Mercurial > hg > AnnotationManagerN4J
comparison src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResourceImpl.java @ 105:7417f5915181 default tip
check admin permission before changing permissions.
Enum for typesafe actions.
author | casties |
---|---|
date | Fri, 10 Feb 2017 15:45:35 +0100 |
parents | 9140017e8962 |
children |
comparison
equal
deleted
inserted
replaced
104:e953327d66bb | 105:7417f5915181 |
---|---|
54 import com.google.gson.JsonElement; | 54 import com.google.gson.JsonElement; |
55 import com.google.gson.JsonObject; | 55 import com.google.gson.JsonObject; |
56 | 56 |
57 import de.mpiwg.itgroup.annotations.Actor; | 57 import de.mpiwg.itgroup.annotations.Actor; |
58 import de.mpiwg.itgroup.annotations.Annotation; | 58 import de.mpiwg.itgroup.annotations.Annotation; |
59 import de.mpiwg.itgroup.annotations.Annotation.Action; | |
59 import de.mpiwg.itgroup.annotations.Annotation.FragmentTypes; | 60 import de.mpiwg.itgroup.annotations.Annotation.FragmentTypes; |
60 import de.mpiwg.itgroup.annotations.Group; | 61 import de.mpiwg.itgroup.annotations.Group; |
61 import de.mpiwg.itgroup.annotations.Person; | 62 import de.mpiwg.itgroup.annotations.Person; |
62 import de.mpiwg.itgroup.annotations.Resource; | 63 import de.mpiwg.itgroup.annotations.Resource; |
63 import de.mpiwg.itgroup.annotations.Target; | 64 import de.mpiwg.itgroup.annotations.Target; |
677 } | 678 } |
678 | 679 |
679 /* | 680 /* |
680 * permissions | 681 * permissions |
681 */ | 682 */ |
682 if (jo.has("permissions")) { | 683 if (jo.has("permissions")) { |
683 JSONObject permissions = jo.getJSONObject("permissions"); | 684 // change permissions only if user has admin permission |
684 if (permissions.has("admin")) { | 685 if (annot.isActionAllowed(Action.admin, authUser, getAnnotationStore())) { |
685 JSONArray perms = permissions.getJSONArray("admin"); | 686 JSONObject permissions = jo.getJSONObject("permissions"); |
686 Actor actor = getActorFromPermissions(perms); | 687 if (permissions.has("admin")) { |
687 annot.setAdminPermission(actor); | 688 JSONArray perms = permissions.getJSONArray("admin"); |
688 } | 689 Actor actor = getActorFromPermissions(perms); |
689 if (permissions.has("delete")) { | 690 annot.setAdminPermission(actor); |
690 JSONArray perms = permissions.getJSONArray("delete"); | 691 } |
691 Actor actor = getActorFromPermissions(perms); | 692 if (permissions.has("delete")) { |
692 annot.setDeletePermission(actor); | 693 JSONArray perms = permissions.getJSONArray("delete"); |
693 } | 694 Actor actor = getActorFromPermissions(perms); |
694 if (permissions.has("update")) { | 695 annot.setDeletePermission(actor); |
695 JSONArray perms = permissions.getJSONArray("update"); | 696 } |
696 Actor actor = getActorFromPermissions(perms); | 697 if (permissions.has("update")) { |
697 annot.setUpdatePermission(actor); | 698 JSONArray perms = permissions.getJSONArray("update"); |
698 } | 699 Actor actor = getActorFromPermissions(perms); |
699 if (permissions.has("read")) { | 700 annot.setUpdatePermission(actor); |
700 JSONArray perms = permissions.getJSONArray("read"); | 701 } |
701 Actor actor = getActorFromPermissions(perms); | 702 if (permissions.has("read")) { |
702 annot.setReadPermission(actor); | 703 JSONArray perms = permissions.getJSONArray("read"); |
703 } | 704 Actor actor = getActorFromPermissions(perms); |
704 } | 705 annot.setReadPermission(actor); |
706 } | |
707 } | |
708 } | |
705 | 709 |
706 /* | 710 /* |
707 * tags | 711 * tags |
708 */ | 712 */ |
709 if (jo.has("tags")) { | 713 if (jo.has("tags")) { |