changeset 20:715aa11d138b

fixes in permission handling: admin and delete default to creator.
author casties
date Fri, 07 Sep 2012 18:09:49 +0200
parents f0f55ab768c9
children 1ac626309352
files src/main/java/de/mpiwg/itgroup/annotations/Annotation.java src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java
diffstat 2 files changed, 26 insertions(+), 15 deletions(-) [+]
line wrap: on
line diff
--- a/src/main/java/de/mpiwg/itgroup/annotations/Annotation.java	Thu Sep 06 19:02:59 2012 +0200
+++ b/src/main/java/de/mpiwg/itgroup/annotations/Annotation.java	Fri Sep 07 18:09:49 2012 +0200
@@ -3,7 +3,6 @@
  */
 package de.mpiwg.itgroup.annotations;
 
-import java.util.List;
 import java.util.Set;
 
 import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore;
@@ -91,7 +90,7 @@
     protected Set<String> tags;
     
     /**
-     * Returns if the requested action is allowed on this annotation.
+     * Returns if the requested action is allowed for the given user on this annotation.
      * 
      * @param action
      * @param user
@@ -102,6 +101,7 @@
         if (action.equals("read")) {
             Actor reader = getReadPermission();
             if (reader == null) {
+                // if not specified then everybody is allowed
                 return true;
             } else {
                 return reader.isEquivalentWith(user, store);
@@ -111,6 +111,7 @@
             if (user == null) return false;
             Actor updater = getUpdatePermission();
             if (updater == null) {
+                // if not specified then everybody is allowed
                 return true;
             } else {
                 return updater.isEquivalentWith(user, store);
@@ -118,21 +119,21 @@
         } else if (action.equals("delete")) {
             // require at least an authenticated user
             if (user == null) return false;
-            Actor updater = getUpdatePermission();
-            if (updater == null) {
-                return true;
-            } else {
-                return updater.isEquivalentWith(user, store);
+            Actor deleter = getDeletePermission();
+            if (deleter == null) {
+                // if not specified then only creator is allowed
+                deleter = creator;
             }
+            return deleter.isEquivalentWith(user, store);
         } else if (action.equals("admin")) {
             // require at least an authenticated user
             if (user == null) return false;
             Actor admin = getAdminPermission();
             if (admin == null) {
-                return true;
-            } else {
-                return admin.isEquivalentWith(user, store);
+                // if not specified then only creator is allowed
+                admin = creator;
             }
+            return admin.isEquivalentWith(user, store);
         }
         return false;
     }
@@ -273,7 +274,12 @@
      * @return the adminPermission
      */
     public Actor getAdminPermission() {
-        return adminPermission;
+        if (adminPermission != null) {
+            return adminPermission;
+        } else {
+            // if not specified then only creator is allowed
+            return this.creator;
+        }
     }
 
     /**
@@ -287,7 +293,12 @@
      * @return the deletePermission
      */
     public Actor getDeletePermission() {
-        return deletePermission;
+        if (deletePermission != null) {
+            return deletePermission;
+        } else {
+            // if not specified then only creator is allowed
+            return this.creator;
+        }
     }
 
     /**
--- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java	Thu Sep 06 19:02:59 2012 +0200
+++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java	Fri Sep 07 18:09:49 2012 +0200
@@ -73,7 +73,7 @@
     }
 
     /**
-     * POST with JSON content-type.
+     * POST with JSON content-type. Creates a new Annotation.
      * 
      * @return
      */
@@ -127,7 +127,7 @@
     }
 
     /**
-     * PUT with JSON content-type.
+     * PUT with JSON content-type. Modifies an Annotation.
      * 
      * @param entity
      * @return
@@ -190,7 +190,7 @@
     }
 
     /**
-     * DELETE with JSON content-type.
+     * DELETE with JSON content-type. Deletes an Annotation.
      * 
      * @param entity
      * @return