diff src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java @ 41:5d4260344db5

Merge with 21c5394ea0cbb6738016a3c7d03b5ce7943d6216
author casties
date Wed, 26 Sep 2012 14:59:00 +0200
parents 03e0f7574224 34b9d044d0bf
children b8ef15c8c4a5
line wrap: on
line diff
--- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java	Wed Sep 26 14:56:42 2012 +0200
+++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java	Wed Sep 26 14:59:00 2012 +0200
@@ -54,15 +54,17 @@
         String id = decodeJsonId(jsonId);
         logger.debug("annotation-id=" + id);
 
-        if (id == null) {
-            
-            return getAllAnnotations();
-        }
-
+        
         // do authentication
         Person authUser = Person.createPersonWithId(this.checkAuthToken(entity));
         logger.debug("request authenticated=" + authUser);
 
+        if (id == null) {
+            
+            return getAllAnnotations(authUser);
+        }
+
+     
         AnnotationStore store = getAnnotationStore();
         Annotation annot = store.getAnnotationById(id);
         if (annot != null) {
@@ -81,7 +83,7 @@
         }
     }
 
-    private Representation getAllAnnotations() {
+    private Representation getAllAnnotations(Person authUser) {
     	
     	 Form form = getRequest().getResourceRef().getQueryAsForm();
            String sortBy=null;
@@ -96,7 +98,9 @@
        
        	List<Annotation> annotations = store.getAnnotations(null, null);
         for (Annotation annotation : annotations) {
-            	
+          	 //check permission
+			 if (!annotation.isActionAllowed("read", authUser, store)) continue;
+     
         	 JSONObject jo = createAnnotatorJson(annotation,false);
              results.add(jo);