Fix event editing permissions

Tuomas Riihimäki
Commit 0c5afbdb authored Oct 21, 2013 by Tuomas Riihimäki
Showing with 19 additions and 18 deletions
code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/EventBean.java
code/MoyaUtilities/src/main/java/fi/codecrew/moya/enums/apps/EventPermission.java
code/MoyaUtilities/src/main/java/fi/codecrew/moya/enums/apps/SpecialPermission.java
--- a/code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/EventBean.java
+++ b/code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/EventBean.java
@@ -6,6 +6,7 @@ import java.util.List;
 import javax.annotation.security.DeclareRoles;
 import javax.annotation.security.RolesAllowed;
 import javax.ejb.EJB;
+import javax.ejb.EJBAccessException;
 import javax.ejb.LocalBean;
 import javax.ejb.Stateless;
 import javax.persistence.EntityManager;
@@ -14,17 +15,14 @@ import javax.persistence.PersistenceContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import fi.codecrew.moya.clientutils.BortalLocalContextHolder;
+import fi.codecrew.moya.enums.apps.EventPermission;
+import fi.codecrew.moya.enums.apps.SpecialPermission;
 import fi.codecrew.moya.facade.EventFacade;
 import fi.codecrew.moya.facade.EventOrganiserFacade;
 import fi.codecrew.moya.facade.LanEventDomainFacade;
 import fi.codecrew.moya.facade.LanEventPrivatePropertyFacade;
 import fi.codecrew.moya.facade.LanEventPropertyFacade;
-import fi.codecrew.moya.beans.EventBeanLocal;
-import fi.codecrew.moya.beans.LoggingBeanLocal;
-import fi.codecrew.moya.beans.PermissionBeanLocal;
-import fi.codecrew.moya.clientutils.BortalLocalContextHolder;
-import fi.codecrew.moya.enums.apps.EventPermission;
-import fi.codecrew.moya.enums.apps.SpecialPermission;
 import fi.codecrew.moya.model.EventOrganiser;
 import fi.codecrew.moya.model.LanEvent;
 import fi.codecrew.moya.model.LanEventDomain;
@@ -40,7 +38,7 @@ import fi.codecrew.moya.model.LanEventPropertyKey;
 @LocalBean
 @DeclareRoles({ EventPermission.S_MANAGE_PRIVATE_PROPERTIES,
 		EventPermission.S_MANAGE_PROPERTIES,
-		SpecialPermission.S_ORGANISATION_ADMIN,
+		EventPermission.S_MANAGE_EVENT,
 		SpecialPermission.S_SUPERADMIN,
 })
 public class EventBean implements EventBeanLocal {
@@ -138,14 +136,16 @@ public class EventBean implements EventBeanLocal {
 	}
 	@Override
-	@RolesAllowed({ SpecialPermission.S_SUPERADMIN, SpecialPermission.S_ORGANISATION_ADMIN })
+	@RolesAllowed({ SpecialPermission.S_SUPERADMIN, EventPermission.S_MANAGE_EVENT })
 	public LanEvent mergeChanges(LanEvent event) {
+		if (!permbean.hasPermission(SpecialPermission.SUPERADMIN) && getCurrentEvent().equals(event)) {
+			throw new EJBAccessException("Trying to save another event.");
+		}
 		return eventFacade.merge(event);
 	}
 	@Override
-	@RolesAllowed({ SpecialPermission.S_SUPERADMIN, SpecialPermission.S_ORGANISATION_ADMIN })
+	@RolesAllowed({ SpecialPermission.S_SUPERADMIN })
 	public void create(LanEvent event) {
 		eventFacade.create(event);
@@ -159,9 +159,8 @@ public class EventBean implements EventBeanLocal {
 	}
 	@Override
-	@RolesAllowed({ EventPermission.S_MANAGE_PRIVATE_PROPERTIES, SpecialPermission.S_ORGANISATION_ADMIN })
+	@RolesAllowed({ EventPermission.S_MANAGE_PRIVATE_PROPERTIES, EventPermission.S_MANAGE_EVENT })
-	public List<LanEventPrivateProperty> getPrivateProperties()
+	public List<LanEventPrivateProperty> getPrivateProperties() {
-	{
 		return eventPrivatePropertyFacade.findAllForEvent();
 	}
@@ -203,7 +202,7 @@ public class EventBean implements EventBeanLocal {
 	}
 	@Override
-	@RolesAllowed({ SpecialPermission.S_SUPERADMIN, SpecialPermission.S_ORGANISATION_ADMIN })
+	@RolesAllowed({ SpecialPermission.S_SUPERADMIN, EventPermission.S_MANAGE_EVENT })
 	public LanEventProperty saveOrCreateProperty(LanEventProperty property) {
 		LanEventProperty ret = null;
 		logger.info("Saving property {}, eventorg {}, key {}", new Object[] { property.getEvent(), property.getEventorg(), property.getKey() });
@@ -229,13 +228,13 @@ public class EventBean implements EventBeanLocal {
 	}
 	@Override
-	@RolesAllowed({ SpecialPermission.S_SUPERADMIN, SpecialPermission.S_ORGANISATION_ADMIN })
+	@RolesAllowed({ SpecialPermission.S_SUPERADMIN, EventPermission.S_MANAGE_EVENT })
 	public EventOrganiser mergeChanges(EventOrganiser eventorg) {
 		return eventOrganiserFacade.merge(eventorg);
 	}
 	@Override
-	@RolesAllowed({ EventPermission.S_MANAGE_PRIVATE_PROPERTIES, SpecialPermission.S_ORGANISATION_ADMIN })
+	@RolesAllowed({ EventPermission.S_MANAGE_PRIVATE_PROPERTIES, EventPermission.S_MANAGE_EVENT })
 	public LanEventPrivateProperty saveOrCreatePrivateProperty(LanEventPrivateProperty privateProperty) {
 		LanEventPrivateProperty ret = null;
 		logger.info("Saving property {}, eventorg {}, key {}", new Object[] { privateProperty.getEvent(), privateProperty.getEventorg(), privateProperty.getKey() });

