...
Again, this is not concerning itself about managing Authorizations. The choice of Qualifier for the purpose of checking Authorizations is based on what is known at the time of the check. This narrows it down quite a bit.
Wiring in Authorization
The service architect creates a Hold OSID Adapter wrapping the following methods.
Code Block |
---|
public class HoldAdminSession extends net.okapia.osid.jamocha.adapter.hold.spi.AbatractAdapterHoldAdminSession implements org.osid.hold.HoldAdminSession private final org.osid.authorization.AuthorizationSession authzSession; HoldAdminSession(org.osid.hold.HoldAdminSession session, org.osid.authorization.AuthorizationSession authzSession) { super(session); this.authzSession = authzSession; return; } public org.osid.hold.HoldForm getHoldFormForCreate(org.osid.id.Id issueId, org.osid.id.Id resourceId, org.osid.type.Type[] recordTypes) { if (this.authzSession.isAuthorized(getAuthenticatedAgentId(), createHoldFunctionId, issueId) { throw org.osid.PermissionDeniedException(); } // wrap the form so we need can get the issueId on the way back in return (new HoldFormAdapter(super.getHoldFormForCreate(issueId, resourceId, recordTypes), issueId); } public org.osid.hold.Hold createForm(org.osid.hold.HoldForm form) { if (this.authzSession.isAuthorized(getAuthenticatedAgentId(), createHoldFunctionId, getIssueId(form)) { throw org.osid.PermissionDeniedException(); } return (super.createHold(form)); } public org.osid.hold.HoldForm getHoldFormForUpdate(org.osid.id.Id holdId) { if (this.authzSession.isAuthorized(getAuthenticatedAgentId(), updateHoldFunctionId, holdId) { throw org.osid.PermissionDeniedException(); } // wrap the form so we need can get the issueId on the way back in return (new HoldFormAdapter(super.getHoldFormForUpdate(holdId), holdId); } public org.osid.hold.Hold updateForm(org.osid.hold.HoldForm form) { if (this.authzSession.isAuthorized(getAuthenticatedAgentId(), updateHoldFunctionId, getIssueId(form)) { throw org.osid.PermissionDeniedException(); } return (super.updateHold(form)); } public void deleteHold(org.osid.id.Id holdId) { if (this.authzSession.isAuthorized(getAuthenticatedAgentId(), deleteHoldFunctionId, holdId) { throw org.osid.PermissionDeniedException(); } return (super.deleteHold(holdId)); } private static org.osid.id.Id getIssueId(org.osid.hold.HoldForm form) { if (!(form instance of HoldFormAdapter)) { throw new org.osid.InvalidArgumentException("not my form!"); } return (((HoldFormAdapter) form).getIssueId()); } } |