Mercurial > hg > AnnotationManagerN4J
diff src/main/java/de/mpiwg/itgroup/annotations/Annotation.java @ 14:629e15b345aa
permissions mostly work. need more server-side checking.
author | casties |
---|---|
date | Fri, 13 Jul 2012 20:41:02 +0200 |
parents | 90911b2da322 |
children | 58357a4b86de |
line wrap: on
line diff
--- a/src/main/java/de/mpiwg/itgroup/annotations/Annotation.java Fri Jul 13 17:22:05 2012 +0200 +++ b/src/main/java/de/mpiwg/itgroup/annotations/Annotation.java Fri Jul 13 20:41:02 2012 +0200 @@ -80,6 +80,53 @@ */ protected Actor readPermission; + + /** + * Returns if the requested action is allowed on this annotation. + * + * @param action + * @param userId + * @return + */ + public boolean isActionAllowed(String action, String userId) { + if (action.equals("read")) { + Actor reader = getReadPermission(); + if (reader == null) { + return true; + } else { + return reader.isEquivalentWith(userId); + } + } else if (action.equals("update")) { + // require at least an authenticated user + if (userId == null) return false; + Actor updater = getUpdatePermission(); + if (updater == null) { + return true; + } else { + return updater.isEquivalentWith(userId); + } + } else if (action.equals("delete")) { + // require at least an authenticated user + if (userId == null) return false; + Actor updater = getUpdatePermission(); + if (updater == null) { + return true; + } else { + return updater.isEquivalentWith(userId); + } + } else if (action.equals("admin")) { + // require at least an authenticated user + if (userId == null) return false; + Actor admin = getAdminPermission(); + if (admin == null) { + return true; + } else { + return admin.isEquivalentWith(userId); + } + } + return false; + } + /** * @return the uri */