* Permission checking before EJB checks.

* Convert users login to lowercase before trying to find from database

* Permission checking before EJB checks.
* Convert users login to lowercase before trying to find from database
Tuomas Riihimäki
Commit f42c9676 authored Sep 22, 2013 by Tuomas Riihimäki
Showing with 67 additions and 47 deletions
code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/JaasBean.java
code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/TournamentBean.java
code/MoyaWeb/src/fi/codecrew/moya/resources/i18n_fi.properties
code/MoyaWeb/src/fi/codecrew/moya/web/cdiview/tournaments/TournamentListView.java
code/MoyaWeb/src/fi/codecrew/moya/web/cdiview/tournaments/TournamentParticipateView.java
--- a/code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/JaasBean.java
+++ b/code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/JaasBean.java
@@ -50,7 +50,7 @@ public class JaasBean implements MoyaRealmBeanRemote {
 	public EventUser tryLogin(String username, String password) {
-		EventUser eventUser = eventUserFacade.findByLogin(username.trim());
+		EventUser eventUser = eventUserFacade.findByLogin(username.trim().toLowerCase());
 		User user = null;
 		// Might not have EventUser
@@ -106,7 +106,7 @@ public class JaasBean implements MoyaRealmBeanRemote {
 	@Override
 	public Enumeration<String> getGroupNames(String user) {
 		logger.info("Fetching groupNames for user {} event {}", user, eventbean.getCurrentEvent().getName());
-		EventUser usr = eventUserFacade.findByLogin(user);
+		EventUser usr = eventUserFacade.findByLogin(user.toLowerCase().trim());
 		HashSet<String> roleset = new HashSet<String>();
 		roleset.add(UserPermission.ANYUSER.getFullName());

--- a/code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/TournamentBean.java
+++ b/code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/TournamentBean.java
@@ -16,14 +16,12 @@ import fi.codecrew.moya.facade.TournamentFacade;
 import fi.codecrew.moya.facade.TournamentGameFacade;
 import fi.codecrew.moya.facade.TournamentParticipantFacade;
 import fi.codecrew.moya.facade.TournamentRuleFacade;
-import fi.codecrew.moya.facade.UserFacade;
 import fi.codecrew.moya.model.EventUser;
 import fi.codecrew.moya.model.Tournament;
 import fi.codecrew.moya.model.TournamentGame;
 import fi.codecrew.moya.model.TournamentParticipant;
 import fi.codecrew.moya.model.TournamentRule;
 import fi.codecrew.moya.model.TournamentTeamMember;
-import fi.codecrew.moya.model.User;
 /**
 * Session Bean implementation class TournamentBean
@@ -32,12 +30,18 @@ import fi.codecrew.moya.model.User;
 @LocalBean
 public class TournamentBean implements TournamentBeanLocal {
-	@EJB private TournamentRuleFacade tournamentRuleFacade;
+	@EJB
-	@EJB private TournamentGameFacade tournamentGameFacade;
+	private TournamentRuleFacade tournamentRuleFacade;
-	@EJB private TournamentFacade tournamentFacade;
+	@EJB
-	@EJB private TournamentParticipantFacade tournamentParticipantFacade;
+	private TournamentGameFacade tournamentGameFacade;
-	@EJB private EventUserFacade eventUserFacade;
+	@EJB
-	@EJB private EventBean eventBean;
+	private TournamentFacade tournamentFacade;
+	@EJB
+	private TournamentParticipantFacade tournamentParticipantFacade;
+	@EJB
+	private EventUserFacade eventUserFacade;
+	@EJB
+	private EventBean eventBean;
 	/**
 	 * Default constructor.
