public static Session createSession(String sessionToken) throws UnauthorizedException {
SecurityInformation securityInformation = hah.getSecurityInformation(sessionToken);
String emailAddress = securityInformation.getEmailAddress();
User user = userservice.getByEmail(emailAddress);
if (user == null) {
throw new UnauthorizedException(
"The email address given by the securityservice ("
+ emailAddress
+ ") is not registered to a user in elaborate");
}
return new Session(user.getId());
}
public void update(AnnotationTypeMetadataItem annotationTypeMetadataItem, User modifier) {
beginTransaction();
if (modifier.getPermissionFor(annotationTypeMetadataItem).canWrite()) {
super.update(annotationTypeMetadataItem);
commitTransaction();
} else {
rollbackTransaction();
throw new UnauthorizedException(exception(modifier, "update annotation types"));
}
}
public void delete(long id, User modifier) {
beginTransaction();
AnnotationTypeMetadataItem annotationType = super.read(id);
if (modifier.getPermissionFor(annotationType).canWrite()) {
super.delete(id);
commitTransaction();
} else {
rollbackTransaction();
throw new UnauthorizedException(exception(modifier, "delete annotation types"));
}
}
public AnnotationTypeMetadataItem create(AnnotationTypeMetadataItemInput input, User creator) {
beginTransaction();
AnnotationTypeMetadataItem annotationTypeMetadataItem = new AnnotationTypeMetadataItem();
if (creator.getPermissionFor(annotationTypeMetadataItem).canWrite()) {
AnnotationTypeMetadataItem create = super.create(annotationTypeMetadataItem);
commitTransaction();
return create;
}
rollbackTransaction();
throw new UnauthorizedException(exception(creator, "create new annotation types"));
}
private String exception(User creator, String string) {
return "user " + creator.getUsername() + " is not authorized to " + string;
}
