From 558cdfcef3b57a9b2f2aea662595ca3c5f2eb0f3 Mon Sep 17 00:00:00 2001
From: Paul-Christian Volkmer <paul-christian.volkmer@mni.thm.de>
Date: Thu, 6 Sep 2012 11:56:21 +0200
Subject: [PATCH] Task #3808: Check if current user is creator of session

A session will be returned if one of the following cases are true:
* the session is active
* the session is inactive AND current (logged in) user is the creator
---
 .../de/thm/arsnova/services/SessionService.java | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/src/main/java/de/thm/arsnova/services/SessionService.java b/src/main/java/de/thm/arsnova/services/SessionService.java
index eaa6f8767..d8b8f37fd 100644
--- a/src/main/java/de/thm/arsnova/services/SessionService.java
+++ b/src/main/java/de/thm/arsnova/services/SessionService.java
@@ -26,6 +26,9 @@ import net.sf.json.JSONObject;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.User;
 import org.springframework.stereotype.Service;
 
 import com.fourspaces.couchdb.Database;
@@ -58,9 +61,10 @@ public class SessionService implements ISessionService {
 				results.getJSONArray("rows").optJSONObject(0)
 						.optJSONObject("value"), Session.class);
 
-		if (result.isActive())
+		if (result.isActive() || result.getCreator().equals(this.actualUserName())) {
 			return result;
-
+		}
+		
 		return null;
 	}
 
@@ -137,4 +141,13 @@ public class SessionService implements ISessionService {
 	private String currentTimestamp() {
 		return Long.toString(System.currentTimeMillis());
 	}
+	
+	private String actualUserName() {
+		try {
+			Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+			User user = (User) authentication.getPrincipal();
+			return user.getUsername();
+		} catch (ClassCastException e) {}
+		return null;
+	}
 }
-- 
GitLab