Subversion Repositories bacoAlunos

Rev

Rev 1929 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
1929 grupo1 1 
package pt.estgp.estgweb.filters.filters;
2 
 
3 
import org.apache.log4j.Logger;
1930 grupo1 4 
import pt.estgp.estgweb.domain.CourseImpl;
5 
import pt.estgp.estgweb.domain.UserSession;
6 
import pt.estgp.estgweb.domain.dao.DaoFactory;
7 
import pt.estgp.estgweb.filters.chains.LoadControlFilter;
8 
import pt.estgp.estgweb.filters.exceptions.AccessDeniedOperationException;
9 
import pt.estgp.estgweb.filters.exceptions.NeedAuthenticationException;
10 
import pt.estgp.estgweb.utils.Globals;
11 
import pt.utl.ist.berserk.ServiceRequest;
12 
import pt.utl.ist.berserk.ServiceResponse;
13 
import pt.utl.ist.berserk.logic.filterManager.FilterParameters;
14 
import pt.utl.ist.berserk.logic.filterManager.exceptions.FilterException;
1929 grupo1 15 
 
16 
public class IsFromCourseCommission extends LoadControlFilter {
17 
    private static final 1.5.0/docs/api/java/util/logging/Logger.html">Logger logger = 1.5.0/docs/api/java/util/logging/Logger.html">Logger.getLogger(IsFromCourseCommission.class);
18 
 
19 
    public void execute(ServiceRequest request, ServiceResponse response, FilterParameters filterParameters) throws FilterException, 1.5.0/docs/api/java/lang/Exception.html">Exception
20 
    {
21 
 
22 
        UserSession userSession = (UserSession) request.getServiceParameters().getParameter(Globals.USER_SESSION_KEY);
23 
 
24 
        if(userSession.getUser() == null)
25 
        {
26 
            logger.info("try access restricted area:" + request.getRequester());
27 
            throw new NeedAuthenticationException();
28 
        }
29 
 
30 
        if(userSession.getUser().isSuperuser())
31 
            return;
32 
 
33 
        1.5.0/docs/api/java/lang/String.html">String courseCode = (1.5.0/docs/api/java/lang/String.html">String) request.getServiceParameters().getParameter((1.5.0/docs/api/java/lang/String.html">String) filterParameters.getParameter(0));
34 
        CourseImpl course = DaoFactory.getCourseDaoImpl().findCourseByCode(courseCode);
35 
 
36 
        if(!course.isFromCourseCommission(userSession.getUser()))
37 
        {
38 
            logger.warn(userSession.getUser().getUsername() + ": try access restricted area");
39 
            throw new AccessDeniedOperationException("fail.owner");
40 
        }
41 
    }
42 
}