# HG changeset patch
# User Raimund Renkert <raimund.renkert@intevation.de>
# Date 1490790356 -7200
# Node ID 65ed13ff994507c46b8d5056bc84a3e2d9f64cd2
# Parent  03faaba3c2a3cb7b559ec87415c10fb5dda019ff
Changed authorization for Messprogramm.

* Added 'readonly' flag
* Only user with function '4' and the corresponding 'netzbetreiber' are allowed
  to edit.
* User authorized to create a 'probe' are allowed to generate proben.

diff -r 03faaba3c2a3 -r 65ed13ff9945 src/main/java/de/intevation/lada/model/land/Messprogramm.java
--- a/src/main/java/de/intevation/lada/model/land/Messprogramm.java	Mon Mar 27 17:04:32 2017 +0200
+++ b/src/main/java/de/intevation/lada/model/land/Messprogramm.java	Wed Mar 29 14:25:56 2017 +0200
@@ -16,6 +16,7 @@
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.PrePersist;
+import javax.persistence.Transient;
 
 
 /**
@@ -98,6 +99,9 @@
     @Column(name="umw_id")
     private String umwId;
 
+    @Transient
+    private boolean readonly;
+
     public Messprogramm() {
     }
 
@@ -269,4 +273,12 @@
         this.umwId = umwId;
     }
 
+    public boolean isReadonly() {
+        return readonly;
+    }
+
+    public void setReadonly(boolean readonly) {
+        this.readonly = readonly;
+    }
+
 }
diff -r 03faaba3c2a3 -r 65ed13ff9945 src/main/java/de/intevation/lada/rest/MessprogrammService.java
--- a/src/main/java/de/intevation/lada/rest/MessprogrammService.java	Mon Mar 27 17:04:32 2017 +0200
+++ b/src/main/java/de/intevation/lada/rest/MessprogrammService.java	Wed Mar 29 14:25:56 2017 +0200
@@ -32,6 +32,7 @@
 import de.intevation.lada.util.annotation.RepositoryConfig;
 import de.intevation.lada.util.auth.Authorization;
 import de.intevation.lada.util.auth.AuthorizationType;
+import de.intevation.lada.util.data.QueryBuilder;
 import de.intevation.lada.util.data.Repository;
 import de.intevation.lada.util.data.RepositoryType;
 import de.intevation.lada.util.rest.RequestMethod;
@@ -95,7 +96,7 @@
      */
     @Inject
     @RepositoryConfig(type=RepositoryType.RW)
-    private Repository defaultRepo;
+    private Repository repository;
 
     /**
      * The authorization module.
@@ -145,7 +146,7 @@
     ) {
         MultivaluedMap<String, String> params = info.getQueryParameters();
         if (params.isEmpty() || !params.containsKey("qid")) {
-            return defaultRepo.getAll(Messprogramm.class, "land");
+            return repository.getAll(Messprogramm.class, "land");
         }
         Integer id = null;
         try {
@@ -168,9 +169,35 @@
             }
             result = result.subList(start, end);
         }
+        QueryBuilder<Messprogramm> mBuilder = new QueryBuilder<Messprogramm>(
+            repository.entityManager("land"), Messprogramm.class);
+        for (Map<String, Object> entry: result) {
+            mBuilder.or("id", (Integer)entry.get("id"));
+        }
+        Response r = repository.filter(mBuilder.getQuery(), "land");
+        r = authorization.filter(request, r, Messprogramm.class);
+        List<Messprogramm> messprogramme = (List<Messprogramm>)r.getData();
+        for (Map<String, Object> entry: result) {
+            Integer mId = Integer.valueOf(entry.get("id").toString());
+            setAuthData(messprogramme, entry, mId);
+        }
+
         return new Response(true, 200, result, size);
     }
 
+    private void setAuthData(
+        List<Messprogramm> messprogamme,
+        Map<String, Object> entry,
+        Integer id
+    ) {
+        for (int i = 0; i < messprogamme.size(); i++) {
+            if (id.equals(messprogamme.get(i).getId())) {
+                entry.put("readonly", messprogamme.get(i).isReadonly());
+                return;
+            }
+        }
+    }
+
     /**
      * Get a Messprogramm object by id.
      * <p>
@@ -189,7 +216,7 @@
     ) {
         return authorization.filter(
             request,
-            defaultRepo.getById(Messprogramm.class, Integer.valueOf(id), "land"),
+            repository.getById(Messprogramm.class, Integer.valueOf(id), "land"),
             Messprogramm.class);
     }
 
