Mercurial > hg > AnnotationManagerN4J
comparison src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResourceImpl.java @ 105:7417f5915181 default tip
check admin permission before changing permissions.
Enum for typesafe actions.
| author | casties |
|---|---|
| date | Fri, 10 Feb 2017 15:45:35 +0100 |
| parents | 9140017e8962 |
| children |
comparison
equal
deleted
inserted
replaced
| 104:e953327d66bb | 105:7417f5915181 |
|---|---|
| 54 import com.google.gson.JsonElement; | 54 import com.google.gson.JsonElement; |
| 55 import com.google.gson.JsonObject; | 55 import com.google.gson.JsonObject; |
| 56 | 56 |
| 57 import de.mpiwg.itgroup.annotations.Actor; | 57 import de.mpiwg.itgroup.annotations.Actor; |
| 58 import de.mpiwg.itgroup.annotations.Annotation; | 58 import de.mpiwg.itgroup.annotations.Annotation; |
| 59 import de.mpiwg.itgroup.annotations.Annotation.Action; | |
| 59 import de.mpiwg.itgroup.annotations.Annotation.FragmentTypes; | 60 import de.mpiwg.itgroup.annotations.Annotation.FragmentTypes; |
| 60 import de.mpiwg.itgroup.annotations.Group; | 61 import de.mpiwg.itgroup.annotations.Group; |
| 61 import de.mpiwg.itgroup.annotations.Person; | 62 import de.mpiwg.itgroup.annotations.Person; |
| 62 import de.mpiwg.itgroup.annotations.Resource; | 63 import de.mpiwg.itgroup.annotations.Resource; |
| 63 import de.mpiwg.itgroup.annotations.Target; | 64 import de.mpiwg.itgroup.annotations.Target; |
| 677 } | 678 } |
| 678 | 679 |
| 679 /* | 680 /* |
| 680 * permissions | 681 * permissions |
| 681 */ | 682 */ |
| 682 if (jo.has("permissions")) { | 683 if (jo.has("permissions")) { |
| 683 JSONObject permissions = jo.getJSONObject("permissions"); | 684 // change permissions only if user has admin permission |
| 684 if (permissions.has("admin")) { | 685 if (annot.isActionAllowed(Action.admin, authUser, getAnnotationStore())) { |
| 685 JSONArray perms = permissions.getJSONArray("admin"); | 686 JSONObject permissions = jo.getJSONObject("permissions"); |
| 686 Actor actor = getActorFromPermissions(perms); | 687 if (permissions.has("admin")) { |
| 687 annot.setAdminPermission(actor); | 688 JSONArray perms = permissions.getJSONArray("admin"); |
| 688 } | 689 Actor actor = getActorFromPermissions(perms); |
| 689 if (permissions.has("delete")) { | 690 annot.setAdminPermission(actor); |
| 690 JSONArray perms = permissions.getJSONArray("delete"); | 691 } |
| 691 Actor actor = getActorFromPermissions(perms); | 692 if (permissions.has("delete")) { |
| 692 annot.setDeletePermission(actor); | 693 JSONArray perms = permissions.getJSONArray("delete"); |
| 693 } | 694 Actor actor = getActorFromPermissions(perms); |
| 694 if (permissions.has("update")) { | 695 annot.setDeletePermission(actor); |
| 695 JSONArray perms = permissions.getJSONArray("update"); | 696 } |
| 696 Actor actor = getActorFromPermissions(perms); | 697 if (permissions.has("update")) { |
| 697 annot.setUpdatePermission(actor); | 698 JSONArray perms = permissions.getJSONArray("update"); |
| 698 } | 699 Actor actor = getActorFromPermissions(perms); |
| 699 if (permissions.has("read")) { | 700 annot.setUpdatePermission(actor); |
| 700 JSONArray perms = permissions.getJSONArray("read"); | 701 } |
| 701 Actor actor = getActorFromPermissions(perms); | 702 if (permissions.has("read")) { |
| 702 annot.setReadPermission(actor); | 703 JSONArray perms = permissions.getJSONArray("read"); |
| 703 } | 704 Actor actor = getActorFromPermissions(perms); |
| 704 } | 705 annot.setReadPermission(actor); |
| 706 } | |
| 707 } | |
| 708 } | |
| 705 | 709 |
| 706 /* | 710 /* |
| 707 * tags | 711 * tags |
| 708 */ | 712 */ |
| 709 if (jo.has("tags")) { | 713 if (jo.has("tags")) { |