Changeset 940

Timestamp:

Oct 12, 2010, 4:17:39 PM (10 years ago)

Author:

t.w.abma@…

Message:

• REST-controller should return correct authorization level back

Location:

trunk

Files:

• application.properties (modified) (1 diff)
• grails-app/controllers/RestController.groovy (modified) (4 diffs)

trunk/application.properties

@@ -5 +5 @@
 app.servlet.version=2.4
 app.version=0.5.0
-plugins.aaaa=0.3.5
+#plugins.aaaa=0.3.5
 plugins.crypto=2.0
 plugins.db-util=0.4

trunk/grails-app/controllers/RestController.groovy

@@ -25 +25 @@
 class RestController {
 
-
-
        /**************************************************/
       /** Rest resources for Simple Assay Module (SAM) **/
      /**************************************************/
 
-        def authService
+        def AuthenticationService        
         def beforeInterceptor = [action:this.&auth,except:["isUser"]]
         def credentials
-        def requestUser = SecUser.findByName( "user" )
+        def requestUser // = SecUser.findByName( "user" )
 
         /**
          * Authorization closure, which is run before executing any of the REST resource actions
          * It fetches a username/password combination from basic HTTP authentication and checks whether
-         * that is an active (nimble) account
+         * that is an active (SecuritySpring) account
          * @return
          */
         private def auth() {
 
-            credentials = BasicAuthentication.credentialsFromRequest(request)
-                //requestUser = authService.authUser(credentials.u,credentials.p)
-                // we circumvene the user
+            credentials = BasicAuthentication.credentialsFromRequest(request)           
+                requestUser = AuthenticationService.authenticateUser(credentials.u, credentials.p)
+                
+                // we circumvene the user
                 if(!requestUser) {
                     response.sendError(403)
@@ -66 +65 @@
                 boolean isUser
                 credentials = BasicAuthentication.credentialsFromRequest(request)
-                //def reqUser = authService.authUser(credentials.u,credentials.p)
-                if (reqUser) {
+                def reqUser = AuthenticationService.authenticateUser(credentials.u, credentials.p)
+
+                if (reqUser) {
                         isUser = true
                 }
@@ -277 +277 @@
         }
 
-   /**
-        * REST resource for dbNP modules.
-        *
-        * @param studyToken String, the external identifier of the study
-        * @return List of all fields of this study
-        * @return
-        *
-        * Example REST call (without authentication):
-    *   http://localhost:8080/gscf/rest/getStudy/study?studyToken=PPSH
-    *
-        * Returns the JSON object:
-        * {"title":"NuGO PPS human study","studyToken":"PPSH","startDate":"2008-01-13T23:00:00Z",
-        * "Description":"Human study performed at RRI; centres involved: RRI, IFR, TUM, Maastricht U.",
-        * "Objectives":null,"Consortium":null,"Cohort name":null,"Lab id":null,"Institute":null,
-        * "Study protocol":null}
-        */
         def getAuthorizationLevel = {
-                def items = [:]
-                /*if( params.studyToken ) {
-                        def study = Study.find( "from Study as s where code=?",[params.studyToken])
-                        
-                }
-        render items as JSON*/
-        }
-
-
-
-
-
-   /**
-        * REST resource for dbNP modules.
-        *
-        * @param studyToken String, the external identifier of the study
-        *
-        * Dummy for testing only. (Warning: to be replaced as soon as the authorization is implemented!)
-        * @param Hash with exactly the values that will be returned 
-        *
-        * @return Hash with keys 'isReader', 'isEditor', 'isOwner' }
-        */
-
-        /*def getAuthorizationLevel = {
-
-                isReader = false 
-                isEditor = false 
-                isOwner  = false 
-
                 // Warning: this case is only for testing! 
                 // The code below should be used until the
                 // authorization works. 
-                if( params.isOwner || params.isEditor || params.Owner ) { 
+                /*if( params.isOwner || params.isEditor || params.Owner ) {
                         return render ['isReader':params.isOwner, 
                                 'isEditor':params.isEditor, 'isOwner':params.isOwner] as JSON
-                }
-
-
-                // in future the users authorization level will be based on authorization model
-                /*
+                }*/
+
+                // in future the users authorization level will be based on authorization model         
                 if( params.studyToken ) {
                         def id = params.studyToken
@@ -340 +293 @@
                 }
 
-                def user
+                /*def user
                 if( params.user ) {
                         def id = params.user
                         user = users.find( "from User as u where u.code=?", [id])
-                }
-
-                if( study.readers.contains(user) ) isReader = true
-                if( study.editors.contains(user) ) isEditor = true
-                if( study.owner.contains(user) )   isOwner  = true
-
-                
-
-                render ['isReader':isOwner, 'isEditor':isEditor, 'isOwner':isOwner] as JSON
-    }*/
-
-
+                }*/
+
+                def perm = study.getPermissions(requestUser)
+                
+                render ('isOwner': study.isOwner(requestUser),
+                        'create': perm.create, 'read':perm.read,
+                        'update': perm.update, 'delete':perm.delete
+                        ) as JSON
+    }
 }