Mercurial > lada > lada-server
changeset 227:ef4c0e646b16
Restrict access to LMessung and LMesswert by attribute 'fertig'.
author | Raimund Renkert <rrenkert@intevation.de> |
---|---|
date | Thu, 04 Jul 2013 15:15:17 +0200 (2013-07-04) |
parents | 8cabc1259df1 |
children | e7110c4324eb |
files | src/main/java/de/intevation/lada/rest/LMessungService.java src/main/java/de/intevation/lada/rest/LMesswertService.java |
diffstat | 2 files changed, 52 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/main/java/de/intevation/lada/rest/LMessungService.java Thu Jul 04 14:57:37 2013 +0200 +++ b/src/main/java/de/intevation/lada/rest/LMessungService.java Thu Jul 04 15:15:17 2013 +0200 @@ -1,6 +1,7 @@ package de.intevation.lada.rest; import java.util.ArrayList; +import java.util.List; import javax.enterprise.context.RequestScoped; import javax.inject.Inject; @@ -103,7 +104,9 @@ ) { try { String probeId = messung.getProbeId(); - if (authentication.hasAccess(headers, probeId)) { + int messungsId = messung.getId().getMessungsId(); + if (authentication.hasAccess(headers, probeId) && + !isReadOnly(probeId, messungsId)) { return repository.update(messung); } return new Response(false, 698, new ArrayList<LMessung>()); @@ -138,4 +141,22 @@ return new Response(false, 699, new ArrayList<LMessung>()); } } + + private boolean isReadOnly(String probeId, Integer messungsId) { + QueryBuilder<LMessung> builder = + new QueryBuilder<LMessung>( + repository.getEntityManager(), + LMessung.class); + builder.and("probeId", probeId) + .and("messungsId", String.valueOf(messungsId)); + Response response = repository.filter(builder.getQuery()); + List<LMessung> messungen = (List<LMessung>) response.getData(); + if (messungen.isEmpty()) { + return true; + } + if (messungen.size() > 1) { + return true; + } + return messungen.get(0).isFertig(); + } }
--- a/src/main/java/de/intevation/lada/rest/LMesswertService.java Thu Jul 04 14:57:37 2013 +0200 +++ b/src/main/java/de/intevation/lada/rest/LMesswertService.java Thu Jul 04 15:15:17 2013 +0200 @@ -1,6 +1,7 @@ package de.intevation.lada.rest; import java.util.ArrayList; +import java.util.List; import javax.enterprise.context.RequestScoped; import javax.inject.Inject; @@ -20,6 +21,7 @@ import de.intevation.lada.authentication.AuthenticationException; import de.intevation.lada.data.QueryBuilder; import de.intevation.lada.data.Repository; +import de.intevation.lada.model.LMessung; import de.intevation.lada.model.LMesswert; /** @@ -39,6 +41,10 @@ @Named("lmesswertrepository") private Repository repository; + @Inject + @Named("lmessungrepository") + private Repository messungRepository; + /** * The authorization module. */ @@ -103,7 +109,9 @@ ) { try { String probeId = messwert.getProbeId(); - if (authentication.hasAccess(headers, probeId)) { + Integer messungsId = messwert.getMessungsId(); + if (authentication.hasAccess(headers, probeId) && + !isReadOnly(probeId, messungsId)) { return repository.update(messwert); } return new Response(false, 698, new ArrayList<LMesswert>()); @@ -129,7 +137,9 @@ ) { try { String probeId = messwert.getProbeId(); - if (authentication.hasAccess(headers, probeId)) { + Integer messungsId = messwert.getMessungsId(); + if (authentication.hasAccess(headers, probeId) && + !isReadOnly(probeId, messungsId)) { return repository.create(messwert); } return new Response(false, 698, new ArrayList<LMesswert>()); @@ -138,4 +148,22 @@ return new Response(false, 699, new ArrayList<LMesswert>()); } } + + private boolean isReadOnly(String probeId, Integer messungsId) { + QueryBuilder<LMessung> builder = + new QueryBuilder<LMessung>( + messungRepository.getEntityManager(), + LMessung.class); + builder.and("probeId", probeId) + .and("messungsId", String.valueOf(messungsId)); + Response response = messungRepository.filter(builder.getQuery()); + List<LMessung> messungen = (List<LMessung>) response.getData(); + if (messungen.isEmpty()) { + return true; + } + if (messungen.size() > 1) { + return true; + } + return messungen.get(0).isFertig(); + } }