Changeset 940

Show
Ignore:
Timestamp:
12-10-10 16:17:39 (4 years ago)
Author:
t.w.abma@…
Message:

- REST-controller should return correct authorization level back

Location:
trunk
Files:
2 modified

Legend:

Unmodified
Added
Removed
  • trunk/application.properties

    r938 r940  
    55app.servlet.version=2.4 
    66app.version=0.5.0 
    7 plugins.aaaa=0.3.5 
     7#plugins.aaaa=0.3.5 
    88plugins.crypto=2.0 
    99plugins.db-util=0.4 
  • trunk/grails-app/controllers/RestController.groovy

    r936 r940  
    2525class RestController { 
    2626 
    27  
    28  
    2927       /**************************************************/ 
    3028      /** Rest resources for Simple Assay Module (SAM) **/ 
    3129     /**************************************************/ 
    3230 
    33         def authService 
     31        def AuthenticationService         
    3432        def beforeInterceptor = [action:this.&auth,except:["isUser"]] 
    3533        def credentials 
    36         def requestUser = SecUser.findByName( "user" ) 
     34        def requestUser // = SecUser.findByName( "user" ) 
    3735 
    3836        /** 
    3937         * Authorization closure, which is run before executing any of the REST resource actions 
    4038         * It fetches a username/password combination from basic HTTP authentication and checks whether 
    41          * that is an active (nimble) account 
     39         * that is an active (SecuritySpring) account 
    4240         * @return 
    4341         */ 
    4442        private def auth() { 
    4543 
    46             credentials = BasicAuthentication.credentialsFromRequest(request) 
    47                 //requestUser = authService.authUser(credentials.u,credentials.p) 
    48                 // we circumvene the user 
     44            credentials = BasicAuthentication.credentialsFromRequest(request)            
     45                requestUser = AuthenticationService.authenticateUser(credentials.u, credentials.p) 
     46                 
     47                // we circumvene the user 
    4948                if(!requestUser) { 
    5049                    response.sendError(403) 
     
    6665                boolean isUser 
    6766                credentials = BasicAuthentication.credentialsFromRequest(request) 
    68                 //def reqUser = authService.authUser(credentials.u,credentials.p) 
    69                 if (reqUser) { 
     67                def reqUser = AuthenticationService.authenticateUser(credentials.u, credentials.p) 
     68 
     69                if (reqUser) { 
    7070                        isUser = true 
    7171                } 
     
    277277        } 
    278278 
    279    /** 
    280         * REST resource for dbNP modules. 
    281         * 
    282         * @param studyToken String, the external identifier of the study 
    283         * @return List of all fields of this study 
    284         * @return 
    285         * 
    286         * Example REST call (without authentication): 
    287     *   http://localhost:8080/gscf/rest/getStudy/study?studyToken=PPSH 
    288     * 
    289         * Returns the JSON object: 
    290         * {"title":"NuGO PPS human study","studyToken":"PPSH","startDate":"2008-01-13T23:00:00Z", 
    291         * "Description":"Human study performed at RRI; centres involved: RRI, IFR, TUM, Maastricht U.", 
    292         * "Objectives":null,"Consortium":null,"Cohort name":null,"Lab id":null,"Institute":null, 
    293         * "Study protocol":null} 
    294         */ 
    295279        def getAuthorizationLevel = { 
    296                 def items = [:] 
    297                 /*if( params.studyToken ) { 
    298                         def study = Study.find( "from Study as s where code=?",[params.studyToken]) 
    299                          
    300                 } 
    301         render items as JSON*/ 
    302         } 
    303  
    304  
    305  
    306  
    307  
    308    /** 
    309         * REST resource for dbNP modules. 
    310         * 
    311         * @param studyToken String, the external identifier of the study 
    312         * 
    313         * Dummy for testing only. (Warning: to be replaced as soon as the authorization is implemented!) 
    314         * @param Hash with exactly the values that will be returned  
    315         * 
    316         * @return Hash with keys 'isReader', 'isEditor', 'isOwner' } 
    317         */ 
    318  
    319         /*def getAuthorizationLevel = { 
    320  
    321                 isReader = false  
    322                 isEditor = false  
    323                 isOwner  = false  
    324  
    325280                // Warning: this case is only for testing!  
    326281                // The code below should be used until the 
    327282                // authorization works.  
    328                 if( params.isOwner || params.isEditor || params.Owner ) {  
     283                /*if( params.isOwner || params.isEditor || params.Owner ) { 
    329284                        return render ['isReader':params.isOwner,  
    330285                                'isEditor':params.isEditor, 'isOwner':params.isOwner] as JSON 
    331                 } 
    332  
    333  
    334                 // in future the users authorization level will be based on authorization model 
    335                 /* 
     286                }*/ 
     287 
     288                // in future the users authorization level will be based on authorization model          
    336289                if( params.studyToken ) { 
    337290                        def id = params.studyToken 
     
    340293                } 
    341294 
    342                 def user 
     295                /*def user 
    343296                if( params.user ) { 
    344297                        def id = params.user 
    345298                        user = users.find( "from User as u where u.code=?", [id]) 
    346                 } 
    347  
    348                 if( study.readers.contains(user) ) isReader = true 
    349                 if( study.editors.contains(user) ) isEditor = true 
    350                 if( study.owner.contains(user) )   isOwner  = true 
    351  
    352                  
    353  
    354                 render ['isReader':isOwner, 'isEditor':isEditor, 'isOwner':isOwner] as JSON 
    355     }*/ 
    356  
    357  
     299                }*/ 
     300 
     301                def perm = study.getPermissions(requestUser) 
     302                 
     303                render ('isOwner': study.isOwner(requestUser), 
     304                        'create': perm.create, 'read':perm.read, 
     305                        'update': perm.update, 'delete':perm.delete 
     306                        ) as JSON 
     307    } 
    358308}