Mercurial > hg > AnnotationManagerN4J
diff src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java @ 105:7417f5915181 default tip
check admin permission before changing permissions.
Enum for typesafe actions.
author | casties |
---|---|
date | Fri, 10 Feb 2017 15:45:35 +0100 |
parents | 9140017e8962 |
children |
line wrap: on
line diff
--- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java Fri Feb 10 15:02:32 2017 +0100 +++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java Fri Feb 10 15:45:35 2017 +0100 @@ -41,6 +41,7 @@ import org.restlet.resource.Put; import de.mpiwg.itgroup.annotations.Annotation; +import de.mpiwg.itgroup.annotations.Annotation.Action; import de.mpiwg.itgroup.annotations.Person; import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore; import de.mpiwg.itgroup.annotations.restlet.utils.JSONObjectComparator; @@ -94,7 +95,7 @@ AnnotationStore store = getAnnotationStore(); Annotation annot = store.getAnnotationById(id); if (annot != null) { - if (!annot.isActionAllowed("read", authUser, store)) { + if (!annot.isActionAllowed(Action.read, authUser, store)) { setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); return null; } @@ -115,7 +116,7 @@ List<Annotation> annotations = store.getAnnotations(null, null, 0, 0); for (Annotation annotation : annotations) { // check permission - if (!annotation.isActionAllowed("read", authUser, store)) + if (!annotation.isActionAllowed(Action.read, authUser, store)) continue; // add annotation to list JSONObject jo = createAnnotatorJson(annotation, false); @@ -237,7 +238,7 @@ setStatus(Status.CLIENT_ERROR_NOT_FOUND); return null; } - if (!storedAnnot.isActionAllowed("update", authUser, store)) { + if (!storedAnnot.isActionAllowed(Action.update, authUser, store)) { setStatus(Status.CLIENT_ERROR_FORBIDDEN); return null; } @@ -286,7 +287,7 @@ AnnotationStore store = getAnnotationStore(); Annotation annot = store.getAnnotationById(id); if (annot != null) { - if (!annot.isActionAllowed("delete", authUser, store)) { + if (!annot.isActionAllowed(Action.delete, authUser, store)) { setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); return null; }