Package general

Source Code of general.EventAttributesAccessPolicy

package general;

import java.util.List;

import org.hibernate.Session;

import domain.Event;
import domain.PermissionType;
import domain.Role;
import domain.User;

public class EventAttributesAccessPolicy {

  public static void enforce(Session databaseSession, User currentUser, List<Event> events) {
    // get permission types from database (very very dumb):
    PermissionType privatePermission = (PermissionType) databaseSession.get(PermissionType.class, new Long(3));
    PermissionType protectedPermission = (PermissionType) databaseSession.get(PermissionType.class, new Long(2));

    // get admin role, yep, dumb as well.
    Role adminRole = (Role) databaseSession.get(Role.class, new Long(2));
   
    // Remove sensitive information
    for(Event event : events) {
      // remove password from user anyway
      event.getId().getOwner().setPassword(null);
     
      // if event private, only owner can see it.
      // if event protected, only admins see all
      if (   ( event.getPermission().equals(privatePermission) && !currentUser.equals(event.getId().getOwner()) )
        || ( event.getPermission().equals(protectedPermission) && !currentUser.getRole().equals(adminRole) && !currentUser.equals(event.getId().getOwner()) ) )  {

        event.setDescription(null);
        event.getId().setType(null);
        event.getId().setOwner(null);
      }
    }
  }
}
TOP

Related Classes of general.EventAttributesAccessPolicy

TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.