public class EventAttributesAccessPolicy {
public static void enforce(Session databaseSession, User currentUser, List<Event> events) {
// get permission types from database (very very dumb):
PermissionType privatePermission = (PermissionType) databaseSession.get(PermissionType.class, new Long(3));
PermissionType protectedPermission = (PermissionType) databaseSession.get(PermissionType.class, new Long(2));
// get admin role, yep, dumb as well.
Role adminRole = (Role) databaseSession.get(Role.class, new Long(2));
// Remove sensitive information