return;
}
} catch (UnknownHostException e) {
throw new InternalException(e);
}
throw new UnauthorizedException();
}
UserRole role = user.getRole();
String roleCode = role.getCode();
if (roleCode.equals(UserRole.VIEWER)) {
if (pathInfo.startsWith("/reports/")
&& pathInfo.endsWith("/output/")
&& (method.equals(HttpMethod.GET) || method
.equals(HttpMethod.HEAD))) {
return;
}
} else if (roleCode.equals(UserRole.EDITOR)) {
return;
} else if (roleCode.equals(UserRole.PARTY_VIEWER)) {
if (method.equals(HttpMethod.GET) || method.equals(HttpMethod.HEAD)) {
Party party = user.getParty();
char marketRoleCode = party.getRole().getCode();
if (marketRoleCode == MarketRole.HHDC) {
Long hhdcContractId = inv.getLong("hhdc-contract-id");
if (!inv.isValid()) {
throw new ForbiddenException(
"Need the parameter hhdc-contract-id.");
}
HhdcContract hhdcContract = HhdcContract
.getHhdcContract(hhdcContractId);
if (!hhdcContract.getParty().equals(party)) {
throw new ForbiddenException(
"The party associated with the contract you're trying to view doesn't match your party.");
}
if ((pathInfo + "?" + inv.getRequest().getQueryString())
.startsWith("/reports/37/output/?hhdc-contract-id="
+ hhdcContract.getId())) {
return;
}
} else if (marketRoleCode == MarketRole.SUPPLIER) {
if (pathInfo.startsWith("/supplier-contracts/"
+ party.getId())) {
return;
}
}
}
}
if (inv.getUser() == null) {
throw new UnauthorizedException();
}
throw new ForbiddenException();
}