PoseJSONRequestController.java example

Explorer
pyramus-master
package fi.otavanopisto.pyramus.json.users;

import java.util.logging.Level;
import java.util.logging.Logger;

import javax.servlet.http.HttpSession;

import fi.internetix.smvc.SmvcRuntimeException;
import fi.internetix.smvc.controllers.JSONRequestContext;
import fi.otavanopisto.pyramus.dao.DAOFactory;
import fi.otavanopisto.pyramus.dao.users.UserDAO;
import fi.otavanopisto.pyramus.domainmodel.students.Student;
import fi.otavanopisto.pyramus.domainmodel.users.Role;
import fi.otavanopisto.pyramus.domainmodel.users.StaffMember;
import fi.otavanopisto.pyramus.domainmodel.users.User;
import fi.otavanopisto.pyramus.framework.JSONRequestController;
import fi.otavanopisto.pyramus.framework.PyramusStatusCode;
import fi.otavanopisto.pyramus.framework.UserRole;

public class PoseJSONRequestController extends JSONRequestController {
  
  private static final Logger logger = Logger.getLogger(PoseJSONRequestController.class.getName());
  
  public void process(JSONRequestContext jsonRequestContext) {
    Long userId = jsonRequestContext.getLong("userId"); 
    if (userId == null) {
      throw new SmvcRuntimeException(PyramusStatusCode.VALIDATION_FAILURE, "Invalid request"); 
    }
    
    UserDAO userDAO = DAOFactory.getInstance().getUserDAO();
    
    HttpSession session = jsonRequestContext.getRequest().getSession(false);
    if (session == null) {
      logger.log(Level.WARNING, String.format("Someone without session tried to pose user %d", userId));
      throw new SmvcRuntimeException(PyramusStatusCode.UNAUTHORIZED, "Unauthorized"); 
    }

    logger.log(Level.INFO, String.format("User %d attempting to pose user %d", jsonRequestContext.getLoggedUserId(), userId));

    User user = userDAO.findById(userId);
    if (user == null) {
      logger.log(Level.WARNING, String.format("User %d tried to pose non-existing user %d", jsonRequestContext.getLoggedUserId(), userId));
      throw new SmvcRuntimeException(PyramusStatusCode.PAGE_NOT_FOUND, "Requested user could not be found");
    }

    if (user.getArchived()) {
      logger.log(Level.WARNING, String.format("User %d tried to pose archived user %d", jsonRequestContext.getLoggedUserId(), userId));
      throw new SmvcRuntimeException(PyramusStatusCode.PAGE_NOT_FOUND, "Requested user could not be found");
    }
    
    if (user instanceof StaffMember) {
      Role role = ((StaffMember) user).getRole();
      switch (role) {
        case EVERYONE:
        case ADMINISTRATOR:
        case TRUSTED_SYSTEM:
          logger.log(Level.WARNING, String.format("User %d tried to pose user %d who is in forbidden role %s", jsonRequestContext.getLoggedUserId(), userId, role.name()));
          throw new SmvcRuntimeException(PyramusStatusCode.UNAUTHORIZED, "Unauthorized"); 
        default:
        break;
      }
      logger.log(Level.INFO, String.format("User %d posing staff member %d", userId, user.getId()));
      session.setAttribute("loggedUserRole", UserRole.valueOf(role.name()));
      session.setAttribute("loggedUserId", user.getId());
      session.setAttribute("loggedUserName", user.getFullName());
    } else if (user instanceof Student) {
      logger.log(Level.INFO, String.format("User %d posing student %d", userId, user.getId()));
      session.setAttribute("loggedUserId", user.getId());
      session.setAttribute("loggedUserName", user.getFullName()); 
    } else {
      logger.log(Level.SEVERE, String.format("User %d was not not a student or a staffMember", userId));
      throw new SmvcRuntimeException(PyramusStatusCode.PAGE_NOT_FOUND, "Requested user could not be found");
    }
    
    jsonRequestContext.setRedirectURL(jsonRequestContext.getRequest().getContextPath() + "/index.page");
  }

  public UserRole[] getAllowedRoles() {
    return new UserRole[] { UserRole.ADMINISTRATOR };
  }

}