[server] Reject student logins if student download is disabled

2 files changed, 8 insertions, 0 deletions

diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/RuntimeConfig.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/RuntimeConfig.java
index 30d2f4a8..ea450717 100644
--- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/RuntimeConfig.java
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/RuntimeConfig.java
@@ -101,4 +101,8 @@ public class RuntimeConfig {
 		return cache.get().allowLoginByDefault;
 	}
 	
+	public static boolean allowStudentDownload() {
+		return cache.get().allowStudentDownload;
+	}
+	
 }
diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java
index abea5433..43cdebe0 100644
--- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java
@@ -2,6 +2,7 @@ package org.openslx.bwlp.sat.permissions;
 
 import java.sql.SQLException;
 
+import org.openslx.bwlp.sat.RuntimeConfig;
 import org.openslx.bwlp.sat.database.mappers.DbImage;
 import org.openslx.bwlp.sat.database.mappers.DbLecture;
 import org.openslx.bwlp.sat.database.mappers.DbOrganization;
@@ -58,6 +59,9 @@ public class User {
 	 * @return null if user is allowed, {@link AuthorizationError} otherwise
 	 */
 	public static AuthorizationError canLogin(UserInfo user) {
+		// Student download allowed? If not, reject students right away
+		if (!RuntimeConfig.allowStudentDownload() && user.role == Role.STUDENT)
+			return AuthorizationError.ACCOUNT_SUSPENDED;
 		LocalUser localData = LocalData.getLocalUser(user);
 		if (localData != null) {
 			if (localData.canLogin)