/**
*
*/
package protocol;
import java.util.Date;
import general.DateOperator;
import general.XssHandler;
import javax.servlet.http.HttpServletRequest;
import org.hibernate.Session;
import org.hibernate.Transaction;
import org.hibernate.criterion.Restrictions;
import domain.Event;
import domain.EventId;
import domain.EventType;
import domain.PermissionType;
import domain.RepetitionType;
import domain.Role;
import domain.User;
/**
* This class represent a query for edit events
* @author Nufar Oren
*
*/
public class EditEventQuery extends Query {
private static final long serialVersionUID = 1727021027776676557L;
private String description;
private String from;
private String to;
private Long eventType;
private Long permissionType;
private Long repetitionType;
private String oldFrom;
private String oldTo;
private Long oldEventType;
private Long oldOwner;
public EditEventQuery() {} // required for Gson
/**
* Checks if a user is logged-in,
* Checks if the given exist and event's details are valid,
* Checks if the new given details are valid,
* Checks if the user has the right permissions to edit the event
* and then update the event in the database
*/
@Override
protected Response internalExecute(HttpServletRequest request, Session databaseSession) {
Response response = null;
try {
// New event creation:
PermissionType permisssionTypeObject = (PermissionType) databaseSession.createCriteria(PermissionType.class)
.add(Restrictions.eq("id", this.permissionType))
.uniqueResult();
RepetitionType repetitionTypeObject = (RepetitionType) databaseSession.createCriteria(RepetitionType.class)
.add(Restrictions.eq("id", this.repetitionType))
.uniqueResult();
EventType eventTypeObject = (EventType) databaseSession.createCriteria(EventType.class)
.add(Restrictions.eq("id", this.eventType))
.uniqueResult();
Date fromDate = DateOperator.stringToDate(this.from);
Date toDate = DateOperator.stringToDate(this.to);
if( (null == fromDate) || (null == toDate) ) {
throw new IllegalArgumentException("Date has wrong format");
}
if( !DateOperator.date1IsBeforeDate2(fromDate, toDate) ) {
throw new IllegalArgumentException("From date should be before to date");
}
if( !DateOperator.isRepetitionPossible(fromDate, toDate, repetitionTypeObject) ) {
return new Response(ResponseStatus.FAIL, "Repetition is not possible. Make sure there is a sense in the repetition type you choose");
}
User oldOwner = (User) databaseSession.get(User.class, this.oldOwner);
if (oldOwner == null) {
throw new IllegalArgumentException("Couldn't locate old owner of the event");
}
EventType oldEventType = (EventType) databaseSession.get(EventType.class, this.oldEventType);
if (oldEventType == null) {
throw new IllegalArgumentException("Couldn't locate old type of the event");
}
Event oldEvent = (Event) databaseSession.createCriteria(Event.class)
.add(Restrictions.eq("id.from", DateOperator.stringToDate(this.oldFrom) ))
.add(Restrictions.eq("id.to", DateOperator.stringToDate(this.oldTo)))
.add(Restrictions.eq("id.type", oldEventType))
.add(Restrictions.eq("id.owner", oldOwner))
.uniqueResult();
if (oldEvent == null) {
throw new IllegalArgumentException("Could not locate event in question!");
}
User currentUser = (User) request.getSession().getAttribute("currentUser");
if (currentUser == null) {
throw new SecurityException("You're not logged in");
}
// get permission types from database (very very dumb):
PermissionType publicPermission = (PermissionType) databaseSession.get(PermissionType.class, new Long(1));
// get admin role, yep, dumb as well.
Role adminRole = (Role) databaseSession.get(Role.class, new Long(2));
// who can edit the event:
// 1. the owner
// 2. Not owner but admin if the event is public
if ( !(oldEvent.getId().getOwner().equals(currentUser)
|| (oldEvent.getPermission().equals(publicPermission) && currentUser.getRole().equals(adminRole)) ) ) {
throw new SecurityException("Permission to edit is denied.");
}
if (null == oldEvent) {
throw new IllegalArgumentException("The event you are editing was not found.");
}
this.description = XssHandler.escape(this.description);
Transaction transaction = databaseSession.beginTransaction();
databaseSession.delete(oldEvent);
Event newEvent = new Event();
newEvent.setId( new EventId() );
newEvent.getId().setType(eventTypeObject);
newEvent.getId().setOwner(oldOwner);
newEvent.getId().setFrom(fromDate);
newEvent.getId().setTo(toDate);
newEvent.setDescription(this.description);
newEvent.setPermission(permisssionTypeObject);
newEvent.setRepetition(repetitionTypeObject);
databaseSession.save(newEvent);
transaction.commit();
response = new Response(ResponseStatus.OK);
}
catch (Exception ex) {
// if there was an error, it'll be set here.
response = new Response(ResponseStatus.FAIL, ex.toString());
}
return response;
}
}