Changeset 940


Ignore:
Timestamp:
Oct 12, 2010, 4:17:39 PM (6 years ago)
Author:
t.w.abma@…
Message:
  • REST-controller should return correct authorization level back
Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/application.properties

    r938 r940  
    55app.servlet.version=2.4
    66app.version=0.5.0
    7 plugins.aaaa=0.3.5
     7#plugins.aaaa=0.3.5
    88plugins.crypto=2.0
    99plugins.db-util=0.4
  • trunk/grails-app/controllers/RestController.groovy

    r936 r940  
    2525class RestController {
    2626
    27 
    28 
    2927       /**************************************************/
    3028      /** Rest resources for Simple Assay Module (SAM) **/
    3129     /**************************************************/
    3230
    33         def authService
     31        def AuthenticationService       
    3432        def beforeInterceptor = [action:this.&auth,except:["isUser"]]
    3533        def credentials
    36         def requestUser = SecUser.findByName( "user" )
     34        def requestUser // = SecUser.findByName( "user" )
    3735
    3836        /**
    3937         * Authorization closure, which is run before executing any of the REST resource actions
    4038         * It fetches a username/password combination from basic HTTP authentication and checks whether
    41          * that is an active (nimble) account
     39         * that is an active (SecuritySpring) account
    4240         * @return
    4341         */
    4442        private def auth() {
    4543
    46             credentials = BasicAuthentication.credentialsFromRequest(request)
    47                 //requestUser = authService.authUser(credentials.u,credentials.p)
    48                 // we circumvene the user
     44            credentials = BasicAuthentication.credentialsFromRequest(request)           
     45                requestUser = AuthenticationService.authenticateUser(credentials.u, credentials.p)
     46               
     47                // we circumvene the user
    4948                if(!requestUser) {
    5049                    response.sendError(403)
     
    6665                boolean isUser
    6766                credentials = BasicAuthentication.credentialsFromRequest(request)
    68                 //def reqUser = authService.authUser(credentials.u,credentials.p)
    69                 if (reqUser) {
     67                def reqUser = AuthenticationService.authenticateUser(credentials.u, credentials.p)
     68
     69                if (reqUser) {
    7070                        isUser = true
    7171                }
     
    277277        }
    278278
    279    /**
    280         * REST resource for dbNP modules.
    281         *
    282         * @param studyToken String, the external identifier of the study
    283         * @return List of all fields of this study
    284         * @return
    285         *
    286         * Example REST call (without authentication):
    287     *   http://localhost:8080/gscf/rest/getStudy/study?studyToken=PPSH
    288     *
    289         * Returns the JSON object:
    290         * {"title":"NuGO PPS human study","studyToken":"PPSH","startDate":"2008-01-13T23:00:00Z",
    291         * "Description":"Human study performed at RRI; centres involved: RRI, IFR, TUM, Maastricht U.",
    292         * "Objectives":null,"Consortium":null,"Cohort name":null,"Lab id":null,"Institute":null,
    293         * "Study protocol":null}
    294         */
    295279        def getAuthorizationLevel = {
    296                 def items = [:]
    297                 /*if( params.studyToken ) {
    298                         def study = Study.find( "from Study as s where code=?",[params.studyToken])
    299                        
    300                 }
    301         render items as JSON*/
    302         }
    303 
    304 
    305 
    306 
    307 
    308    /**
    309         * REST resource for dbNP modules.
    310         *
    311         * @param studyToken String, the external identifier of the study
    312         *
    313         * Dummy for testing only. (Warning: to be replaced as soon as the authorization is implemented!)
    314         * @param Hash with exactly the values that will be returned
    315         *
    316         * @return Hash with keys 'isReader', 'isEditor', 'isOwner' }
    317         */
    318 
    319         /*def getAuthorizationLevel = {
    320 
    321                 isReader = false
    322                 isEditor = false
    323                 isOwner  = false
    324 
    325280                // Warning: this case is only for testing!
    326281                // The code below should be used until the
    327282                // authorization works.
    328                 if( params.isOwner || params.isEditor || params.Owner ) {
     283                /*if( params.isOwner || params.isEditor || params.Owner ) {
    329284                        return render ['isReader':params.isOwner,
    330285                                'isEditor':params.isEditor, 'isOwner':params.isOwner] as JSON
    331                 }
    332 
    333 
    334                 // in future the users authorization level will be based on authorization model
    335                 /*
     286                }*/
     287
     288                // in future the users authorization level will be based on authorization model         
    336289                if( params.studyToken ) {
    337290                        def id = params.studyToken
     
    340293                }
    341294
    342                 def user
     295                /*def user
    343296                if( params.user ) {
    344297                        def id = params.user
    345298                        user = users.find( "from User as u where u.code=?", [id])
    346                 }
    347 
    348                 if( study.readers.contains(user) ) isReader = true
    349                 if( study.editors.contains(user) ) isEditor = true
    350                 if( study.owner.contains(user) )   isOwner  = true
    351 
    352                
    353 
    354                 render ['isReader':isOwner, 'isEditor':isEditor, 'isOwner':isOwner] as JSON
    355     }*/
    356 
    357 
     299                }*/
     300
     301                def perm = study.getPermissions(requestUser)
     302               
     303                render ('isOwner': study.isOwner(requestUser),
     304                        'create': perm.create, 'read':perm.read,
     305                        'update': perm.update, 'delete':perm.delete
     306                        ) as JSON
     307    }
    358308}
Note: See TracChangeset for help on using the changeset viewer.