[Lada-commits] [PATCH 3 of 4] Authorize messwert, kommentar and status
Wald Commits
scm-commit at wald.intevation.org
Thu Nov 19 16:55:34 CET 2015
# HG changeset patch
# User Raimund Renkert <raimund.renkert at intevation.de>
# Date 1447948449 -3600
# Node ID b04e55896104c60983b5be14cac4158d6f96981d
# Parent d0510a89e70111015465f903d71ec2a0660b0ac3
Authorize messwert, kommentar and status.
diff -r d0510a89e701 -r b04e55896104 src/main/java/de/intevation/lada/rest/KommentarMService.java
--- a/src/main/java/de/intevation/lada/rest/KommentarMService.java Thu Nov 19 16:53:30 2015 +0100
+++ b/src/main/java/de/intevation/lada/rest/KommentarMService.java Thu Nov 19 16:54:09 2015 +0100
@@ -24,6 +24,7 @@
import javax.ws.rs.core.UriInfo;
import de.intevation.lada.model.land.LKommentarM;
+import de.intevation.lada.model.land.LMessung;
import de.intevation.lada.util.annotation.AuthorizationConfig;
import de.intevation.lada.util.annotation.RepositoryConfig;
import de.intevation.lada.util.auth.Authorization;
@@ -103,9 +104,26 @@
) {
MultivaluedMap<String, String> params = info.getQueryParameters();
if (params.isEmpty() || !params.containsKey("messungsId")) {
- return defaultRepo.getAll(LKommentarM.class, "land");
+ return new Response(false, 699, null);
}
String messungId = params.getFirst("messungsId");
+ int id;
+ try {
+ id = Integer.valueOf(messungId);
+ }
+ catch(NumberFormatException nfe) {
+ return new Response(false, 699, null);
+ }
+ LMessung messung = defaultRepo.getByIdPlain(
+ LMessung.class,
+ id,
+ "land");
+ if (!authorization.isAuthorized(authorization.getInfo(request), messung)) {
+ if (!authorization.isAuthorized(id, LMessung.class)) {
+ return new Response(false, 699, null);
+ }
+ }
+
QueryBuilder<LKommentarM> builder =
new QueryBuilder<LKommentarM>(
defaultRepo.entityManager("land"),
@@ -134,12 +152,22 @@
@Context HttpServletRequest request,
@PathParam("id") String id
) {
+ Response response =
+ defaultRepo.getById(LKommentarM.class, Integer.valueOf(id), "land");
+ LKommentarM kommentar = (LKommentarM)response.getData();
+ LMessung messung = defaultRepo.getByIdPlain(
+ LMessung.class,
+ kommentar.getMessungsId(),
+ "land");
+ if (!authorization.isAuthorized(authorization.getInfo(request), messung)) {
+ if (!authorization.isAuthorized(messung.getId(), LMessung.class)) {
+ return new Response(false, 699, null);
+ }
+ }
+
return authorization.filter(
request,
- defaultRepo.getById(
- LKommentarM.class,
- Integer.valueOf(id),
- "land"),
+ response,
LKommentarM.class);
}
diff -r d0510a89e701 -r b04e55896104 src/main/java/de/intevation/lada/rest/MesswertService.java
--- a/src/main/java/de/intevation/lada/rest/MesswertService.java Thu Nov 19 16:53:30 2015 +0100
+++ b/src/main/java/de/intevation/lada/rest/MesswertService.java Thu Nov 19 16:54:09 2015 +0100
@@ -31,6 +31,7 @@
import de.intevation.lada.lock.LockConfig;
import de.intevation.lada.lock.LockType;
import de.intevation.lada.lock.ObjectLocker;
+import de.intevation.lada.model.land.LMessung;
import de.intevation.lada.model.land.LMesswert;
import de.intevation.lada.util.annotation.AuthorizationConfig;
import de.intevation.lada.util.annotation.RepositoryConfig;
@@ -138,10 +139,25 @@
) {
MultivaluedMap<String, String> params = info.getQueryParameters();
if (params.isEmpty() || !params.containsKey("messungsId")) {
- logger.debug("get all");
- return defaultRepo.getAll(LMesswert.class, "land");
+ return new Response(false, 699, null);
}
String messungId = params.getFirst("messungsId");
+ int id;
+ try {
+ id = Integer.valueOf(messungId);
+ }
+ catch(NumberFormatException nfe) {
+ return new Response(false, 698, null);
+ }
+ LMessung messung = defaultRepo.getByIdPlain(
+ LMessung.class,
+ id,
+ "land");
+ if (!authorization.isAuthorized(authorization.getInfo(request), messung)) {
+ if (!authorization.isAuthorized(id, LMessung.class)) {
+ return new Response(false, 697, null);
+ }
+ }
QueryBuilder<LMesswert> builder =
new QueryBuilder<LMesswert>(
defaultRepo.entityManager("land"),
@@ -173,6 +189,15 @@
Response response =
defaultRepo.getById(LMesswert.class, Integer.valueOf(id), "land");
LMesswert messwert = (LMesswert)response.getData();
+ LMessung messung = defaultRepo.getByIdPlain(
+ LMessung.class,
+ messwert.getMessungsId(),
+ "land");
+ if (!authorization.isAuthorized(authorization.getInfo(request), messung)) {
+ if (!authorization.isAuthorized(messung.getId(), LMessung.class)) {
+ return new Response(false, 699, null);
+ }
+ }
Violation violation = validator.validate(messwert);
if (violation.hasErrors() || violation.hasWarnings()) {
response.setErrors(violation.getErrors());
diff -r d0510a89e701 -r b04e55896104 src/main/java/de/intevation/lada/rest/StatusService.java
--- a/src/main/java/de/intevation/lada/rest/StatusService.java Thu Nov 19 16:53:30 2015 +0100
+++ b/src/main/java/de/intevation/lada/rest/StatusService.java Thu Nov 19 16:54:09 2015 +0100
@@ -132,9 +132,26 @@
) {
MultivaluedMap<String, String> params = info.getQueryParameters();
if (params.isEmpty() || !params.containsKey("messungsId")) {
- return defaultRepo.getAll(LStatusProtokoll.class, "land");
+ return new Response(false, 699, null);
}
String messungId = params.getFirst("messungsId");
+ int id;
+ try {
+ id = Integer.valueOf(messungId);
+ }
+ catch(NumberFormatException nfe) {
+ return new Response(false, 698, null);
+ }
+ LMessung messung = defaultRepo.getByIdPlain(
+ LMessung.class,
+ id,
+ "land");
+ if (!authorization.isAuthorized(authorization.getInfo(request), messung)) {
+ if (!authorization.isAuthorized(id, LMessung.class)) {
+ return new Response(false, 697, null);
+ }
+ }
+
QueryBuilder<LStatusProtokoll> builder =
new QueryBuilder<LStatusProtokoll>(
defaultRepo.entityManager("land"),
More information about the Lada-commits
mailing list