Package protocol

Source Code of protocol.DeleteEventQuery

/**
*
*/
package protocol;

import java.util.Date;
import general.DateOperator;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.hibernate.HibernateException;
import org.hibernate.Session;
import org.hibernate.Transaction;
import domain.Event;
import domain.EventId;
import domain.EventType;
import domain.PermissionType;
import domain.Role;
import domain.User;

/**
* This class represent a query for delete events
* @author Nufar Oren
*/
public class DeleteEventQuery extends Query
{
 
  /**
   *
   */
  private static final long serialVersionUID = 5009819462230104492L;
  private String from;
  private String to;
  private Long eventType;
  private Long owner;

 
 
 
  public DeleteEventQuery() {} // required for Gson
 
  /**
   * Checks if a user is logged-in,
   * and then delete the event from the database
   */
  @Override
  protected Response internalExecute(HttpServletRequest request, Session databaseSession) {
   
    Date fromDate;
    Date toDate;
    Response response = null;
    HttpSession httpSession = request.getSession();
   
    User userObject = (User) httpSession.getAttribute("currentUser");
    if(null == userObject) {
      return new Response(ResponseStatus.FAIL, "You are not logged in!");
    }
   
    fromDate = DateOperator.stringToDate(from);
    toDate = DateOperator.stringToDate(to);
   
    if( null == fromDate || null == toDate ) {
      return (new Response(ResponseStatus.FAIL, "Dates parsing problem" ));
    }
    else {
      try {
        EventType eventTypeObject = (EventType) databaseSession.get(EventType.class, this.eventType);
        if(null == eventTypeObject)
        {
          return (new Response(ResponseStatus.FAIL, "Not valid event type"));
        }
       
        User eventOwner = (User) databaseSession.get(User.class, this.owner);
       
        EventId eventIdObject = new EventId();
        eventIdObject.setFrom(fromDate);
        eventIdObject.setTo(toDate);
        eventIdObject.setOwner(eventOwner);
        eventIdObject.setType(eventTypeObject);
       
        Event eventObject = (Event) databaseSession.get(Event.class, eventIdObject);
       
        if (eventObject == null) {
          throw new IllegalArgumentException("Could not locate event in question!");
        }
       
        // get current user
        User currentUser = (User) request.getSession().getAttribute("currentUser");
       
        // get permission types from database (very very dumb):
        PermissionType publicPermission = (PermissionType) databaseSession.get(PermissionType.class, new Long(1));
       
        // get admin role, yep, dumb as well.
        Role adminRole = (Role) databaseSession.get(Role.class, new Long(2));
       
        // who can edit the event:
        // 1. the owner
        // 2. Not owner but admin if the event is public
        if ( !eventObject.getId().getOwner().equals(currentUser)
           ||  (eventObject.getPermission().equals(publicPermission) && currentUser.getRole().equals(adminRole)) ) ) {
          throw new SecurityException("Permission to delete is denied.");
        }
       
        Transaction transaction = databaseSession.beginTransaction();
        transaction.begin();
       
        try {
          databaseSession.delete(eventObject);
          transaction.commit();
          // All was ok
          response = new Response(ResponseStatus.OK);
        } catch(Exception transEx) {
          transaction.rollback();
          response = new Response(ResponseStatus.FAIL, transEx.toString());
        }
      }
      catch (HibernateException ex) {
        // if there was an error, it'll be set here.
        response = new Response(ResponseStatus.FAIL, ex.toString());
      }
    }
    return response;
  }
}
TOP

Related Classes of protocol.DeleteEventQuery

TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.