/**
*
*/
package protocol;
import java.util.Date;
import general.DateOperator;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.hibernate.HibernateException;
import org.hibernate.Session;
import org.hibernate.Transaction;
import domain.Event;
import domain.EventId;
import domain.EventType;
import domain.PermissionType;
import domain.Role;
import domain.User;
/**
* This class represent a query for delete events
* @author Nufar Oren
*/
public class DeleteEventQuery extends Query
{
/**
*
*/
private static final long serialVersionUID = 5009819462230104492L;
private String from;
private String to;
private Long eventType;
private Long owner;
public DeleteEventQuery() {} // required for Gson
/**
* Checks if a user is logged-in,
* and then delete the event from the database
*/
@Override
protected Response internalExecute(HttpServletRequest request, Session databaseSession) {
Date fromDate;
Date toDate;
Response response = null;
HttpSession httpSession = request.getSession();
User userObject = (User) httpSession.getAttribute("currentUser");
if(null == userObject) {
return new Response(ResponseStatus.FAIL, "You are not logged in!");
}
fromDate = DateOperator.stringToDate(from);
toDate = DateOperator.stringToDate(to);
if( null == fromDate || null == toDate ) {
return (new Response(ResponseStatus.FAIL, "Dates parsing problem" ));
}
else {
try {
EventType eventTypeObject = (EventType) databaseSession.get(EventType.class, this.eventType);
if(null == eventTypeObject)
{
return (new Response(ResponseStatus.FAIL, "Not valid event type"));
}
User eventOwner = (User) databaseSession.get(User.class, this.owner);
EventId eventIdObject = new EventId();
eventIdObject.setFrom(fromDate);
eventIdObject.setTo(toDate);
eventIdObject.setOwner(eventOwner);
eventIdObject.setType(eventTypeObject);
Event eventObject = (Event) databaseSession.get(Event.class, eventIdObject);
if (eventObject == null) {
throw new IllegalArgumentException("Could not locate event in question!");
}
// get current user
User currentUser = (User) request.getSession().getAttribute("currentUser");
// get permission types from database (very very dumb):
PermissionType publicPermission = (PermissionType) databaseSession.get(PermissionType.class, new Long(1));
// get admin role, yep, dumb as well.
Role adminRole = (Role) databaseSession.get(Role.class, new Long(2));
// who can edit the event:
// 1. the owner
// 2. Not owner but admin if the event is public
if ( !( eventObject.getId().getOwner().equals(currentUser)
|| (eventObject.getPermission().equals(publicPermission) && currentUser.getRole().equals(adminRole)) ) ) {
throw new SecurityException("Permission to delete is denied.");
}
Transaction transaction = databaseSession.beginTransaction();
transaction.begin();
try {
databaseSession.delete(eventObject);
transaction.commit();
// All was ok
response = new Response(ResponseStatus.OK);
} catch(Exception transEx) {
transaction.rollback();
response = new Response(ResponseStatus.FAIL, transEx.toString());
}
}
catch (HibernateException ex) {
// if there was an error, it'll be set here.
response = new Response(ResponseStatus.FAIL, ex.toString());
}
}
return response;
}
}