# HG changeset patch
# User Raimund Renkert <rrenkert@intevation.de>
# Date 1372763349 -7200
# Node ID a43caf307a986b14c68a5c1e0cf27dc25dda5d5f
# Parent  d67665feb76589d885e7f6c8c37715a8f15e8eda
Extended authentication interface and implementaion.

diff -r d67665feb765 -r a43caf307a98 src/main/java/de/intevation/lada/authentication/Authentication.java
--- a/src/main/java/de/intevation/lada/authentication/Authentication.java	Tue Jul 02 12:08:19 2013 +0200
+++ b/src/main/java/de/intevation/lada/authentication/Authentication.java	Tue Jul 02 13:09:09 2013 +0200
@@ -4,7 +4,15 @@
 
 public interface Authentication
 {
+    public boolean isAuthorizedUser(HttpHeaders headers)
+    throws AuthenticationException;
+
     public AuthenticationResponse authorizedGroups(HttpHeaders headers)
     throws AuthenticationException;
 
+    public boolean hasAccess(HttpHeaders headers, String probeId)
+    throws AuthenticationException;
+
+    public boolean isReadOnly(HttpHeaders headers, String probeId)
+    throws AuthenticationException;
 }
diff -r d67665feb765 -r a43caf307a98 src/main/java/de/intevation/lada/authentication/LdapAuthentication.java
--- a/src/main/java/de/intevation/lada/authentication/LdapAuthentication.java	Tue Jul 02 12:08:19 2013 +0200
+++ b/src/main/java/de/intevation/lada/authentication/LdapAuthentication.java	Tue Jul 02 13:09:09 2013 +0200
@@ -16,7 +16,10 @@
 import javax.persistence.criteria.Root;
 import javax.ws.rs.core.HttpHeaders;
 
+import de.intevation.lada.data.QueryBuilder;
 import de.intevation.lada.model.Auth;
+import de.intevation.lada.model.LProbe;
+import de.intevation.lada.model.LProbeInfo;
 
 @RequestScoped
 @Named("ldapauth")
@@ -27,6 +30,17 @@
     private EntityManager em;
 
     @Override
+    public boolean isAuthorizedUser(HttpHeaders headers)
+    throws AuthenticationException {
+        AuthenticationResponse auth = authorizedGroups(headers);
+        if (auth.getMst().isEmpty() ||
+            auth.getNetzbetreiber().isEmpty()) {
+            return false;
+        }
+        return true;
+    }
+
+    @Override
     public AuthenticationResponse authorizedGroups(HttpHeaders headers)
     throws AuthenticationException {
         List<String> groups = new ArrayList<String>();
@@ -52,6 +66,29 @@
         return response;
     }
 
+    public boolean hasAccess (HttpHeaders headers, String probeId)
+    throws AuthenticationException {
+        QueryBuilder<LProbe> builder = new QueryBuilder<LProbe>(em, LProbe.class);
+        builder.and("probeId", probeId);
+        List<LProbe> probe = em.createQuery(builder.getQuery()).getResultList();
+        if (probe.isEmpty()) {
+            return false;
+        }
+        String nbId = probe.get(0).getNetzbetreiberId();
+        String mstId = probe.get(0).getMstId();
+        AuthenticationResponse auth = authorizedGroups(headers);
+        if (auth.getNetzbetreiber().contains(nbId) &&
+            auth.getMst().contains(mstId)) {
+            return true;
+        }
+        return false;
+    }
+
+    public boolean isReadOnly(HttpHeaders headers, String probeId) {
+        //TODO: test if probe has messung with status 'fertig'.
+        return false;
+    }
+
     private String extractUser(HttpHeaders headers) {
         List<String> user = headers.getRequestHeader("x-ldap-user");
         if (user == null || user.isEmpty()) {