changeset 600:bfec71a39c07

Handle authorization of messung objects in a separate way.
author Raimund Renkert <raimund.renkert@intevation.de>
date Wed, 08 Apr 2015 10:44:24 +0200
parents 0a4f01951fc7
children ddab1ecb2898
files src/main/java/de/intevation/lada/util/auth/OpenIdAuthorization.java
diffstat 1 files changed, 47 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/src/main/java/de/intevation/lada/util/auth/OpenIdAuthorization.java	Wed Apr 08 10:43:21 2015 +0200
+++ b/src/main/java/de/intevation/lada/util/auth/OpenIdAuthorization.java	Wed Apr 08 10:44:24 2015 +0200
@@ -59,6 +59,9 @@
         if (clazz == LProbe.class) {
             return this.authorizeProbe(userInfo, data);
         }
+        if (clazz == LMessung.class) {
+            return this.authorizeMessung(userInfo, data);
+        }
         Method[] methods = clazz.getMethods();
         for (Method method: methods) {
             if (method.getName().equals("getProbeId")) {
@@ -105,7 +108,13 @@
             }
             else if (method == RequestMethod.PUT ||
                      method == RequestMethod.DELETE) {
-                return !isReadOnly(probe.getId());
+                Response messResponse =
+                    repository.getById(LMessung.class, messung.getId(), "land");
+                LMessung messungDb = (LMessung)messResponse.getData();
+                boolean fertigChanged = !messung.getFertig().equals(messungDb.getFertig());
+                logger.warn("changed " + fertigChanged);
+                return (!messung.getFertig() || fertigChanged) &&
+                    getAuthorization(userInfo, probe);
             }
         }
         else {
@@ -141,7 +150,7 @@
                     Response pResponse =
                         repository.getById(LProbe.class, messung.getProbeId(), "land");
                     LProbe probe = (LProbe)pResponse.getData();
-                    return !isReadOnly(probe.getId()) && getAuthorization(userInfo, probe);
+                    return !messung.getFertig() && getAuthorization(userInfo, probe);
                 }
             }
         }
@@ -233,7 +242,7 @@
                 else {
                     owner = false;
                 }
-                readOnly = this.isReadOnly(probe.getId());
+                readOnly = messung.getFertig();
             }
 
             Method setOwner = clazz.getMethod("setOwner", boolean.class);
@@ -306,20 +315,52 @@
 
     private LProbe authorizeSingleProbe(UserInfo userInfo, LProbe probe) {
         if (!userInfo.getNetzbetreiber().contains(probe.getNetzbetreiberId())) {
-            probe.setIsOwner(false);
+            probe.setOwner(false);
             probe.setReadonly(true);
             return probe;
         }
         if (userInfo.getMessstellen().contains(probe.getMstId())) {
-            probe.setIsOwner(true);
+            probe.setOwner(true);
         }
         else {
-            probe.setIsOwner(false);
+            probe.setOwner(false);
         }
         probe.setReadonly(this.isReadOnly(probe.getId()));
         return probe;
     }
 
+    @SuppressWarnings("unchecked")
+    private Response authorizeMessung(UserInfo userInfo, Response data) {
+        if (data.getData() instanceof List<?>) {
+            List<LMessung> messungen = new ArrayList<LMessung>();
+            for (LMessung messung :(List<LMessung>)data.getData()) {
+                messungen.add(authorizeSingleMessung(userInfo, messung));
+            }
+            data.setData(messungen);
+        }
+        else if (data.getData() instanceof LMessung) {
+            LMessung messung = (LMessung)data.getData();
+            data.setData(authorizeSingleMessung(userInfo, messung));
+        }
+        return data;
+    }
+
+    private LMessung authorizeSingleMessung(UserInfo userInfo, LMessung messung) {
+        LProbe probe = (LProbe)repository.getById(LProbe.class, messung.getProbeId(), "land").getData();
+        if (!userInfo.getNetzbetreiber().contains(probe.getNetzbetreiberId())) {
+            messung.setOwner(false);
+            messung.setReadonly(true);
+            return messung;
+        }
+        if (userInfo.getMessstellen().contains(probe.getMstId())) {
+            messung.setOwner(true);
+        }
+        else {
+            messung.setOwner(false);
+        }
+        messung.setReadonly(messung.getFertig());
+        return messung;
+    }
     @Override
     public boolean isReadOnly(Integer probeId) {
         EntityManager manager = repository.entityManager("land");
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)