rhbz736898 - Change security permission check on translation push.

Allow translators to push translations for their allowed language teams. Had to move the check to inside the method instead of the @restrict annotation.

zanata-war/src/main/java/org/zanata/rest/service/TranslatedDocResourceService.java

@@ -47,6 +47,7 @@
 import org.zanata.rest.ReadOnlyEntityException;
 import org.zanata.rest.dto.resource.TextFlowTarget;
 import org.zanata.rest.dto.resource.TranslationsResource;
+import org.zanata.security.ZanataIdentity;
 import org.zanata.service.CopyTransService;
 import org.zanata.service.LocaleService;
 import org.zanata.service.TranslationService;
@@ -122,6 +123,9 @@ public class TranslatedDocResourceService implements TranslatedDocResource
    @Context
    private UriInfo uri;
 
+   @In
+   private ZanataIdentity identity;
+
    @In
    private ApplicationConfiguration applicationConfiguration;
 
@@ -358,10 +362,13 @@ public Response deleteTranslations(@PathParam("id") String idNoSlash, @PathParam
    @Override
    @PUT
    @Path(RESOURCE_SLUG_TEMPLATE + "/translations/{locale}")
-   @Restrict("#{s:hasPermission(translatedDocResourceService.securedIteration.project, 'modify-translation')}")
    // /r/{id}/translations/{locale}
    public Response putTranslations(@PathParam("id") String idNoSlash, @PathParam("locale") LocaleId locale, TranslationsResource messageBody, @QueryParam("ext") Set<String> extensions, @QueryParam("merge") @DefaultValue("auto") String merge)
    {
+      // check security (cannot be on @Restrict as it refers to method parameters)
+      identity.checkPermission("modify-translation", this.localeServiceImpl.getByLocaleId(locale),
+            this.getSecuredIteration().getProject());
+
       log.debug("start put translations");
       MergeType mergeType;
       try