Mercurial > lada > lada-server
changeset 600:bfec71a39c07
Handle authorization of messung objects in a separate way.
author | Raimund Renkert <raimund.renkert@intevation.de> |
---|---|
date | Wed, 08 Apr 2015 10:44:24 +0200 |
parents | 0a4f01951fc7 |
children | ddab1ecb2898 |
files | src/main/java/de/intevation/lada/util/auth/OpenIdAuthorization.java |
diffstat | 1 files changed, 47 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/src/main/java/de/intevation/lada/util/auth/OpenIdAuthorization.java Wed Apr 08 10:43:21 2015 +0200 +++ b/src/main/java/de/intevation/lada/util/auth/OpenIdAuthorization.java Wed Apr 08 10:44:24 2015 +0200 @@ -59,6 +59,9 @@ if (clazz == LProbe.class) { return this.authorizeProbe(userInfo, data); } + if (clazz == LMessung.class) { + return this.authorizeMessung(userInfo, data); + } Method[] methods = clazz.getMethods(); for (Method method: methods) { if (method.getName().equals("getProbeId")) { @@ -105,7 +108,13 @@ } else if (method == RequestMethod.PUT || method == RequestMethod.DELETE) { - return !isReadOnly(probe.getId()); + Response messResponse = + repository.getById(LMessung.class, messung.getId(), "land"); + LMessung messungDb = (LMessung)messResponse.getData(); + boolean fertigChanged = !messung.getFertig().equals(messungDb.getFertig()); + logger.warn("changed " + fertigChanged); + return (!messung.getFertig() || fertigChanged) && + getAuthorization(userInfo, probe); } } else { @@ -141,7 +150,7 @@ Response pResponse = repository.getById(LProbe.class, messung.getProbeId(), "land"); LProbe probe = (LProbe)pResponse.getData(); - return !isReadOnly(probe.getId()) && getAuthorization(userInfo, probe); + return !messung.getFertig() && getAuthorization(userInfo, probe); } } } @@ -233,7 +242,7 @@ else { owner = false; } - readOnly = this.isReadOnly(probe.getId()); + readOnly = messung.getFertig(); } Method setOwner = clazz.getMethod("setOwner", boolean.class); @@ -306,20 +315,52 @@ private LProbe authorizeSingleProbe(UserInfo userInfo, LProbe probe) { if (!userInfo.getNetzbetreiber().contains(probe.getNetzbetreiberId())) { - probe.setIsOwner(false); + probe.setOwner(false); probe.setReadonly(true); return probe; } if (userInfo.getMessstellen().contains(probe.getMstId())) { - probe.setIsOwner(true); + probe.setOwner(true); } else { - probe.setIsOwner(false); + probe.setOwner(false); } probe.setReadonly(this.isReadOnly(probe.getId())); return probe; } + @SuppressWarnings("unchecked") + private Response authorizeMessung(UserInfo userInfo, Response data) { + if (data.getData() instanceof List<?>) { + List<LMessung> messungen = new ArrayList<LMessung>(); + for (LMessung messung :(List<LMessung>)data.getData()) { + messungen.add(authorizeSingleMessung(userInfo, messung)); + } + data.setData(messungen); + } + else if (data.getData() instanceof LMessung) { + LMessung messung = (LMessung)data.getData(); + data.setData(authorizeSingleMessung(userInfo, messung)); + } + return data; + } + + private LMessung authorizeSingleMessung(UserInfo userInfo, LMessung messung) { + LProbe probe = (LProbe)repository.getById(LProbe.class, messung.getProbeId(), "land").getData(); + if (!userInfo.getNetzbetreiber().contains(probe.getNetzbetreiberId())) { + messung.setOwner(false); + messung.setReadonly(true); + return messung; + } + if (userInfo.getMessstellen().contains(probe.getMstId())) { + messung.setOwner(true); + } + else { + messung.setOwner(false); + } + messung.setReadonly(messung.getFertig()); + return messung; + } @Override public boolean isReadOnly(Integer probeId) { EntityManager manager = repository.entityManager("land");