@Override
public void authorize(final PrincipalActionContext inActionContext) throws AuthorizationException
{
SetFollowingStatusRequest request = (SetFollowingStatusRequest) inActionContext.getParams();
DomainGroupModelView targetResult = groupMapper.fetchUniqueResult(request.getTargetUniqueId());
if (request.getFollowerStatus().equals(Follower.FollowerStatus.FOLLOWING))
{
// If the group is private, only a group coordinator can add a follower to a group.
if (!targetResult.isPublic())
{
Set<Long> groupCoordinators = groupCoordMapper.execute(targetResult.getEntityId());
if (!groupCoordinators.contains(inActionContext.getPrincipal().getId()))
{
throw new AuthorizationException("Only group coordinators can add members to a private group.");
}
}
}
else
{
// if the group is private, the follower and group coordinators are the only users that can sever the
// relationship.
if (!targetResult.isPublic())
{
Set<Long> groupCoordinators = groupCoordMapper.execute(targetResult.getEntityId());
if (!groupCoordinators.contains(inActionContext.getPrincipal().getId())
&& !request.getFollowerUniqueId().equals(inActionContext.getPrincipal().getAccountId()))
{
throw new AuthorizationException("Coordinators and Followers are the only ones who can remove a "
+ "follower from a private group.");