# HG changeset patch # User Tom Gottfried # Date 1486580161 -3600 # Node ID 588f6deae24aeaf7414520b6d77a269d5ee961f9 # Parent d48e1636fb0b4a28cf6c56cb3992eba9135d2908 Fix authorization for OrtszuordnungMp and friends. Setting readonly equal to owner implied an owner cannot edit its own objects. That was probably not intended. As many of the conditionals actually evaluated to doing nothing, those were removed. diff -r d48e1636fb0b -r 588f6deae24a src/main/java/de/intevation/lada/util/auth/MessprogrammIdAuthorizer.java --- a/src/main/java/de/intevation/lada/util/auth/MessprogrammIdAuthorizer.java Wed Feb 08 18:32:09 2017 +0100 +++ b/src/main/java/de/intevation/lada/util/auth/MessprogrammIdAuthorizer.java Wed Feb 08 19:56:01 2017 +0100 @@ -13,7 +13,6 @@ import java.util.List; import de.intevation.lada.model.land.Messprogramm; -import de.intevation.lada.model.stammdaten.MessStelle; import de.intevation.lada.util.rest.RequestMethod; import de.intevation.lada.util.rest.Response; @@ -91,26 +90,17 @@ else { return null; } - Messprogramm messprogramm = - (Messprogramm)repository.getById(Messprogramm.class, id, "land").getData(); + Messprogramm messprogramm = repository.getByIdPlain( + Messprogramm.class, id, "land"); - boolean readOnly = true; boolean owner = false; - MessStelle mst = repository.getByIdPlain(MessStelle.class, messprogramm.getMstId(), "stamm"); - if (!userInfo.getNetzbetreiber().contains( - mst.getNetzbetreiberId())) { - owner = false; - readOnly = true; + if (userInfo.belongsTo( + messprogramm.getMstId(), + messprogramm.getLaborMstId()) + ) { + owner = true; } - else { - if (userInfo.belongsTo(messprogramm.getMstId(), messprogramm.getLaborMstId())) { - owner = true; - } - else { - owner = false; - } - readOnly = owner; - } + boolean readOnly = !owner; Method setOwner = clazz.getMethod("setOwner", boolean.class); Method setReadonly = clazz.getMethod("setReadonly", boolean.class);