Merge branch 'acfix' into 'master'

Acfix Fix accountevent creation Add few limits to rest api kattoi: @tkfftk

Merge branch 'acfix' into 'master'
Acfix Fix accountevent creation Add few limits to rest api kattoi: @tkfftk
Tuukka Kivilahti
Commit 0b19ffe2 authored Mar 05, 2014 by Tuukka Kivilahti
Showing with 43 additions and 26 deletions
code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/PlaceBean.java
code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/UserBean.java
code/MoyaWeb/WebContent/user/acceptInvite.xhtml
--- a/code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/PlaceBean.java
+++ b/code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/PlaceBean.java
@@ -202,10 +202,10 @@ public class PlaceBean implements PlaceBeanLocal {
 		boolean ret = false;

 		// when admin click's place, he reserves it -> just ignore it
-		if (!place.isTaken() || (permbean.hasPermission(MapPermission.MANAGE_OTHERS) && permbean.getCurrentUser().equals(place.getCurrentUser()) )) {
+		if (!place.isTaken() || (permbean.hasPermission(MapPermission.MANAGE_OTHERS) && permbean.getCurrentUser().equals(place.getCurrentUser()))) {
 			if (place.isBuyable() || permbean.hasPermission(MapPermission.MANAGE_OTHERS)) {

-				if(!place.isBuyable()) {
+				if (!place.isBuyable()) {
 					place.setBuyable(true);
 				}

@@ -283,7 +283,7 @@ public class PlaceBean implements PlaceBeanLocal {
 		}

 		// PlaceGroup pg = pgbean.createPlaceGroup(user);
-		if (!createAccountevents)
+		if (createAccountevents)
 		{
 			BigDecimal totalprice = addAndCalcPrice(user, null);
 			BigDecimal balance = user.getAccountBalance();
@@ -553,7 +553,8 @@ public class PlaceBean implements PlaceBeanLocal {
 		PDF pdf = new PDF(outputStream);
 		pdf.setTitle("Place");

-		float pointInMillim = (25.4f / 72.0f); // 1 point is 1/72 inches. 1 inch = 25.4mm
+		float pointInMillim = (25.4f / 72.0f); // 1 point is 1/72 inches. 1 inch
+												// = 25.4mm
 		float pagex = width / pointInMillim;
 		float pagey = height / pointInMillim;


--- a/code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/UserBean.java
+++ b/code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/UserBean.java
@@ -77,7 +77,8 @@ public class UserBean implements UserBeanLocal {
 	private static final Logger logger = LoggerFactory.getLogger(UserBean.class);

 	/**
-	 * Java EE container injektoi tämän luokkamuuttujan luokan luonnin yhteydessä.
+	 * Java EE container injektoi tämän luokkamuuttujan luokan luonnin
+	 * yhteydessä.
 	 */
 	@EJB
 	private UserFacade userFacade;
@@ -168,7 +169,8 @@ public class UserBean implements UserBeanLocal {
 	// private ArrayList<Role> currentEventuserRoles;

 	// HUOMHUOM! Älä määrittele tätä UserBeanLocal interfacelle.
-	// Käytä Viewien puolelta findUsersRoles joka tarkistaa käyttäjän oikeudet ensin.
+	// Käytä Viewien puolelta findUsersRoles joka tarkistaa käyttäjän oikeudet
+	// ensin.
 	public Set<Role> localFindUsersRoles(EventUser u) {
 		// if (currentEventuser != null && u.equals(currentEventuser)) {
 		// logger.debug("Returnin cached eventuserroles for user {}: {}",
@@ -302,32 +304,32 @@ public class UserBean implements UserBeanLocal {
 	}

 	private BufferedImage forceCrop(BufferedImage source) {
-		int x,y,xl,yl,xh,yh,xc,yc,x0,y0,x1,y1;
+		int x, y, xl, yl, xh, yh, xc, yc, x0, y0, x1, y1;
 		double ar = CardPrintBean.ASPECT_RATIO; // x/y
-		x=source.getWidth();
-		y=source.getHeight();
+		x = source.getWidth();
+		y = source.getHeight();

-		xc = x/2;
-		yc = y/2;
+		xc = x / 2;
+		yc = y / 2;

-		if(y >= x) {
+		if (y >= x) {
 			xl = x;
-			yl = (int)(y*((double)x/(double)y));
+			yl = (int) (y * ((double) x / (double) y));
 		} else {
-			xl = (int)(x*((double)y/(double)x));
+			xl = (int) (x * ((double) y / (double) x));
 			yl = y;
 		}

