Package protocol

Source Code of protocol.EditEventQuery

/**
*
*/
package protocol;

import java.util.Date;

import general.DateOperator;
import general.XssHandler;

import javax.servlet.http.HttpServletRequest;

import org.hibernate.Session;
import org.hibernate.Transaction;
import org.hibernate.criterion.Restrictions;

import domain.Event;
import domain.EventId;
import domain.EventType;
import domain.PermissionType;
import domain.RepetitionType;
import domain.Role;
import domain.User;

/**
*  This class represent a query for edit events
* @author Nufar Oren
*
*/
public class EditEventQuery extends Query {
  private static final long serialVersionUID = 1727021027776676557L;
  private String description;
  private String from;
  private String to;
  private Long eventType;
  private Long permissionType;
  private Long repetitionType;
 
  private String oldFrom;
  private String oldTo;
  private Long oldEventType;
  private Long oldOwner;

 
  public EditEventQuery() {} // required for Gson

  /**
   * Checks if a user is logged-in,
   * Checks if the given exist and event's details are valid,
   * Checks if the new given details are valid,
   * Checks if the user has the right permissions to edit the event
   * and then update the event in the database
   */
  @Override
  protected Response internalExecute(HttpServletRequest request, Session databaseSession) {
    Response response = null;
    try {
      // New event creation:
      PermissionType permisssionTypeObject = (PermissionType) databaseSession.createCriteria(PermissionType.class)
                                            .add(Restrictions.eq("id", this.permissionType))
                                            .uniqueResult();

      RepetitionType repetitionTypeObject = (RepetitionType) databaseSession.createCriteria(RepetitionType.class)
                                            .add(Restrictions.eq("id", this.repetitionType))
                                            .uniqueResult();
     
      EventType eventTypeObject = (EventType) databaseSession.createCriteria(EventType.class)
                                  .add(Restrictions.eq("id", this.eventType))
                                  .uniqueResult();
      Date fromDate = DateOperator.stringToDate(this.from);
      Date toDate = DateOperator.stringToDate(this.to);
   
      if( (null == fromDate) || (null == toDate) ) {
        throw new IllegalArgumentException("Date has wrong format");
      }
      if( !DateOperator.date1IsBeforeDate2(fromDate, toDate) ) {
        throw new IllegalArgumentException("From date should be before to date");
      }
      if( !DateOperator.isRepetitionPossible(fromDate, toDate, repetitionTypeObject) ) {
        return new Response(ResponseStatus.FAIL, "Repetition is not possible. Make sure there is a sense in the repetition type you choose");
      }
     
      User oldOwner = (User) databaseSession.get(User.class, this.oldOwner);

      if (oldOwner == null) {
        throw new IllegalArgumentException("Couldn't locate old owner of the event");
      }
     
      EventType oldEventType = (EventType) databaseSession.get(EventType.class, this.oldEventType);
     
      if (oldEventType == null) {
        throw new IllegalArgumentException("Couldn't locate old type of the event");
      }
     
      Event oldEvent = (Event) databaseSession.createCriteria(Event.class)
                    .add(Restrictions.eq("id.from", DateOperator.stringToDate(this.oldFrom) ))
                    .add(Restrictions.eq("id.to", DateOperator.stringToDate(this.oldTo)))
                    .add(Restrictions.eq("id.type", oldEventType))
                    .add(Restrictions.eq("id.owner", oldOwner))
                    .uniqueResult();
     
      if (oldEvent == null) {
        throw new IllegalArgumentException("Could not locate event in question!");
      }
     
      User currentUser = (User) request.getSession().getAttribute("currentUser");
     
      if (currentUser == null) {
        throw new SecurityException("You're not logged in");
      }

      // get permission types from database (very very dumb):
      PermissionType publicPermission = (PermissionType) databaseSession.get(PermissionType.class, new Long(1));
     
      // get admin role, yep, dumb as well.
      Role adminRole = (Role) databaseSession.get(Role.class, new Long(2));
     
      // who can edit the event:
      // 1. the owner
      // 2. Not owner but admin if the event is public
      if ( !(oldEvent.getId().getOwner().equals(currentUser)
         ||  (oldEvent.getPermission().equals(publicPermission) && currentUser.getRole().equals(adminRole)) ) ) {
        throw new SecurityException("Permission to edit is denied.");
      }
     
      if (null == oldEvent) {
        throw new IllegalArgumentException("The event you are editing was not found.");
      }


      this.description = XssHandler.escape(this.description);
     
      Transaction transaction = databaseSession.beginTransaction();     

      databaseSession.delete(oldEvent);
     
      Event newEvent = new Event();
      newEvent.setId( new EventId() );
      newEvent.getId().setType(eventTypeObject);
      newEvent.getId().setOwner(oldOwner);
      newEvent.getId().setFrom(fromDate);
      newEvent.getId().setTo(toDate);
      newEvent.setDescription(this.description);
      newEvent.setPermission(permisssionTypeObject);
      newEvent.setRepetition(repetitionTypeObject);

      databaseSession.save(newEvent);
     
      transaction.commit();
      response = new Response(ResponseStatus.OK);
    }
    catch (Exception ex) {
      // if there was an error, it'll be set here.
      response = new Response(ResponseStatus.FAIL, ex.toString());
    }

    return response;
  }
 
}
TOP

Related Classes of protocol.EditEventQuery

TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.