Changeset 1884 for trunk


Ignore:
Timestamp:
May 26, 2011, 3:19:06 PM (8 years ago)
Author:
robert@…
Message:

Implemented getAuthorizationLevel rest method for assays

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/grails-app/controllers/RestController.groovy

    r1821 r1884  
    548548
    549549        /**
    550          * Returns the authorization level the user has for a given study.
    551          *
    552          * If no studyToken is given, a 400 (Bad Request) error is given.
    553          * If the given study doesn't exist, a 404 (Not found) error is given.
    554          *
    555          * @param       consumer        consumer name of the calling module
    556          * @param       token           token for the authenticated user (e.g. session_id)
     550         * Returns the authorization level the user has for a given study or assay.
     551         *
     552         * If no studyToken or assayToken is given, a 400 (Bad Request) error is given.
     553         * If both a studyToken and assayToken are given, the studyToken is used and the assayToken is ignored.
     554         * If the given assay or study doesn't exist, a 404 (Not found) error is given.
     555         *
     556         * @param       consumer        consumer name of the calling module
     557         * @param       token           token for the authenticated user (e.g. session_id)
     558         * @param       studyToken      token of the study for which the authorization is asked
     559         * @param       assayToken      token of the study for which the authorization is asked
    557560         * @return      JSON Object
    558561         * @return  { isOwner: true/false, 'canRead': true/false, 'canWrite': true/false }
    559562         */
    560563        def getAuthorizationLevel = {
     564                def study
     565               
    561566                if( params.studyToken ) {
    562                         def study = Study.findByStudyUUID(params.studyToken)
    563 
    564                         if( !study ) {
    565                                 response.sendError(404)
    566                                 return false
    567                         }
    568 
    569                         def user = authenticationService.getRemotelyLoggedInUser( params.consumer, params.token );
    570                         def auth = ['isOwner': study.isOwner(user), 'canRead': study.canRead(user), 'canWrite': study.canWrite(user)];
    571                         log.trace "Authorization for study " + study.title + " and user " + user.username + ": " + auth
    572 
    573                         // set output header to json
    574                         response.contentType = 'application/json'
    575 
    576                         render auth as JSON;
     567                        study = Study.findByStudyUUID(params.studyToken);
     568                } else if( params.assayToken ) {
     569                        study = Assay.findByAssayUUID(params.assayToken)?.parent;
    577570                } else {
    578571                        response.sendError(400)
    579572                        return false
    580573                }
     574
     575                if( !study ) {
     576                        response.sendError(404)
     577                        return false
     578                }
     579
     580                def user = authenticationService.getRemotelyLoggedInUser( params.consumer, params.token );
     581                def auth = ['isOwner': study.isOwner(user), 'canRead': study.canRead(user), 'canWrite': study.canWrite(user)];
     582                log.trace "Authorization for study " + study.title + " and user " + user.username + ": " + auth
     583
     584                // set output header to json
     585                response.contentType = 'application/json'
     586
     587                render auth as JSON;
    581588        }
    582589}
Note: See TracChangeset for help on using the changeset viewer.