Search in sources :

Example 1 with PermissionsEnforcer

use of org.activityinfo.store.query.server.PermissionsEnforcer in project activityinfo by bedatadriven.

the class FormResource method getRecord.

@GET
@NoCache
@Path("record/{recordId}")
@Produces(JSON_CONTENT_TYPE)
@Operation(summary = "Get a single record")
public FormRecord getRecord(@PathParam("recordId") String recordId) {
    FormStorage form = assertVisible(formId);
    Optional<FormRecord> record = form.get(ResourceId.valueOf(recordId));
    if (!record.isPresent()) {
        throw new NotFoundException("Record " + recordId + " does not exist.");
    }
    PermissionsEnforcer enforcer = backend.newPermissionsEnforcer();
    if (!enforcer.canView(record.get())) {
        throw new NotAuthorizedException();
    }
    return record.get();
}
Also used : VersionedFormStorage(org.activityinfo.store.spi.VersionedFormStorage) FormStorage(org.activityinfo.store.spi.FormStorage) NotFoundException(com.sun.jersey.api.NotFoundException) PermissionsEnforcer(org.activityinfo.store.query.server.PermissionsEnforcer) Operation(io.swagger.v3.oas.annotations.Operation)

Aggregations

NotFoundException (com.sun.jersey.api.NotFoundException)1 Operation (io.swagger.v3.oas.annotations.Operation)1 PermissionsEnforcer (org.activityinfo.store.query.server.PermissionsEnforcer)1 FormStorage (org.activityinfo.store.spi.FormStorage)1 VersionedFormStorage (org.activityinfo.store.spi.VersionedFormStorage)1