public void removeDashboard(Subject subject, int dashboardId) {
Dashboard toDelete = entityManager.find(Dashboard.class, dashboardId);
if (!authorizationManager.hasGlobalPermission(subject, Permission.MANAGE_SETTINGS)
&& toDelete.getOwner().getId() != subject.getId()) {
throw new PermissionException("You may only delete dashboards you own.");
}
entityManager.remove(toDelete);
}
public Dashboard storeDashboard(Subject subject, Dashboard dashboard) {
Dashboard d = null;
if ((d = entityManager.find(Dashboard.class, dashboard.getId())) == null) {
dashboard.setOwner(subject);
entityManager.persist(dashboard);
return dashboard;
} else {
if (!authorizationManager.hasGlobalPermission(subject, Permission.MANAGE_SETTINGS)
&& d.getOwner().getId() != subject.getId()) {
throw new PermissionException("You may only alter dashboards you own.");
}
return entityManager.merge(dashboard);
}
}