-		xh = (int)((xl/2)*ar);
-		yh = yl/2;
+		xh = (int) ((xl / 2) * ar);
+		yh = yl / 2;

-		x0 = xc-xh;
-		x1 = xc+xh;
+		x0 = xc - xh;
+		x1 = xc + xh;

-		y0 = yc-yh;
-		y1 = yc+yh;
+		y0 = yc - yh;
+		y1 = yc + yh;

-		int cix = (int)(((double)xl)*ar);
+		int cix = (int) (((double) xl) * ar);
 		int ciy = yl;

 		BufferedImage cropped = new BufferedImage(cix, ciy, source.getType());
@@ -582,8 +584,10 @@ public class UserBean implements UserBeanLocal {
 	public void removeGameIdById(Integer gameIdId) {
 		GameID gi = gameIDFacade.find(gameIdId);

-		// In the future we may edit other peoples' gameids, leave this as a placeholder for now
-		// At the very least it safeguards the situation if user gets another users gameid in somehow..
+		// In the future we may edit other peoples' gameids, leave this as a
+		// placeholder for now
+		// At the very least it safeguards the situation if user gets another
+		// users gameid in somehow..
 		if (!permbean.isCurrentUser(gi.getEventUser())) {
 			loggerbean.logMessage(SecurityLogType.permissionDenied, permbean.getCurrentUser(), "User tried to remove GameID from another user: " + gi.getEventUser());
 			throw new EJBAccessException("Not enough rights to remove another users' GameIDs");
@@ -688,7 +692,8 @@ public class UserBean implements UserBeanLocal {
 	// public SearchResult<User> getEventUsers(SearchQuery search) {
 	// if (search.getSearch() == null || search.getSearch().isEmpty())
 	// {
-	//			throw new RuntimeException("You should be using getThisEventsUsers if not searching globally...");
+	// throw new
+	// RuntimeException("You should be using getThisEventsUsers if not searching globally...");
 	// // return userFacade.searchEventUsers(search);
 	// } else {
 	// return userFacade.searchAllUsers(search);
@@ -696,7 +701,9 @@ public class UserBean implements UserBeanLocal {
 	//
 	// }
 	//
+
 	@Override
+	@RolesAllowed(UserPermission.S_VIEW_ALL)
 	public SearchResult<EventUser> getThisEventsUsers(UserSearchQuery searchQuery) {
 		SearchResult<EventUser> returnUsers = eventUserFacade.searchEventUsers(searchQuery);

@@ -748,6 +755,9 @@ public class UserBean implements UserBeanLocal {

 	@Override
 	public UserApproval setUserApproval(EventUser user, String approvalName, boolean approvalValue, String notes) {
+		if (!permbean.getCurrentUser().equals(user) && permbean.hasPermission(UserPermission.MODIFY))
+			throw new EJBAccessException("Tried to set approval without permissions: " + approvalName + " to " + approvalValue + " with notes " + notes);
+
 		Approval approval = approvalFacade.findOrCreate(approvalName);
 		UserApproval ret = userApprovalFacade.findOrCreateApproval(user, approval);
 		ret.setApprovalValue(approvalValue);
@@ -773,7 +783,12 @@ public class UserBean implements UserBeanLocal {

 	@Override
 	public User getUser(Integer id) {
-		return userFacade.find(id);
+
+		User ret = userFacade.find(id);
+		if (!permbean.getCurrentUser().getUser().equals(ret) && permbean.hasPermission(UserPermission.VIEW_ALL)) {
+			throw new EJBAccessException("Tried to fetch user with id " + id + " from database without sufficient permissions");
 		}

+		return ret;
+	}
 }
\ No newline at end of file
--- a/code/MoyaWeb/WebContent/user/acceptInvite.xhtml
+++ b/code/MoyaWeb/WebContent/user/acceptInvite.xhtml
@@ -14,7 +14,7 @@
 		</ui:define>
 		<ui:define name="content">
 			<ui:fragment rendered="#{!inviteAcceptView.done}">
-				<users:edit creating="true" commitaction="#{inviteAcceptView.createUser()}" commitvalue="#{i18n['user.create']}" />
+				<users:create creating="true" commitaction="#{inviteAcceptView.createUser()}" commitvalue="#{i18n['user.create']}" />
 			</ui:fragment>
 		</ui:define>
 	</ui:composition>