BillBean.java
1.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
package fi.insomnia.bortal.beans;
import javax.annotation.security.DeclareRoles;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import fi.insomnia.bortal.beanutil.AuthorisationBean;
import fi.insomnia.bortal.beanutil.AuthorisationBean.Right;
import fi.insomnia.bortal.beanutil.AuthorisationBean.RightType;
import fi.insomnia.bortal.facade.BillFacade;
import fi.insomnia.bortal.model.Bill;
import fi.insomnia.bortal.model.Event;
import fi.insomnia.bortal.model.User;
/**
* Session Bean implementation class BillBean
*/
@Stateless
@DeclareRoles({ "user", "moneyadmin" })
public class BillBean implements BillBeanLocal {
@EJB
private BillFacade billFacade;
@EJB
private SessionHandlerBean sessionbean;
@EJB
private SecurityBean secubean;
@EJB
private AuthorisationBean authbean;
/**
* Default constructor.
*/
public BillBean() {
// TODO Auto-generated constructor stub
}
public Bill findById(int eventId, int id) {
if (eventId <= 0 && id <= 0) {
return null;
}
Bill bill = billFacade.find(eventId, id);
Event event = bill.getEvent();
User currentuser = sessionbean.getCurrentUser(event);
if (!currentuser.equals(bill.getUser()))
if (!authbean.isAuthorised(currentuser, Right.ADMIN, RightType.READ)) {
{
secubean.logPermissionDenied(currentuser,
"User tried to print the bill with insufficient rights. Bill id: " + bill);
return null;
}
}
return bill;
}
}