Changes in 6984fcc: bug5008: added optional "secret" parameter to RegattasResource.getTimes(...) Change-Id: I3ee11bd3e9393800968e0c5e528247d07a7d4eef

				java/com.sap.sailing.server.gateway/src/com/sap/sailing/server/gateway/jaxrs/api/RegattasResource.java
			
          @@ -383,7 +383,6 @@ public class RegattasResource extends AbstractSailingServerResource {

                       String competitorName, String competitorShortName, String competitorEmail, String flagImageURIString,

                       String teamImageURIString, Function<String, DynamicBoat> boatObtainer, String deviceUuid,

                       String registrationLinkSecret) {

          -

                   final Subject subject = SecurityUtils.getSubject();

                   final User user = getSecurityService().getCurrentUser();

                   Response response;

          @@ -1058,13 +1057,16 @@ public class RegattasResource extends AbstractSailingServerResource {

               @GET

               @Produces("application/json;charset=UTF-8")

               @Path("{regattaname}/races/{racename}/times")

          -    public Response getTimes(@PathParam("regattaname") String regattaName, @PathParam("racename") String raceName) {

          +    public Response getTimes(@PathParam("regattaname") String regattaName, @PathParam("racename") String raceName,

          +            @QueryParam("secret") String regattaSecret) {

                   Response response = null;

                   Regatta regatta = findRegattaByName(regattaName);

                   if (regatta == null) {

                       response = getBadRegattaErrorResponse(regattaName);

                   } else {

          -            getSecurityService().checkCurrentUserReadPermission(regatta);

          +            if (!getService().skipChecksDueToCorrectSecret(regattaName, regattaSecret)) {

          +                getSecurityService().checkCurrentUserReadPermission(regatta);

          +            }

                       RaceDefinition race = findRaceByName(regatta, raceName);

                       if (race == null) {

                           response = getBadRaceErrorResponse(regattaName, raceName);

				wiki/info/security/permission-migration-tests.md
			
          @@ -302,7 +302,7 @@ For the tests of this scenario, we need a fully featured setup consisting of the

           * A regatta having dynamic competitor/boat assignments

           * Pinged marks as well as tracked marks

          -The a smartphone tracking setup needs to get repeated using the following invitation and app combinations (some cases can be tested in parallel):

          +Then a smartphone tracking setup needs to get repeated using the following invitation and app combinations (some cases can be tested in parallel):

           * Legacy invitations/QR codes with the old apps

           * Legacy invitations/QR codes with Sail Insight 2.0

...	...	@@ -383,7 +383,6 @@ public class RegattasResource extends AbstractSailingServerResource {
383	383	String competitorName, String competitorShortName, String competitorEmail, String flagImageURIString,
384	384	String teamImageURIString, Function<String, DynamicBoat> boatObtainer, String deviceUuid,
385	385	String registrationLinkSecret) {
386		-
387	386	final Subject subject = SecurityUtils.getSubject();
388	387	final User user = getSecurityService().getCurrentUser();
389	388	Response response;
...	...	@@ -1058,13 +1057,16 @@ public class RegattasResource extends AbstractSailingServerResource {
1058	1057	@GET
1059	1058	@Produces("application/json;charset=UTF-8")
1060	1059	@Path("{regattaname}/races/{racename}/times")
1061		- public Response getTimes(@PathParam("regattaname") String regattaName, @PathParam("racename") String raceName) {
	1060	+ public Response getTimes(@PathParam("regattaname") String regattaName, @PathParam("racename") String raceName,
	1061	+ @QueryParam("secret") String regattaSecret) {
1062	1062	Response response = null;
1063	1063	Regatta regatta = findRegattaByName(regattaName);
1064	1064	if (regatta == null) {
1065	1065	response = getBadRegattaErrorResponse(regattaName);
1066	1066	} else {
1067		- getSecurityService().checkCurrentUserReadPermission(regatta);
	1067	+ if (!getService().skipChecksDueToCorrectSecret(regattaName, regattaSecret)) {
	1068	+ getSecurityService().checkCurrentUserReadPermission(regatta);
	1069	+ }
1068	1070	RaceDefinition race = findRaceByName(regatta, raceName);
1069	1071	if (race == null) {
1070	1072	response = getBadRaceErrorResponse(regattaName, raceName);

...	...	@@ -302,7 +302,7 @@ For the tests of this scenario, we need a fully featured setup consisting of the
302	302	* A regatta having dynamic competitor/boat assignments
303	303	* Pinged marks as well as tracked marks
304	304
305		-The a smartphone tracking setup needs to get repeated using the following invitation and app combinations (some cases can be tested in parallel):
	305	+Then a smartphone tracking setup needs to get repeated using the following invitation and app combinations (some cases can be tested in parallel):
306	306
307	307	* Legacy invitations/QR codes with the old apps
308	308	* Legacy invitations/QR codes with Sail Insight 2.0