# HG changeset patch # User casties # Date 1347034189 -7200 # Node ID 715aa11d138bba00c0ef983d4c001a9920071180 # Parent f0f55ab768c9bbeed744618136890efaf30408f5 fixes in permission handling: admin and delete default to creator. diff -r f0f55ab768c9 -r 715aa11d138b src/main/java/de/mpiwg/itgroup/annotations/Annotation.java --- a/src/main/java/de/mpiwg/itgroup/annotations/Annotation.java Thu Sep 06 19:02:59 2012 +0200 +++ b/src/main/java/de/mpiwg/itgroup/annotations/Annotation.java Fri Sep 07 18:09:49 2012 +0200 @@ -3,7 +3,6 @@ */ package de.mpiwg.itgroup.annotations; -import java.util.List; import java.util.Set; import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore; @@ -91,7 +90,7 @@ protected Set tags; /** - * Returns if the requested action is allowed on this annotation. + * Returns if the requested action is allowed for the given user on this annotation. * * @param action * @param user @@ -102,6 +101,7 @@ if (action.equals("read")) { Actor reader = getReadPermission(); if (reader == null) { + // if not specified then everybody is allowed return true; } else { return reader.isEquivalentWith(user, store); @@ -111,6 +111,7 @@ if (user == null) return false; Actor updater = getUpdatePermission(); if (updater == null) { + // if not specified then everybody is allowed return true; } else { return updater.isEquivalentWith(user, store); @@ -118,21 +119,21 @@ } else if (action.equals("delete")) { // require at least an authenticated user if (user == null) return false; - Actor updater = getUpdatePermission(); - if (updater == null) { - return true; - } else { - return updater.isEquivalentWith(user, store); + Actor deleter = getDeletePermission(); + if (deleter == null) { + // if not specified then only creator is allowed + deleter = creator; } + return deleter.isEquivalentWith(user, store); } else if (action.equals("admin")) { // require at least an authenticated user if (user == null) return false; Actor admin = getAdminPermission(); if (admin == null) { - return true; - } else { - return admin.isEquivalentWith(user, store); + // if not specified then only creator is allowed + admin = creator; } + return admin.isEquivalentWith(user, store); } return false; } @@ -273,7 +274,12 @@ * @return the adminPermission */ public Actor getAdminPermission() { - return adminPermission; + if (adminPermission != null) { + return adminPermission; + } else { + // if not specified then only creator is allowed + return this.creator; + } } /** @@ -287,7 +293,12 @@ * @return the deletePermission */ public Actor getDeletePermission() { - return deletePermission; + if (deletePermission != null) { + return deletePermission; + } else { + // if not specified then only creator is allowed + return this.creator; + } } /** diff -r f0f55ab768c9 -r 715aa11d138b src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java --- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java Thu Sep 06 19:02:59 2012 +0200 +++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java Fri Sep 07 18:09:49 2012 +0200 @@ -73,7 +73,7 @@ } /** - * POST with JSON content-type. + * POST with JSON content-type. Creates a new Annotation. * * @return */ @@ -127,7 +127,7 @@ } /** - * PUT with JSON content-type. + * PUT with JSON content-type. Modifies an Annotation. * * @param entity * @return @@ -190,7 +190,7 @@ } /** - * DELETE with JSON content-type. + * DELETE with JSON content-type. Deletes an Annotation. * * @param entity * @return