public void delete(RequestContext requestContext) throws RegistryException {
RegistryContext registryContext = requestContext.getRegistryContext();
if (registryContext == null) {
registryContext = RegistryContext.getBaseInstance();
}
CommentsDAO commentsDAO = registryContext.getDataAccessManager().getDAOManager().
getCommentsDAO(StaticConfiguration.isVersioningComments());
requestContext.setProcessingComplete(false);
ResourcePath resourcePath = requestContext.getResourcePath();
String commentID = resourcePath.getParameterValue("comments");
if (commentID != null) {
long cID;
try {
cID = Long.parseLong(commentID);
} catch (NumberFormatException e) {
// note that this might not be an exceptional scenario. there could be a different
// URL form, which contains strings after "comment".
// it is just that it is not the URL we expect here
return;
}
String userID = CurrentSession.getUser();
String authorizationPath =
AuthorizationUtils.getAuthorizationPath(resourcePath.getPath());
String commentAuthor;
Comment comment = commentsDAO.getComment(cID, resourcePath.getPath());
commentAuthor = comment.getUser();
// check if the current user has permission to delete this comment.
// users who have PUT permission on the commented resource can delete any comment on
// that resource. Any user can delete his own comment.
try {
UserRealm realm = CurrentSession.getUserRealm();
if (!userID.equals(commentAuthor) &&
!realm.getAuthorizationManager().isUserAuthorized(userID, authorizationPath,
ActionConstants.PUT)) {
String msg = "User: " + userID +
" is not authorized to delete the comment on the resource: " +
authorizationPath;
log.warn(msg);
throw new AuthorizationFailedException(msg);
}
} catch (UserStoreException e) {
//
}
commentsDAO.deleteComment(cID);
requestContext.setProcessingComplete(true);
}
}