorization +implements Authorization +{ + @Inject + @Named("readonlyrepository") + private Repository repository; + + /** + * Determine if the LProbe identified by probeId is writable for the user. + * + * @param probeId The probe id. + */ + public boolean isReadOnly(String probeId) { + QueryBuilder builder = + new QueryBuilder( + repository.getEntityManager(), + LMessung.class); + builder.and("probeId", probeId); + Response response = repository.filter(builder.getQuery()); + @SuppressWarnings("unchecked") + List messungen = (List) response.getData(); + if (messungen.isEmpty()) { + return false; + } + for(LMessung messung : messungen) { + if (messung.isFertig()) { + return true; + } + } + return false; + } +}