Mercurial > lada > lada-server

changeset 601:ddab1ecb2898

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Use the authorization filter in all REST operations.
author Raimund Renkert <raimund.renkert@intevation.de>
date Wed, 08 Apr 2015 10:45:27 +0200
parents bfec71a39c07
children 328dd57b7b43
files src/main/java/de/intevation/lada/rest/KommentarMService.java src/main/java/de/intevation/lada/rest/KommentarPService.java src/main/java/de/intevation/lada/rest/MessungService.java src/main/java/de/intevation/lada/rest/MesswertService.java src/main/java/de/intevation/lada/rest/OrtService.java src/main/java/de/intevation/lada/rest/ProbeService.java src/main/java/de/intevation/lada/rest/StatusService.java src/main/java/de/intevation/lada/rest/ZusatzwertService.java
diffstat 8 files changed, 64 insertions(+), 18 deletions(-) [+]
line wrap: on
line diff
--- a/src/main/java/de/intevation/lada/rest/KommentarMService.java	Wed Apr 08 10:44:24 2015 +0200
+++ b/src/main/java/de/intevation/lada/rest/KommentarMService.java	Wed Apr 08 10:45:27 2015 +0200
@@ -116,7 +116,10 @@
             return new Response(false, 699, null);
         }
         /* Persist the new object*/
-        return defaultRepo.create(kommentar, "land");
+        return authorization.filter(
+            request,
+            defaultRepo.create(kommentar, "land"),
+            LKommentarM.class);
     }
 
     /**
@@ -140,7 +143,10 @@
         ) {
             return new Response(false, 699, null);
         }
-        return defaultRepo.update(kommentar, "land");
+        return authorization.filter(
+            request,
+            defaultRepo.update(kommentar, "land"),
+            LKommentarM.class);
     }
 
     /**
--- a/src/main/java/de/intevation/lada/rest/KommentarPService.java	Wed Apr 08 10:44:24 2015 +0200
+++ b/src/main/java/de/intevation/lada/rest/KommentarPService.java	Wed Apr 08 10:45:27 2015 +0200
@@ -119,7 +119,10 @@
             return new Response(false, 699, null);
         }
         /* Persist the new object*/
-        return defaultRepo.create(kommentar, "land");
+        return authorization.filter(
+            request,
+            defaultRepo.create(kommentar, "land"),
+            LKommentarP.class);
     }
 
     /**
@@ -144,7 +147,10 @@
             logger.debug("User is not authorized!");
             return new Response(false, 699, null);
         }
-        return defaultRepo.update(kommentar, "land");
+        return authorization.filter(
+            request,
+            defaultRepo.update(kommentar, "land"),
+            LKommentarP.class);
     }
 
     /**
--- a/src/main/java/de/intevation/lada/rest/MessungService.java	Wed Apr 08 10:44:24 2015 +0200
+++ b/src/main/java/de/intevation/lada/rest/MessungService.java	Wed Apr 08 10:45:27 2015 +0200
@@ -135,7 +135,10 @@
         /* Get and return the new probe object*/
         Response created =
             defaultRepo.getById(LMessung.class, ret.getId(), "land");
-        return new Response(true, 200, created.getData());
+        return authorization.filter(
+            request,
+            new Response(true, 200, created.getData()),
+            LMessung.class);
     }
 
     /**
@@ -167,7 +170,10 @@
         Response updated = defaultRepo.getById(
             LMessung.class,
             ((LMessung)response.getData()).getId(), "land");
-        return updated;
+        return authorization.filter(
+            request,
+            updated,
+            LMessung.class);
     }
 
     /**
--- a/src/main/java/de/intevation/lada/rest/MesswertService.java	Wed Apr 08 10:44:24 2015 +0200
+++ b/src/main/java/de/intevation/lada/rest/MesswertService.java	Wed Apr 08 10:45:27 2015 +0200
@@ -130,7 +130,10 @@
             return new Response(false, 699, null);
         }
         /* Persist the new messung object*/
-        return defaultRepo.create(messwert, "land");
+        return authorization.filter(
+            request,
+            defaultRepo.create(messwert, "land"),
+            LMesswert.class);
     }
 
