Package org.springframework.security.config.annotation.issue50.domain

Examples of org.springframework.security.config.annotation.issue50.domain.User


   */
  @Override
  protected Response internalExecute(HttpServletRequest request, Session databaseSession) {
 
    Response response = null;
    User oldUser = null;
    HttpSession httpSession = request.getSession();
   
    // if user is not a manager, he can't continue
    if( ! ((Boolean) httpSession.getAttribute("manager")) ) {
     
      return new Response(ResponseStatus.FAIL, "No authorization");
    }
   
    try
     
      Role newRoleObject = (Role) databaseSession.createCriteria(Role.class).add(Restrictions.eq("id", this.role)).uniqueResult();
     
      if (null == newRoleObject) {
       
        return new Response(ResponseStatus.FAIL, "User role does not exist, database failure.");
      }
     
      oldUser = (User) databaseSession.createCriteria(User.class)
                  .add(Restrictions.eq("id", id))
                  .uniqueResult();
     
      if (null == oldUser) {
        throw new IllegalArgumentException("The user you are editing was not found.");
      }
     
      Transaction transaction = databaseSession.beginTransaction();     
 
      oldUser.setUsername(this.username);
      oldUser.setPassword(this.password);
      oldUser.setFullname(this.fullname);
      oldUser.setRole(newRoleObject);
      databaseSession.update(oldUser);
   
      transaction.commit();
      response = new Response(ResponseStatus.OK);
    }
View Full Code Here


   * if not - login the user.
   */
  @Override
  protected Response internalExecute(HttpServletRequest request, Session databaseSession) {
    Response response = null;
    User user = null;
   
    HttpSession httpSession = request.getSession();
    // Checks if some user is already logged-in to the system
    if( null != httpSession.getAttribute("currentUser") ) {
      return new Response(ResponseStatus.FAIL, "You are already logged-in");
    }
   
    try {
      user = (User) databaseSession.createCriteria(User.class).add(Restrictions.eq("username", this.username)).uniqueResult();

      if (null != user && user.getUsername().equals(this.username) && user.getPassword().equals(this.password)) { // user exists and password match
        // "LogIn" the user to the session
        httpSession.setAttribute("currentUser", user);
        response = new Response(ResponseStatus.OK);
      } else { // user does not exists
        response = new Response(ResponseStatus.FAIL, "Bad user password combination!");
View Full Code Here

      }
      if( !DateOperator.isRepetitionPossible(fromDate, toDate, repetitionTypeObject) ) {
        return new Response(ResponseStatus.FAIL, "Repetition is not possible. Make sure there is a sense in the repetition type you choose");
      }
     
      User oldOwner = (User) databaseSession.get(User.class, this.oldOwner);

      if (oldOwner == null) {
        throw new IllegalArgumentException("Couldn't locate old owner of the event");
      }
     
      EventType oldEventType = (EventType) databaseSession.get(EventType.class, this.oldEventType);
     
      if (oldEventType == null) {
        throw new IllegalArgumentException("Couldn't locate old type of the event");
      }
     
      Event oldEvent = (Event) databaseSession.createCriteria(Event.class)
                    .add(Restrictions.eq("id.from", DateOperator.stringToDate(this.oldFrom) ))
                    .add(Restrictions.eq("id.to", DateOperator.stringToDate(this.oldTo)))
                    .add(Restrictions.eq("id.type", oldEventType))
                    .add(Restrictions.eq("id.owner", oldOwner))
                    .uniqueResult();
     
      if (oldEvent == null) {
        throw new IllegalArgumentException("Could not locate event in question!");
      }
     
      User currentUser = (User) request.getSession().getAttribute("currentUser");
     
      if (currentUser == null) {
        throw new SecurityException("You're not logged in");
      }

      // get permission types from database (very very dumb):
      PermissionType publicPermission = (PermissionType) databaseSession.get(PermissionType.class, new Long(1));
     
      // get admin role, yep, dumb as well.
      Role adminRole = (Role) databaseSession.get(Role.class, new Long(2));
     
      // who can edit the event:
      // 1. the owner
      // 2. Not owner but admin if the event is public
      if ( !(oldEvent.getId().getOwner().equals(currentUser)
         ||  (oldEvent.getPermission().equals(publicPermission) && currentUser.getRole().equals(adminRole)) ) ) {
        throw new SecurityException("Permission to edit is denied.");
      }
     
      if (null == oldEvent) {
        throw new IllegalArgumentException("The event you are editing was not found.");
View Full Code Here

     
      return new Response(ResponseStatus.FAIL, "No authorization");
    }
   
   
    User userObject = (User) databaseSession.createCriteria(User.class)
                .add(Restrictions.eq("id", this.id))
                .uniqueResult();
    if(null == userObject) {
      return new Response(ResponseStatus.FAIL, "Not valid user");
    }
View Full Code Here

  protected Response internalExecute(HttpServletRequest request, Session databaseSession) {
    Response response = null;
    Event event = null;
    HttpSession httpSession = request.getSession();
   
    User userObject = (User) httpSession.getAttribute("currentUser");
    if( null == userObject ) {
      return new Response(ResponseStatus.FAIL, "Problem identifying user");
    }

