Author: bleny Date: 2014-06-19 10:45:05 +0200 (Thu, 19 Jun 2014) New Revision: 2062 Url: http://forge.codelutin.com/projects/wao/repository/revisions/2062 Log: prevent coordinator to update admin data via import Modified: trunk/wao-services/src/main/java/fr/ifremer/wao/services/service/ObsMerContactsService.java Modified: trunk/wao-services/src/main/java/fr/ifremer/wao/services/service/ObsMerContactsService.java =================================================================== --- trunk/wao-services/src/main/java/fr/ifremer/wao/services/service/ObsMerContactsService.java 2014-06-19 08:30:31 UTC (rev 2061) +++ trunk/wao-services/src/main/java/fr/ifremer/wao/services/service/ObsMerContactsService.java 2014-06-19 08:45:05 UTC (rev 2062) @@ -299,6 +299,15 @@ if (updateContactCommand.isCreation()) { updateContactCommand.setContact(contact); + + // Prevent that someone who is not admin change data that only admin + // must be able to modify + if ( ! authenticatedWaoUser.isAdmin()) { + contact.setCommentAdmin(null); + contact.setValidationProgram(null); + contact.setDataReliability(DataReliability.UNKNOWN); + } + } else { Contact contactToUpdate = updateContactCommand.getContact(); @@ -324,6 +333,15 @@ Contact.PROPERTY_CONTACT_STATE_MOTIF, Contact.PROPERTY_RESTITUTION, Contact.PROPERTY_OBSERVED_DATA_CONTROL); + + // Prevent that someone who is not admin change data that only admin + // must be able to modify + if ( ! authenticatedWaoUser.isAdmin()) { + contactToUpdate.setCommentAdmin(contact.getCommentAdmin()); + contactToUpdate.setValidationProgram(contact.getValidationProgram()); + contactToUpdate.setDataReliability(contact.getDataReliability()); + } + } try {