Rev 1929 | Go to most recent revision | Only display areas with differences | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 1929 | Rev 1930 | ||
|---|---|---|---|
| 1 | package pt.estgp.estgweb.filters.filters; |
1 | package pt.estgp.estgweb.filters.filters; |
| 2 | 2 | ||
| 3 | /** |
- | |
| 4 | * Created by ASUS on 15/01/2018. |
- | |
| 5 | */ |
- | |
| 6 | - | ||
| 7 | import org.apache.log4j.Logger; |
3 | import org.apache.log4j.Logger; |
| 8 | import pt.estgp.estgweb.domain.CourseImpl; |
4 | import pt.estgp.estgweb.domain.CourseImpl; |
| 9 | import pt.estgp.estgweb.domain.CourseUnit; |
- | |
| 10 | import pt.estgp.estgweb.domain.UserImpl; |
- | |
| 11 | import pt.estgp.estgweb.domain.UserSession; |
5 | import pt.estgp.estgweb.domain.UserSession; |
| 12 | import pt.estgp.estgweb.domain.dao.DaoFactory; |
6 | import pt.estgp.estgweb.domain.dao.DaoFactory; |
| 13 | import pt.estgp.estgweb.filters.chains.LoadControlFilter; |
7 | import pt.estgp.estgweb.filters.chains.LoadControlFilter; |
| 14 | import pt.estgp.estgweb.filters.exceptions.AccessDeniedOperationException; |
8 | import pt.estgp.estgweb.filters.exceptions.AccessDeniedOperationException; |
| 15 | import pt.estgp.estgweb.filters.exceptions.NeedAuthenticationException; |
9 | import pt.estgp.estgweb.filters.exceptions.NeedAuthenticationException; |
| 16 | import pt.estgp.estgweb.filters.filters.utils.LoadObjectFromParameters; |
- | |
| 17 | import pt.estgp.estgweb.utils.Globals; |
10 | import pt.estgp.estgweb.utils.Globals; |
| 18 | import pt.utl.ist.berserk.ServiceRequest; |
11 | import pt.utl.ist.berserk.ServiceRequest; |
| 19 | import pt.utl.ist.berserk.ServiceResponse; |
12 | import pt.utl.ist.berserk.ServiceResponse; |
| 20 | import pt.utl.ist.berserk.logic.filterManager.FilterParameters; |
13 | import pt.utl.ist.berserk.logic.filterManager.FilterParameters; |
| 21 | import pt.utl.ist.berserk.logic.filterManager.exceptions.FilterException; |
14 | import pt.utl.ist.berserk.logic.filterManager.exceptions.FilterException; |
| 22 | 15 | ||
| 23 | public class IsFromCourseCommission extends LoadControlFilter { |
16 | public class IsFromCourseCommission extends LoadControlFilter { |
| 24 | private static final 1.5.0/docs/api/java/util/logging/Logger.html">Logger logger = 1.5.0/docs/api/java/util/logging/Logger.html">Logger.getLogger(IsFromCourseCommission.class); |
17 | private static final 1.5.0/docs/api/java/util/logging/Logger.html">Logger logger = 1.5.0/docs/api/java/util/logging/Logger.html">Logger.getLogger(IsFromCourseCommission.class); |
| 25 | 18 | ||
| 26 | public void execute(ServiceRequest request, ServiceResponse response, FilterParameters filterParameters) throws FilterException, 1.5.0/docs/api/java/lang/Exception.html">Exception |
19 | public void execute(ServiceRequest request, ServiceResponse response, FilterParameters filterParameters) throws FilterException, 1.5.0/docs/api/java/lang/Exception.html">Exception |
| 27 | { |
20 | { |
| 28 | 21 | ||
| 29 | UserSession userSession = (UserSession) request.getServiceParameters().getParameter(Globals.USER_SESSION_KEY); |
22 | UserSession userSession = (UserSession) request.getServiceParameters().getParameter(Globals.USER_SESSION_KEY); |
| 30 | 23 | ||
| 31 | if(userSession.getUser() == null) |
24 | if(userSession.getUser() == null) |
| 32 | { |
25 | { |
| 33 | logger.info("try access restricted area:" + request.getRequester()); |
26 | logger.info("try access restricted area:" + request.getRequester()); |
| 34 | throw new NeedAuthenticationException(); |
27 | throw new NeedAuthenticationException(); |
| 35 | } |
28 | } |
| 36 | 29 | ||
| 37 | if(userSession.getUser().isSuperuser()) |
30 | if(userSession.getUser().isSuperuser()) |
| 38 | return; |
31 | return; |
| 39 | 32 | ||
| 40 | //CourseImpl course = (CourseImpl) LoadObjectFromParameters.loadObjectFromClassName((String) filterParameters.getParameter(1),filterParameters,request.getServiceParameters()); |
- | |
| 41 | 1.5.0/docs/api/java/lang/String.html">String courseCode = (1.5.0/docs/api/java/lang/String.html">String) request.getServiceParameters().getParameter((1.5.0/docs/api/java/lang/String.html">String) filterParameters.getParameter(0)); |
33 | 1.5.0/docs/api/java/lang/String.html">String courseCode = (1.5.0/docs/api/java/lang/String.html">String) request.getServiceParameters().getParameter((1.5.0/docs/api/java/lang/String.html">String) filterParameters.getParameter(0)); |
| 42 | CourseImpl course = DaoFactory.getCourseDaoImpl().findCourseByCode(courseCode); |
34 | CourseImpl course = DaoFactory.getCourseDaoImpl().findCourseByCode(courseCode); |
| 43 | 35 | ||
| 44 | if(!course.isFromCourseCommission(userSession.getUser())) |
36 | if(!course.isFromCourseCommission(userSession.getUser())) |
| 45 | { |
37 | { |
| 46 | logger.warn(userSession.getUser().getUsername() + ": try access restricted area"); |
38 | logger.warn(userSession.getUser().getUsername() + ": try access restricted area"); |
| 47 | throw new AccessDeniedOperationException("fail.owner"); |
39 | throw new AccessDeniedOperationException("fail.owner"); |
| 48 | } |
40 | } |
| 49 | } |
41 | } |
| 50 | } |
42 | } |