package pt.estgp.estgweb.filters.filters;
import pt.estgp.estgweb.filters.chains.LoadControlFilter;
import pt.estgp.estgweb.filters.exceptions.NeedAuthenticationException;
import pt.estgp.estgweb.filters.exceptions.AccessDeniedOperationException;
import pt.estgp.estgweb.filters.filters.utils.LoadObjectFromParameters;
import pt.estgp.estgweb.domain.UserSession;
import pt.estgp.estgweb.domain.CourseUnit;
import pt.estgp.estgweb.domain.UserImpl;
import pt.estgp.estgweb.domain.dao.DaoFactory;
import pt.estgp.estgweb.Globals;
import pt.estgp.estgweb.utils.ReflectionBean;
import pt.estgp.estgweb.utils.RoleManager;
import pt.utl.ist.berserk.ServiceRequest;
import pt.utl.ist.berserk.ServiceResponse;
import pt.utl.ist.berserk.logic.filterManager.FilterParameters;
import pt.utl.ist.berserk.logic.filterManager.exceptions.FilterException;
import org.apache.log4j.Logger;
import java.io.Serializable;
public class CanAddAnnouncementInCourseUnit
extends LoadControlFilter
{
private static final 1.5.0/docs/api/java/util/logging/Logger.html">Logger logger =
1.5.0/docs/api/java/util/logging/Logger.html">Logger.
getLogger(CanAddAnnouncementInCourseUnit.
class);
public void execute
(ServiceRequest request, ServiceResponse response, FilterParameters filterParameters
) throws FilterException,
1.5.0/docs/api/java/lang/Exception.html">Exception
{
UserSession userSession =
(UserSession
) request.
getServiceParameters().
getParameter(Globals.
USER_SESSION_KEY);
if(userSession.
getUser() ==
null)
{
logger.
info("try access restricted area:" + request.
getRequester());
throw new NeedAuthenticationException
();
}
if(userSession.
getUser().
isSuperuser())
return;
ReflectionBean serializableBean =
new ReflectionBean
((1.5.0/docs/api/java/lang/String.html">String) filterParameters.
parametersArray()[0
]);
5+0%2Fdocs%2Fapi+Object">Object serializableObjectContainer = request.
getServiceParameters().
getParameter(serializableBean.
getName());
1.5.0/docs/api/java/io/Serializable.html">Serializable serializable =
(1.5.0/docs/api/java/io/Serializable.html">Serializable) serializableBean.
invoke(serializableObjectContainer
);
if(serializable
!=
null && serializable
instanceof 1.5.0/docs/api/java/lang/Long.html">Long && ((1.5.0/docs/api/java/lang/Long.html">Long)serializable
).
intValue() > 0
)
{
CourseUnit courseUnit =
(CourseUnit
) LoadObjectFromParameters.
loadObjectFromClassName(CourseUnit.
class.
getName(),filterParameters,request.
getServiceParameters());
1.5.0/docs/api/java/lang/System.html">System.
out.
println((((UserImpl
)userSession.
getUser()).
isTeacherOfCourseUnit(courseUnit.
getId(),
true) || DaoFactory.
getUserDaoImpl().
load(userSession.
getUser().
getId()).
hasRole("services")));
if(!(((UserImpl
)userSession.
getUser()).
isTeacherOfCourseUnit(courseUnit.
getId(),
true) || DaoFactory.
getUserDaoImpl().
load(userSession.
getUser().
getId()).
hasRole("services")))
{
logger.
warn(userSession.
getUser().
getUsername() +
": try access restricted area");
throw new AccessDeniedOperationException
("fail.owner");
}
}
}
}