# HG changeset patch # User Raimund Renkert # Date 1372943717 -7200 # Node ID ef4c0e646b1676dd0b1b10e4580801ee459a1826 # Parent 8cabc1259df1c6843fb650ddf00ea628fbed924e Restrict access to LMessung and LMesswert by attribute 'fertig'. diff -r 8cabc1259df1 -r ef4c0e646b16 src/main/java/de/intevation/lada/rest/LMessungService.java --- a/src/main/java/de/intevation/lada/rest/LMessungService.java Thu Jul 04 14:57:37 2013 +0200 +++ b/src/main/java/de/intevation/lada/rest/LMessungService.java Thu Jul 04 15:15:17 2013 +0200 @@ -1,6 +1,7 @@ package de.intevation.lada.rest; import java.util.ArrayList; +import java.util.List; import javax.enterprise.context.RequestScoped; import javax.inject.Inject; @@ -103,7 +104,9 @@ ) { try { String probeId = messung.getProbeId(); - if (authentication.hasAccess(headers, probeId)) { + int messungsId = messung.getId().getMessungsId(); + if (authentication.hasAccess(headers, probeId) && + !isReadOnly(probeId, messungsId)) { return repository.update(messung); } return new Response(false, 698, new ArrayList()); @@ -138,4 +141,22 @@ return new Response(false, 699, new ArrayList()); } } + + private boolean isReadOnly(String probeId, Integer messungsId) { + QueryBuilder builder = + new QueryBuilder( + repository.getEntityManager(), + LMessung.class); + builder.and("probeId", probeId) + .and("messungsId", String.valueOf(messungsId)); + Response response = repository.filter(builder.getQuery()); + List messungen = (List) response.getData(); + if (messungen.isEmpty()) { + return true; + } + if (messungen.size() > 1) { + return true; + } + return messungen.get(0).isFertig(); + } } diff -r 8cabc1259df1 -r ef4c0e646b16 src/main/java/de/intevation/lada/rest/LMesswertService.java --- a/src/main/java/de/intevation/lada/rest/LMesswertService.java Thu Jul 04 14:57:37 2013 +0200 +++ b/src/main/java/de/intevation/lada/rest/LMesswertService.java Thu Jul 04 15:15:17 2013 +0200 @@ -1,6 +1,7 @@ package de.intevation.lada.rest; import java.util.ArrayList; +import java.util.List; import javax.enterprise.context.RequestScoped; import javax.inject.Inject; @@ -20,6 +21,7 @@ import de.intevation.lada.authentication.AuthenticationException; import de.intevation.lada.data.QueryBuilder; import de.intevation.lada.data.Repository; +import de.intevation.lada.model.LMessung; import de.intevation.lada.model.LMesswert; /** @@ -39,6 +41,10 @@ @Named("lmesswertrepository") private Repository repository; + @Inject + @Named("lmessungrepository") + private Repository messungRepository; + /** * The authorization module. */ @@ -103,7 +109,9 @@ ) { try { String probeId = messwert.getProbeId(); - if (authentication.hasAccess(headers, probeId)) { + Integer messungsId = messwert.getMessungsId(); + if (authentication.hasAccess(headers, probeId) && + !isReadOnly(probeId, messungsId)) { return repository.update(messwert); } return new Response(false, 698, new ArrayList()); @@ -129,7 +137,9 @@ ) { try { String probeId = messwert.getProbeId(); - if (authentication.hasAccess(headers, probeId)) { + Integer messungsId = messwert.getMessungsId(); + if (authentication.hasAccess(headers, probeId) && + !isReadOnly(probeId, messungsId)) { return repository.create(messwert); } return new Response(false, 698, new ArrayList()); @@ -138,4 +148,22 @@ return new Response(false, 699, new ArrayList()); } } + + private boolean isReadOnly(String probeId, Integer messungsId) { + QueryBuilder builder = + new QueryBuilder( + messungRepository.getEntityManager(), + LMessung.class); + builder.and("probeId", probeId) + .and("messungsId", String.valueOf(messungsId)); + Response response = messungRepository.filter(builder.getQuery()); + List messungen = (List) response.getData(); + if (messungen.isEmpty()) { + return true; + } + if (messungen.size() > 1) { + return true; + } + return messungen.get(0).isFertig(); + } }