Mercurial > hg > AnnotationManagerN4J
diff src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java @ 15:58357a4b86de
ASSIGNED - # 249: Annotations shared in groups
https://it-dev.mpiwg-berlin.mpg.de/tracs/mpdl-project-software/ticket/249
author | casties |
---|---|
date | Tue, 28 Aug 2012 20:23:12 +0200 |
parents | 629e15b345aa |
children | 794077e6288c |
line wrap: on
line diff
--- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java Fri Jul 13 20:41:02 2012 +0200 +++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java Tue Aug 28 20:23:12 2012 +0200 @@ -6,7 +6,6 @@ import java.io.IOException; -import org.json.JSONArray; import org.json.JSONException; import org.json.JSONObject; import org.restlet.data.Status; @@ -18,6 +17,7 @@ import org.restlet.resource.Put; import de.mpiwg.itgroup.annotations.Annotation; +import de.mpiwg.itgroup.annotations.Person; import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore; /** @@ -51,12 +51,12 @@ // TODO: what to return without id - list of all annotations? // do authentication - String authUser = this.checkAuthToken(entity); + Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); logger.debug("request authenticated=" + authUser); Annotation annot = getAnnotationStore().getAnnotationById(id); if (annot != null) { - if (! annot.isActionAllowed("read", authUser)) { + if (! annot.isActionAllowed("read", authUser, null)) { setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); return null; } @@ -83,7 +83,7 @@ setCorsHeaders(); // do authentication TODO: who's allowed to create? - String authUser = this.checkAuthToken(entity); + Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); logger.debug("request authenticated=" + authUser); if (authUser == null) { setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); @@ -141,7 +141,7 @@ logger.debug("annotation-id=" + id); // do authentication - String authUser = this.checkAuthToken(entity); + Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); logger.debug("request authenticated=" + authUser); Annotation annot = null; @@ -159,7 +159,7 @@ setStatus(Status.CLIENT_ERROR_NOT_FOUND); return null; } - if (! storedAnnot.isActionAllowed("update", authUser)) { + if (! storedAnnot.isActionAllowed("update", authUser, null)) { setStatus(Status.CLIENT_ERROR_FORBIDDEN); return null; } @@ -204,11 +204,11 @@ logger.debug("annotation-id=" + id); // do authentication - String authUser = this.checkAuthToken(entity); + Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); logger.debug("request authenticated=" + authUser); Annotation annot = getAnnotationStore().getAnnotationById(id); if (annot != null) { - if (! annot.isActionAllowed("delete", authUser)) { + if (! annot.isActionAllowed("delete", authUser, null)) { setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); return null; }