New file |
0,0 → 1,61 |
package pt.estgp.estgweb.filters.filters; |
|
import jdk.nashorn.internal.codegen.types.Type; |
import pt.estgp.estgweb.domain.CourseImpl; |
import pt.estgp.estgweb.domain.dao.DaoFactory; |
import pt.estgp.estgweb.filters.chains.LoadControlFilter; |
import pt.estgp.estgweb.filters.exceptions.NeedAuthenticationException; |
import pt.estgp.estgweb.filters.exceptions.AccessDeniedOperationException; |
import pt.estgp.estgweb.filters.filters.utils.LoadObjectFromParameters; |
import pt.estgp.estgweb.domain.UserSession; |
import pt.estgp.estgweb.domain.CourseUnit; |
import pt.estgp.estgweb.domain.UserImpl; |
import pt.estgp.estgweb.utils.Globals; |
import pt.utl.ist.berserk.ServiceRequest; |
import pt.utl.ist.berserk.ServiceResponse; |
import pt.utl.ist.berserk.logic.filterManager.FilterParameters; |
import pt.utl.ist.berserk.logic.filterManager.exceptions.FilterException; |
import org.apache.log4j.Logger; |
|
public class IsFromCourseCommissionClass extends LoadControlFilter |
{ |
private static final Logger logger = Logger.getLogger(IsFromCourseCommissionClass.class); |
|
public void execute(ServiceRequest request, ServiceResponse response, FilterParameters filterParameters) throws FilterException, Exception |
{ |
|
UserSession userSession = (UserSession) request.getServiceParameters().getParameter(Globals.USER_SESSION_KEY); |
|
//Não tem autenticação então nega o acesso |
if(userSession.getUser() == null) |
{ |
logger.info("try access restricted area:" + request.getRequester()); |
throw new NeedAuthenticationException(); |
} |
|
if(userSession.getUser().isSuperuser()) |
return; |
|
|
|
String courseCode = null; |
|
Object req = request.getServiceParameters().getParameter((String) filterParameters.getParameter(0)); |
|
if (req instanceof String){ |
courseCode = (String) req; |
}else { |
logger.info(userSession.getUser().getUsername() + ": Invalid Parameter"); |
throw new AccessDeniedOperationException("fail.owner"); |
} |
|
|
CourseImpl courseimpl = DaoFactory.getCourseDaoImpl().findCourseByCode(courseCode); |
|
if(!courseimpl.isFromCourseCommission(userSession.getUser())) |
{ |
logger.warn(userSession.getUser().getUsername() + ": try access restricted area"); |
throw new AccessDeniedOperationException("fail.owner"); |
} |
} |
} |