diff --git a/src/main/java/de/thm/arsnova/controller/v2/MotdController.java b/src/main/java/de/thm/arsnova/controller/v2/MotdController.java
index 25803e290786323aaaa5740d0ce8ff7fdb856af1..acdb93d63472348c99020d67273aadc025e539d4 100644
--- a/src/main/java/de/thm/arsnova/controller/v2/MotdController.java
+++ b/src/main/java/de/thm/arsnova/controller/v2/MotdController.java
@@ -93,11 +93,11 @@ public class MotdController extends AbstractController {
roomId = roomService.getIdByShortId(roomShortId);
}
if (adminview) {
- motds = "session".equals(audience) ?
+ motds = roomShortId != null ?
motdService.getAllRoomMotds(roomId) :
motdService.getAdminMotds();
} else {
- motds = "session".equals(audience) ?
+ motds = roomShortId != null ?
motdService.getCurrentRoomMotds(date, roomId) :
motdService.getCurrentMotds(date, audience);
}
@@ -117,8 +117,9 @@ public class MotdController extends AbstractController {
final HttpServletResponse response
) {
de.thm.arsnova.entities.Motd motdV3 = fromV2Migrator.migrate(motd);
- if (de.thm.arsnova.entities.Motd.Audience.ROOM.equals(motd.getAudience()) && motdV3.getRoomId() != null) {
- motdService.save(motdV3.getRoomId(), motdV3);
+ String roomId = roomService.getIdByShortId(motd.getSessionkey());
+ if (de.thm.arsnova.entities.Motd.Audience.ROOM == motdV3.getAudience() && roomId != null) {
+ motdService.save(roomId, motdV3);
} else {
motdService.save(motdV3);
}
@@ -133,8 +134,9 @@ public class MotdController extends AbstractController {
@ApiParam(value = "current motd", required = true) @RequestBody final Motd motd
) {
de.thm.arsnova.entities.Motd motdV3 = fromV2Migrator.migrate(motd);
- if ("session".equals(motd.getAudience()) && motdV3.getRoomId() != null) {
- motdService.update(motdV3.getRoomId(), motdV3);
+ String roomId = roomService.getIdByShortId(motd.getSessionkey());
+ if (motdV3.getAudience() == de.thm.arsnova.entities.Motd.Audience.ROOM && roomId != null) {
+ motdService.update(roomId, motdV3);
} else {
motdService.update(motdV3);
}
@@ -146,7 +148,7 @@ public class MotdController extends AbstractController {
@RequestMapping(value = "/{motdId}", method = RequestMethod.DELETE)
public void deleteMotd(@ApiParam(value = "Motd-key from the message that shall be deleted", required = true) @PathVariable final String motdId) {
de.thm.arsnova.entities.Motd motd = motdService.get(motdId);
- if ("session".equals(motd.getAudience())) {
+ if (motd.getAudience() == de.thm.arsnova.entities.Motd.Audience.ROOM) {
motdService.deleteByRoomId(motd.getRoomId(), motd);
} else {
motdService.delete(motd);
diff --git a/src/main/java/de/thm/arsnova/security/ApplicationPermissionEvaluator.java b/src/main/java/de/thm/arsnova/security/ApplicationPermissionEvaluator.java
index 0d47d923717c837a59819cca9db722d3bba0e813..acb2861df8d9f8aa6f5b4b694e15ed7d83b99ab9 100644
--- a/src/main/java/de/thm/arsnova/security/ApplicationPermissionEvaluator.java
+++ b/src/main/java/de/thm/arsnova/security/ApplicationPermissionEvaluator.java
@@ -17,12 +17,14 @@
*/
package de.thm.arsnova.security;
+import de.thm.arsnova.entities.Motd;
import de.thm.arsnova.entities.Room;
import de.thm.arsnova.entities.Comment;
import de.thm.arsnova.entities.Content;
import de.thm.arsnova.entities.UserProfile;
import de.thm.arsnova.persistance.CommentRepository;
import de.thm.arsnova.persistance.ContentRepository;
+import de.thm.arsnova.persistance.MotdRepository;
import de.thm.arsnova.persistance.RoomRepository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -55,6 +57,9 @@ public class ApplicationPermissionEvaluator implements PermissionEvaluator {
@Autowired
private ContentRepository contentRepository;
+ @Autowired
+ private MotdRepository motdRepository;
+
@Override
public boolean hasPermission(
final Authentication authentication,
@@ -75,7 +80,9 @@ public class ApplicationPermissionEvaluator implements PermissionEvaluator {
|| (targetDomainObject instanceof Content
&& hasContentPermission(userId, ((Content) targetDomainObject), permission.toString()))
