changeset 204:a43caf307a98

Extended authentication interface and implementaion.
author Raimund Renkert <rrenkert@intevation.de>
date Tue, 02 Jul 2013 13:09:09 +0200
parents d67665feb765
children 24d5928a022f
files src/main/java/de/intevation/lada/authentication/Authentication.java src/main/java/de/intevation/lada/authentication/LdapAuthentication.java
diffstat 2 files changed, 45 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/main/java/de/intevation/lada/authentication/Authentication.java	Tue Jul 02 12:08:19 2013 +0200
+++ b/src/main/java/de/intevation/lada/authentication/Authentication.java	Tue Jul 02 13:09:09 2013 +0200
@@ -4,7 +4,15 @@
 
 public interface Authentication
 {
+    public boolean isAuthorizedUser(HttpHeaders headers)
+    throws AuthenticationException;
+
     public AuthenticationResponse authorizedGroups(HttpHeaders headers)
     throws AuthenticationException;
 
+    public boolean hasAccess(HttpHeaders headers, String probeId)
+    throws AuthenticationException;
+
+    public boolean isReadOnly(HttpHeaders headers, String probeId)
+    throws AuthenticationException;
 }
--- a/src/main/java/de/intevation/lada/authentication/LdapAuthentication.java	Tue Jul 02 12:08:19 2013 +0200
+++ b/src/main/java/de/intevation/lada/authentication/LdapAuthentication.java	Tue Jul 02 13:09:09 2013 +0200
@@ -16,7 +16,10 @@
 import javax.persistence.criteria.Root;
 import javax.ws.rs.core.HttpHeaders;
 
+import de.intevation.lada.data.QueryBuilder;
 import de.intevation.lada.model.Auth;
+import de.intevation.lada.model.LProbe;
+import de.intevation.lada.model.LProbeInfo;
 
 @RequestScoped
 @Named("ldapauth")
@@ -27,6 +30,17 @@
     private EntityManager em;
 
     @Override
+    public boolean isAuthorizedUser(HttpHeaders headers)
+    throws AuthenticationException {
+        AuthenticationResponse auth = authorizedGroups(headers);
+        if (auth.getMst().isEmpty() ||
+            auth.getNetzbetreiber().isEmpty()) {
+            return false;
+        }
+        return true;
+    }
+
+    @Override
     public AuthenticationResponse authorizedGroups(HttpHeaders headers)
     throws AuthenticationException {
         List<String> groups = new ArrayList<String>();
@@ -52,6 +66,29 @@
         return response;
     }
 
+    public boolean hasAccess (HttpHeaders headers, String probeId)
+    throws AuthenticationException {
+        QueryBuilder<LProbe> builder = new QueryBuilder<LProbe>(em, LProbe.class);
+        builder.and("probeId", probeId);
+        List<LProbe> probe = em.createQuery(builder.getQuery()).getResultList();
+        if (probe.isEmpty()) {
+            return false;
+        }
+        String nbId = probe.get(0).getNetzbetreiberId();
+        String mstId = probe.get(0).getMstId();
+        AuthenticationResponse auth = authorizedGroups(headers);
+        if (auth.getNetzbetreiber().contains(nbId) &&
+            auth.getMst().contains(mstId)) {
+            return true;
+        }
+        return false;
+    }
+
+    public boolean isReadOnly(HttpHeaders headers, String probeId) {
+        //TODO: test if probe has messung with status 'fertig'.
+        return false;
+    }
+
     private String extractUser(HttpHeaders headers) {
         List<String> user = headers.getRequestHeader("x-ldap-user");
         if (user == null || user.isEmpty()) {
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)