Mercurial > lada > lada-server
changeset 889:c160d6c895d2
Check messung status to authorize GET requests on Messung objects.
| author | Raimund Renkert <raimund.renkert@intevation.de> |
|---|---|
| date | Thu, 18 Feb 2016 11:50:20 +0100 |
| parents | 27febad6fb84 |
| children | dec1e63a2ffe |
| files | src/main/java/de/intevation/lada/util/auth/MessungAuthorizer.java |
| diffstat | 1 files changed, 6 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/main/java/de/intevation/lada/util/auth/MessungAuthorizer.java Mon Feb 15 16:05:52 2016 +0100 +++ b/src/main/java/de/intevation/lada/util/auth/MessungAuthorizer.java Thu Feb 18 11:50:20 2016 +0100 @@ -32,11 +32,15 @@ repository.getById(LProbe.class, messung.getProbeId(), "land"); LProbe probe = (LProbe)response.getData(); if (method == RequestMethod.PUT || - method == RequestMethod.DELETE) { + method == RequestMethod.DELETE) { return !this.isMessungReadOnly(messung.getId()) && getAuthorization(userInfo, probe); } - return getAuthorization(userInfo, probe); + LStatusProtokoll status = repository.getByIdPlain( + LStatusProtokoll.class, + messung.getStatus(), + "land"); + return status.getStatusWert() > 0 || getAuthorization(userInfo, probe); } @SuppressWarnings("unchecked")