|| (targetDomainObject instanceof Comment
- && hasCommentPermission(userId, ((Comment) targetDomainObject), permission.toString()));
+ && hasCommentPermission(userId, ((Comment) targetDomainObject), permission.toString()))
+ || (targetDomainObject instanceof Motd
+ && hasMotdPermission(userId, ((Motd) targetDomainObject), permission.toString()));
}
@Override
@@ -108,6 +115,9 @@ public class ApplicationPermissionEvaluator implements PermissionEvaluator {
case "comment":
final Comment targetComment = commentRepository.findOne(targetId.toString());
return targetComment != null && hasCommentPermission(userId, targetComment, permission.toString());
+ case "motd":
+ final Motd targetMotd = motdRepository.findOne(targetId.toString());
+ return targetMotd != null && hasMotdPermission(userId, targetMotd, permission.toString());
default:
return false;
}
@@ -192,6 +202,37 @@ public class ApplicationPermissionEvaluator implements PermissionEvaluator {
}
}
+ private boolean hasMotdPermission(
+ final String userId,
+ final Motd targetMotd,
+ final String permission) {
+ Room room;
+ switch (permission) {
+ case "create":
+ case "owner":
+ case "update":
+ case "delete":
+ if (userId.isEmpty() || targetMotd.getRoomId() == null || targetMotd.getAudience() != Motd.Audience.ROOM) {
+ return false;
+ }
+ room = roomRepository.findOne(targetMotd.getRoomId());
+ if (room == null) {
+ return false;
+ }
+
+ return userId.equals(room.getOwnerId());
+ case "read":
+ if (targetMotd.getAudience() != Motd.Audience.ROOM) {
+ return true;
+ }
+ room = roomRepository.findOne(targetMotd.getRoomId());
+
+ return room != null && !room.isClosed() || room.getOwnerId().equals(userId);
+ default:
+ return false;
+ }
+ }
+
private boolean hasAdminRole(final String username) {
/* TODO: only allow accounts from arsnova db */
return Arrays.asList(adminAccounts).contains(username);
diff --git a/src/main/java/de/thm/arsnova/services/MotdServiceImpl.java b/src/main/java/de/thm/arsnova/services/MotdServiceImpl.java
index 9f1915f4ea509f4b017d5a387caefb008d380563..44069df2cc3bb7a705e1e4c0345eb4085005ec61 100644
--- a/src/main/java/de/thm/arsnova/services/MotdServiceImpl.java
+++ b/src/main/java/de/thm/arsnova/services/MotdServiceImpl.java
@@ -68,7 +68,7 @@ public class MotdServiceImpl extends DefaultEntityServiceImpl<Motd> implements M
}
@Override
- @Cacheable(cacheNames = "motds", key = "('session').concat(#roomId)")
+ @Cacheable(cacheNames = "motds", key = "'ROOM' + #roomId")
public List<Motd> getCurrentRoomMotds(final Date clientdate, final String roomId) {
final List<Motd> motds = motdRepository.findByRoomId(roomId);
return filterMotdsByDate(motds, clientdate);
@@ -121,7 +121,7 @@ public class MotdServiceImpl extends DefaultEntityServiceImpl<Motd> implements M
}
@Override
- @PreAuthorize("hasPermission(1,'motd','admin')")
+ @PreAuthorize("hasPermission('', 'motd', 'admin')")
public Motd update(final Motd motd) {
return createOrUpdateMotd(motd);
}
@@ -132,7 +132,7 @@ public class MotdServiceImpl extends DefaultEntityServiceImpl<Motd> implements M
return createOrUpdateMotd(motd);
}
- @CacheEvict(cacheNames = "motds", key = "#motd.audience.concat(#motd.roomId)")
+ @CacheEvict(cacheNames = "motds", key = "#motd.audience + #motd.roomId")
private Motd createOrUpdateMotd(final Motd motd) {
if (motd.getId() != null) {
Motd oldMotd = motdRepository.findOne(motd.getId());
@@ -145,15 +145,16 @@ public class MotdServiceImpl extends DefaultEntityServiceImpl<Motd> implements M
if (null != motd.getId()) {
Motd oldMotd = get(motd.getId());
motd.setId(oldMotd.getId());
+
+ return super.update(oldMotd, motd);
}
- save(motd);
- return motdRepository.save(motd);
+ return super.create(motd);
}
@Override
@PreAuthorize("hasPermission('', 'motd', 'admin')")
- @CacheEvict(cacheNames = "motds", key = "#motd.audience.concat(#motd.roomId)")
+ @CacheEvict(cacheNames = "motds", key = "#motd.audience + #motd.roomId")
public void delete(Motd motd) {
motdRepository.delete(motd);
}