Changeset 2211 for trunk/grails-app/services
- Timestamp:
- Apr 5, 2012, 6:23:14 PM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/grails-app/services/api/ApiService.groovy
r2210 r2211 20 20 import grails.converters.JSON 21 21 import org.dbnp.gdt.TemplateEntity 22 23 class ApiService implements Serializable { 22 import org.springframework.context.ApplicationContextAware 23 import org.codehaus.groovy.grails.plugins.web.taglib.ApplicationTagLib 24 import org.springframework.context.ApplicationContext 25 26 class ApiService implements Serializable, ApplicationContextAware { 24 27 // inject the module communication service 25 28 def moduleCommunicationService … … 52 55 ] 53 56 57 private ApplicationTagLib g 58 59 void setApplicationContext(ApplicationContext applicationContext) { 60 g = applicationContext.getBean(ApplicationTagLib) 61 62 // now you have a reference to g that you can call render() on 63 } 64 54 65 /** 55 66 * validate a client request by checking the validation checksum … … 145 156 146 157 /** 158 * wrapper for performing api calls 159 * 160 * validates if the user may call this api 161 * 162 * @param params 163 * @param response 164 * @param itemName 165 * @param item 166 * @param block 167 */ 168 def executeApiCall(params,response,itemName,item,block) { 169 // get variables from parameters 170 String deviceID = (params.containsKey('deviceID')) ? params.deviceID : '' 171 String validation = (params.containsKey('validation')) ? params.validation : '' 172 173 // fetch user based on deviceID 174 def user = Token.findByDeviceID(deviceID)?.user 175 176 // check if api call may be performed 177 if (!validateRequest(deviceID,validation)) { 178 // validation md5sum does not match predicted hash 179 response.sendError(401, "Unauthorized") 180 } else if (!item) { 181 // no results 182 response.sendError(400, "No such ${itemName}") 183 } else if (item.respondsTo('canRead') && !item.canRead(user)) { 184 // the user cannot read this data 185 response.sendError(401, "Unauthorized") 186 } else if (item.hasProperty('parent') && item.parent.respondsTo('canRead') && !item.parent.canRead(user)) { 187 // the user cannot read this data 188 response.sendError(401, "Unauthorized") 189 } else { 190 // allowed api call, execute block / closure 191 block() 192 } 193 } 194 195 /** 147 196 * get the measurement tokens from the remote module 148 197 *
Note: See TracChangeset
for help on using the changeset viewer.