# HG changeset patch
# User Raimund Renkert <raimund.renkert@intevation.de>
# Date 1455792620 -3600
# Node ID c160d6c895d2a1045e5101695eb61b42ce24e16c
# Parent  27febad6fb8443f0d6bd5d797592a64891b1595a
Check messung status to authorize GET requests on Messung objects.

diff -r 27febad6fb84 -r c160d6c895d2 src/main/java/de/intevation/lada/util/auth/MessungAuthorizer.java
--- a/src/main/java/de/intevation/lada/util/auth/MessungAuthorizer.java	Mon Feb 15 16:05:52 2016 +0100
+++ b/src/main/java/de/intevation/lada/util/auth/MessungAuthorizer.java	Thu Feb 18 11:50:20 2016 +0100
@@ -32,11 +32,15 @@
             repository.getById(LProbe.class, messung.getProbeId(), "land");
         LProbe probe = (LProbe)response.getData();
         if (method == RequestMethod.PUT ||
-                 method == RequestMethod.DELETE) {
+            method == RequestMethod.DELETE) {
             return !this.isMessungReadOnly(messung.getId()) &&
                 getAuthorization(userInfo, probe);
         }
-        return getAuthorization(userInfo, probe);
+        LStatusProtokoll status = repository.getByIdPlain(
+            LStatusProtokoll.class,
+            messung.getStatus(),
+            "land");
+        return status.getStatusWert() > 0 || getAuthorization(userInfo, probe);
     }
 
     @SuppressWarnings("unchecked")