Author: tchemit Date: 2012-08-13 16:05:40 +0200 (Mon, 13 Aug 2012) New Revision: 3607 Url: http://chorem.org/repositories/revision/pollen/3607 Log: fixes #765: Can not delete poll as administrator when not creator of the poll fixes #764: Can not close poll as administrator when not creator of the poll fixes 767: Can not attach poll when pollId contains have some trim spaces Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/PollService.java Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/PollService.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/PollService.java 2012-08-13 14:04:23 UTC (rev 3606) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/PollService.java 2012-08-13 14:05:40 UTC (rev 3607) @@ -57,7 +57,6 @@ import org.chorem.pollen.services.exceptions.PollAccountNotFound; import org.chorem.pollen.services.exceptions.PollChoiceNotFoundException; import org.chorem.pollen.services.exceptions.PollNotFoundException; -import org.chorem.pollen.services.exceptions.UnauthorizedPollAccessException; import org.nuiton.topia.TopiaException; import org.nuiton.topia.persistence.TopiaFilterPagerUtil; import org.nuiton.util.beans.Binder; @@ -456,42 +455,27 @@ boolean withUserAccount = userAccount != null; - if (StringUtils.isNotEmpty(accountId)) { + if (StringUtils.isNotEmpty(accountId) || withUserAccount) { - try { - pollAccountLoaded = - dao.findVoterPollAccountByAccountId(poll.getPollId(), accountId); - } catch (TopiaException e) { - throw new PollenTechnicalException(e); - } + if (poll.isPollFree()) { + try { + pollAccountLoaded = + dao.findVoterPollAccount(poll.getPollId(), + accountId, + userAccount); + } catch (TopiaException e) { + throw new PollenTechnicalException(e); + } + } else { + // try to find pollAccount from the list of participants + try { - } else { - - // Try to retrieve existing pollAccount from user - - if (withUserAccount) { - - if (poll.isPollFree()) { - - // try to find pollAccount from the list of voters - try { - pollAccountLoaded = - dao.findVoterPollAccountByUserAccount( - poll.getPollId(), userAccount); - } catch (TopiaException e) { - throw new PollenTechnicalException(e); - } - } else { - - // try to find pollAccount from the list of participants - try { - - pollAccountLoaded = - dao.findRestrictedPollAccountByEmail( - poll.getPollId(), userAccount.getEmail()); - } catch (TopiaException e) { - throw new PollenTechnicalException(e); - } + pollAccountLoaded = + dao.findRestrictedPollAccount( + poll.getPollId(), null, + userAccount); + } catch (TopiaException e) { + throw new PollenTechnicalException(e); } } } @@ -506,14 +490,15 @@ // Don't remove or update userAccount link if already set if (withUserAccount && result.getUserAccount() == null) { + //TODO-tchemit-2012-08-13 Is UserAccount must be done here ? Not sure (vote time is better (and unique...)) // link pollAccount to his userAccount result.setUserAccount(userAccount); } } - if (result == null && withUserAccount) { + if (result == null) { - // create a new pollAccount linked to given userAccount + // create a new pollAccount linked to given userAccount (if not null) result = getNewPollAccount(userAccount); } return result; @@ -681,67 +666,26 @@ return result; } - public PollAccount getPollAccountByAccountId(String accountId) throws PollAccountNotFound { - try { - PollAccountDAO dao = getDAO(PollAccount.class); - PollAccount result = dao.findByAccountId(accountId); + public void deletePoll(String pollId) throws PollNotFoundException { - if (result == null) { - throw new PollAccountNotFound(); - } + // can not have an null nor empty pollId + Preconditions.checkArgument(StringUtils.isNotBlank(pollId)); - return result; - } catch (TopiaException e) { - throw new PollenTechnicalException("Could not botain account with this id", e); - } - } + Poll pollToDelete = getExistingPollByPollId(pollId); - public void deletePoll(String pollId, - UserAccount