From a4662a1547842237b57f32e6b6529f038357e62c Mon Sep 17 00:00:00 2001
From: Paul-Christian Volkmer <paul-christian.volkmer@mni.thm.de>
Date: Wed, 17 Oct 2012 13:50:22 +0200
Subject: [PATCH] Added method stub for session membership check and fixed HTTP
 code assert

Use this method to implement further checks on session membership.
The old HTTP code assert should never be reached because an
UnauthroizedException should have been thrown first.
---
 .../de/thm/arsnova/aop/AuthorizationAdviser.java  | 15 +++++++++++++++
 .../arsnova/controller/SessionControllerTest.java |  2 +-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/main/java/de/thm/arsnova/aop/AuthorizationAdviser.java b/src/main/java/de/thm/arsnova/aop/AuthorizationAdviser.java
index 2d889b790..6e7ee94c7 100644
--- a/src/main/java/de/thm/arsnova/aop/AuthorizationAdviser.java
+++ b/src/main/java/de/thm/arsnova/aop/AuthorizationAdviser.java
@@ -18,9 +18,24 @@ public class AuthorizationAdviser {
 		userService = uService;
 	}
 	
+	/** This method checks if the user has a valid authorization from security context 
+	 * 
+	 * @param authenticated
+	 * @param object
+	 */
 	@Before("execution(public * de.thm.arsnova.services.*.*(..)) && @annotation(authenticated) && this(object)")
 	public void checkAuthorization(Authenticated authenticated, Object object) {
 		User u = userService.getUser(SecurityContextHolder.getContext().getAuthentication());
 		if (u == null) throw new UnauthorizedException();
 	}
+	
+	/** This method checks if the user is enlisted in current ARSnova session
+	 *
+	 * @param authenticated
+	 * @param object
+	 */
+	@Before("execution(public * de.thm.arsnova.services.*.*(..)) && @annotation(authenticated) && this(object)")
+	public void checkSessionMembership(Authenticated authenticated, Object object) {
+		//TODO: Implement check based on session membership lists
+	}
 }
diff --git a/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java b/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java
index cfe9e41e1..44bf2fd50 100644
--- a/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java
+++ b/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java
@@ -124,7 +124,7 @@ public class SessionControllerTest {
 			final ModelAndView mav = handlerAdapter.handle(request, response,
 					sessionController);
 			assertNull(mav);
-			assertTrue(response.getStatus() == 403);
+			assertTrue(response.getStatus() == 401);
 		} catch (UnauthorizedException e) {
 			return;
 		} catch (Exception e) {
-- 
GitLab