Add some permissions to rest and fix accounteventcreation while reserving places

code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/PlaceBean.java

@@ -200,15 +200,15 @@ public class PlaceBean implements PlaceBeanLocal {
 		place = placeFacade.find(place.getId());
 		user = eventUserFacade.find(user.getId());
 		boolean ret = false;
-		
+
 		// when admin click's place, he reserves it -> just ignore it
-		if (!place.isTaken() || (permbean.hasPermission(MapPermission.MANAGE_OTHERS) && permbean.getCurrentUser().equals(place.getCurrentUser()) )) {
+		if (!place.isTaken() || (permbean.hasPermission(MapPermission.MANAGE_OTHERS) && permbean.getCurrentUser().equals(place.getCurrentUser()))) {
 			if (place.isBuyable() || permbean.hasPermission(MapPermission.MANAGE_OTHERS)) {
-				
-				if(!place.isBuyable()) {
+
+				if (!place.isBuyable()) {
 					place.setBuyable(true);
 				}
-				
+
 				place.setCurrentUser(user);
 				place.setReleaseTime(Calendar.getInstance());
 				place.getReleaseTime().add(Calendar.MINUTE, RESERVE_MINUTES);
@@ -249,7 +249,7 @@ public class PlaceBean implements PlaceBeanLocal {
 	// }
 	// logger.debug("timeouting places");
 	// placeFacade.releasePlaces(permbean.getCurrentUser());
-	// }	
+	// }
 	@Override
 	@RolesAllowed({ MapPermission.S_BUY_PLACES, MapPermission.S_MANAGE_OTHERS })
 	public PlaceGroup buySelectedPlaces(EventUser user) throws BortalCatchableException {
@@ -283,7 +283,7 @@ public class PlaceBean implements PlaceBeanLocal {
 		}
 
 		// PlaceGroup pg = pgbean.createPlaceGroup(user);
-		if (!createAccountevents)
+		if (createAccountevents)
 		{
 			BigDecimal totalprice = addAndCalcPrice(user, null);
 			BigDecimal balance = user.getAccountBalance();
@@ -553,7 +553,8 @@ public class PlaceBean implements PlaceBeanLocal {
 		PDF pdf = new PDF(outputStream);
 		pdf.setTitle("Place");
 
-		float pointInMillim = (25.4f / 72.0f); // 1 point is 1/72 inches. 1 inch = 25.4mm
+		float pointInMillim = (25.4f / 72.0f); // 1 point is 1/72 inches. 1 inch
+												// = 25.4mm
 		float pagex = width / pointInMillim;
 		float pagey = height / pointInMillim;
 
@@ -572,7 +573,7 @@ public class PlaceBean implements PlaceBeanLocal {
 
 			double currentX = 42;
 
-			// nick 
+			// nick
 			if (place.getPlaceReserver() != null && place.getPlaceReserver().getUser() != null) {
 				font = new com.pdfjet.Font(pdf, CoreFont.HELVETICA);
 				font.setSize(font2);
@@ -584,7 +585,7 @@ public class PlaceBean implements PlaceBeanLocal {
 				textLine.drawOn(page);
 			}
 
-			// place hex code 
+			// place hex code
 			font = new com.pdfjet.Font(pdf, CoreFont.HELVETICA);
 			font.setSize(font2);
 

code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/UserBean.java

@@ -77,7 +77,8 @@ public class UserBean implements UserBeanLocal {
 	private static final Logger logger = LoggerFactory.getLogger(UserBean.class);
 
 	/**
-	 * Java EE container injektoi tämän luokkamuuttujan luokan luonnin yhteydessä.
+	 * Java EE container injektoi tämän luokkamuuttujan luokan luonnin
+	 * yhteydessä.
 	 */
 	@EJB
 	private UserFacade userFacade;
@@ -167,8 +168,9 @@ public class UserBean implements UserBeanLocal {
 	// private EventUser currentEventuser;
 	// private ArrayList<Role> currentEventuserRoles;
 
-	// HUOMHUOM! Älä määrittele tätä UserBeanLocal interfacelle. 
-	// Käytä Viewien puolelta findUsersRoles joka tarkistaa käyttäjän oikeudet ensin.
+	// HUOMHUOM! Älä määrittele tätä UserBeanLocal interfacelle.
+	// Käytä Viewien puolelta findUsersRoles joka tarkistaa käyttäjän oikeudet
+	// ensin.
 	public Set<Role> localFindUsersRoles(EventUser u) {
 		// if (currentEventuser != null && u.equals(currentEventuser)) {
 		// logger.debug("Returnin cached eventuserroles for user {}: {}",
@@ -275,7 +277,7 @@ public class UserBean implements UserBeanLocal {
 
 			bimage = resized;
 		}
-		
+
 		bimage = forceCrop(bimage);
 
