# HG changeset patch
# User Raimund Renkert <rrenkert@intevation.de>
# Date 1372763489 -7200
# Node ID fe05c016cdb644ca3f853054a8d268082a795f34
# Parent  ae56f0a326dcf809ef492259b5cff35d76824243
Added authorization to create and update in lprobe service.

diff -r ae56f0a326dc -r fe05c016cdb6 src/main/java/de/intevation/lada/rest/LProbeService.java
--- a/src/main/java/de/intevation/lada/rest/LProbeService.java	Tue Jul 02 13:10:45 2013 +0200
+++ b/src/main/java/de/intevation/lada/rest/LProbeService.java	Tue Jul 02 13:11:29 2013 +0200
@@ -5,6 +5,7 @@
 import java.util.logging.Logger;
 
 import javax.enterprise.context.RequestScoped;
+import javax.enterprise.inject.New;
 import javax.inject.Inject;
 import javax.inject.Named;
 import javax.ws.rs.Consumes;
@@ -158,15 +159,34 @@
     @Path("/{id}")
     @Produces("text/json")
     @Consumes("application/json")
-    public Response update(LProbeInfo probe) {
-        return repository.update(probe);
+    public Response update(LProbeInfo probe, @Context HttpHeaders header) {
+        try {
+            if(authentication.hasAccess(header, probe.getProbeId())) {
+                return repository.update(probe);
+            }
+            return new Response(false, 698, new ArrayList<LProbeInfo>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LProbeInfo>());
+        }
     }
 
     @POST
     @Produces("text/json")
     @Consumes("application/json")
-    public Response create(LProbeInfo probe) {
-        LProbe p = probe.toLProbe();
-        return repository.create(p);
+    public Response create(LProbeInfo probe, @Context HttpHeaders header) {
+        try {
+            AuthenticationResponse auth =
+                authentication.authorizedGroups(header);
+            if (auth.getNetzbetreiber().contains(probe.getNetzbetreiberId()) &&
+                auth.getMst().contains(probe.getMstId())) {
+                LProbe p = probe.toLProbe();
+                return repository.create(p);
+            }
+            return new Response(false, 698, new ArrayList<LProbeInfo>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LProbeInfo>());
+        }
     }
 }