@@ -86,7 +90,7 @@ public class TournamentBean implements TournamentBeanLocal {
 	@RolesAllowed(TournamentPermission.S_MANAGE_ALL)
 	public void createTournament(Tournament tournament) throws Exception {
 		// Assert correct event
-		if(eventBean.getCurrentEvent().equals(tournament.getLanEvent()))
+		if (eventBean.getCurrentEvent().equals(tournament.getLanEvent()))
 			tournamentFacade.create(tournament);
 		else
 			throw new Exception("tournament.invalid_event");
@@ -131,17 +135,19 @@ public class TournamentBean implements TournamentBeanLocal {
 		Date currentTime = new Date();
 		// Assert registration time is correct
-		if(t.getRegistrationOpensAt() != null && t.getRegistrationClosesAt() != null && currentTime.after(t.getRegistrationOpensAt()) && currentTime.before(t.getRegistrationClosesAt())) {
+		if (t.getRegistrationOpensAt() != null && t.getRegistrationClosesAt() != null && currentTime.after(t.getRegistrationOpensAt()) && currentTime.before(t.getRegistrationClosesAt())) {
 			// Assert participant size is smaller than max
-			if(t.getParticipants().size() < t.getMaxParticipants()) {
+			if (t.getParticipants().size() < t.getMaxParticipants()) {
 				TournamentTeamMember capt = null;
-				for(TournamentTeamMember ttm : tournamentParticipant.getTeamMembers()) if(ttm.getRole() == TournamentTeamMemberRole.CAPTAIN) capt=ttm;
+				for (TournamentTeamMember ttm : tournamentParticipant.getTeamMembers())
+					if (ttm.getRole() == TournamentTeamMemberRole.CAPTAIN)
+						capt = ttm;
 				// Assert team has a captain
-				if(capt != null) {
+				if (capt != null) {
 					// Assert team has the correct number of players for a match
-					if(tournamentParticipant.getTeamMembers().size() >= tournamentParticipant.getTournament().getPlayersPerMatch()) {
+					if (tournamentParticipant.getTeamMembers().size() >= tournamentParticipant.getTournament().getPlayersPerMatch()) {
 						tournamentParticipant = tournamentParticipantFacade.create(tournamentParticipant);
 						t.getParticipants().add(tournamentParticipant);
 					} else {
@@ -161,11 +167,11 @@ public class TournamentBean implements TournamentBeanLocal {
 	@Override
 	@RolesAllowed(TournamentPermission.S_VIEW)
 	public boolean hasParticipations(EventUser currentUser, Tournament tournament) {
-		for(TournamentParticipant tp : tournament.getParticipants()) {
+		for (TournamentParticipant tp : tournament.getParticipants()) {
-			for(TournamentTeamMember tm : tp.getTeamMembers()) {
+			for (TournamentTeamMember tm : tp.getTeamMembers()) {
 				EventUser eu = tm.getEventUser();
 				System.out.println(eu.getNick());
-				if(eu.equals(currentUser)) {
+				if (eu.equals(currentUser)) {
 					return true;
 				}
 			}
@@ -177,9 +183,10 @@ public class TournamentBean implements TournamentBeanLocal {
 	@Override
 	@RolesAllowed(TournamentPermission.S_VIEW)
 	public EventUser findAvailablePlayerForTournamentByLogin(Tournament t, String login) throws Exception {
-		EventUser u = eventUserFacade.findByLogin(login);
-		if(u != null) {
+		EventUser u = eventUserFacade.findByLogin(login.toLowerCase().trim());
-			if(!hasParticipations(u,t))
+		if (u != null) {
+			if (!hasParticipations(u, t))
 				return u;
 			else
 				throw new Exception("tournaments.participation_already_exists");

--- a/code/MoyaWeb/src/fi/codecrew/moya/resources/i18n_fi.properties
+++ b/code/MoyaWeb/src/fi/codecrew/moya/resources/i18n_fi.properties
@@ -912,7 +912,7 @@ submenu.shop.listReaders             = N\u00E4yt\u00E4 lukijat
 submenu.shop.shopToUser              = Osta k\u00E4ytt\u00E4j\u00E4lle
 submenu.shop.showReaderEvents        = Lukijan tapahtumat
 submenu.tournaments.admin.index      = Katsele ja hallinnoi
-submenu.tournaments.index            = Katsele ja osallistu
+submenu.tournaments.index            = Listaa turnaukset
