changeset 227:ef4c0e646b16

Restrict access to LMessung and LMesswert by attribute 'fertig'.
author Raimund Renkert <rrenkert@intevation.de>
date Thu, 04 Jul 2013 15:15:17 +0200
parents 8cabc1259df1
children e7110c4324eb
files src/main/java/de/intevation/lada/rest/LMessungService.java src/main/java/de/intevation/lada/rest/LMesswertService.java
diffstat 2 files changed, 52 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/src/main/java/de/intevation/lada/rest/LMessungService.java	Thu Jul 04 14:57:37 2013 +0200
+++ b/src/main/java/de/intevation/lada/rest/LMessungService.java	Thu Jul 04 15:15:17 2013 +0200
@@ -1,6 +1,7 @@
 package de.intevation.lada.rest;
 
 import java.util.ArrayList;
+import java.util.List;
 
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
@@ -103,7 +104,9 @@
     ) {
         try {
             String probeId = messung.getProbeId();
-            if (authentication.hasAccess(headers, probeId)) {
+            int messungsId = messung.getId().getMessungsId();
+            if (authentication.hasAccess(headers, probeId) &&
+                !isReadOnly(probeId, messungsId)) {
                 return repository.update(messung);
             }
             return new Response(false, 698, new ArrayList<LMessung>());
@@ -138,4 +141,22 @@
             return new Response(false, 699, new ArrayList<LMessung>());
         }
     }
+
+    private boolean isReadOnly(String probeId, Integer messungsId) {
+        QueryBuilder<LMessung> builder =
+            new QueryBuilder<LMessung>(
+                repository.getEntityManager(),
+                LMessung.class);
+        builder.and("probeId", probeId)
+            .and("messungsId", String.valueOf(messungsId));
+        Response response = repository.filter(builder.getQuery());
+        List<LMessung> messungen = (List<LMessung>) response.getData();
+        if (messungen.isEmpty()) {
+            return true;
+        }
+        if (messungen.size() > 1) {
+            return true;
+        }
+        return messungen.get(0).isFertig();
+    }
 }
--- a/src/main/java/de/intevation/lada/rest/LMesswertService.java	Thu Jul 04 14:57:37 2013 +0200
+++ b/src/main/java/de/intevation/lada/rest/LMesswertService.java	Thu Jul 04 15:15:17 2013 +0200
@@ -1,6 +1,7 @@
 package de.intevation.lada.rest;
 
 import java.util.ArrayList;
+import java.util.List;
 
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
@@ -20,6 +21,7 @@
 import de.intevation.lada.authentication.AuthenticationException;
 import de.intevation.lada.data.QueryBuilder;
 import de.intevation.lada.data.Repository;
+import de.intevation.lada.model.LMessung;
 import de.intevation.lada.model.LMesswert;
 
 /**
@@ -39,6 +41,10 @@
     @Named("lmesswertrepository")
     private Repository repository;
 
+    @Inject
+    @Named("lmessungrepository")
+    private Repository messungRepository;
+
     /**
      * The authorization module.
      */
@@ -103,7 +109,9 @@
     ) {
         try {
             String probeId = messwert.getProbeId();
-            if (authentication.hasAccess(headers, probeId)) {
+            Integer messungsId = messwert.getMessungsId();
+            if (authentication.hasAccess(headers, probeId) &&
+                !isReadOnly(probeId, messungsId)) {
                 return repository.update(messwert);
             }
             return new Response(false, 698, new ArrayList<LMesswert>());
@@ -129,7 +137,9 @@
     ) {
         try {
             String probeId = messwert.getProbeId();
-            if (authentication.hasAccess(headers, probeId)) {
+            Integer messungsId = messwert.getMessungsId();
+            if (authentication.hasAccess(headers, probeId) &&
+                !isReadOnly(probeId, messungsId)) {
                 return repository.create(messwert);
             }
             return new Response(false, 698, new ArrayList<LMesswert>());
@@ -138,4 +148,22 @@
             return new Response(false, 699, new ArrayList<LMesswert>());
         }
     }
+
+    private boolean isReadOnly(String probeId, Integer messungsId) {
+        QueryBuilder<LMessung> builder =
+            new QueryBuilder<LMessung>(
+                messungRepository.getEntityManager(),
+                LMessung.class);
+        builder.and("probeId", probeId)
+            .and("messungsId", String.valueOf(messungsId));
+        Response response = messungRepository.filter(builder.getQuery());
+        List<LMessung> messungen = (List<LMessung>) response.getData();
+        if (messungen.isEmpty()) {
+            return true;
+        }
+        if (messungen.size() > 1) {
+            return true;
+        }
+        return messungen.get(0).isFertig();
+    }
 }
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)