...
Code Block | ||
---|---|---|
| ||
boolean isAuthorized(org.osid.id.Id agentId, org.osid.id.Id functionId, org.osid.id.Id qualifierId) throws org.osid.NotFoundException, org.osid.OperationFailedException, org.osid.PermissionDeniedException { org.osid.id.Id issueId; if (functionId.equals(CREATEHOLD_FUNCTION_ID)) { issueId = qualifierid; } else if (functionId.equals(UPDATEHOLD_FUNCTION_ID)) { org.osid.hold.Hold hold = holdLookupSession.getHold(qualifierId); issueId = hold.getIssueId(); } else { return (underlyingAuthorizationProvider.isAuthorized(agentId, functionId, qualfiierId)); } org.osid.hold.Issue issue = issueLookupSession.getIssue(issueId); OrganizationIssueRecord record = (OrganizationIssueRecord) issue.getIssueRecord(ORGANIZATION_ISSUE_RECORD_TYPE); org.osid.id.IdList organizationIds; if (functionId.equals(CREATEHOLD_FUNCTION_ID)) { organizationIds =if (resourceAgentSession.isAgentForResources(agentId, record.getHoldCreatorOrganizationIds()) { return (true); } } else if (functionId.equals(UPDATEHOLD_FUNCTION_ID)) { organizationIds =if (resourceAgentSession.isAgentForResources(agentId, record.getHoldUpdaterOrganizationIds()); { } try {return (true); while (organizationIds.hasNext()) {} if (resourceAgentSession.isAgentForResource(agentId, organizationIds.getNextId()) { return (true); } return (false); } finally { organizationIds.close(); } } |
This looks better. This implementation of an Authorization OSID Adapter is simpler because it pushes the organizational logic out of authorization into the Resource OSID. That logic has to live somewhere so is this just moving the problem around?
Deeper into the Resource Can
...