Subversion Repositories bacoAlunos

Rev

Go to most recent revision | Blame | Compare with Previous | Last modification | View Log | RSS feed

package pt.estgp.estgweb.filters.filters;

/**
 * Created by ASUS on 15/01/2018.
 */

import org.apache.log4j.Logger;
        import pt.estgp.estgweb.domain.CourseImpl;
        import pt.estgp.estgweb.domain.CourseUnit;
        import pt.estgp.estgweb.domain.UserImpl;
        import pt.estgp.estgweb.domain.UserSession;
        import pt.estgp.estgweb.domain.dao.DaoFactory;
        import pt.estgp.estgweb.filters.chains.LoadControlFilter;
        import pt.estgp.estgweb.filters.exceptions.AccessDeniedOperationException;
        import pt.estgp.estgweb.filters.exceptions.NeedAuthenticationException;
        import pt.estgp.estgweb.filters.filters.utils.LoadObjectFromParameters;
        import pt.estgp.estgweb.utils.Globals;
        import pt.utl.ist.berserk.ServiceRequest;
        import pt.utl.ist.berserk.ServiceResponse;
        import pt.utl.ist.berserk.logic.filterManager.FilterParameters;
        import pt.utl.ist.berserk.logic.filterManager.exceptions.FilterException;

public class IsFromCourseCommission extends LoadControlFilter {
    private static final 1.5.0/docs/api/java/util/logging/Logger.html">Logger logger = 1.5.0/docs/api/java/util/logging/Logger.html">Logger.getLogger(IsFromCourseCommission.class);

    public void execute(ServiceRequest request, ServiceResponse response, FilterParameters filterParameters) throws FilterException, 1.5.0/docs/api/java/lang/Exception.html">Exception
    {

        UserSession userSession = (UserSession) request.getServiceParameters().getParameter(Globals.USER_SESSION_KEY);

        if(userSession.getUser() == null)
        {
            logger.info("try access restricted area:" + request.getRequester());
            throw new NeedAuthenticationException();
        }

        if(userSession.getUser().isSuperuser())
            return;

        //CourseImpl course = (CourseImpl) LoadObjectFromParameters.loadObjectFromClassName((String) filterParameters.getParameter(1),filterParameters,request.getServiceParameters());
        1.5.0/docs/api/java/lang/String.html">String courseCode = (1.5.0/docs/api/java/lang/String.html">String) request.getServiceParameters().getParameter((1.5.0/docs/api/java/lang/String.html">String) filterParameters.getParameter(0));
        CourseImpl course = DaoFactory.getCourseDaoImpl().findCourseByCode(courseCode);

        if(!course.isFromCourseCommission(userSession.getUser()))
        {
            logger.warn(userSession.getUser().getUsername() + ": try access restricted area");
            throw new AccessDeniedOperationException("fail.owner");
        }
    }
}