FSN#38610 SVN koppeling naar Facilitor ivm vervanging Logcentre

svn path=/Website/branches/v2016.3/; revision=32410

APPL/API2/TESTER/api2_tester.html

@@ -43,7 +43,7 @@
             </tr>
             <tr><td><label>Website</label></td>
 <!--                <td><input id="urlbase" type="text" style="width:250px" value="http://uwva.5iwork/Facilitor5iwork"> -->
-                <td><input id="urlbase" type="text" style="width:250px" value="http://sgf12/Facilitor5iwork">
+                <td><input id="urlbase" type="text" style="width:250px" value="http://uwva.facws001/branch20163/">
                 </td>
             </tr>
             <tr><td><label>Pretty JSON</label></td>

APPL/API2/api_notes.asp

@@ -22,4 +22,5 @@
 <!-- #include file="./model_notes.inc" -->
 <%
     api2_rest.process(new model_notes(getQParam("module", "").toUpperCase()));
+
 %>

APPL/API2/model_notes.inc

@@ -59,7 +59,6 @@ SELECT 'PRJ'
 
 %>
 <!-- #include file="../mld/mld.inc" -->
-<!-- #include file="model_objects.inc"-->
 <%
 
 function model_notes(module)
@@ -129,8 +128,53 @@ function model_notes(module)
             ]
           };
 
-  // TODO: REST_GET niet (rechtstreeks) toestaan?
-  this.REST_GET = function _GET(params)
+    function _check_authorization (params, method)
+        {
+            params.message = "";
+
+            if (params.filter.module == "MLD")
+            {
+                var autfunction = (params.filter.scope == "fe"? "WEB_MLDFOF" : "WEB_MLDBOF");
+                params.authparams = user.checkAutorisation(autfunction, null, null, true); // pessimistisch
+
+                switch (method)
+                {
+                    case "GET":
+                        if (params.filter.parent_key)
+                        {
+                            var mld_key = params.filter.parent_key;
+                            var this_mld = mld.func_enabled_melding(mld_key, params);
+                            user.auth_required_or_abort(this_mld.canReadNotes);
+                        }
+                        break;
+                    case "DELETE":
+                        // Notes mogen niet worden verwijderd.
+                        // en verder met de autorisatie van PUT...
+                    case "PUT":
+                        var mld_key = params.filter.parent;
+                        var this_mld = mld.func_enabled_melding(mld_key, params);
+                        user.auth_required_or_abort(this_mld.canWriteNotes);
+                        params.isNew = false;
+                        break;
+                    case "POST":
+                        var mld_key = params.filter.parent_key;
+                        var this_mld = mld.func_enabled_melding(mld_key, params);
+                        user.auth_required_or_abort(!this_mld.canWriteNotes);
+                        params.isNew = true;
+                        break;
+                }
+                params.func_enabled = this_mld || {};
+            }
+            else
+            {
+                // Voor alle andere modules toevoegen niet toestaan.
+                if (method == "POST")
+                    user.auth_required_or_abort(false);
+            }
+        }
+
+    // TODO: REST_GET niet (rechtstreeks) toestaan?
+    this.REST_GET = function _GET(params)
         {
             var query = api2.sqlfields(params, this );
             var wheres = api2.sqlfilter(params, this);
@@ -165,7 +209,8 @@ function model_notes(module)
 
     this.REST_POST = function (params, jsondata) /* new note */
         {
-            params.isNew = true;
+            params.filter.parent_key = jsondata.parent;
+            _check_authorization(params, "POST");
             //
             var dbfields = api2.update_fields(params, this, jsondata); // Build updater
             dbfields["id"] = { dbs: tabel.id, typ: "key", seq: tabel.seq };