Mercurial > hg > AnnotationManagerN4J
changeset 20:715aa11d138b
fixes in permission handling: admin and delete default to creator.
author | casties |
---|---|
date | Fri, 07 Sep 2012 18:09:49 +0200 |
parents | f0f55ab768c9 |
children | 1ac626309352 |
files | src/main/java/de/mpiwg/itgroup/annotations/Annotation.java src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java |
diffstat | 2 files changed, 26 insertions(+), 15 deletions(-) [+] |
line wrap: on
line diff
--- a/src/main/java/de/mpiwg/itgroup/annotations/Annotation.java Thu Sep 06 19:02:59 2012 +0200 +++ b/src/main/java/de/mpiwg/itgroup/annotations/Annotation.java Fri Sep 07 18:09:49 2012 +0200 @@ -3,7 +3,6 @@ */ package de.mpiwg.itgroup.annotations; -import java.util.List; import java.util.Set; import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore; @@ -91,7 +90,7 @@ protected Set<String> tags; /** - * Returns if the requested action is allowed on this annotation. + * Returns if the requested action is allowed for the given user on this annotation. * * @param action * @param user @@ -102,6 +101,7 @@ if (action.equals("read")) { Actor reader = getReadPermission(); if (reader == null) { + // if not specified then everybody is allowed return true; } else { return reader.isEquivalentWith(user, store); @@ -111,6 +111,7 @@ if (user == null) return false; Actor updater = getUpdatePermission(); if (updater == null) { + // if not specified then everybody is allowed return true; } else { return updater.isEquivalentWith(user, store); @@ -118,21 +119,21 @@ } else if (action.equals("delete")) { // require at least an authenticated user if (user == null) return false; - Actor updater = getUpdatePermission(); - if (updater == null) { - return true; - } else { - return updater.isEquivalentWith(user, store); + Actor deleter = getDeletePermission(); + if (deleter == null) { + // if not specified then only creator is allowed + deleter = creator; } + return deleter.isEquivalentWith(user, store); } else if (action.equals("admin")) { // require at least an authenticated user if (user == null) return false; Actor admin = getAdminPermission(); if (admin == null) { - return true; - } else { - return admin.isEquivalentWith(user, store); + // if not specified then only creator is allowed + admin = creator; } + return admin.isEquivalentWith(user, store); } return false; } @@ -273,7 +274,12 @@ * @return the adminPermission */ public Actor getAdminPermission() { - return adminPermission; + if (adminPermission != null) { + return adminPermission; + } else { + // if not specified then only creator is allowed + return this.creator; + } } /** @@ -287,7 +293,12 @@ * @return the deletePermission */ public Actor getDeletePermission() { - return deletePermission; + if (deletePermission != null) { + return deletePermission; + } else { + // if not specified then only creator is allowed + return this.creator; + } } /**
--- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java Thu Sep 06 19:02:59 2012 +0200 +++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java Fri Sep 07 18:09:49 2012 +0200 @@ -73,7 +73,7 @@ } /** - * POST with JSON content-type. + * POST with JSON content-type. Creates a new Annotation. * * @return */ @@ -127,7 +127,7 @@ } /** - * PUT with JSON content-type. + * PUT with JSON content-type. Modifies an Annotation. * * @param entity * @return @@ -190,7 +190,7 @@ } /** - * DELETE with JSON content-type. + * DELETE with JSON content-type. Deletes an Annotation. * * @param entity * @return