--- a/code/MoyaUtilities/src/main/java/fi/codecrew/moya/enums/apps/EventPermission.java
+++ b/code/MoyaUtilities/src/main/java/fi/codecrew/moya/enums/apps/EventPermission.java
@@ -6,11 +6,13 @@ public enum EventPermission implements IAppPermission {
 	MANAGE_PROPERTIES,
 	MANAGE_PRIVATE_PROPERTIES,
+	MANAGE_EVENT
 	;
 	public static final String S_MANAGE_PROPERTIES = "EVENT/MANAGE_PROPERTIES";
 	public static final String S_MANAGE_PRIVATE_PROPERTIES = "EVENT/MANAGE_PRIVATE_PROPERTIES";
+	public static final String S_MANAGE_EVENT = "EVENT/MANAGE_EVENT";
 	private final String fullName;
 	private final String key;

--- a/code/MoyaUtilities/src/main/java/fi/codecrew/moya/enums/apps/SpecialPermission.java
+++ b/code/MoyaUtilities/src/main/java/fi/codecrew/moya/enums/apps/SpecialPermission.java
@@ -4,14 +4,14 @@ public enum SpecialPermission {
 	SUPERADMIN,
 	USER,
 	ANONYMOUS,
-	ORGANISATION_ADMIN,
+	//	ORGANISATION_ADMIN,
 	VERKKOMAKSU_CHECKER
 	;
 	public static final String S_USER = "USER";
 	public static final String S_SUPERADMIN = "SUPERADMIN";
 	public static final String S_ANONYMOUS = "ANONYMOUS";
-	public static final String S_ORGANISATION_ADMIN = "ORGANISATION_ADMIN";
+	//public static final String S_ORGANISATION_ADMIN = "ORGANISATION_ADMIN";
 	public static final String S_VERKKOMAKSU_CHECK = "VERKKOMAKSU_CHECKER";
 }