 submenu.user.accountEvents           = Tilitapahtumat
 submenu.user.changePassword          = Vaihda salasana
 submenu.user.create                  = Luo k\u00E4ytt\u00E4j\u00E4

--- a/code/MoyaWeb/src/fi/codecrew/moya/web/cdiview/tournaments/TournamentListView.java
+++ b/code/MoyaWeb/src/fi/codecrew/moya/web/cdiview/tournaments/TournamentListView.java
@@ -8,13 +8,20 @@ import javax.inject.Named;
 import fi.codecrew.moya.beans.TournamentBeanLocal;
 import fi.codecrew.moya.enums.TournamentStatus;
+import fi.codecrew.moya.enums.apps.TournamentPermission;
 import fi.codecrew.moya.model.Tournament;
+import fi.codecrew.moya.web.cdiview.GenericCDIView;
 @Named
 @RequestScoped
-public class TournamentListView {
+public class TournamentListView extends GenericCDIView {
-	@EJB private TournamentBeanLocal tournamentBean;
+	@EJB
+	private TournamentBeanLocal tournamentBean;
+	public void initView() {
+		super.requirePermissions(TournamentPermission.VIEW);
+	}
 	public List<Tournament> getSetupPhaseTournaments() {
 		return tournamentBean.getTournamentsInStatus(TournamentStatus.SETUP, true);

--- a/code/MoyaWeb/src/fi/codecrew/moya/web/cdiview/tournaments/TournamentParticipateView.java
+++ b/code/MoyaWeb/src/fi/codecrew/moya/web/cdiview/tournaments/TournamentParticipateView.java
@@ -10,11 +10,11 @@ import javax.inject.Named;
 import fi.codecrew.moya.beans.PermissionBeanLocal;
 import fi.codecrew.moya.beans.TournamentBeanLocal;
 import fi.codecrew.moya.enums.TournamentTeamMemberRole;
+import fi.codecrew.moya.enums.apps.TournamentPermission;
 import fi.codecrew.moya.model.EventUser;
 import fi.codecrew.moya.model.Tournament;
 import fi.codecrew.moya.model.TournamentParticipant;
 import fi.codecrew.moya.model.TournamentTeamMember;
-import fi.codecrew.moya.utilities.I18n;
 import fi.codecrew.moya.utilities.jsf.MessageHelper;
 import fi.codecrew.moya.web.cdiview.GenericCDIView;
@@ -24,8 +24,10 @@ public class TournamentParticipateView extends GenericCDIView {
 	private static final long serialVersionUID = 8002140932622853455L;
 	private Tournament tournament;
 	private TournamentParticipant tournamentParticipant;
-	@EJB private TournamentBeanLocal tournamentBean;
+	@EJB
-	@EJB private PermissionBeanLocal permissionBean; 
+	private TournamentBeanLocal tournamentBean;
+	@EJB
+	private PermissionBeanLocal permissionBean;
 	private String selectedPlayerLogin;
 	private String selectedBackupPlayerLogin;
@@ -48,14 +50,14 @@ public class TournamentParticipateView extends GenericCDIView {
 	public void removePlayerFromTeam(Integer euid) {
 		TournamentTeamMember ttcand = null;
-		for(TournamentTeamMember ttm : tournamentParticipant.getTeamMembers()) {
+		for (TournamentTeamMember ttm : tournamentParticipant.getTeamMembers()) {
-			if(ttm.getEventUser().getId() == euid) {
+			if (ttm.getEventUser().getId() == euid) {
 				ttcand = ttm;
 			}
 		}
-		if(ttcand != null) {
+		if (ttcand != null) {
-			if(ttcand.getRole() == TournamentTeamMemberRole.CAPTAIN) {
+			if (ttcand.getRole() == TournamentTeamMemberRole.CAPTAIN) {
 				MessageHelper.err("tournament.cannot_remove_captain");
 			} else {
 				tournamentParticipant.getTeamMembers().remove(ttcand);
@@ -65,13 +67,13 @@ public class TournamentParticipateView extends GenericCDIView {
 	public String participate(Integer tournamentId) {
 		tournament = tournamentBean.getTournamentById(tournamentId);
-		if(tournamentBean.hasParticipations(permissionBean.getCurrentUser(), tournament)) {
+		if (tournamentBean.hasParticipations(permissionBean.getCurrentUser(), tournament)) {
 			MessageHelper.err("tournament.already_participated_into_tournament");
 			return "/tournaments/index.xhtml";
 		}
 		this.beginConversation();
-		if(tournament != null) {
+		if (tournament != null) {
