diff options
author | Jonathan Bauer | 2016-08-11 14:33:31 +0200 |
---|---|---|
committer | Jonathan Bauer | 2016-08-11 14:33:31 +0200 |
commit | 3b4da1880173797e56cc8fb9c0ec7a73311af430 (patch) | |
tree | 3bedc2c62190885a9b9ae2d07db01fb33577ad01 /dozentenmodulserver/src | |
parent | [server] Add/improve DbLog messages (diff) | |
download | tutor-module-3b4da1880173797e56cc8fb9c0ec7a73311af430.tar.gz tutor-module-3b4da1880173797e56cc8fb9c0ec7a73311af430.tar.xz tutor-module-3b4da1880173797e56cc8fb9c0ec7a73311af430.zip |
[server] lecture creation/updates dates sanitizer now checks if startTime or endTime changed before checking if it is within the upper/lower bounds
Diffstat (limited to 'dozentenmodulserver/src')
-rw-r--r-- | dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java | 4 | ||||
-rw-r--r-- | dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Sanitizer.java | 36 |
2 files changed, 23 insertions, 17 deletions
diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java index ed38ebfa..093df1a0 100644 --- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java @@ -577,7 +577,7 @@ public class ServerHandler implements SatelliteServer.Iface { UserInfo user = SessionManager.getOrFail(userToken); User.canCreateLectureOrFail(user); User.canLinkToImageOrFail(user, lecture.imageVersionId); - Sanitizer.handleLectureDates(lecture); + Sanitizer.handleLectureDates(lecture, null); try { return DbLecture.create(user, lecture); } catch (SQLException e) { @@ -606,7 +606,7 @@ public class ServerHandler implements SatelliteServer.Iface { || !oldLecture.imageVersionId.equals(newLectureData.imageVersionId)) { User.canLinkToImageOrFail(user, newLectureData.imageVersionId); } - Sanitizer.handleLectureDates(newLectureData); + Sanitizer.handleLectureDates(newLectureData, oldLecture); try { DbLecture.update(user, lectureId, newLectureData); } catch (SQLException e) { diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Sanitizer.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Sanitizer.java index 8ce4df5c..f5fb8e13 100644 --- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Sanitizer.java +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Sanitizer.java @@ -4,6 +4,7 @@ import org.openslx.bwlp.sat.RuntimeConfig; import org.openslx.bwlp.thrift.iface.DateParamError; import org.openslx.bwlp.thrift.iface.ImagePermissions; import org.openslx.bwlp.thrift.iface.LecturePermissions; +import org.openslx.bwlp.thrift.iface.LectureSummary; import org.openslx.bwlp.thrift.iface.LectureWrite; import org.openslx.bwlp.thrift.iface.TInvalidDateParam; @@ -25,27 +26,32 @@ public class Sanitizer { /** * Sanitize start and end date of lecture. * - * @param lecture Lecture to sanitize + * @param newLecture new Lecture to sanitize + * @param oldLecture old Lecture to check for dates changes * @throws TInvalidDateParam If start or end date have invalid values */ - public static void handleLectureDates(LectureWrite lecture) throws TInvalidDateParam { - if (lecture.startTime > lecture.endTime) + public static void handleLectureDates(LectureWrite newLecture, LectureSummary oldLecture) throws TInvalidDateParam { + if (newLecture.startTime > newLecture.endTime) throw new TInvalidDateParam(DateParamError.NEGATIVE_RANGE, "Start date past end date"); final long now = System.currentTimeMillis() / 1000; long lowLimit = now - LOWER_CUTOFF; - if (lecture.startTime < lowLimit) - throw new TInvalidDateParam(DateParamError.TOO_LOW, "Start date lies in the past"); - if (lecture.endTime < lowLimit) - throw new TInvalidDateParam(DateParamError.TOO_LOW, "End date lies in the past"); long highLimit = now + RuntimeConfig.getMaxLectureValiditySeconds(); - if (lecture.startTime > highLimit) - throw new TInvalidDateParam(DateParamError.TOO_HIGH, "Start date lies too far in the future"); - // Bonus: If the end date is just a little bit off, silently correct it, since it might be clock - // inaccuracies between server and client - if (lecture.endTime > highLimit) { - if (lecture.endTime - ONE_DAY > highLimit) - throw new TInvalidDateParam(DateParamError.TOO_HIGH, "End date lies too far in the future"); - lecture.endTime = highLimit; + if (oldLecture == null || newLecture.startTime != oldLecture.startTime) { + if (newLecture.startTime < lowLimit) + throw new TInvalidDateParam(DateParamError.TOO_LOW, "Start date lies in the past"); + if (newLecture.startTime > highLimit) + throw new TInvalidDateParam(DateParamError.TOO_HIGH, "Start date lies too far in the future"); + } + if (oldLecture == null || newLecture.endTime != oldLecture.endTime) { + if (newLecture.endTime < lowLimit) + throw new TInvalidDateParam(DateParamError.TOO_LOW, "End date lies in the past"); + // Bonus: If the end date is just a little bit off, silently correct it, since it might be clock + // inaccuracies between server and client + if (newLecture.endTime > highLimit) { + if (newLecture.endTime - ONE_DAY > highLimit) + throw new TInvalidDateParam(DateParamError.TOO_HIGH, "End date lies too far in the future"); + newLecture.endTime = highLimit; + } } } |