From 8a45ae67ed7371a9d28cbba6de188af3270562b6 Mon Sep 17 00:00:00 2001
From: rsanchez <rsanchez@curisit.net>
Date: Mon, 17 Apr 2017 17:11:04 +0000
Subject: [PATCH] #3529 feature - Securized access for readonly users

---
 securis/src/main/java/net/curisit/securis/services/ApplicationResource.java |   15 +++++++++++++--
 1 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/securis/src/main/java/net/curisit/securis/services/ApplicationResource.java b/securis/src/main/java/net/curisit/securis/services/ApplicationResource.java
index e62cdb4..15e473f 100644
--- a/securis/src/main/java/net/curisit/securis/services/ApplicationResource.java
+++ b/securis/src/main/java/net/curisit/securis/services/ApplicationResource.java
@@ -72,12 +72,23 @@
 	@Path("/")
 	@Produces({ MediaType.APPLICATION_JSON })
 	@Securable
-	public Response index() {
+	public Response index(@Context BasicSecurityContext bsc) {
 		LOG.info("Getting applications list ");
 
 		// EntityManager em = emProvider.get();
 		em.clear();
-		TypedQuery<Application> q = em.createNamedQuery("list-applications", Application.class);
+
+		TypedQuery<Application> q;
+		if (bsc.isUserInRole(BasicSecurityContext.ROL_ADMIN)) {
+			q = em.createNamedQuery("list-applications", Application.class);
+		} else {
+			if (bsc.getApplicationsIds() == null || bsc.getApplicationsIds().isEmpty()) {
+				return Response.ok().build();
+			}
+			q = em.createNamedQuery("list-applications-by_ids", Application.class);
+
+			q.setParameter("list_ids", bsc.getApplicationsIds());
+		}
 		List<Application> list = q.getResultList();
 
 		return Response.ok(list).build();

--
Gitblit v1.3.2