public void removeDashboard(Subject subject, int dashboardId) { Dashboard toDelete = entityManager.find(Dashboard.class, dashboardId); if (!authorizationManager.hasGlobalPermission(subject, Permission.MANAGE_SETTINGS) && toDelete.getOwner().getId() != subject.getId()) { throw new PermissionException("You may only delete dashboards you own."); } entityManager.remove(toDelete); }
public Dashboard storeDashboard(Subject subject, Dashboard dashboard) { Dashboard d = null; if ((d = entityManager.find(Dashboard.class, dashboard.getId())) == null) { dashboard.setOwner(subject); entityManager.persist(dashboard); return dashboard; } else { if (!authorizationManager.hasGlobalPermission(subject, Permission.MANAGE_SETTINGS) && d.getOwner().getId() != subject.getId()) { throw new PermissionException("You may only alter dashboards you own."); } return entityManager.merge(dashboard); } }