Mercurial > lada > lada-server
changeset 1265:a1323ef2c330
Changed ortszuordnungs model in messprogramm.
| author | Raimund Renkert <raimund.renkert@intevation.de> |
|---|---|
| date | Fri, 27 Jan 2017 15:14:12 +0100 |
| parents | a0a5111b2aa6 |
| children | e4cb532fde82 |
| files | src/main/java/de/intevation/lada/model/land/Messprogramm.java src/main/java/de/intevation/lada/model/land/OrtszuordnungMp.java src/main/java/de/intevation/lada/rest/OrtszuordnungMpService.java src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java src/main/java/de/intevation/lada/util/auth/MessprogrammIdAuthorizer.java |
| diffstat | 5 files changed, 562 insertions(+), 12 deletions(-) [+] |
line wrap: on
line diff
--- a/src/main/java/de/intevation/lada/model/land/Messprogramm.java Fri Jan 27 15:13:12 2017 +0100 +++ b/src/main/java/de/intevation/lada/model/land/Messprogramm.java Fri Jan 27 15:14:12 2017 +0100 @@ -15,7 +15,6 @@ import javax.persistence.GeneratedValue; import javax.persistence.GenerationType; import javax.persistence.Id; -import javax.persistence.Table; import javax.persistence.PrePersist; @@ -74,9 +73,6 @@ @Column(name="mst_id") private String mstId; - @Column(name="ort_id") - private Integer ortId; - @Column(name="mpl_id") private Integer mplId; @@ -201,14 +197,6 @@ this.mstId = mstId; } - public Integer getOrtId() { - return this.ortId; - } - - public void setOrtId(Integer ortId) { - this.ortId = ortId; - } - public Integer getMplId() { return this.mplId; }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/main/java/de/intevation/lada/model/land/OrtszuordnungMp.java Fri Jan 27 15:14:12 2017 +0100 @@ -0,0 +1,110 @@ +/* Copyright (C) 2013 by Bundesamt fuer Strahlenschutz + * Software engineering by Intevation GmbH + * + * This file is Free Software under the GNU GPL (v>=3) + * and comes with ABSOLUTELY NO WARRANTY! Check out + * the documentation coming with IMIS-Labordaten-Application for details. + */ +package de.intevation.lada.model.land; + +import java.io.Serializable; +import java.sql.Timestamp; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.Table; + + +/** + * The persistent class for the ortszuordnung_mp database table. + * + */ +@Entity +@Table(name="ortszuordnung_mp") +public class OrtszuordnungMp implements Serializable { + private static final long serialVersionUID = 1L; + + @Id + @GeneratedValue(strategy=GenerationType.IDENTITY) + private Integer id; + + @Column(name="letzte_aenderung") + private Timestamp letzteAenderung; + + @Column(name="messprogramm_id") + private Integer messprogrammId; + + @Column(name="ort_id") + private Integer ortId; + + @Column(name="ortszuordnung_typ") + private String ortszuordnungTyp; + + private String ortszusatztext; + + @Column(name="tree_modified") + private Timestamp treeModified; + + public OrtszuordnungMp() { + } + + public Integer getId() { + return this.id; + } + + public void setId(Integer id) { + this.id = id; + } + + public Timestamp getLetzteAenderung() { + return this.letzteAenderung; + } + + public void setLetzteAenderung(Timestamp letzteAenderung) { + this.letzteAenderung = letzteAenderung; + } + + public Integer getMessprogrammId() { + return this.messprogrammId; + } + + public void setMessprogrammId(Integer messprogrammId) { + this.messprogrammId = messprogrammId; + } + + public Integer getOrtId() { + return this.ortId; + } + + public void setOrtId(Integer ortId) { + this.ortId = ortId; + } + + public String getOrtszuordnungTyp() { + return this.ortszuordnungTyp; + } + + public void setOrtszuordnungTyp(String ortszuordnungTyp) { + this.ortszuordnungTyp = ortszuordnungTyp; + } + + public String getOrtszusatztext() { + return this.ortszusatztext; + } + + public void setOrtszusatztext(String ortszusatztext) { + this.ortszusatztext = ortszusatztext; + } + + public Timestamp getTreeModified() { + return this.treeModified; + } + + public void setTreeModified(Timestamp treeModified) { + this.treeModified = treeModified; + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/main/java/de/intevation/lada/rest/OrtszuordnungMpService.java Fri Jan 27 15:14:12 2017 +0100 @@ -0,0 +1,322 @@ +/* Copyright (C) 2013 by Bundesamt fuer Strahlenschutz + * Software engineering by Intevation GmbH + * + * This file is Free Software under the GNU GPL (v>=3) + * and comes with