Mercurial > hg > AnnotationManagerN4J
diff src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java @ 37:34b9d044d0bf
authorisation added
js / css aufgeraeumt
author | dwinter |
---|---|
date | Wed, 26 Sep 2012 14:48:41 +0200 |
parents | 8427930c5f88 |
children | 5d4260344db5 |
line wrap: on
line diff
--- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java Tue Sep 25 22:28:47 2012 +0200 +++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java Wed Sep 26 14:48:41 2012 +0200 @@ -55,15 +55,17 @@ String id = decodeJsonId(jsonId); logger.debug("annotation-id=" + id); - if (id == null) { - - return getAllAnnotations(); - } - + // do authentication Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); logger.debug("request authenticated=" + authUser); + if (id == null) { + + return getAllAnnotations(authUser); + } + + AnnotationStore store = getAnnotationStore(); Annotation annot = store.getAnnotationById(id); if (annot != null) { @@ -82,7 +84,7 @@ } } - private Representation getAllAnnotations() { + private Representation getAllAnnotations(Person authUser) { Form form = getRequest().getResourceRef().getQueryAsForm(); String sortBy=null; @@ -97,7 +99,9 @@ List<Annotation> annotations = store.getAnnotations(null, null); for (Annotation annotation : annotations) { - + //check permission + if (!annotation.isActionAllowed("read", authUser, store)) continue; + JSONObject jo = createAnnotatorJson(annotation,false); results.add(jo);