Changeset 15:58357a4b86de in AnnotationManagerN4J for src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java
Legend:
- Unmodified
- Added
- Removed
-
src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java
r14 r15 7 7 import java.io.IOException; 8 8 9 import org.json.JSONArray;10 9 import org.json.JSONException; 11 10 import org.json.JSONObject; … … 19 18 20 19 import de.mpiwg.itgroup.annotations.Annotation; 20 import de.mpiwg.itgroup.annotations.Person; 21 21 import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore; 22 22 … … 52 52 53 53 // do authentication 54 String authUser = this.checkAuthToken(entity);54 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); 55 55 logger.debug("request authenticated=" + authUser); 56 56 57 57 Annotation annot = getAnnotationStore().getAnnotationById(id); 58 58 if (annot != null) { 59 if (! annot.isActionAllowed("read", authUser )) {59 if (! annot.isActionAllowed("read", authUser, null)) { 60 60 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); 61 61 return null; … … 84 84 85 85 // do authentication TODO: who's allowed to create? 86 String authUser = this.checkAuthToken(entity);86 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); 87 87 logger.debug("request authenticated=" + authUser); 88 88 if (authUser == null) { … … 142 142 143 143 // do authentication 144 String authUser = this.checkAuthToken(entity);144 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); 145 145 logger.debug("request authenticated=" + authUser); 146 146 … … 160 160 return null; 161 161 } 162 if (! storedAnnot.isActionAllowed("update", authUser )) {162 if (! storedAnnot.isActionAllowed("update", authUser, null)) { 163 163 setStatus(Status.CLIENT_ERROR_FORBIDDEN); 164 164 return null; … … 205 205 206 206 // do authentication 207 String authUser = this.checkAuthToken(entity);207 Person authUser = Person.createPersonWithId(this.checkAuthToken(entity)); 208 208 logger.debug("request authenticated=" + authUser); 209 209 Annotation annot = getAnnotationStore().getAnnotationById(id); 210 210 if (annot != null) { 211 if (! annot.isActionAllowed("delete", authUser )) {211 if (! annot.isActionAllowed("delete", authUser, null)) { 212 212 setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Not Authorized!"); 213 213 return null;
Note: See TracChangeset
for help on using the changeset viewer.