--- a/server/src/main/java/org/iri_research/renkan/coweb/event/AbstractSyncEventManager.java Thu Jan 16 01:29:02 2014 +0100
+++ b/server/src/main/java/org/iri_research/renkan/coweb/event/AbstractSyncEventManager.java Thu Jan 16 13:48:34 2014 +0100
@@ -109,6 +109,8 @@
}
protected abstract List<T> getObjectList(Project project);
+
+ protected abstract void checkUpdate(String clientId, Map<String, Object> data);
@Override
public void update(String clientId, Map<String, Object> data) {
@@ -116,6 +118,8 @@
this.logger.debug("AbstractSyncEventManager: update "
+ this.getClass().getName());
+ checkUpdate(clientId, data);
+
@SuppressWarnings("unchecked")
Map<String, Object> values = (Map<String, Object>) data.get("value");
String obj_id = (String) values.get("id");
@@ -162,10 +166,17 @@
@Override
public abstract void insert(String clientId, Map<String, Object> data);
+
+ protected abstract void checkDelete(String clientId, Map<String, Object> data);
+
@Override
public void delete(String clientId, Map<String, Object> data) {
+ this.logger.debug("AbstractSyncEventManager: delete "
+ + this.getClass().getName());
+ checkDelete(clientId, data);
+
@SuppressWarnings("unchecked")
Map<String, Object> values = (Map<String, Object>) data.get("value");
String project_id = (String) values.get("_project_id");
--- a/server/src/main/java/org/iri_research/renkan/coweb/event/EdgeSyncEventManager.java Thu Jan 16 01:29:02 2014 +0100
+++ b/server/src/main/java/org/iri_research/renkan/coweb/event/EdgeSyncEventManager.java Thu Jan 16 13:48:34 2014 +0100
@@ -127,4 +127,40 @@
return project.getEdges();
}
+ private boolean checkWrite(String clientId, Map<String, Object> data) {
+
+ @SuppressWarnings("unchecked")
+ Map<String, Object> values = (Map<String, Object>) data.get("value");
+ String project_id = (String) values.get("_project_id");
+
+ String edge_id = (String) values.get("id");
+
+ Edge edge = this.getEdgesRepository().findOne(edge_id);
+
+ if(edge==null) {
+ return true;
+ }
+ else if ( (project_id == edge.getProjectId()) || (project_id != null && project_id.equals(edge.getProjectId()))) {
+ return true;
+ }
+ else {
+ return false;
+ }
+ }
+
+ @Override
+ protected void checkUpdate(String clientId, Map<String, Object> data) {
+
+ if(!checkWrite(clientId, data)) {
+ throw new CowebException("Error when updating edge","Edge not in correct project");
+ }
+ }
+
+ @Override
+ protected void checkDelete(String clientId, Map<String, Object> data) {
+ if(!checkWrite(clientId, data)) {
+ throw new CowebException("Error when updating edge","Edge not in correct project");
+ }
+ }
+
}
--- a/server/src/main/java/org/iri_research/renkan/coweb/event/NodeSyncEventManager.java Thu Jan 16 01:29:02 2014 +0100
+++ b/server/src/main/java/org/iri_research/renkan/coweb/event/NodeSyncEventManager.java Thu Jan 16 13:48:34 2014 +0100
@@ -116,4 +116,41 @@
return project.getNodes();
}
+ private boolean checkWrite(String clientId, Map<String, Object> data) {
+
+ @SuppressWarnings("unchecked")
+ Map<String, Object> values = (Map<String, Object>) data.get("value");
+ String project_id = (String) values.get("_project_id");
+
+ String node_id = (String) values.get("id");
+
+ Node node = this.getNodesRepository().findOne(node_id);
+
+ if(node==null) {
+ return true;
+ }
+ else if ( (project_id == node.getProjectId()) || (project_id != null && project_id.equals(node.getProjectId()))) {
+ return true;
+ }
+ else {
+ return false;
+ }
+ }
+
+ @Override
+ protected void checkUpdate(String clientId, Map<String, Object> data) {
+
+ if(!checkWrite(clientId, data)) {
+ throw new CowebException("Error when updating node","Node not in correct project");
+ }
+ }
+
+ @Override
+ protected void checkDelete(String clientId, Map<String, Object> data) {
+ if(!checkWrite(clientId, data)) {
+ throw new CowebException("Error when updating node","Node not in correct project");
+ }
+ }
+
+
}
--- a/server/src/main/java/org/iri_research/renkan/coweb/event/ProjectSyncEventManager.java Thu Jan 16 01:29:02 2014 +0100
+++ b/server/src/main/java/org/iri_research/renkan/coweb/event/ProjectSyncEventManager.java Thu Jan 16 13:48:34 2014 +0100
@@ -74,4 +74,14 @@
throw new UnsupportedOperationException("Get object list called error");
}
+ @Override
+ protected void checkUpdate(String clientId, Map<String, Object> data) {
+ //do nothing
+ }
+
+ @Override
+ protected void checkDelete(String clientId, Map<String, Object> data) {
+ //do nothing
+ }
+
}
--- a/server/src/main/java/org/iri_research/renkan/coweb/event/UserSyncEventManager.java Thu Jan 16 01:29:02 2014 +0100
+++ b/server/src/main/java/org/iri_research/renkan/coweb/event/UserSyncEventManager.java Thu Jan 16 13:48:34 2014 +0100
@@ -92,7 +92,16 @@
protected List<User> getObjectList(Project project) {
// TODO: correct this, this is wrong, just put here to cpmpile
return null;
- // return project.getUsers();
+ }
+
+ @Override
+ protected void checkUpdate(String clientId, Map<String, Object> data) {
+ // do nothing
+ }
+
+ @Override
+ protected void checkDelete(String clientId, Map<String, Object> data) {
+ // do nothing
}
}