Mercurial > hg > AnnotationManagerN4J

diff src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java @ 37:34b9d044d0bf

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
authorisation added js / css aufgeraeumt
author dwinter
date Wed, 26 Sep 2012 14:48:41 +0200
parents 8427930c5f88
children 5d4260344db5
line wrap: on
line diff
--- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java	Tue Sep 25 22:28:47 2012 +0200
+++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java	Wed Sep 26 14:48:41 2012 +0200
@@ -55,15 +55,17 @@
         String id = decodeJsonId(jsonId);
         logger.debug("annotation-id=" + id);
 
-        if (id == null) {
-            
-            return getAllAnnotations();
-        }
-
+        
         // do authentication
         Person authUser = Person.createPersonWithId(this.checkAuthToken(entity));
         logger.debug("request authenticated=" + authUser);
 
+        if (id == null) {
+            
+            return getAllAnnotations(authUser);
+        }
+
+     
         AnnotationStore store = getAnnotationStore();
         Annotation annot = store.getAnnotationById(id);
         if (annot != null) {
@@ -82,7 +84,7 @@
         }
     }
 
-    private Representation getAllAnnotations() {
+    private Representation getAllAnnotations(Person authUser) {
     	
     	 Form form = getRequest().getResourceRef().getQueryAsForm();
            String sortBy=null;
@@ -97,7 +99,9 @@
        
        	List<Annotation> annotations = store.getAnnotations(null, null);
         for (Annotation annotation : annotations) {
-            	
+          	 //check permission
+			 if (!annotation.isActionAllowed("read", authUser, store)) continue;
+     
         	 JSONObject jo = createAnnotatorJson(annotation,false);
              results.add(jo);