Changeset 935
- Timestamp:
- Oct 11, 2010, 12:48:31 PM (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/grails-app/controllers/RestController.groovy
r934 r935 18 18 import dbnp.studycapturing.Study 19 19 import dbnp.studycapturing.Assay 20 import dbnp.user.User 20 21 import grails.converters.* 21 22 import nl.metabolomicscentre.dsp.http.BasicAuthentication … … 33 34 def beforeInterceptor = [action:this.&auth,except:["isUser"]] 34 35 def credentials 35 def requestUser 36 def requestUser = User.findByName( "user" ) 36 37 37 38 /** … … 44 45 45 46 credentials = BasicAuthentication.credentialsFromRequest(request) 46 requestUser = authService.authUser(credentials.u,credentials.p) 47 //requestUser = authService.authUser(credentials.u,credentials.p) 48 // we circumvene the user 47 49 if(!requestUser) { 48 50 response.sendError(403) … … 130 132 def study = Study.find( "from Study as s where s.code=?", [id] ) 131 133 if(study && study.owner == requestUser) study.assays.each{ assay -> 132 //if (assay.module.url.equals(params.moduleURL)) {134 if (assay.module.url.equals(params.moduleURL)) { 133 135 def map = ['name':assay.name, 'assayToken':assay.getToken()] 134 136 assays.push( map ) 135 //}137 } 136 138 } 137 139 } … … 275 277 } 276 278 277 279 /** 278 280 * REST resource for dbNP modules. 279 281 * … … 283 285 * 284 286 * Example REST call (without authentication): 285 *http://localhost:8080/gscf/rest/getStudy/study?studyToken=PPSH286 287 * http://localhost:8080/gscf/rest/getStudy/study?studyToken=PPSH 288 * 287 289 * Returns the JSON object: 288 290 * {"title":"NuGO PPS human study","studyToken":"PPSH","startDate":"2008-01-13T23:00:00Z", … … 299 301 render items as JSON*/ 300 302 } 303 304 305 306 307 308 /** 309 * REST resource for dbNP modules. 310 * 311 * @param studyToken String, the external identifier of the study 312 * 313 * Dummy for testing only. (Warning: to be replaced as soon as the authorization is implemented!) 314 * @param Hash with exactly the values that will be returned 315 * 316 * @return Hash with keys 'isReader', 'isEditor', 'isOwner' } 317 */ 318 319 def getAuthorizationLevel = { 320 321 isReader = false 322 isEditor = false 323 isOwner = false 324 325 // Warning: this case is only for testing! 326 // The code below should be used until the 327 // authorization works. 328 if( params.isOwner || params.isEditor || params.Owner ) { 329 return render ['isReader':params.isOwner, 330 'isEditor':params.isEditor, 'isOwner':params.isOwner] as JSON 331 } 332 333 334 // in future the users authorization level will be based on authorization model 335 /* 336 if( params.studyToken ) { 337 def id = params.studyToken 338 def study = Study.find( "from Study as s where s.code=?", [id]) 339 if(study) study.subjects.each { subjects.push it.name } 340 } 341 342 def user 343 if( params.user ) { 344 def id = params.user 345 user = users.find( "from User as u where u.code=?", [id]) 346 } 347 348 if( study.readers.contains(user) ) isReader = true 349 if( study.editors.contains(user) ) isEditor = true 350 if( study.owner.contains(user) ) isOwner = true 351 352 */ 353 354 render ['isReader':isOwner, 'isEditor':isEditor, 'isOwner':isOwner] as JSON 355 } 356 357 301 358 }
Note: See TracChangeset
for help on using the changeset viewer.