 		ByteArrayOutputStream naamaout = new ByteArrayOutputStream();
@@ -300,42 +302,42 @@ public class UserBean implements UserBeanLocal {
 
 		return userimage;
 	}
-	
+
 	private BufferedImage forceCrop(BufferedImage source) {
-		int x,y,xl,yl,xh,yh,xc,yc,x0,y0,x1,y1;
+		int x, y, xl, yl, xh, yh, xc, yc, x0, y0, x1, y1;
 		double ar = CardPrintBean.ASPECT_RATIO; // x/y
-		x=source.getWidth();
-		y=source.getHeight();
-		
-		xc = x/2;
-		yc = y/2;
-		
-		if(y >= x) {
+		x = source.getWidth();
+		y = source.getHeight();
+
+		xc = x / 2;
+		yc = y / 2;
+
+		if (y >= x) {
 			xl = x;
-			yl = (int)(y*((double)x/(double)y));
+			yl = (int) (y * ((double) x / (double) y));
 		} else {
-			xl = (int)(x*((double)y/(double)x));
+			xl = (int) (x * ((double) y / (double) x));
 			yl = y;
 		}
-		
-		xh = (int)((xl/2)*ar);
-		yh = yl/2;
-		
-		x0 = xc-xh;
-		x1 = xc+xh;
-		
-		y0 = yc-yh;
-		y1 = yc+yh;
-		
-		int cix = (int)(((double)xl)*ar);
+
+		xh = (int) ((xl / 2) * ar);
+		yh = yl / 2;
+
+		x0 = xc - xh;
+		x1 = xc + xh;
+
+		y0 = yc - yh;
+		y1 = yc + yh;
+
+		int cix = (int) (((double) xl) * ar);
 		int ciy = yl;
-		
+
 		BufferedImage cropped = new BufferedImage(cix, ciy, source.getType());
 		Graphics2D g = cropped.createGraphics();
 		g.setRenderingHint(RenderingHints.KEY_INTERPOLATION, RenderingHints.VALUE_INTERPOLATION_BILINEAR);
 		g.drawImage(source, 0, 0, cix, ciy, x0, y0, x1, y1, null);
 		g.dispose();
-		
+
 		return cropped;
 	}
 
@@ -582,8 +584,10 @@ public class UserBean implements UserBeanLocal {
 	public void removeGameIdById(Integer gameIdId) {
 		GameID gi = gameIDFacade.find(gameIdId);
 
-		// In the future we may edit other peoples' gameids, leave this as a placeholder for now
-		// At the very least it safeguards the situation if user gets another users gameid in somehow..
+		// In the future we may edit other peoples' gameids, leave this as a
+		// placeholder for now
+		// At the very least it safeguards the situation if user gets another
+		// users gameid in somehow..
 		if (!permbean.isCurrentUser(gi.getEventUser())) {
 			loggerbean.logMessage(SecurityLogType.permissionDenied, permbean.getCurrentUser(), "User tried to remove GameID from another user: " + gi.getEventUser());
 			throw new EJBAccessException("Not enough rights to remove another users' GameIDs");
@@ -684,19 +688,22 @@ public class UserBean implements UserBeanLocal {
 		return userFacade.searchAllUsers(search);
 	}
 
-	//	@Override
-	//	public SearchResult<User> getEventUsers(SearchQuery search) {
-	//		if (search.getSearch() == null || search.getSearch().isEmpty())
-	//		{
-	//			throw new RuntimeException("You should be using getThisEventsUsers if not searching globally...");
-	//			// return userFacade.searchEventUsers(search);
-	//		} else {
-	//			return userFacade.searchAllUsers(search);
-	//		}
+	// @Override
+	// public SearchResult<User> getEventUsers(SearchQuery search) {
+	// if (search.getSearch() == null || search.getSearch().isEmpty())
+	// {
+	// throw new
+	// RuntimeException("You should be using getThisEventsUsers if not searching globally...");
+	// // return userFacade.searchEventUsers(search);
+	// } else {
+	// return userFacade.searchAllUsers(search);
+	// }
 	//
-	//	}
+	// }
 	//
+
 	@Override
+	@RolesAllowed(UserPermission.S_VIEW_ALL)
 	public SearchResult<EventUser> getThisEventsUsers(UserSearchQuery searchQuery) {
 		SearchResult<EventUser> returnUsers = eventUserFacade.searchEventUsers(searchQuery);
 
@@ -748,6 +755,9 @@ public class UserBean implements UserBeanLocal {
 
 	@Override
 	public UserApproval setUserApproval(EventUser user, String approvalName, boolean approvalValue, String notes) {
+		if (!permbean.getCurrentUser().equals(user) && permbean.hasPermission(UserPermission.MODIFY))
+			throw new EJBAccessException("Tried to set approval without permissions: " + approvalName + " to " + approvalValue + " with notes " + notes);
+
 		Approval approval = approvalFacade.findOrCreate(approvalName);
 		UserApproval ret = userApprovalFacade.findOrCreateApproval(user, approval);
 		ret.setApprovalValue(approvalValue);
@@ -773,7 +783,12 @@ public class UserBean implements UserBeanLocal {
 
 	@Override
 	public User getUser(Integer id) {
-		return userFacade.find(id);
-	}
 
+		User ret = userFacade.find(id);
+		if (!permbean.getCurrentUser().getUser().equals(ret) && permbean.hasPermission(UserPermission.VIEW_ALL)) {
+			throw new EJBAccessException("Tried to fetch user with id " + id + " from database without sufficient permissions");
+		}
+
+		return ret;
+	}
 }
\ No newline at end of file

code/MoyaWeb/WebContent/user/acceptInvite.xhtml

@@ -14,7 +14,7 @@
 		</ui:define>
 		<ui:define name="content">
 			<ui:fragment rendered="#{!inviteAcceptView.done}">
-				<users:edit creating="true" commitaction="#{inviteAcceptView.createUser()}" commitvalue="#{i18n['user.create']}" />
+				<users:create creating="true" commitaction="#{inviteAcceptView.createUser()}" commitvalue="#{i18n['user.create']}" />
 			</ui:fragment>
 		</ui:define>
 	</ui:composition>