diff --git a/src/main/java/de/thm/arsnova/aop/AuthorizationAdviser.java b/src/main/java/de/thm/arsnova/aop/AuthorizationAdviser.java
index 2d889b790c5c7bbcac479f35d986a60a4866cf42..6e7ee94c7985806cc77518900f232d99a2066cd3 100644
--- a/src/main/java/de/thm/arsnova/aop/AuthorizationAdviser.java
+++ b/src/main/java/de/thm/arsnova/aop/AuthorizationAdviser.java
@@ -18,9 +18,24 @@ public class AuthorizationAdviser {
userService = uService;
}
+ /** This method checks if the user has a valid authorization from security context
+ *
+ * @param authenticated
+ * @param object
+ */
@Before("execution(public * de.thm.arsnova.services.*.*(..)) && @annotation(authenticated) && this(object)")
public void checkAuthorization(Authenticated authenticated, Object object) {
User u = userService.getUser(SecurityContextHolder.getContext().getAuthentication());
if (u == null) throw new UnauthorizedException();
}
+
+ /** This method checks if the user is enlisted in current ARSnova session
+ *
+ * @param authenticated
+ * @param object
+ */
+ @Before("execution(public * de.thm.arsnova.services.*.*(..)) && @annotation(authenticated) && this(object)")
+ public void checkSessionMembership(Authenticated authenticated, Object object) {
+ //TODO: Implement check based on session membership lists
+ }
}
diff --git a/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java b/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java
index cfe9e41e1d9a916c468f8b341442f4cd3dd41dc6..44bf2fd50cfccfbba1ce50499a88793fee0cb511 100644
--- a/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java
+++ b/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java
@@ -124,7 +124,7 @@ public class SessionControllerTest {
final ModelAndView mav = handlerAdapter.handle(request, response,
sessionController);
assertNull(mav);
- assertTrue(response.getStatus() == 403);
+ assertTrue(response.getStatus() == 401);
} catch (UnauthorizedException e) {
return;
} catch (Exception e) {