# HG changeset patch # User Raimund Renkert # Date 1372763349 -7200 # Node ID a43caf307a986b14c68a5c1e0cf27dc25dda5d5f # Parent d67665feb76589d885e7f6c8c37715a8f15e8eda Extended authentication interface and implementaion. diff -r d67665feb765 -r a43caf307a98 src/main/java/de/intevation/lada/authentication/Authentication.java --- a/src/main/java/de/intevation/lada/authentication/Authentication.java Tue Jul 02 12:08:19 2013 +0200 +++ b/src/main/java/de/intevation/lada/authentication/Authentication.java Tue Jul 02 13:09:09 2013 +0200 @@ -4,7 +4,15 @@ public interface Authentication { + public boolean isAuthorizedUser(HttpHeaders headers) + throws AuthenticationException; + public AuthenticationResponse authorizedGroups(HttpHeaders headers) throws AuthenticationException; + public boolean hasAccess(HttpHeaders headers, String probeId) + throws AuthenticationException; + + public boolean isReadOnly(HttpHeaders headers, String probeId) + throws AuthenticationException; } diff -r d67665feb765 -r a43caf307a98 src/main/java/de/intevation/lada/authentication/LdapAuthentication.java --- a/src/main/java/de/intevation/lada/authentication/LdapAuthentication.java Tue Jul 02 12:08:19 2013 +0200 +++ b/src/main/java/de/intevation/lada/authentication/LdapAuthentication.java Tue Jul 02 13:09:09 2013 +0200 @@ -16,7 +16,10 @@ import javax.persistence.criteria.Root; import javax.ws.rs.core.HttpHeaders; +import de.intevation.lada.data.QueryBuilder; import de.intevation.lada.model.Auth; +import de.intevation.lada.model.LProbe; +import de.intevation.lada.model.LProbeInfo; @RequestScoped @Named("ldapauth") @@ -27,6 +30,17 @@ private EntityManager em; @Override + public boolean isAuthorizedUser(HttpHeaders headers) + throws AuthenticationException { + AuthenticationResponse auth = authorizedGroups(headers); + if (auth.getMst().isEmpty() || + auth.getNetzbetreiber().isEmpty()) { + return false; + } + return true; + } + + @Override public AuthenticationResponse authorizedGroups(HttpHeaders headers) throws AuthenticationException { List groups = new ArrayList(); @@ -52,6 +66,29 @@ return response; } + public boolean hasAccess (HttpHeaders headers, String probeId) + throws AuthenticationException { + QueryBuilder builder = new QueryBuilder(em, LProbe.class); + builder.and("probeId", probeId); + List probe = em.createQuery(builder.getQuery()).getResultList(); + if (probe.isEmpty()) { + return false; + } + String nbId = probe.get(0).getNetzbetreiberId(); + String mstId = probe.get(0).getMstId(); + AuthenticationResponse auth = authorizedGroups(headers); + if (auth.getNetzbetreiber().contains(nbId) && + auth.getMst().contains(mstId)) { + return true; + } + return false; + } + + public boolean isReadOnly(HttpHeaders headers, String probeId) { + //TODO: test if probe has messung with status 'fertig'. + return false; + } + private String extractUser(HttpHeaders headers) { List user = headers.getRequestHeader("x-ldap-user"); if (user == null || user.isEmpty()) {