changeset 207:fe05c016cdb6

Added authorization to create and update in lprobe service.
author Raimund Renkert <rrenkert@intevation.de>
date Tue, 02 Jul 2013 13:11:29 +0200
parents ae56f0a326dc
children 832e67663fd9
files src/main/java/de/intevation/lada/rest/LProbeService.java
diffstat 1 files changed, 25 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/src/main/java/de/intevation/lada/rest/LProbeService.java	Tue Jul 02 13:10:45 2013 +0200
+++ b/src/main/java/de/intevation/lada/rest/LProbeService.java	Tue Jul 02 13:11:29 2013 +0200
@@ -5,6 +5,7 @@
 import java.util.logging.Logger;
 
 import javax.enterprise.context.RequestScoped;
+import javax.enterprise.inject.New;
 import javax.inject.Inject;
 import javax.inject.Named;
 import javax.ws.rs.Consumes;
@@ -158,15 +159,34 @@
     @Path("/{id}")
     @Produces("text/json")
     @Consumes("application/json")
-    public Response update(LProbeInfo probe) {
-        return repository.update(probe);
+    public Response update(LProbeInfo probe, @Context HttpHeaders header) {
+        try {
+            if(authentication.hasAccess(header, probe.getProbeId())) {
+                return repository.update(probe);
+            }
+            return new Response(false, 698, new ArrayList<LProbeInfo>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LProbeInfo>());
+        }
     }
 
     @POST
     @Produces("text/json")
     @Consumes("application/json")
-    public Response create(LProbeInfo probe) {
-        LProbe p = probe.toLProbe();
-        return repository.create(p);
+    public Response create(LProbeInfo probe, @Context HttpHeaders header) {
+        try {
+            AuthenticationResponse auth =
+                authentication.authorizedGroups(header);
+            if (auth.getNetzbetreiber().contains(probe.getNetzbetreiberId()) &&
+                auth.getMst().contains(probe.getMstId())) {
+                LProbe p = probe.toLProbe();
+                return repository.create(p);
+            }
+            return new Response(false, 698, new ArrayList<LProbeInfo>());
+        }
+        catch(AuthenticationException ae) {
+            return new Response(false, 699, new ArrayList<LProbeInfo>());
+        }
     }
 }
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)