Mercurial > hg > AnnotationManagerN4J

diff src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java @ 15:58357a4b86de

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
ASSIGNED - # 249: Annotations shared in groups https://it-dev.mpiwg-berlin.mpg.de/tracs/mpdl-project-software/ticket/249
author casties
date Tue, 28 Aug 2012 20:23:12 +0200
parents 629e15b345aa
children 794077e6288c
line wrap: on
line diff
--- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java	Fri Jul 13 20:41:02 2012 +0200
+++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java	Tue Aug 28 20:23:12 2012 +0200
@@ -6,7 +6,6 @@
 
 import java.io.IOException;
 
-import org.json.JSONArray;
 import org.json.JSONException;
 import org.json.JSONObject;
 import org.restlet.data.Status;
@@ -18,6 +17,7 @@
 import org.restlet.resource.Put;
 
 import de.mpiwg.itgroup.annotations.Annotation;
+import de.mpiwg.itgroup.annotations.Person;
 import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore;
 
 /**
@@ -51,12 +51,12 @@
         // TODO: what to return without id - list of all annotations?
 
         // do authentication
-        String authUser = this.checkAuthToken(entity);
+        Person authUser = Person.createPersonWithId(this.checkAuthToken(entity));
         logger.debug("request authenticated=" + authUser);
 
         Annotation annot = getAnnotationStore().getAnnotationById(id);
         if (annot != null) {
-            if (! annot.isActionAllowed("read", authUser)) {
+            if (! annot.isActionAllowed("read", authUser, null)) {
                 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!");
                 return null;
             }
@@ -83,7 +83,7 @@
         setCorsHeaders();
         
         // do authentication TODO: who's allowed to create? 
-        String authUser = this.checkAuthToken(entity);
+        Person authUser = Person.createPersonWithId(this.checkAuthToken(entity));
         logger.debug("request authenticated=" + authUser);
         if (authUser == null) {
             setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!");
@@ -141,7 +141,7 @@
         logger.debug("annotation-id=" + id);
 
         // do authentication
-        String authUser = this.checkAuthToken(entity);
+        Person authUser = Person.createPersonWithId(this.checkAuthToken(entity));
         logger.debug("request authenticated=" + authUser);
 
         Annotation annot = null;
@@ -159,7 +159,7 @@
                 setStatus(Status.CLIENT_ERROR_NOT_FOUND);
                 return null;
             }
-            if (! storedAnnot.isActionAllowed("update", authUser)) {
+            if (! storedAnnot.isActionAllowed("update", authUser, null)) {
                 setStatus(Status.CLIENT_ERROR_FORBIDDEN);
                 return null;
             }
@@ -204,11 +204,11 @@
         logger.debug("annotation-id=" + id);
 
         // do authentication
-        String authUser = this.checkAuthToken(entity);
+        Person authUser = Person.createPersonWithId(this.checkAuthToken(entity));
         logger.debug("request authenticated=" + authUser);
         Annotation annot = getAnnotationStore().getAnnotationById(id);
         if (annot != null) {
-            if (! annot.isActionAllowed("delete", authUser)) {
+            if (! annot.isActionAllowed("delete", authUser, null)) {
                 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!");
                 return null;
             }