ABSOLUTELY NO WARRANTY! Check out + * the documentation coming with IMIS-Labordaten-Application for details. + */ +package de.intevation.lada.rest; + +import javax.enterprise.context.RequestScoped; +import javax.inject.Inject; +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.DELETE; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.PUT; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.HttpHeaders; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.MultivaluedMap; +import javax.ws.rs.core.UriInfo; + +import de.intevation.lada.lock.LockConfig; +import de.intevation.lada.lock.LockType; +import de.intevation.lada.lock.ObjectLocker; +import de.intevation.lada.model.land.OrtszuordnungMp; +import de.intevation.lada.util.annotation.AuthorizationConfig; +import de.intevation.lada.util.annotation.RepositoryConfig; +import de.intevation.lada.util.auth.Authorization; +import de.intevation.lada.util.auth.AuthorizationType; +import de.intevation.lada.util.data.QueryBuilder; +import de.intevation.lada.util.data.Repository; +import de.intevation.lada.util.data.RepositoryType; +import de.intevation.lada.util.rest.RequestMethod; +import de.intevation.lada.util.rest.Response; +import de.intevation.lada.validation.Validator; +import de.intevation.lada.validation.Violation; +import de.intevation.lada.validation.annotation.ValidationConfig; + +/** + * REST service for Ort objects. + * <p> + * The services produce data in the application/json media type. + * All HTTP methods use the authorization module to determine if the user is + * allowed to perform the requested action. + * A typical response holds information about the action performed and the data. + * <pre> + * <code> + * { + * "success": [boolean]; + * "message": [string], + * "data":[{ + * "id": [number], + * "letzteAenderung": [timestamp], + * "ortsTyp": [string], + * "ortszusatztext": [string], + * "messprogrammId": [number], + * "ort": [number], + * "owner": [boolean], + * "readonly": [boolean], + * "treeModified": [timestamp], + * "parentModified": [timestamp] + * }], + * "errors": [object], + * "warnings": [object], + * "readonly": [boolean], + * "totalCount": [number] + * } + * </code> + * </pre> + * + * @author <a href="mailto:rrenkert@intevation.de">Raimund Renkert</a> + */ +@Path("rest/ortszuordnungmp") +@RequestScoped +public class OrtszuordnungMpService { + + /** + * The data repository granting read/write access. + */ + @Inject + @RepositoryConfig(type=RepositoryType.RW) + private Repository defaultRepo; + + /** + * The object lock mechanism. + */ + @Inject + @LockConfig(type=LockType.TIMESTAMP) + private ObjectLocker lock; + + /** + * The authorization module. + */ + @Inject + @AuthorizationConfig(type=AuthorizationType.HEADER) + private Authorization authorization; + + @Inject + @ValidationConfig(type="Ortszuordnung") + private Validator validator; + + /** + * Get all Ort objects. + * <p> + * The requested objects can be filtered using a URL parameter named + * messprogrammId. + * <p> + * Example: http://example.com/ort?messprogrammId=[ID] + * + * + * @return Response object containing all Ort objects. + */ + @GET + @Path("/") + @Produces(MediaType.APPLICATION_JSON) + public Response get( + @Context HttpHeaders headers, + @Context UriInfo info, + @Context HttpServletRequest request + ) { + MultivaluedMap<String, String> params = info.getQueryParameters(); + if (params.isEmpty() || !params.containsKey("messprogrammId")) { + return defaultRepo.getAll(OrtszuordnungMp.class, "land"); + } + String messprogrammId = params.getFirst("messprogrammId"); + QueryBuilder<OrtszuordnungMp> builder = + new QueryBuilder<OrtszuordnungMp>( + defaultRepo.entityManager("land"), + OrtszuordnungMp.class); + builder.and("messprogrammId", messprogrammId); + return authorization.filter( + request, + defaultRepo.filter(builder.getQuery(), "land"), + OrtszuordnungMp.class); + } + + /** + * Get a Ort object by id. + * <p> + * The id is appended to the URL as a path parameter. + * <p> + * Example: http://example.com/ort/{id} + * + * @return Response object containing a single Ort. + */ + @GET + @Path("/{id}") + @Produces(MediaType.APPLICATION_JSON) + public Response getById( + @Context HttpHeaders headers, + @Context HttpServletRequest request, + @PathParam("id") String id + ) { + Response