Author: tchemit Date: 2012-03-23 22:30:45 +0100 (Fri, 23 Mar 2012) New Revision: 3206 Url: http://chorem.org/repositories/revision/pollen/3206 Log: add PollUri object + security method in PollService Added: branches/pollen-1.2.6-struts2/pollen-services/src/main/java/org/chorem/pollen/bean/PollUri.java Modified: branches/pollen-1.2.6-struts2/pollen-services/src/main/java/org/chorem/pollen/services/impl/PollService.java Added: branches/pollen-1.2.6-struts2/pollen-services/src/main/java/org/chorem/pollen/bean/PollUri.java =================================================================== --- branches/pollen-1.2.6-struts2/pollen-services/src/main/java/org/chorem/pollen/bean/PollUri.java (rev 0) +++ branches/pollen-1.2.6-struts2/pollen-services/src/main/java/org/chorem/pollen/bean/PollUri.java 2012-03-23 21:30:45 UTC (rev 3206) @@ -0,0 +1,77 @@ +/* + * #%L + * Pollen :: Services + * + * $Id$ + * $HeadURL$ + * %% + * Copyright (C) 2009 - 2012 CodeLutin + * %% + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * #L% + */ +package org.chorem.pollen.bean; + +import org.apache.commons.lang3.StringUtils; + +/** + * TODO + * + * @author tchemit <chemit@codelutin.com> + * @since 1.2.6 + */ +public class PollUri { + + public static PollUri newPollUri(String uri) { + + PollUri result = new PollUri(); + + String[] split = uri.split(":", 2); + if (split.length > 0) { + result.setPollId(split[0]); + if (split.length > 1) { + result.setAccountId(split[1]); + } + } + return result; + } + + protected String pollId; + + protected String accountId; + + public String getPollId() { + return pollId; + } + + public String getAccountId() { + return accountId; + } + + public void setPollId(String pollId) { + this.pollId = pollId; + } + + public void setAccountId(String accountId) { + this.accountId = accountId; + } + + public String getUri() { + String result = pollId; + if (StringUtils.isNotEmpty(accountId)) { + result += ":" + accountId; + } + return result; + } +} Property changes on: branches/pollen-1.2.6-struts2/pollen-services/src/main/java/org/chorem/pollen/bean/PollUri.java ___________________________________________________________________ Added: svn:keywords + Author Date Id Revision HeadURL Added: svn:eol-style + native Modified: branches/pollen-1.2.6-struts2/pollen-services/src/main/java/org/chorem/pollen/services/impl/PollService.java =================================================================== --- branches/pollen-1.2.6-struts2/pollen-services/src/main/java/org/chorem/pollen/services/impl/PollService.java 2012-03-23 17:15:58 UTC (rev 3205) +++ branches/pollen-1.2.6-struts2/pollen-services/src/main/java/org/chorem/pollen/services/impl/PollService.java 2012-03-23 21:30:45 UTC (rev 3206) @@ -31,6 +31,7 @@ import org.chorem.pollen.PollenTechnicalException; import org.chorem.pollen.bean.PollDateChoice; import org.chorem.pollen.bean.PollImageChoice; +import org.chorem.pollen.bean.PollUri; import org.chorem.pollen.business.persistence.Choice; import org.chorem.pollen.business.persistence.ChoiceDAO; import org.chorem.pollen.business.persistence.PersonToList; @@ -47,6 +48,7 @@ import org.chorem.pollen.business.persistence.VotingList; import org.chorem.pollen.business.persistence.VotingListDAO; import org.chorem.pollen.common.ChoiceType; +import org.chorem.pollen.common.PollType; import org.chorem.pollen.services.PollenServiceSupport; import org.chorem.pollen.services.exceptions.PollAccountNotFound; import org.chorem.pollen.services.exceptions.PollChoiceNotFoundException; @@ -153,7 +155,6 @@ PreventRuleDAO preventRuleDAO = getDAO(PreventRule.class); for (PreventRule preventRule : poll.getPreventRule()) { - PreventRule preventRuleCreated = create(preventRuleDAO); preventRuleCreated.setActive(preventRule.isActive()); preventRuleCreated.setMethod(preventRule.getMethod()); @@ -522,32 +523,68 @@ commitTransaction("Could not delete choice " + choice.getName()); } - public PollAccount getRestrictedAccount(String pollId, - String accountId) throws PollNotFoundException { + public void checkPoll(PollUri uri) throws PollNotFoundException { + + String pollId = uri.getPollId(); + Poll poll = getPollByPollId(pollId); if (poll == null) { throw new PollNotFoundException(); } + } - if (log.isInfoEnabled()) { - log.info("getRestrictedAccount : accountId = " + accountId + - " _ pollId = " + poll.getPollId()); + public void checkPollAccount(PollUri uri) throws PollNotFoundException, UnauthorizedPollAccessException { + + String pollId = uri.getPollId(); + String accountId = uri.getAccountId(); + + Poll poll = getPollByPollId(pollId); + + if (poll == null) { + throw new PollNotFoundException(); } - // Use PersonToList association entity to find coherence between - // the poll and votingId - PollAccountDAO dao = getDAO(PollAccount.class); + if (poll.getPollType() != PollType.FREE) { - try { - PollAccount result = dao.getRestrictedPollAccount(pollId, accountId); - return result; - } catch (TopiaException e) { - throw new PollenTechnicalException( - "Could not obtain restricted pollAccount", e); + // check that uri contains a correct poll account for this + + // Use PersonToList association entity to find coherence between + // the poll and votingId + PollAccountDAO dao = getDAO(PollAccount.class); + + try { + PollAccount result = + dao.getRestrictedPollAccount(pollId, accountId); + + if (result == null) { + throw new UnauthorizedPollAccessException(); + } + } catch (TopiaException e) { + throw new PollenTechnicalException( + "Could not obtain restricted pollAccount", e); + } } } + public void checkPollCreator(PollUri uri) throws PollNotFoundException, UnauthorizedPollAccessException { + + String pollId = uri.getPollId(); + String accountId = uri.getAccountId(); + + Poll poll = getPollByPollId(pollId); + + if (poll == null) { + throw new PollNotFoundException(); + } + + String creatorId = poll.getCreator().getAccountId(); + + if (!creatorId.equals(accountId)) { + throw new UnauthorizedPollAccessException(); + } + } + public File getPollChoiceImageFile(String pollId, String choiceId, boolean thumb) { @@ -613,8 +650,8 @@ pollToUpdate.addVote(voteToAdd); commitTransaction("Can't add the vote [" + voteId + "] to the poll [" + pollId + "]"); - - + + // TopiaContext transaction = null; // try { // transaction = rootContext.beginTransaction();