 			tournamentParticipant = new TournamentParticipant();
 			tournamentParticipant.setTournament(tournament);
 			tournamentParticipant.setParticipator(permissionBean.getCurrentUser());
@@ -82,7 +84,7 @@ public class TournamentParticipateView extends GenericCDIView {
 			captain.setTeam(tournamentParticipant);
 			tournamentParticipant.getTeamMembers().add(captain);
-			if(tournament.getPlayersPerTeam() == 1) {
+			if (tournament.getPlayersPerTeam() == 1) {
 				return "/tournaments/participate_single.xhtml";
 			} else {
 				return "/tournaments/participate_multi.xhtml";
@@ -95,11 +97,11 @@ public class TournamentParticipateView extends GenericCDIView {
 	public String addMainPlayerToTeam() {
 		try {
 			EventUser p = tournamentBean.findAvailablePlayerForTournamentByLogin(this.tournament, selectedPlayerLogin);
-			for(TournamentTeamMember member : tournamentParticipant.getTeamMembers())
+			for (TournamentTeamMember member : tournamentParticipant.getTeamMembers())
-				if(member.getEventUser().equals(p))
+				if (member.getEventUser().equals(p))
 					throw new Exception("tournament.player_already_exists_in_team");
-			if(p.isAnonymous()) {
+			if (p.isAnonymous()) {
 				throw new Exception("tournament.cannot_add_anon_user");
 			}
@@ -120,11 +122,11 @@ public class TournamentParticipateView extends GenericCDIView {
 	public String addBackupPlayerToTeam() {
 		try {
 			EventUser p = tournamentBean.findAvailablePlayerForTournamentByLogin(this.tournament, selectedBackupPlayerLogin);
-			for(TournamentTeamMember member : tournamentParticipant.getTeamMembers())
+			for (TournamentTeamMember member : tournamentParticipant.getTeamMembers())
-				if(member.getEventUser().equals(p))
+				if (member.getEventUser().equals(p))
 					throw new Exception("tournament.player_already_exists_in_team");
-			if(p.isAnonymous()) {
+			if (p.isAnonymous()) {
 				throw new Exception("tournament.cannot_add_anon_user");
 			}
@@ -144,8 +146,8 @@ public class TournamentParticipateView extends GenericCDIView {
 	public List<TournamentTeamMember> getPlayers() {
 		ArrayList<TournamentTeamMember> ttms = new ArrayList<>();
-		for(TournamentTeamMember ttm : tournamentParticipant.getTeamMembers()) {
+		for (TournamentTeamMember ttm : tournamentParticipant.getTeamMembers()) {
-			if(ttm.getRole() == TournamentTeamMemberRole.CAPTAIN || ttm.getRole() == TournamentTeamMemberRole.PLAYER) {
+			if (ttm.getRole() == TournamentTeamMemberRole.CAPTAIN || ttm.getRole() == TournamentTeamMemberRole.PLAYER) {
 				ttms.add(ttm);
 			}
 		}
@@ -154,8 +156,8 @@ public class TournamentParticipateView extends GenericCDIView {
 	public List<TournamentTeamMember> getBackupPlayers() {
 		ArrayList<TournamentTeamMember> ttms = new ArrayList<>();
-		for(TournamentTeamMember ttm : tournamentParticipant.getTeamMembers()) {
+		for (TournamentTeamMember ttm : tournamentParticipant.getTeamMembers()) {
-			if(ttm.getRole() == TournamentTeamMemberRole.BACKUP_PLAYER) {
+			if (ttm.getRole() == TournamentTeamMemberRole.BACKUP_PLAYER) {
 				ttms.add(ttm);
 			}
 		}
@@ -163,11 +165,11 @@ public class TournamentParticipateView extends GenericCDIView {
 	}
 	public String saveParticipation() {
-		if(tournamentParticipant != null) {
+		if (tournamentParticipant != null) {
 			try {
 				tournamentBean.createParticipation(tournamentParticipant);
 				MessageHelper.info("tournament.participation_success");
-			} catch(Exception e) {
+			} catch (Exception e) {
 				MessageHelper.err(e.getMessage());
 			}
 		} else {
@@ -183,6 +185,10 @@ public class TournamentParticipateView extends GenericCDIView {
 		return "/tournaments/index.xhtml";
 	}
+	public boolean canParticipate() {
+		return super.hasPermission(TournamentPermission.PARTICIPATE);
+	}
 	public Tournament getTournament() {
 		return tournament;
 	}