response = + defaultRepo.getById(OrtszuordnungMp.class, Integer.valueOf(id), "land"); + OrtszuordnungMp ort = (OrtszuordnungMp)response.getData(); + Violation violation = validator.validate(ort); + if (violation.hasErrors() || violation.hasWarnings()) { + response.setErrors(violation.getErrors()); + response.setWarnings(violation.getWarnings()); + } + return authorization.filter( + request, + response, + OrtszuordnungMp.class); + } + + /** + * Create a new Ort object. + * <p> + * The new object is embedded in the post data as JSON formatted string. + * <p> + * <pre> + * <code> + * { + * "owner": [boolean], + * "ort": [number], + * "messprogrammId": [number], + * "ortsTyp": [string], + * "ortszusatztext": [string], + * "treeModified": null, + * "parentModified": null, + * "letzteAenderung": [date] + * } + * </code> + * </pre> + * + * @return A response object containing the created Ort. + */ + @POST + @Path("/") + @Produces(MediaType.APPLICATION_JSON) + public Response create( + @Context HttpHeaders headers, + @Context HttpServletRequest request, + OrtszuordnungMp ort + ) { + if (!authorization.isAuthorized( + request, + ort, + RequestMethod.POST, + OrtszuordnungMp.class)) { + return new Response(false, 699, null); + } + Violation violation = validator.validate(ort); + if (violation.hasErrors()) { + Response response = new Response(false, 604, ort); + response.setErrors(violation.getErrors()); + response.setWarnings(violation.getWarnings()); + return response; + } + + /* Persist the new object*/ + Response response = defaultRepo.create(ort, "land"); + if(violation.hasWarnings()) { + response.setWarnings(violation.getWarnings()); + } + + return authorization.filter( + request, + response, + OrtszuordnungMp.class); + } + + /** + * Update an existing Ort object. + * <p> + * The object to update should come as JSON formatted string. + * <pre> + * <code> + * { + * "id": [number], + * "owner": [boolean], + * "ort": [number], + * "messprogrammId": [number], + * "ortsTyp": [string], + * "ortszusatztext": [string], + * "treeModified": [timestamp], + * "parentModified": [timestamp], + * "letzteAenderung": [date] + * } + * </code> + * </pre> + * + * @return Response object containing the updated Ort object. + */ + @PUT + @Path("/{id}") + @Produces(MediaType.APPLICATION_JSON) + public Response update( + @Context HttpHeaders headers, + @Context HttpServletRequest request, + @PathParam("id") String id, + OrtszuordnungMp ort + ) { + if (!authorization.isAuthorized( + request, + ort, + RequestMethod.PUT, + OrtszuordnungMp.class)) { + return new Response(false, 699, null); + } + Violation violation = validator.validate(ort); + if (violation.hasErrors()) { + Response response = new Response(false, 604, ort); + response.setErrors(violation.getErrors()); + response.setWarnings(violation.getWarnings()); + return response; + } + + Response response = defaultRepo.update(ort, "land"); + if (!response.getSuccess()) { + return response; + } + Response updated = defaultRepo.getById( + OrtszuordnungMp.class, + ((OrtszuordnungMp)response.getData()).getId(), "land"); + if(violation.hasWarnings()) { + updated.setWarnings(violation.getWarnings()); + } + + return authorization.filter( + request, + updated, + OrtszuordnungMp.class); + } + + /** + * Delete an existing Ort object by id. + * <p> + * The id is appended to the URL as a path parameter. + * <p> + * Example: http://example.com/orortt/{id} + * + * @return Response object. + */ + @DELETE + @Path("/{id}") + @Produces(MediaType.APPLICATION_JSON) + public Response delete( + @Context HttpHeaders headers, + @Context HttpServletRequest request, + @PathParam("id") String id + ) { + Response object = + defaultRepo.getById(OrtszuordnungMp.class, Integer.valueOf(id), "land"); + OrtszuordnungMp ortObj = (OrtszuordnungMp)object.getData(); + if (!authorization.isAuthorized( + request, + ortObj, + RequestMethod.PUT, + OrtszuordnungMp.class)) { + return new Response(false, 699, null); + } + + return defaultRepo.delete(ortObj, "land"); + } +}
