Removed obsolete code

Spring security based permission check will do this for us.

Removed obsolete code
Spring security based permission check will do this for us.
20a8c0dc · Paul-Christian Volkmer · 9aae9310 · 20a8c0dc · 20a8c0dc
Commit 20a8c0dc authored 10 years ago by Paul-Christian Volkmer
--- a/src/main/java/de/thm/arsnova/controller/SessionController.java
+++ b/src/main/java/de/thm/arsnova/controller/SessionController.java
@@ -138,12 +138,6 @@ public class SessionController extends AbstractController {
 		User user = userService.getCurrentUser();
 		List<Session> sessions = null;

-		/* TODO Could @Authorized annotation be used instead of this check? */
-		if (null == user) {
-			response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
-			return null;
-		}
-
 		/* TODO implement all parameter combinations, implement use of user parameter */
 		if (ownedOnly && !visitedOnly) {
 			sessions = sessionService.getMySessions(user);

--- a/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java
+++ b/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java
@@ -85,4 +85,28 @@ public class SessionControllerTest {
 		mockMvc.perform(post("/session/").contentType(MediaType.APPLICATION_JSON).content("{\"keyword\":12345678}"))
 		.andExpect(status().isUnauthorized());
 	}
+
+	@Test
+	public void testShouldNotReturnMySessionsIfUnauthorized() throws Exception {
+		setAuthenticated(false);
+
+		mockMvc.perform(get("/session/").param("ownedonly", "true"))
+		.andExpect(status().isUnauthorized());
+	}
+
+	@Test
+	public void testShouldNotReturnMyVisitedSessionsIfUnauthorized() throws Exception {
+		setAuthenticated(false);
+
+		mockMvc.perform(get("/session/").param("visitedonly", "true"))
+		.andExpect(status().isUnauthorized());
+	}
+
+	@Test
+	public void testShouldShowUnimplementedIfNoFlagIsSet() throws Exception {
+		setAuthenticated(false);
+
+		mockMvc.perform(get("/session/"))
+		.andExpect(status().isNotImplemented());
+	}
 }