New file |
0,0 → 1,61 |
package pt.estgp.estgweb.filters.filters; |
|
import org.apache.log4j.Logger; |
import pt.estgp.estgweb.Globals; |
import pt.estgp.estgweb.domain.EventClass; |
import pt.estgp.estgweb.domain.EventGeneric; |
import pt.estgp.estgweb.domain.UserSession; |
import pt.estgp.estgweb.domain.dao.DaoFactory; |
import pt.estgp.estgweb.filters.chains.AdminControlFilter; |
import pt.estgp.estgweb.filters.exceptions.AccessDeniedOperationException; |
import pt.estgp.estgweb.filters.exceptions.NeedAuthenticationException; |
import pt.estgp.estgweb.utils.ConfigProperties; |
import pt.estgp.estgweb.utils.RoleManager; |
import pt.utl.ist.berserk.ServiceRequest; |
import pt.utl.ist.berserk.ServiceResponse; |
import pt.utl.ist.berserk.logic.filterManager.FilterParameters; |
import pt.utl.ist.berserk.logic.filterManager.exceptions.FilterException; |
|
public class EventManager extends AdminControlFilter { |
private static final Logger logger = Logger.getLogger(EventManager.class); |
|
private static final String ALL_ROLE = ConfigProperties.getProperty("user.super"); |
|
public void execute(ServiceRequest request, ServiceResponse response) |
throws FilterException, Exception |
{ |
|
} |
|
public void execute(ServiceRequest request, ServiceResponse response, FilterParameters filterParameters) throws FilterException, Exception |
{ |
|
UserSession userSession = (UserSession) request.getServiceParameters().getParameter(Globals.USER_SESSION_KEY); |
|
if(userSession.getUser() == null) |
{ |
logger.info("try access restricted area:" + request.getRequester()); |
throw new NeedAuthenticationException(); |
} |
if(userSession.getUser().isSuperuserOrAdmin()) |
return; |
|
String eventClassIdParameter = (String) filterParameters.getParameter(0); |
EventGeneric eventParameter = (EventGeneric) filterParameters.getParameter(1); |
|
if(eventParameter.getId() > 0) |
{ |
EventGeneric persistent = DaoFactory.getEventGenericDaoImpl().load(eventParameter.getId()); |
if(RoleManager.hasRole(userSession.getUser(), persistent.getEventClass().getManagersRole())) |
return; |
} |
else |
{ |
EventClass eventClass = DaoFactory.getEventClassDaoImpl().load(eventClassIdParameter); |
if(RoleManager.hasRole(userSession.getUser(), eventClass.getManagersRole())) |
return; |
} |
|
throw new AccessDeniedOperationException("fail.role"); |
} |
} |