[server] Check link permissions when creating/editing lecture

author: Simon Rettberg 2015-09-07 14:50:41 +0200
committer: Simon Rettberg 2015-09-07 14:50:41 +0200
commit: 8baff7ead4ef5d5a55011a578d7cbad51e581b6d (patch)
tree: 89b965b81a6a559defa9eb639433cfbbe6a96035 /dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java
parent: [client] fix open folder (missing listener) (diff)
download: tutor-module-8baff7ead4ef5d5a55011a578d7cbad51e581b6d.tar.gz
tutor-module-8baff7ead4ef5d5a55011a578d7cbad51e581b6d.tar.xz
tutor-module-8baff7ead4ef5d5a55011a578d7cbad51e581b6d.zip
1 files changed, 17 insertions, 6 deletions
diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java
index 72049beb..2fe65d86 100644
--- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java
@@ -447,11 +447,12 @@ public class ServerHandler implements SatelliteServer.Iface {
 
 	@Override
 	public String createLecture(String userToken, LectureWrite lecture) throws TAuthorizationException,
-			TInvocationException, TInvalidDateParam {
+			TInvocationException, TInvalidDateParam, TNotFoundException {
 		if (lecture == null || lecture.defaultPermissions == null)
 			throw new TInvocationException(); // TODO Own exception for this
 		UserInfo user = SessionManager.getOrFail(userToken);
 		User.canCreateLectureOrFail(user);
+		User.canLinkToImageOrFail(user, lecture.imageVersionId);
 		Sanitizer.handleLectureDates(lecture);
 		try {
 			return DbLecture.create(user, lecture);
@@ -461,14 +462,24 @@ public class ServerHandler implements SatelliteServer.Iface {
 	}
 
 	@Override
-	public void updateLecture(String userToken, String lectureId, LectureWrite lecture)
+	public void updateLecture(String userToken, String lectureId, LectureWrite newLectureData)
 			throws TAuthorizationException, TNotFoundException, TInvocationException, TInvalidDateParam {
 		UserInfo user = SessionManager.getOrFail(userToken);
-		User.canEditLectureOrFail(user, lectureId);
-		Sanitizer.handleLectureDates(lecture);
-		lecture.defaultPermissions = Sanitizer.handleLecturePermissions(lecture.defaultPermissions);
+		LectureSummary oldLecture;
+		try {
+			oldLecture = DbLecture.getLectureSummary(user, lectureId);
+		} catch (SQLException e1) {
+			throw new TInvocationException();
+		}
+		User.canEditLectureOrFail(user, oldLecture);
+		// TODO Copy empty fields in new from old
+		if (oldLecture.imageVersionId == null
+				|| !oldLecture.imageVersionId.equals(newLectureData.imageVersionId)) {
+			User.canLinkToImageOrFail(user, newLectureData.imageVersionId);
+		}
+		Sanitizer.handleLectureDates(newLectureData);
 		try {
-			DbLecture.update(user, lectureId, lecture);
+			DbLecture.update(user, lectureId, newLectureData);
 		} catch (SQLException e) {
 			throw new TInvocationException();
 		}
author	Simon Rettberg	2015-09-07 14:50:41 +0200
committer	Simon Rettberg	2015-09-07 14:50:41 +0200
commit	8baff7ead4ef5d5a55011a578d7cbad51e581b6d (patch)
tree	89b965b81a6a559defa9eb639433cfbbe6a96035 /dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java
parent	[client] fix open folder (missing listener) (diff)
download	tutor-module-8baff7ead4ef5d5a55011a578d7cbad51e581b6d.tar.gz tutor-module-8baff7ead4ef5d5a55011a578d7cbad51e581b6d.tar.xz tutor-module-8baff7ead4ef5d5a55011a578d7cbad51e581b6d.zip