userAccount, - String accountId) throws PollNotFoundException, PollAccountNotFound, UnauthorizedPollAccessException { - - Preconditions.checkNotNull(pollId); - Preconditions.checkNotNull(accountId); - - Poll poll = getExistingPollByPollId(pollId); - - if (userAccount == null || userAccount.isAdministrator()) { - - // must check that accountId matches the poll creator id - - PollAccount account = getPollAccountByAccountId(accountId); - - if (!account.getAccountId().equals(poll.getCreator().getAccountId())) { - throw new UnauthorizedPollAccessException(); - } - } - PollDAO dao = getDAO(Poll.class); - delete(dao, poll); + delete(dao, pollToDelete); - commitTransaction("Could not delete poll" + poll.getTitle()); + commitTransaction("Could not delete poll" + pollToDelete.getTitle()); } - public void closePoll(String pollId, - UserAccount userAccount, - String accountId) throws PollNotFoundException, PollAccountNotFound, UnauthorizedPollAccessException { + public void closePoll(String pollId) throws PollNotFoundException { - Preconditions.checkNotNull(pollId); - Preconditions.checkNotNull(accountId); + // can not have an null nor empty pollId + Preconditions.checkArgument(StringUtils.isNotBlank(pollId)); Poll poll = getExistingPollByPollId(pollId); - if (userAccount == null || userAccount.isAdministrator()) { - - // must check that accountId matches the poll creator id - - PollAccount account = getPollAccountByAccountId(accountId); - - if (!account.getAccountId().equals(poll.getCreator().getAccountId())) { - throw new UnauthorizedPollAccessException(); - } - } - if (!poll.isChoiceEmpty()) { for (Choice choice : poll.getChoice()) { choice.setValidate(true); @@ -756,11 +700,14 @@ commitTransaction("Could not close poll " + poll.getTitle()); } - public void attachPoll(Poll poll, UserAccount userAccount) { + public void attachPoll(String pollId, UserAccount userAccount) throws PollNotFoundException { - Preconditions.checkNotNull(poll); + // can not have an null nor empty pollId + Preconditions.checkArgument(StringUtils.isNotBlank(pollId)); Preconditions.checkNotNull(userAccount); + Poll poll = getExistingPollByPollId(pollId); + // just link poll creator account to given user account PollAccount creator = poll.getCreator(); creator.setUserAccount(userAccount); @@ -994,6 +941,8 @@ PersonToListDAO personToListDAO = getDAO(PersonToList.class); PollAccountDAO pollAccountDAO = getDAO(PollAccount.class); + String creatorEmail = poll.getCreator().getEmail(); + // Prepare the VotingList and add it to the poll VotingList result; if (votingList.getTopiaId() == null) { @@ -1025,20 +974,40 @@ // the link must be set in both objects personToListLoaded.setVotingList(result); -// // FIXME-fdesbois-2012-04-12 : find a better way to ensure accountId + // FIXME-fdesbois-2012-04-12 : find a better way to ensure accountId String accountId = pollAccount.getAccountId(); + String accountEmail = pollAccount.getEmail(); - if (StringUtils.isBlank(accountId)) { + if (ObjectUtils.equals(creatorEmail, pollAccount.getEmail())) { + // use the creator account + pollAccountLoaded = poll.getCreator(); + if (log.isInfoEnabled()) { + log.info(String.format( + "Use the creator account as restricted account [%s]", accountEmail)); + } + + } else if (StringUtils.isBlank(accountId)) { + // creates a new pollAccount pollAccountLoaded = createWithProperties( pollAccountDAO, PollAccount.PROPERTY_ACCOUNT_ID, generateId()); + + if (log.isInfoEnabled()) { + log.info(String.format( + "Create new account as restricted account [%s]", accountEmail)); + } } else { // reuse the existing account pollAccountLoaded = pollAccountDAO.findByAccountId(accountId); + + if (log.isInfoEnabled()) { + log.info(String.format( + "Reuse existing account as restricted account [%s]", accountEmail)); + } } } else { @@ -1123,4 +1092,5 @@ + thumbCopied.length() + ")"); } } + }
participants (1)
-
tchemit@users.chorem.org