# HG changeset patch
# User Raimund Renkert <rrenkert@intevation.de>
# Date 1372763409 -7200
# Node ID 24d5928a022f070fd9b05e0318646ffd301754b7
# Parent  a43caf307a986b14c68a5c1e0cf27dc25dda5d5f
Added authorization to 'messstelle' service.

diff -r a43caf307a98 -r 24d5928a022f src/main/java/de/intevation/lada/rest/SMessstelleService.java
--- a/src/main/java/de/intevation/lada/rest/SMessstelleService.java	Tue Jul 02 13:09:09 2013 +0200
+++ b/src/main/java/de/intevation/lada/rest/SMessstelleService.java	Tue Jul 02 13:10:09 2013 +0200
@@ -1,5 +1,6 @@
 package de.intevation.lada.rest;
 
+import java.util.ArrayList;
 import java.util.logging.Logger;
 
 import javax.enterprise.context.RequestScoped;
@@ -9,7 +10,13 @@
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
 
+import de.intevation.lada.authentication.Authentication;
+import de.intevation.lada.authentication.AuthenticationException;
+import de.intevation.lada.authentication.AuthenticationResponse;
+import de.intevation.lada.data.QueryBuilder;
 import de.intevation.lada.data.Repository;
 import de.intevation.lada.model.SMessStelle;
 
@@ -30,6 +37,10 @@
     @Named("readonlyrepository")
     private Repository repository;
 
+    @Inject
+    @Named("ldapauth")
+    private Authentication authentication;
+
     /**
      * The logger for this class
      */
@@ -43,8 +54,19 @@
      */
     @GET
     @Produces("text/json")
-    public Response findAll() {
-        return repository.findAll(SMessStelle.class);
+    public Response findAll(@Context HttpHeaders headers) {
+        try {
+            AuthenticationResponse auth =
+                authentication.authorizedGroups(headers);
+            QueryBuilder<SMessStelle> builder =
+                new QueryBuilder<SMessStelle>(
+                    repository.getEntityManager(), SMessStelle.class);
+            builder.or("mstId", auth.getMst());
+            return repository.filter(builder.getQuery());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<SMessStelle>());
+        }
     }
 
     /**
@@ -56,7 +78,19 @@
     @GET
     @Path("/{id}")
     @Produces("text/json")
-    public Response findById(@PathParam("id") String id) {
-        return repository.findById(SMessStelle.class, id);
+    public Response findById(
+        @PathParam("id") String id,
+        @Context HttpHeaders headers) {
+        try {
+            AuthenticationResponse auth =
+                authentication.authorizedGroups(headers);
+            if (auth.getMst().contains(id)) {
+                return repository.findById(SMessStelle.class, id);
+            }
+            return new Response(false, 698, new ArrayList<SMessStelle>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<SMessStelle>());
+        }
     }
 }