Party party = user.getParty();
char marketRoleCode = party.getRole().getCode();
if (marketRoleCode == MarketRole.HHDC) {
Long hhdcContractId = inv.getLong("hhdc-contract-id");
if (!inv.isValid()) {
throw new ForbiddenException(
"Need the parameter hhdc-contract-id.");
}
HhdcContract hhdcContract = HhdcContract
.getHhdcContract(hhdcContractId);
if (!hhdcContract.getParty().equals(party)) {
throw new ForbiddenException(
"The party associated with the contract you're trying to view doesn't match your party.");
}
if ((pathInfo + "?" + inv.getRequest().getQueryString())
.startsWith("/reports/37/output/?hhdc-contract-id="
+ hhdcContract.getId())) {
return;
}
} else if (marketRoleCode == MarketRole.SUPPLIER) {
if (pathInfo.startsWith("/supplier-contracts/"
+ party.getId())) {
return;
}
}
}
}
if (inv.getUser() == null) {
throw new UnauthorizedException();
}
throw new ForbiddenException();
}