/* * * Copyright 2013 Entando S.r.l. (http://www.entando.com) All rights reserved. * * This file is part of Entando software. * Entando is a free software; * You can redistribute it and/or modify it * under the terms of the GNU General Public License (GPL) as published by the Free Software Foundation; version 2. * * See the file License for the specific language governing permissions * and limitations under the License * * * * Copyright 2013 Entando S.r.l. (http://www.entando.com) All rights reserved. * */ package com.agiletec.plugins.jpsurvey.aps.internalservlet.system; import javax.servlet.http.HttpServletRequest; import org.apache.struts2.ServletActionContext; import com.agiletec.aps.system.SystemConstants; import com.agiletec.aps.system.services.authorization.IAuthorizationManager; import com.agiletec.aps.system.services.group.Group; import com.agiletec.aps.system.services.user.UserDetails; import com.agiletec.aps.util.ApsWebApplicationUtils; import com.agiletec.plugins.jpsurvey.aps.system.services.survey.model.SurveyRecord; import com.opensymphony.xwork2.interceptor.AbstractInterceptor; /** * @author E.Santoboni */ public abstract class AbstractSurveyWondenInterceptor extends AbstractInterceptor { protected String checkSurveyGroup(SurveyRecord survey, HttpServletRequest request) { UserDetails currentUser = (UserDetails) request.getSession().getAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER); IAuthorizationManager authManager = (IAuthorizationManager) ApsWebApplicationUtils.getBean(SystemConstants.AUTHORIZATION_SERVICE, ServletActionContext.getRequest()); if (!survey.getGroupName().equals(Group.FREE_GROUP_NAME) && !authManager.isAuthOnGroup(currentUser, Group.ADMINS_GROUP_NAME) && !authManager.isAuthOnGroup(currentUser, survey.getGroupName())) { return "userNotAllowedToSurvey"; } return null; } }