GroupDeleteAction.java

package edu.ualberta.med.biobank.common.action.security;

import edu.ualberta.med.biobank.common.action.Action;
import edu.ualberta.med.biobank.common.action.ActionContext;
import edu.ualberta.med.biobank.common.action.EmptyResult;
import edu.ualberta.med.biobank.common.action.exception.ActionException;
import edu.ualberta.med.biobank.common.permission.security.UserManagerPermission;
import edu.ualberta.med.biobank.model.Group;

public class GroupDeleteAction implements Action<EmptyResult> {
    private static final long serialVersionUID = 1L;

    private final GroupDeleteInput input;

    public GroupDeleteAction(GroupDeleteInput input) {
        this.input = input;
    }

    @Override
    public boolean isAllowed(ActionContext context) throws ActionException {
        return new UserManagerPermission().isAllowed(context);
    }

    @Override
    public EmptyResult run(ActionContext context) throws ActionException {
        Group group = context.load(Group.class, input.getGroupId());

        // TODO: localise and parameterise the exception message
        if (!group.isFullyManageable(context.getUser()))
            throw new ActionException(
                "you do not have adequate permissions to delete this group");

        context.getSession().delete(group);
        return new EmptyResult();
    }
}