    Date fromDate = DateOperator.stringToDate(from);
View Full Code Here

        throw new IllegalArgumentException("Start date need to be before end date");
      }
     
      if (oldFrom != null && oldTo != null) { // if we need to exclude old event, get it.   
        EventType oldEventTypeObj = (EventType) databaseSession.get(EventType.class, oldEventType);
        User oldOwnerObj = (User) databaseSession.get(User.class, oldOwner);
       
        oldEvent = (Event) databaseSession.createCriteria(Event.class)
          .add(Restrictions.eq("id.from", DateOperator.stringToDate(this.oldFrom) ))
          .add(Restrictions.eq("id.to", DateOperator.stringToDate(this.oldTo)))
          .add(Restrictions.eq("id.type", oldEventTypeObj))
View Full Code Here

      return new EventListResponse(ResponseStatus.FAIL, "From date should be before To date!", null);
    }
   
    HttpSession httpSession = request.getSession();
    try {
      User currentUser = (User) httpSession.getAttribute("currentUser");
     
      if (currentUser == null) {
        throw new Exception("You are not logged in!");
      }
     
View Full Code Here

   * Checks if the given username is already exist in the database
   */
  @Override
  protected Response internalExecute(HttpServletRequest request, Session databaseSession) {
    Response response = null;
    User user = null;
    try {
      user = (User) databaseSession.createCriteria(User.class).add(Restrictions.eq("username", this.username)).uniqueResult();

      if (null != user) { // user exists
        response = new UserExistsResponse(ResponseStatus.OK, "", true);
View Full Code Here

   */
  @Override
  protected Response internalExecute(HttpServletRequest request, Session databaseSession) {
 
    Response response = null;
    User user = null;
    HttpSession httpSession = request.getSession();
   
    // if user is not a manager, he can't continue
    if( ! ((Boolean) httpSession.getAttribute("manager")) ) {
     
      return new Response(ResponseStatus.FAIL, "No authorization");
    }
   
   
    try {
      Role userRole = (Role) databaseSession.createCriteria(Role.class).add(Restrictions.eq("id", this.role)).uniqueResult();
     
      if (null == userRole) {
        return new Response(ResponseStatus.FAIL, "User role does not exist, database failure.");
      }
     
      user = new User();
     
      if( (null == this.fullname) || (0 == this.fullname.length()) ) {
        return new Response(ResponseStatus.FAIL, "Descrition is not valid");
      }
      if( (null == this.password) || (0 == this.password.length()) ) {
        return new Response(ResponseStatus.FAIL, "Color is not valid");
      }
      if( (null == this.username) || (0 == this.username.length()) ) {
        return new Response(ResponseStatus.FAIL, "Color is not valid");
      }
     
      user.setRole(userRole);
      user.setFullname(this.fullname);
      user.setPassword(this.password);
      user.setUsername(this.username);

   
      Transaction transaction = databaseSession.beginTransaction();
      try {
        databaseSession.save(user);
View Full Code Here

    Date fromDate;
    Date toDate;
    Response response = null;
    HttpSession httpSession = request.getSession();
   
    User userObject = (User) httpSession.getAttribute("currentUser");
    if(null == userObject) {
      return new Response(ResponseStatus.FAIL, "You are not logged in!");
    }
   
    fromDate = DateOperator.stringToDate(from);
    toDate = DateOperator.stringToDate(to);
   
    if( null == fromDate || null == toDate ) {
      return (new Response(ResponseStatus.FAIL, "Dates parsing problem" ));
    }
    else {
      try {
        EventType eventTypeObject = (EventType) databaseSession.get(EventType.class, this.eventType);
        if(null == eventTypeObject)
        {
          return (new Response(ResponseStatus.FAIL, "Not valid event type"));
        }
       
        User eventOwner = (User) databaseSession.get(User.class, this.owner);
       
        EventId eventIdObject = new EventId();
        eventIdObject.setFrom(fromDate);
        eventIdObject.setTo(toDate);
        eventIdObject.setOwner(eventOwner);
        eventIdObject.setType(eventTypeObject);
       
        Event eventObject = (Event) databaseSession.get(Event.class, eventIdObject);
       
        if (eventObject == null) {
          throw new IllegalArgumentException("Could not locate event in question!");
        }
       
        // get current user
        User currentUser = (User) request.getSession().getAttribute("currentUser");
       
        // get permission types from database (very very dumb):
        PermissionType publicPermission = (PermissionType) databaseSession.get(PermissionType.class, new Long(1));
       
        // get admin role, yep, dumb as well.
        Role adminRole = (Role) databaseSession.get(Role.class, new Long(2));
       
        // who can edit the event:
        // 1. the owner
        // 2. Not owner but admin if the event is public
        if ( !eventObject.getId().getOwner().equals(currentUser)
           ||  (eventObject.getPermission().equals(publicPermission) && currentUser.getRole().equals(adminRole)) ) ) {
          throw new SecurityException("Permission to delete is denied.");
        }
       
        Transaction transaction = databaseSession.beginTransaction();
        transaction.begin();
View Full Code Here

TOP

Related Classes of org.springframework.security.config.annotation.issue50.domain.User

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.