Changeset 831

Timestamp:

Aug 23, 2010, 4:21:16 PM (12 years ago)

Author:

keesvb

Message:

first implementation of user-based REST services, only checks whether a user is owner of a study and returns the studies and assays only for his/her owned studies. The other methods are not secured yet, but ought to go via study or assay.

Location:

trunk

Files:

• grails-app/controllers/RestController.groovy (modified) (4 diffs)
• grails-app/services/dbnp/user (added)
• grails-app/services/dbnp/user/AuthService.groovy (added)
• src/groovy/nl/metabolomicscentre/dsp/http/BasicAuthentication.groovy (added)
• test/unit/dbnp/user/AuthServiceTests.groovy (added)

trunk/grails-app/controllers/RestController.groovy

@@ -16 +16 @@
  */
 
-import data.*
 import dbnp.studycapturing.Study
 import dbnp.studycapturing.Assay
 import grails.converters.*
-import org.codehaus.groovy.grails.web.json.*
-
+import nl.metabolomicscentre.dsp.http.BasicAuthentication
 
 
@@ -32 +30 @@
      /**************************************************/
 
+        def authService
         def beforeInterceptor = [action:this.&auth]
         def credentials
+        def requestUser
 // defined as a regular method so its private
 
+        /**
+         * Authorization closure, which is run before executing any of the REST resource actions
+         * It fetches a username/password combination from basic HTTP authentication and checks whether
+         * that is an active (nimble) account
+         * @return
+         */
         def auth() {
-            credentials = nl.metabolomicscentre.dsp.http.BasicAuthentication.credentialsFromRequest(request)
-                if(false) {
+            credentials = BasicAuthentication.credentialsFromRequest(request)
+                requestUser = authService.authUser(credentials.u,credentials.p)
+                if(!requestUser) {
                     response.sendError(403)
                 return false
             }
+                else {
+                        return true
+                }
         }
 
@@ -55 +65 @@
         def getStudies = {
                 List studies = [] 
-                Study.list().each { study ->
+                Study.findAllByOwner(requestUser).each { study ->
                         studies.push( [ 'externalStudyID': study.code, 'name':study.title ] )
                 }
@@ -93 +103 @@
                 List assays = [] 
                 if( params.externalStudyID ) {
-                        println params.moduleURL
-                        def study = Study.find( "from Study as s where s.code=?", [params.externalStudyID])
+                        def study = Study.find( "from Study as s where s.owner=? and s.code=?", [requestUser.getId(), params.externalStudyID])
                         if(study) study.assays.each{ assay ->
-                                println assay.module.url
                                 if (assay.module.url.equals(params.moduleURL)) {
                                 def map = ['name':assay.name, 'externalAssayID':assay.externalAssayID]