diff options
| author | Simon Rettberg | 2015-09-07 14:50:41 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2015-09-07 14:50:41 +0200 |
| commit | 8baff7ead4ef5d5a55011a578d7cbad51e581b6d (patch) | |
| tree | 89b965b81a6a559defa9eb639433cfbbe6a96035 /dozentenmodulserver/src/main/java/org | |
| parent | [client] fix open folder (missing listener) (diff) | |
| download | tutor-module-8baff7ead4ef5d5a55011a578d7cbad51e581b6d.tar.gz tutor-module-8baff7ead4ef5d5a55011a578d7cbad51e581b6d.tar.xz tutor-module-8baff7ead4ef5d5a55011a578d7cbad51e581b6d.zip | |
[server] Check link permissions when creating/editing lecture
Diffstat (limited to 'dozentenmodulserver/src/main/java/org')
| -rw-r--r-- | dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java | 17 | ||||
| -rw-r--r-- | dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java | 23 |
2 files changed, 33 insertions, 7 deletions
diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java index 1d06b9bc..e64366bd 100644 --- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/permissions/User.java @@ -266,7 +266,11 @@ public class User { public static void canEditLectureOrFail(UserInfo user, String lectureId) throws TInvocationException, TNotFoundException, TAuthorizationException { - LectureSummary lecture = getLectureFromId(user, lectureId); + canEditLectureOrFail(user, getLectureFromId(user, lectureId)); + } + + public static void canEditLectureOrFail(UserInfo user, LectureSummary lecture) + throws TAuthorizationException { if (!lecture.userPermissions.edit) { throw new TAuthorizationException(AuthorizationError.NO_PERMISSION, "No permission to edit this image"); @@ -298,6 +302,17 @@ public class User { } } + public static void canLinkToImageOrFail(UserInfo user, String imageVersionId) throws TNotFoundException, + TInvocationException, TAuthorizationException { + if (lecture.imageVersionId == null) + return; + ImageSummaryRead image = getImageFromVersionId(user, imageVersionId); + if (!image.userPermissions.link) { + throw new TAuthorizationException(AuthorizationError.NO_PERMISSION, + "No permission to link to this image"); + } + } + public static boolean canListImages(UserInfo user) throws TAuthorizationException { return isTutor(user); } diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java index 72049beb..2fe65d86 100644 --- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java @@ -447,11 +447,12 @@ public class ServerHandler implements SatelliteServer.Iface { @Override public String createLecture(String userToken, LectureWrite lecture) throws TAuthorizationException, - TInvocationException, TInvalidDateParam { + TInvocationException, TInvalidDateParam, TNotFoundException { if (lecture == null || lecture.defaultPermissions == null) throw new TInvocationException(); // TODO Own exception for this UserInfo user = SessionManager.getOrFail(userToken); User.canCreateLectureOrFail(user); + User.canLinkToImageOrFail(user, lecture.imageVersionId); Sanitizer.handleLectureDates(lecture); try { return DbLecture.create(user, lecture); @@ -461,14 +462,24 @@ public class ServerHandler implements SatelliteServer.Iface { } @Override - public void updateLecture(String userToken, String lectureId, LectureWrite lecture) + public void updateLecture(String userToken, String lectureId, LectureWrite newLectureData) throws TAuthorizationException, TNotFoundException, TInvocationException, TInvalidDateParam { UserInfo user = SessionManager.getOrFail(userToken); - User.canEditLectureOrFail(user, lectureId); - Sanitizer.handleLectureDates(lecture); - lecture.defaultPermissions = Sanitizer.handleLecturePermissions(lecture.defaultPermissions); + LectureSummary oldLecture; + try { + oldLecture = DbLecture.getLectureSummary(user, lectureId); + } catch (SQLException e1) { + throw new TInvocationException(); + } + User.canEditLectureOrFail(user, oldLecture); + // TODO Copy empty fields in new from old + if (oldLecture.imageVersionId == null + || !oldLecture.imageVersionId.equals(newLectureData.imageVersionId)) { + User.canLinkToImageOrFail(user, newLectureData.imageVersionId); + } + Sanitizer.handleLectureDates(newLectureData); try { - DbLecture.update(user, lectureId, lecture); + DbLecture.update(user, lectureId, newLectureData); } catch (SQLException e) { throw new TInvocationException(); } |