Mercurial > lada > lada-server

changeset 211:30d2aad7371e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Updated authorization in LMessung service filter.
author Raimund Renkert <rrenkert@intevation.de>
date Wed, 03 Jul 2013 12:02:57 +0200
parents a305412206a3
children 5b232dab4b50
files src/main/java/de/intevation/lada/rest/LMessungService.java
diffstat 1 files changed, 15 insertions(+), 15 deletions(-) [+]
line wrap: on
line diff
--- a/src/main/java/de/intevation/lada/rest/LMessungService.java	Wed Jul 03 11:55:28 2013 +0200
+++ b/src/main/java/de/intevation/lada/rest/LMessungService.java	Wed Jul 03 12:02:57 2013 +0200
@@ -61,26 +61,26 @@
     @Produces("text/json")
     public Response filter(
         @Context UriInfo info,
-        @Context HttpHeaders header
+        @Context HttpHeaders headers
     ) {
         try {
-            AuthenticationResponse auth =
-                authentication.authorizedGroups(header);
-            QueryBuilder<LMessung> builder =
-                new QueryBuilder<LMessung>(
-                    repository.getEntityManager(),
-                    LMessung.class);
-            builder.or("netzbetreiberId", auth.getNetzbetreiber());
+            if (!authentication.isAuthorizedUser(headers)) {
+                return new Response(false, 699, new ArrayList<LMessung>());
+            }
             MultivaluedMap<String, String> params = info.getQueryParameters();
-            if (params.isEmpty()) {
-                repository.filter(builder.getQuery());
+            if (params.isEmpty() || !(params.containsKey("probeId"))) {
+                return new Response(false, 609, new ArrayList<LMessung>());
             }
-            QueryBuilder<LMessung> pBuilder = builder.getEmptyBuilder();
-            if (params.containsKey("probeId")) {
-                pBuilder.and("probeId", params.getFirst("probeId"));
-                builder.and(pBuilder);
+            String probeId = params.getFirst("probeId");
+            if (authentication.hasAccess(headers, probeId)) {
+                QueryBuilder<LMessung> builder =
+                    new QueryBuilder<LMessung>(
+                        repository.getEntityManager(),
+                        LMessung.class);
+                builder.and("probeId", probeId);
+                return repository.filter(builder.getQuery());
             }
-            return repository.filter(builder.getQuery());
+            return new Response(false, 698, new ArrayList<LMessung>());
         }
         catch(AuthenticationException ae) {
             return new Response(false, 699, new ArrayList<LMessung>());
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)