UserQueryUserResourceAuthorizationChecker.java

package org.nextprot.api.user.aop;

import org.nextprot.api.commons.exception.NotAuthorizedException;
import org.nextprot.api.commons.resource.UserResource;
import org.nextprot.api.user.dao.UserQueryDao;
import org.nextprot.api.user.domain.UserQuery;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
public class UserQueryUserResourceAuthorizationChecker implements UserResourceAuthorizationChecker {

    @Autowired
    private UserQueryDao dao;

    @Override //THIS SHOULD ONLY BE INTERCEPT FOR DELETES INSERT AND UPDATED
    public void checkAuthorization(UserResource query) {

        if (query instanceof UserQuery) {

        	long queryId = ((UserQuery) query).getUserQueryId();
            if (queryId != 0){ 

            	if((queryId < 100000)){ //Tutorial query
            		throw new NotAuthorizedException("Tutorial queries can't be modified");
            	}
            	
            	UserQuery foundUserQuery = dao.getUserQueryById(queryId);

                // dao only get owner name
                if (!foundUserQuery.getOwner().equals(query.getOwnerName()))
                    throw new NotAuthorizedException(query.getOwnerName() + " cannot access resource");
            }
        }
        else {

            throw new IllegalStateException(query.getClass().getSimpleName() + ": incorrect class for authorization check");
        }
    }

    @Override
    public boolean supports(UserResource ur) {

        return ur instanceof UserQuery;
    }
}