BinaryRequestController.java

package fi.otavanopisto.pyramus.framework;

import fi.internetix.smvc.AccessDeniedException;
import fi.internetix.smvc.LoginRequiredException;
import fi.internetix.smvc.controllers.RequestContext;
import fi.otavanopisto.pyramus.dao.DAOFactory;
import fi.otavanopisto.pyramus.dao.users.StaffMemberDAO;
import fi.otavanopisto.pyramus.domainmodel.users.Role;
import fi.otavanopisto.pyramus.domainmodel.users.StaffMember;

public abstract class BinaryRequestController implements fi.internetix.smvc.controllers.BinaryRequestController {

  public abstract UserRole[] getAllowedRoles();

  public void authorize(RequestContext requestContext) throws LoginRequiredException, AccessDeniedException {
    UserRole[] roles = getAllowedRoles();
    if (!contains(roles, UserRole.EVERYONE)) {
      if (!requestContext.isLoggedIn())
        throw new LoginRequiredException();
      else {
        Long loggedUserId = requestContext.getLoggedUserId();
        
        StaffMemberDAO staffDAO = DAOFactory.getInstance().getStaffMemberDAO();
        StaffMember user = staffDAO.findById(loggedUserId);
        
        Role role = user.getRole();
        
        // TODO Ugly hax
        UserRole userRole = UserRole.getRole(role.getValue());
        
        if (!contains(roles, userRole))
          throw new AccessDeniedException(requestContext.getRequest().getLocale());
      }
    }
  }

  /**
   * Returns whether the given role is included in the given role array.
   * 
   * @param roles The roles
   * @param role The role
   * 
   * @return <code>true</code> if the roles array contains the given role, otherwise
   * <code>false</code>
   */
  private boolean contains(UserRole[] roles, UserRole role) {
    for (int i = 0; i < roles.length; i++) {
      if (roles[i] == role) {
        return true;
      }
    }
    return false;
  }
}