DownloadAttachmentRule.java

/*
 * Copyright (c) JForum Team. All rights reserved.
 *
 * The software in this package is published under the terms of the LGPL
 * license a copy of which has been included with this distribution in the
 * license.txt file.
 *
 * The JForum Project
 * http://www.jforum.net
 */
package net.jforum.security;

import javax.servlet.http.HttpServletRequest;

import net.jforum.entities.Attachment;
import net.jforum.entities.UserSession;
import net.jforum.repository.AttachmentRepository;
import net.jforum.util.ConfigKeys;
import net.jforum.util.JForumConfig;
import br.com.caelum.vraptor.ioc.Component;

/**
 * @author Rafael Steil
 */
@Component
public class DownloadAttachmentRule implements AccessRule {
	private final JForumConfig config;
	private final AttachmentRepository repository;

	public DownloadAttachmentRule(JForumConfig config, AttachmentRepository repository) {
		this.config = config;
		this.repository = repository;
	}

	/**
	 * @see net.jforum.security.AccessRule#shouldProceed(net.jforum.entities.UserSession, javax.servlet.http.HttpServletRequest)
	 */
	@Override
	public boolean shouldProceed(UserSession userSession, HttpServletRequest request) {
		if (!userSession.isLogged() && !this.config.getBoolean(ConfigKeys.ATTACHMENTS_ANONYMOUS)) {
			return false;
		}

		Attachment attachment = this.repository.get(Integer.parseInt(request.getParameter("attachmentId")));

		if (!userSession.getRoleManager().isAttachmentsAlllowed(attachment.getPost().getForum().getId())
			&& !userSession.getRoleManager().getCanDownloadAttachments(attachment.getPost().getForum().getId())) {
			return false;
		}

		return true;
	}
}