diff options
author | Simon Rettberg | 2015-09-07 14:50:41 +0200 |
---|---|---|
committer | Simon Rettberg | 2015-09-07 14:50:41 +0200 |
commit | 8baff7ead4ef5d5a55011a578d7cbad51e581b6d (patch) | |
tree | 89b965b81a6a559defa9eb639433cfbbe6a96035 /dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java | |
parent | [client] fix open folder (missing listener) (diff) | |
download | tutor-module-8baff7ead4ef5d5a55011a578d7cbad51e581b6d.tar.gz tutor-module-8baff7ead4ef5d5a55011a578d7cbad51e581b6d.tar.xz tutor-module-8baff7ead4ef5d5a55011a578d7cbad51e581b6d.zip |
[server] Check link permissions when creating/editing lecture
Diffstat (limited to 'dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java')
-rw-r--r-- | dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java index 72049beb..2fe65d86 100644 --- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java @@ -447,11 +447,12 @@ public class ServerHandler implements SatelliteServer.Iface { @Override public String createLecture(String userToken, LectureWrite lecture) throws TAuthorizationException, - TInvocationException, TInvalidDateParam { + TInvocationException, TInvalidDateParam, TNotFoundException { if (lecture == null || lecture.defaultPermissions == null) throw new TInvocationException(); // TODO Own exception for this UserInfo user = SessionManager.getOrFail(userToken); User.canCreateLectureOrFail(user); + User.canLinkToImageOrFail(user, lecture.imageVersionId); Sanitizer.handleLectureDates(lecture); try { return DbLecture.create(user, lecture); @@ -461,14 +462,24 @@ public class ServerHandler implements SatelliteServer.Iface { } @Override - public void updateLecture(String userToken, String lectureId, LectureWrite lecture) + public void updateLecture(String userToken, String lectureId, LectureWrite newLectureData) throws TAuthorizationException, TNotFoundException, TInvocationException, TInvalidDateParam { UserInfo user = SessionManager.getOrFail(userToken); - User.canEditLectureOrFail(user, lectureId); - Sanitizer.handleLectureDates(lecture); - lecture.defaultPermissions = Sanitizer.handleLecturePermissions(lecture.defaultPermissions); + LectureSummary oldLecture; + try { + oldLecture = DbLecture.getLectureSummary(user, lectureId); + } catch (SQLException e1) { + throw new TInvocationException(); + } + User.canEditLectureOrFail(user, oldLecture); + // TODO Copy empty fields in new from old + if (oldLecture.imageVersionId == null + || !oldLecture.imageVersionId.equals(newLectureData.imageVersionId)) { + User.canLinkToImageOrFail(user, newLectureData.imageVersionId); + } + Sanitizer.handleLectureDates(newLectureData); try { - DbLecture.update(user, lectureId, lecture); + DbLecture.update(user, lectureId, newLectureData); } catch (SQLException e) { throw new TInvocationException(); } |