Mercurial > hg > AnnotationManagerN4J
diff src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java @ 16:794077e6288c
CLOSED - # 252: Tags for Annotations
https://it-dev.mpiwg-berlin.mpg.de/tracs/mpdl-project-software/ticket/252
author | casties |
---|---|
date | Tue, 04 Sep 2012 20:02:59 +0200 |
parents | 58357a4b86de |
children | 715aa11d138b |
line wrap: on
line diff
--- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java Tue Aug 28 20:23:12 2012 +0200 +++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java Tue Sep 04 20:02:59 2012 +0200 @@ -54,9 +54,10 @@ Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); logger.debug("request authenticated=" + authUser); - Annotation annot = getAnnotationStore().getAnnotationById(id); + AnnotationStore store = getAnnotationStore(); + Annotation annot = store.getAnnotationById(id); if (annot != null) { - if (! annot.isActionAllowed("read", authUser, null)) { + if (! annot.isActionAllowed("read", authUser, store)) { setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); return null; } @@ -159,7 +160,7 @@ setStatus(Status.CLIENT_ERROR_NOT_FOUND); return null; } - if (! storedAnnot.isActionAllowed("update", authUser, null)) { + if (! storedAnnot.isActionAllowed("update", authUser, store)) { setStatus(Status.CLIENT_ERROR_FORBIDDEN); return null; } @@ -206,16 +207,17 @@ // do authentication Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); logger.debug("request authenticated=" + authUser); - Annotation annot = getAnnotationStore().getAnnotationById(id); + AnnotationStore store = getAnnotationStore(); + Annotation annot = store.getAnnotationById(id); if (annot != null) { - if (! annot.isActionAllowed("delete", authUser, null)) { + if (! annot.isActionAllowed("delete", authUser, store)) { setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); return null; } } // delete annotation - getAnnotationStore().deleteById(id); + store.deleteById(id); setStatus(Status.SUCCESS_NO_CONTENT); return null; }