--- a/src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java Fri Jan 27 15:13:12 2017 +0100 +++ b/src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java Fri Jan 27 15:14:12 2017 +0100 @@ -24,6 +24,7 @@ import de.intevation.lada.model.land.Messung; import de.intevation.lada.model.land.Messwert; import de.intevation.lada.model.land.Ortszuordnung; +import de.intevation.lada.model.land.OrtszuordnungMp; import de.intevation.lada.model.land.Probe; import de.intevation.lada.model.land.StatusProtokoll; import de.intevation.lada.model.land.ZusatzWert; @@ -65,6 +66,7 @@ @Inject MessungIdAuthorizer mIdAuthorizer; @Inject NetzbetreiberAuthorizer netzAuthorizer; @Inject MessprogrammAuthorizer messprogrammAuthorizer; + @Inject MessprogrammIdAuthorizer mpIdAuthorizer; @SuppressWarnings("rawtypes") @PostConstruct @@ -84,6 +86,7 @@ authorizers.put(Ort.class, netzAuthorizer); authorizers.put(Messprogramm.class, messprogrammAuthorizer); authorizers.put(MessprogrammMmt.class, messprogrammAuthorizer); + authorizers.put(OrtszuordnungMp.class, mpIdAuthorizer); } /**
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/main/java/de/intevation/lada/util/auth/MessprogrammIdAuthorizer.java Fri Jan 27 15:14:12 2017 +0100 @@ -0,0 +1,127 @@ +/* Copyright (C) 2013 by Bundesamt fuer Strahlenschutz + * Software engineering by Intevation GmbH + * + * This file is Free Software under the GNU GPL (v>=3) + * and comes with ABSOLUTELY NO WARRANTY! Check out + * the documentation coming with IMIS-Labordaten-Application for details. + */ +package de.intevation.lada.util.auth; + +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import java.util.ArrayList; +import java.util.List; + +import de.intevation.lada.model.land.Messprogramm; +import de.intevation.lada.model.land.Probe; +import de.intevation.lada.model.stammdaten.MessStelle; +import de.intevation.lada.util.rest.RequestMethod; +import de.intevation.lada.util.rest.Response; + +public class MessprogrammIdAuthorizer extends BaseAuthorizer { + + @Override + public <T> boolean isAuthorized( + Object data, + RequestMethod method, + UserInfo userInfo, + Class<T> clazz + ) { + Method m; + try { + m = clazz.getMethod("getMessprogrammId"); + } catch (NoSuchMethodException | SecurityException e1) { + return false; + } + Integer id; + try { + id = (Integer) m.invoke(data); + } catch (IllegalAccessException | + IllegalArgumentException | + InvocationTargetException e + ) { + return false; + } + Messprogramm messprogramm = + repository.getByIdPlain(Messprogramm.class, id, "land"); + if (userInfo.getMessstellen().contains(messprogramm.getMstId())) { + return true; + } + return false; + } + + @SuppressWarnings("unchecked") + @Override + public <T> Response filter( + Response data, + UserInfo userInfo, + Class<T> clazz + ) { + if (data.getData() instanceof List<?>) { + List<Object> objects = new ArrayList<Object>(); + for (Object object :(List<Object>)data.getData()) { + objects.add(setAuthData(userInfo, object, clazz)); + } + data.setData(objects); + } + else { + Object object = data.getData(); + data.setData(setAuthData(userInfo, object, clazz)); + } + return data; + } + /** + * Authorize a single data object that has a probeId Attribute. + * + * @param userInfo The user information. + * @param data The Response object containing the data. + * @param clazz The data object class. + * @return A Response object containing the data. + */ + private <T> Object setAuthData( + UserInfo userInfo, + Object data, + Class<T> clazz + ) { + try { + Method getProbeId = clazz.getMethod("getProbeId"); + Integer id = null; + if (getProbeId != null) { + id = (Integer) getProbeId.invoke(data); + } + else { + return null; + } + Probe probe = + (Probe)repository.getById(Probe.class, id, "land").getData(); + + boolean readOnly = true; + boolean owner = false; + MessStelle mst = repository.getByIdPlain(MessStelle.class, probe.getMstId(), "stamm"); + if (!userInfo.getNetzbetreiber().contains( + mst.getNetzbetreiberId())) { + owner = false; + readOnly = true; + } + else { + if (userInfo.belongsTo(probe.getMstId(), probe.getLaborMstId())) { + owner = true; + } + else { + owner = false; + } + readOnly = this.isProbeReadOnly(id); + } + + Method setOwner = clazz.getMethod("setOwner", boolean.class); + Method setReadonly = clazz.getMethod("setReadonly", boolean.class); + setOwner.invoke(data, owner); + setReadonly.invoke(data, readOnly); + } catch (NoSuchMethodException | SecurityException + | IllegalAccessException | IllegalArgumentException + | InvocationTargetException e) { + return null; + } + return data; + } +}