From 3b4da1880173797e56cc8fb9c0ec7a73311af430 Mon Sep 17 00:00:00 2001
From: Jonathan Bauer
Date: Thu, 11 Aug 2016 14:33:31 +0200
Subject: [server] lecture creation/updates dates sanitizer now checks if
 startTime or endTime changed before checking if it is within the upper/lower
 bounds

---
 .../org/openslx/bwlp/sat/thrift/ServerHandler.java |  4 +--
 .../java/org/openslx/bwlp/sat/util/Sanitizer.java  | 36 +++++++++++++---------
 2 files changed, 23 insertions(+), 17 deletions(-)

(limited to 'dozentenmodulserver/src/main/java')

diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java
index ed38ebfa..093df1a0 100644
--- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java
@@ -577,7 +577,7 @@ public class ServerHandler implements SatelliteServer.Iface {
 		UserInfo user = SessionManager.getOrFail(userToken);
 		User.canCreateLectureOrFail(user);
 		User.canLinkToImageOrFail(user, lecture.imageVersionId);
-		Sanitizer.handleLectureDates(lecture);
+		Sanitizer.handleLectureDates(lecture, null);
 		try {
 			return DbLecture.create(user, lecture);
 		} catch (SQLException e) {
@@ -606,7 +606,7 @@ public class ServerHandler implements SatelliteServer.Iface {
 				|| !oldLecture.imageVersionId.equals(newLectureData.imageVersionId)) {
 			User.canLinkToImageOrFail(user, newLectureData.imageVersionId);
 		}
-		Sanitizer.handleLectureDates(newLectureData);
+		Sanitizer.handleLectureDates(newLectureData, oldLecture);
 		try {
 			DbLecture.update(user, lectureId, newLectureData);
 		} catch (SQLException e) {
diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Sanitizer.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Sanitizer.java
index 8ce4df5c..f5fb8e13 100644
--- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Sanitizer.java
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Sanitizer.java
@@ -4,6 +4,7 @@ import org.openslx.bwlp.sat.RuntimeConfig;
 import org.openslx.bwlp.thrift.iface.DateParamError;
 import org.openslx.bwlp.thrift.iface.ImagePermissions;
 import org.openslx.bwlp.thrift.iface.LecturePermissions;
+import org.openslx.bwlp.thrift.iface.LectureSummary;
 import org.openslx.bwlp.thrift.iface.LectureWrite;
 import org.openslx.bwlp.thrift.iface.TInvalidDateParam;
 
@@ -25,27 +26,32 @@ public class Sanitizer {
 	/**
 	 * Sanitize start and end date of lecture.
 	 * 
-	 * @param lecture Lecture to sanitize
+	 * @param newLecture new Lecture to sanitize
+	 * @param oldLecture old Lecture to check for dates changes
 	 * @throws TInvalidDateParam If start or end date have invalid values
 	 */
-	public static void handleLectureDates(LectureWrite lecture) throws TInvalidDateParam {
-		if (lecture.startTime > lecture.endTime)
+	public static void handleLectureDates(LectureWrite newLecture, LectureSummary oldLecture) throws TInvalidDateParam {
+		if (newLecture.startTime > newLecture.endTime)
 			throw new TInvalidDateParam(DateParamError.NEGATIVE_RANGE, "Start date past end date");
 		final long now = System.currentTimeMillis() / 1000;
 		long lowLimit = now - LOWER_CUTOFF;
-		if (lecture.startTime < lowLimit)
-			throw new TInvalidDateParam(DateParamError.TOO_LOW, "Start date lies in the past");
-		if (lecture.endTime < lowLimit)
-			throw new TInvalidDateParam(DateParamError.TOO_LOW, "End date lies in the past");
 		long highLimit = now + RuntimeConfig.getMaxLectureValiditySeconds();
-		if (lecture.startTime > highLimit)
-			throw new TInvalidDateParam(DateParamError.TOO_HIGH, "Start date lies too far in the future");
-		// Bonus: If the end date is just a little bit off, silently correct it, since it might be clock
-		// inaccuracies between server and client
-		if (lecture.endTime > highLimit) {
-			if (lecture.endTime - ONE_DAY > highLimit)
-				throw new TInvalidDateParam(DateParamError.TOO_HIGH, "End date lies too far in the future");
-			lecture.endTime = highLimit;
+		if (oldLecture == null || newLecture.startTime != oldLecture.startTime) {
+			if (newLecture.startTime < lowLimit)
+				throw new TInvalidDateParam(DateParamError.TOO_LOW, "Start date lies in the past");
+			if (newLecture.startTime > highLimit)
+				throw new TInvalidDateParam(DateParamError.TOO_HIGH, "Start date lies too far in the future");
+		}
+		if (oldLecture == null || newLecture.endTime != oldLecture.endTime) {
+			if (newLecture.endTime < lowLimit)
+				throw new TInvalidDateParam(DateParamError.TOO_LOW, "End date lies in the past");
+			// Bonus: If the end date is just a little bit off, silently correct it, since it might be clock
+			// inaccuracies between server and client
+			if (newLecture.endTime > highLimit) {
+				if (newLecture.endTime - ONE_DAY > highLimit)
+					throw new TInvalidDateParam(DateParamError.TOO_HIGH, "End date lies too far in the future");
+				newLecture.endTime = highLimit;
+			}
 		}
 	}
 
-- 
cgit v1.2.3-55-g7522