[Lada-commits] [PATCH 2 of 2] No authorization is given if all objects are requested
Wald Commits
scm-commit at wald.intevation.org
Wed Dec 9 16:52:09 CET 2015
# HG changeset patch
# User Tom Gottfried <tom at intevation.de>
# Date 1449676291 -3600
# Branch statusworkflow
# Node ID 487c6d8c9d7bb8af6cf75e1f21ae542f149d5da9
# Parent dcf8c49d2e57692cf7baed174431e817628f223d
No authorization is given if all objects are requested.
diff -r dcf8c49d2e57 -r 487c6d8c9d7b src/main/java/de/intevation/lada/rest/KommentarMService.java
--- a/src/main/java/de/intevation/lada/rest/KommentarMService.java Wed Dec 09 16:29:57 2015 +0100
+++ b/src/main/java/de/intevation/lada/rest/KommentarMService.java Wed Dec 09 16:51:31 2015 +0100
@@ -87,12 +87,14 @@
/**
* Get all KommentarM objects.
* <p>
- * The requested objects can be filtered using a URL parameter named
+ * The requested objects have to be filtered using an URL parameter named
* messungsId.
* <p>
* Example: http://example.com/mkommentar?messungsId=[ID]
*
- * @return Response object containing all (filtered) KommentarM objects.
+ * @return Response object containing filtered KommentarM objects.
+ * Status-Code 699 if parameter is missing or requested objects are
+ * not authorized.
*/
@GET
@Path("/")
@@ -118,7 +120,8 @@
LMessung.class,
id,
"land");
- if (!authorization.isAuthorized(authorization.getInfo(request), messung)) {
+ if (!authorization.isAuthorized(
+ authorization.getInfo(request), messung)) {
if (!authorization.isAuthorized(id, LMessung.class)) {
return new Response(false, 699, null);
}
diff -r dcf8c49d2e57 -r 487c6d8c9d7b src/main/java/de/intevation/lada/rest/MesswertService.java
--- a/src/main/java/de/intevation/lada/rest/MesswertService.java Wed Dec 09 16:29:57 2015 +0100
+++ b/src/main/java/de/intevation/lada/rest/MesswertService.java Wed Dec 09 16:51:31 2015 +0100
@@ -122,12 +122,14 @@
/**
* Get all Messwert objects.
* <p>
- * The requested objects can be filtered using a URL parameter named
+ * The requested objects have to be filtered using an URL parameter named
* messungsId.
* <p>
* Example: http://example.com/messwert?messungsId=[ID]
*
- * @return Response object containing all Messwert objects.
+ * @return Response object containing filtered Messwert objects.
+ * Status-Code 699 if parameter is missing or requested objects are
+ * not authorized.
*/
@GET
@Path("/")
diff -r dcf8c49d2e57 -r 487c6d8c9d7b src/main/java/de/intevation/lada/rest/StatusService.java
--- a/src/main/java/de/intevation/lada/rest/StatusService.java Wed Dec 09 16:29:57 2015 +0100
+++ b/src/main/java/de/intevation/lada/rest/StatusService.java Wed Dec 09 16:51:31 2015 +0100
@@ -117,12 +117,14 @@
/**
* Get all Status objects.
* <p>
- * The requested objects can be filtered using a URL parameter named
+ * The requested objects have to be filtered using an URL parameter named
* messungsId.
* <p>
* Example: http://example.com/status?messungsId=[ID]
*
- * @return Response object containing all Status objects.
+ * @return Response object containing filtered Status objects.
+ * Status-Code 699 if parameter is missing or requested objects are
+ * not authorized.
*/
@GET
@Path("/")
diff -r dcf8c49d2e57 -r 487c6d8c9d7b src/test/java/de/intevation/lada/test/land/KommentarM.java
--- a/src/test/java/de/intevation/lada/test/land/KommentarM.java Wed Dec 09 16:29:57 2015 +0100
+++ b/src/test/java/de/intevation/lada/test/land/KommentarM.java Wed Dec 09 16:51:31 2015 +0100
@@ -94,12 +94,10 @@
JsonReader reader = Json.createReader(new StringReader(entity));
JsonObject content = reader.readObject();
/* Verify the response*/
- Assert.assertTrue(content.getBoolean("success"));
+ Assert.assertFalse(content.getBoolean("success"));
prot.addInfo("success", content.getBoolean("success"));
- Assert.assertEquals("200", content.getString("message"));
+ Assert.assertEquals("699", content.getString("message"));
prot.addInfo("message", content.getString("message"));
- Assert.assertNotNull(content.getJsonArray("data"));
- prot.addInfo("objects", content.getJsonArray("data").size());
}
catch(JsonException je) {
prot.addInfo("exception", je.getMessage());
diff -r dcf8c49d2e57 -r 487c6d8c9d7b src/test/java/de/intevation/lada/test/land/Messwert.java
--- a/src/test/java/de/intevation/lada/test/land/Messwert.java Wed Dec 09 16:29:57 2015 +0100
+++ b/src/test/java/de/intevation/lada/test/land/Messwert.java Wed Dec 09 16:51:31 2015 +0100
@@ -91,12 +91,10 @@
JsonReader reader = Json.createReader(new StringReader(entity));
JsonObject content = reader.readObject();
/* Verify the response*/
- Assert.assertTrue(content.getBoolean("success"));
+ Assert.assertFalse(content.getBoolean("success"));
prot.addInfo("success", content.getBoolean("success"));
- Assert.assertEquals("200", content.getString("message"));
+ Assert.assertEquals("699", content.getString("message"));
prot.addInfo("message", content.getString("message"));
- Assert.assertNotNull(content.getJsonArray("data"));
- prot.addInfo("objects", content.getJsonArray("data").size());
}
catch(JsonException je) {
prot.addInfo("exception", je.getMessage());
diff -r dcf8c49d2e57 -r 487c6d8c9d7b src/test/java/de/intevation/lada/test/land/Status.java
--- a/src/test/java/de/intevation/lada/test/land/Status.java Wed Dec 09 16:29:57 2015 +0100
+++ b/src/test/java/de/intevation/lada/test/land/Status.java Wed Dec 09 16:51:31 2015 +0100
@@ -89,12 +89,10 @@
JsonReader reader = Json.createReader(new StringReader(entity));
JsonObject content = reader.readObject();
/* Verify the response*/
- Assert.assertTrue(content.getBoolean("success"));
+ Assert.assertFalse(content.getBoolean("success"));
prot.addInfo("success", content.getBoolean("success"));
- Assert.assertEquals("200", content.getString("message"));
+ Assert.assertEquals("699", content.getString("message"));
prot.addInfo("message", content.getString("message"));
- Assert.assertNotNull(content.getJsonArray("data"));
- prot.addInfo("objects", content.getJsonArray("data").size());
}
catch(JsonException je) {
prot.addInfo("exception", je.getMessage());
More information about the Lada-commits
mailing list