UpdatePresentationController.java

package org.theospi.portfolio.presentation.control;

import java.util.Collection;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.sakaiproject.metaobj.security.AuthenticationManager;
import org.sakaiproject.metaobj.shared.model.Id;
import org.springframework.validation.BindException;
import org.springframework.web.bind.ServletRequestDataBinder;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.AbstractCommandController;
import org.theospi.portfolio.presentation.PresentationFunctionConstants;
import org.theospi.portfolio.presentation.model.Presentation;
import org.theospi.portfolio.presentation.support.PresentationService;
import org.theospi.portfolio.presentation.support.UpdatePresentationValidator;
import org.theospi.portfolio.security.Authorization;
import org.theospi.portfolio.security.AuthorizationFacade;
import org.theospi.portfolio.security.AuthorizationFailedException;

public class UpdatePresentationController extends AbstractCommandController {
	private PresentationService presentationService;
	private AuthorizationFacade authzManager;
	private AuthenticationManager authManager;

	
	public UpdatePresentationController() {
		setCommandClass(Presentation.class);
		setValidator(new UpdatePresentationValidator());
	}
	
	@Override
	protected ModelAndView handle(HttpServletRequest request, HttpServletResponse response, Object command, BindException errors) throws Exception {
		if (errors.hasErrors()) {
			response.sendError(HttpServletResponse.SC_BAD_REQUEST, "You have submitted bad input -- check the API");
			// This call should return a MaV that contains the error information. 
			// return new ModelAndView("editPresentation", errors.getModel());
			return null;
		}

		Boolean requestAccess = null;
		if (request.getParameter("requestAccess") != null) {
			requestAccess = Boolean.valueOf(request.getParameter("requestAccess"));
		}

		Boolean active = null;
		if (request.getParameter("active") != null)
			active = Boolean.valueOf(request.getParameter("active"));
		
		Boolean allowComments = null;
		if (request.getParameter("allowComments") != null)
			allowComments = Boolean.valueOf(request.getParameter("allowComments"));
		
		Boolean searchable = null;
		if (request.getParameter("not_searchable") == null) {
			searchable = Boolean.TRUE;
		}
		else {
			searchable = Boolean.FALSE;
		}
		
		Presentation presentation = (Presentation) command;
		try {
			if (requestAccess != null) {
				Collection<Authorization> viewerAuthzs = getAuthzManager().getAuthorizations(null,
						PresentationFunctionConstants.VIEW_PRESENTATION, presentation.getId());

				if (viewerAuthzs == null) {  // user already has access to the presentation
					return null;
				}

				Collection<Authorization> requestAuthzs = getAuthzManager().getAuthorizations(null,
						PresentationFunctionConstants.REQUEST_VIEW_PRESENTATION, presentation.getId());

				if (requestAuthzs == null) {  // user already has a request in for this presentation
					return null;
				}

				if (Boolean.TRUE.equals(requestAccess)) {
					// set the Request authz
					getAuthzManager().createAuthorization(getAuthManager().getAgent(), 
							PresentationFunctionConstants.REQUEST_VIEW_PRESENTATION, 
							presentation.getId());
				}
				else { // requestAccess = false
					// remove the Request authz
					getAuthzManager().deleteAuthorization(getAuthManager().getAgent(), 
							PresentationFunctionConstants.REQUEST_VIEW_PRESENTATION, 
							presentation.getId());
				}

			}
			else {
				if (!presentationService.updatePresentation(presentation.getId().getValue(), presentation.getName(), presentation.getDescription(), active, allowComments, searchable)) {
					response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
				}
			}
		}
		catch (AuthorizationFailedException e) {
			response.sendError(HttpServletResponse.SC_FORBIDDEN);
		}
		return null;
	}
	
	@Override
	protected void initBinder(HttpServletRequest request, ServletRequestDataBinder binder) throws Exception {
		binder.registerCustomEditor(Id.class, presentationService.getIdCustomEditor());
		binder.setAllowedFields(new String[] {"id", "name", "description"});
	}

	public void setPresentationService(PresentationService presentationService) {
		this.presentationService = presentationService;
	}

	public AuthorizationFacade getAuthzManager() {
		return authzManager;
	}

	public void setAuthzManager(AuthorizationFacade authzManager) {
		this.authzManager = authzManager;
	}

	public AuthenticationManager getAuthManager() {
		return authManager;
	}

	public void setAuthManager(AuthenticationManager authManager) {
		this.authManager = authManager;
	}

}