use of org.activityinfo.store.query.server.PermissionsEnforcer in project activityinfo by bedatadriven.
the class FormResource method getRecord.
@GET
@NoCache
@Path("record/{recordId}")
@Produces(JSON_CONTENT_TYPE)
@Operation(summary = "Get a single record")
public FormRecord getRecord(@PathParam("recordId") String recordId) {
FormStorage form = assertVisible(formId);
Optional<FormRecord> record = form.get(ResourceId.valueOf(recordId));
if (!record.isPresent()) {
throw new NotFoundException("Record " + recordId + " does not exist.");
}
PermissionsEnforcer enforcer = backend.newPermissionsEnforcer();
if (!enforcer.canView(record.get())) {
throw new NotAuthorizedException();
}
return record.get();
}
Aggregations