@@ -254,10 +281,10 @@
             messprogramm = factory.findUmweltId(messprogramm);
         }
         /* Persist the new messprogramm object*/
-        Response response = defaultRepo.create(messprogramm, "land");
+        Response response = repository.create(messprogramm, "land");
         Messprogramm ret = (Messprogramm)response.getData();
         Response created =
-            defaultRepo.getById(Messprogramm.class, ret.getId(), "land");
+            repository.getById(Messprogramm.class, ret.getId(), "land");
         return authorization.filter(
             request,
             new Response(true, 200, created.getData()),
@@ -325,11 +352,11 @@
         if (messprogramm.getUmwId() == null || messprogramm.getUmwId().equals("")) {
             messprogramm = factory.findUmweltId(messprogramm);
         }
-        Response response = defaultRepo.update(messprogramm, "land");
+        Response response = repository.update(messprogramm, "land");
         if (!response.getSuccess()) {
             return response;
         }
-        Response updated = defaultRepo.getById(
+        Response updated = repository.getById(
             Messprogramm.class,
             ((Messprogramm)response.getData()).getId(), "land");
         return authorization.filter(
@@ -354,9 +381,9 @@
         @Context HttpServletRequest request,
         @PathParam("id") String id
     ) {
-        /* Get the messung object by id*/
+        /* Get the messprogamm object by id*/
         Response messprogramm =
-            defaultRepo.getById(Messprogramm.class, Integer.valueOf(id), "land");
+            repository.getById(Messprogramm.class, Integer.valueOf(id), "land");
         Messprogramm messprogrammObj = (Messprogramm)messprogramm.getData();
         if (!authorization.isAuthorized(
                 request,
@@ -367,7 +394,7 @@
             return new Response(false, 699, null);
         }
         /* Delete the messprogramm object*/
-        Response response = defaultRepo.delete(messprogrammObj, "land");
+        Response response = repository.delete(messprogrammObj, "land");
         return response;
     }
 }
diff -r 03faaba3c2a3 -r 65ed13ff9945 src/main/java/de/intevation/lada/rest/ProbeService.java
--- a/src/main/java/de/intevation/lada/rest/ProbeService.java	Mon Mar 27 17:04:32 2017 +0200
+++ b/src/main/java/de/intevation/lada/rest/ProbeService.java	Wed Mar 29 14:25:56 2017 +0200
@@ -356,14 +356,15 @@
         if (messprogramm == null) {
             return new Response(false, 600, null);
         }
-
-        /* Allow generation of Probe objects only for a Messprogramm
-         * that would be allowed to be changed. */
+        // Use a dummy probe with same mstId as the messprogramm to authorize
+        // the user to create probe objects.
+        Probe testProbe = new Probe();
+        testProbe.setMstId(messprogramm.getMstId());
         if (!authorization.isAuthorized(
                 request,
-                messprogramm,
-                RequestMethod.PUT,
-                Messprogramm.class)
+                testProbe,
+                RequestMethod.POST,
+                Probe.class)
         ) {
             return new Response(false, 699, null);
         }
diff -r 03faaba3c2a3 -r 65ed13ff9945 src/main/java/de/intevation/lada/util/auth/MessprogrammAuthorizer.java
--- a/src/main/java/de/intevation/lada/util/auth/MessprogrammAuthorizer.java	Mon Mar 27 17:04:32 2017 +0200
+++ b/src/main/java/de/intevation/lada/util/auth/MessprogrammAuthorizer.java	Wed Mar 29 14:25:56 2017 +0200
@@ -7,10 +7,14 @@
  */
 package de.intevation.lada.util.auth;
 
+import java.util.ArrayList;
+import java.util.List;
+
 import javax.inject.Inject;
 
 import de.intevation.lada.model.land.Messprogramm;
 import de.intevation.lada.model.land.MessprogrammMmt;
+import de.intevation.lada.model.stammdaten.MessStelle;
 import de.intevation.lada.util.annotation.RepositoryConfig;
 import de.intevation.lada.util.data.Repository;
 import de.intevation.lada.util.data.RepositoryType;
@@ -44,7 +48,10 @@
                 ((MessprogrammMmt)data).getMessprogrammId(),
                 "land");
         }
-        if (userInfo.getMessstellen().contains(messprogramm.getMstId())) {
+        MessStelle mst = repository.getByIdPlain(
+            MessStelle.class, messprogramm.getMstId(), "stamm");
+        if (userInfo.getFunktionenForNetzbetreiber(
+                mst.getNetzbetreiberId()).contains(4)) {
             return true;
         }
         return false;
@@ -56,7 +63,38 @@
         UserInfo userInfo,
         Class<T> clazz
     ) {
-        // Allow read access to everybody
+        if (data.getData() instanceof List<?> &&
+            !clazz.getSimpleName().equals("MessprogrammMmt")) {
+            List<Messprogramm> messprogramme = new ArrayList<Messprogramm>();
+            for (Messprogramm messprogramm :(List<Messprogramm>)data.getData()) {
+                messprogramme.add(setAuthData(userInfo, messprogramm));
+            }
+            data.setData(messprogramme);
+        }
+        else if (data.getData() instanceof Messprogramm) {
+            Messprogramm messprogramm = (Messprogramm)data.getData();
+            data.setData(setAuthData(userInfo, messprogramm));
+        }
         return data;
     }
+
+    /**
+     * Set authorization data for the current probe object.
+     *
+     * @param userInfo  The user information.
+     * @param probe     The probe object.
+     * @return The probe.
+     */
+    private Messprogramm setAuthData(UserInfo userInfo, Messprogramm messprogramm) {
+        MessStelle mst = repository.getByIdPlain(MessStelle.class, messprogramm.getMstId(), "stamm");
+        if (userInfo.getFunktionenForNetzbetreiber(
+                mst.getNetzbetreiberId()).contains(4)) {
+            messprogramm.setReadonly(false);
+            return messprogramm;
+        }
+        else {
+            messprogramm.setReadonly(true);
+        }
+        return messprogramm;
+    }
 }