RequestedBookingModelFactory.java example

Explorer
Facility-Access-Manager-master
/*
 * Copyright 2009-2012 by KNURT Systeme (http://www.knurt.de)
 *
 * Licensed under the Creative Commons License Attribution-NonCommercial-ShareAlike 3.0 Unported;
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://creativecommons.org/licenses/by-nc-sa/3.0/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package de.knurt.fam.template.model;

import java.util.Properties;

import de.knurt.fam.connector.RedirectTarget;
import de.knurt.fam.core.aspects.logging.FamLog;
import de.knurt.fam.core.model.persist.User;
import de.knurt.fam.core.model.persist.booking.Booking;
import de.knurt.fam.core.util.mvc.RedirectResolver;
import de.knurt.fam.core.util.mvc.RequestInterpreter;

/**
 * create the booking requested and set it as <code>booking</code>. set
 * <code>user_owned_booking</code> to <code>true</code> if the auth user is the
 * owner of the booking. set <code>user_owned_booking</code> to
 * <code>false</code> if the auth user is not the owner of the booking but is
 * the operator of the facility booked. redirect to protected home if user is
 * neither first nor second.
 * 
 * @see RequestInterpreter#getBooking(javax.servlet.http.HttpServletRequest)
 * @see User#hasResponsibility4Facility(de.knurt.fam.core.model.config.Facility)
 * @see Booking#getFacility()
 * @author Daniel Oltmanns
 * @since 1.7.0 (03/30/2012)
 */
public class RequestedBookingModelFactory {

	/**
	 * return the requested booking as model
	 * @see RequestedBookingModelFactory
	 * @param templateResource the {@link TemplateResource} of the request
	 * @return the requested booking as model
	 */
	public Properties getProperties(TemplateResource templateResource) {
		Properties result = new Properties();
		Booking booking = RequestInterpreter.getBooking(templateResource.getRequest());
		if (booking != null && templateResource.getAuthUser() != null) {
			Boolean userOwnedBooking = null;
			if (booking.getUser().is(templateResource.getAuthUser())) {
				userOwnedBooking = true;
			} else if (templateResource.getAuthUser().hasResponsibility4Facility(booking.getFacility())) {
				userOwnedBooking = false;
			}
			if (userOwnedBooking == null) {
				// user is not allowed to see session
				RedirectResolver.redirectClient(RedirectTarget.PROTECTED_HOME, templateResource);
				FamLog.info("user " + templateResource.getAuthUser().getUsername() + " not allowed to see " + booking.getArticleNumber() + " on " + templateResource.getName() + " (url rewrite?!)", 201203300856l);
			} else {
				result.put("booking", booking);
				result.put("user_owned_booking", userOwnedBooking);
			}
		} else {
			RedirectResolver.redirectClient(RedirectTarget.PROTECTED_HOME, templateResource);
			FamLog.info("no facility given on session info (url rewrite?!)", 201010271215l);
		}
		return result;
	}
}