Mercurial > hg > AnnotationManagerN4J

diff src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java @ 105:7417f5915181 default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
check admin permission before changing permissions. Enum for typesafe actions.
author casties
date Fri, 10 Feb 2017 15:45:35 +0100
parents 9140017e8962
children
line wrap: on
line diff
--- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java	Fri Feb 10 15:02:32 2017 +0100
+++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java	Fri Feb 10 15:45:35 2017 +0100
@@ -41,6 +41,7 @@
 import org.restlet.resource.Put;
 
 import de.mpiwg.itgroup.annotations.Annotation;
+import de.mpiwg.itgroup.annotations.Annotation.Action;
 import de.mpiwg.itgroup.annotations.Person;
 import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore;
 import de.mpiwg.itgroup.annotations.restlet.utils.JSONObjectComparator;
@@ -94,7 +95,7 @@
         AnnotationStore store = getAnnotationStore();
         Annotation annot = store.getAnnotationById(id);
         if (annot != null) {
-            if (!annot.isActionAllowed("read", authUser, store)) {
+            if (!annot.isActionAllowed(Action.read, authUser, store)) {
                 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!");
                 return null;
             }
@@ -115,7 +116,7 @@
         List<Annotation> annotations = store.getAnnotations(null, null, 0, 0);
         for (Annotation annotation : annotations) {
             // check permission
-            if (!annotation.isActionAllowed("read", authUser, store))
+            if (!annotation.isActionAllowed(Action.read, authUser, store))
                 continue;
             // add annotation to list
             JSONObject jo = createAnnotatorJson(annotation, false);
@@ -237,7 +238,7 @@
                 setStatus(Status.CLIENT_ERROR_NOT_FOUND);
                 return null;
             }
-            if (!storedAnnot.isActionAllowed("update", authUser, store)) {
+            if (!storedAnnot.isActionAllowed(Action.update, authUser, store)) {
                 setStatus(Status.CLIENT_ERROR_FORBIDDEN);
                 return null;
             }
@@ -286,7 +287,7 @@
         AnnotationStore store = getAnnotationStore();
         Annotation annot = store.getAnnotationById(id);
         if (annot != null) {
-            if (!annot.isActionAllowed("delete", authUser, store)) {
+            if (!annot.isActionAllowed(Action.delete, authUser, store)) {
                 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!");
                 return null;
             }