AnnotationManagerN4J: src/main/java/de/mpiwg/itgroup/annotations/Annotation.java comparison

permissions mostly work. need more server-side checking.

comparison

equal deleted inserted replaced

-:abe25edf2178
+:629e15b345aa
 * The user or group that has read permissions.
 * null means any user.
 */
 protected Actor readPermission;
+/**
+* Returns if the requested action is allowed on this annotation.
+*
+* @param action
+* @param userId
+* @return
+*/
+public boolean isActionAllowed(String action, String userId) {
+if (action.equals("read")) {
+Actor reader = getReadPermission();
+if (reader == null) {
+return true;
+} else {
+return reader.isEquivalentWith(userId);
+}
+} else if (action.equals("update")) {
+// require at least an authenticated user
+if (userId == null) return false;
+Actor updater = getUpdatePermission();
+if (updater == null) {
+return true;
+} else {
+return updater.isEquivalentWith(userId);
+}
+} else if (action.equals("delete")) {
+// require at least an authenticated user
+if (userId == null) return false;
+Actor updater = getUpdatePermission();
+if (updater == null) {
+return true;
+} else {
+return updater.isEquivalentWith(userId);
+}
+} else if (action.equals("admin")) {
+// require at least an authenticated user
+if (userId == null) return false;
+Actor admin = getAdminPermission();
+if (admin == null) {
+return true;
+} else {
+return admin.isEquivalentWith(userId);
+}
+}
+return false;
+}
 /**
 * @return the uri
 */
 public String getUri() {
 return uri;

Mercurial > hg > AnnotationManagerN4J