     /**
@@ -162,7 +165,10 @@
         Response updated = defaultRepo.getById(
             LMesswert.class,
             ((LMesswert)response.getData()).getId(), "land");
-        return updated;
+        return authorization.filter(
+            request,
+            updated,
+            LMesswert.class);
     }
 
     /**
--- a/src/main/java/de/intevation/lada/rest/OrtService.java	Wed Apr 08 10:44:24 2015 +0200
+++ b/src/main/java/de/intevation/lada/rest/OrtService.java	Wed Apr 08 10:45:27 2015 +0200
@@ -129,7 +129,10 @@
             return new Response(false, 699, null);
         }
         /* Persist the new object*/
-        return defaultRepo.create(ort, "land");
+        return authorization.filter(
+            request,
+            defaultRepo.create(ort, "land"),
+            LOrt.class);
     }
 
     /**
@@ -160,7 +163,10 @@
         Response updated = defaultRepo.getById(
             LOrt.class,
             ((LOrt)response.getData()).getId(), "land");
-        return updated;
+        return authorization.filter(
+            request,
+            updated,
+            LOrt.class);
     }
 
     /**
--- a/src/main/java/de/intevation/lada/rest/ProbeService.java	Wed Apr 08 10:44:24 2015 +0200
+++ b/src/main/java/de/intevation/lada/rest/ProbeService.java	Wed Apr 08 10:45:27 2015 +0200
@@ -103,8 +103,6 @@
         @Context UriInfo info,
         @Context HttpServletRequest request
     ) {
-        logger.debug("user: " + request.getAttribute("lada.user.name"));
-        logger.debug("roles: " + request.getAttribute("lada.user.roles"));
         MultivaluedMap<String, String> params = info.getQueryParameters();
         if (params.isEmpty() || !params.containsKey("qid")) {
             return defaultRepo.getAll(LProbe.class, "land");
@@ -228,7 +226,10 @@
         if(violation.hasWarnings()) {
             response.setWarnings(violation.getWarnings());
         }
-        return response;
+        return authorization.filter(
+            request,
+            response,
+            LProbe.class);
     }
 
     /**
@@ -270,7 +271,10 @@
         if (violation.hasWarnings()) {
             updated.setWarnings(violation.getWarnings());
         }
-        return updated;
+        return authorization.filter(
+            request,
+            updated,
+            LProbe.class);
     }
 
     /**
--- a/src/main/java/de/intevation/lada/rest/StatusService.java	Wed Apr 08 10:44:24 2015 +0200
+++ b/src/main/java/de/intevation/lada/rest/StatusService.java	Wed Apr 08 10:45:27 2015 +0200
@@ -120,7 +120,10 @@
             return new Response(false, 699, null);
         }
         /* Persist the new object*/
-        return defaultRepo.create(status, "land");
+        return authorization.filter(
+            request,
+            defaultRepo.create(status, "land"),
+            LStatus.class);
     }
 
     /**
@@ -151,7 +154,10 @@
         Response updated = defaultRepo.getById(
             LStatus.class,
             ((LStatus)response.getData()).getId(), "land");
-        return updated;
+        return authorization.filter(
+            request,
+            updated,
+            LStatus.class);
     }
 
     /**
--- a/src/main/java/de/intevation/lada/rest/ZusatzwertService.java	Wed Apr 08 10:44:24 2015 +0200
+++ b/src/main/java/de/intevation/lada/rest/ZusatzwertService.java	Wed Apr 08 10:45:27 2015 +0200
@@ -123,7 +123,10 @@
             return new Response(false, 699, null);
         }
         /* Persist the new object*/
-        return defaultRepo.create(zusatzwert, "land");
+        return authorization.filter(
+            request,
+            defaultRepo.create(zusatzwert, "land"),
+            LZusatzWert.class);
     }
 
     /**
@@ -155,7 +158,10 @@
         Response updated = defaultRepo.getById(
             LZusatzWert.class,
             ((LZusatzWert)response.getData()).getId(), "land");
-        return updated;
+        return authorization.filter(
+            request,
+            updated,
+            LZusatzWert.class);
     }
 
     /**
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)