From 20a8c0dc0e378d874a6e57ba5ac48a9484c30e8a Mon Sep 17 00:00:00 2001
From: Paul-Christian Volkmer <paul-christian.volkmer@mni.thm.de>
Date: Wed, 21 May 2014 10:08:21 +0200
Subject: [PATCH] Removed obsolete code

Spring security based permission check will do this for us.
---
 .../arsnova/controller/SessionController.java |  6 -----
 .../controller/SessionControllerTest.java     | 24 +++++++++++++++++++
 2 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/src/main/java/de/thm/arsnova/controller/SessionController.java b/src/main/java/de/thm/arsnova/controller/SessionController.java
index a6b57586..4654a06d 100644
--- a/src/main/java/de/thm/arsnova/controller/SessionController.java
+++ b/src/main/java/de/thm/arsnova/controller/SessionController.java
@@ -138,12 +138,6 @@ public class SessionController extends AbstractController {
 		User user = userService.getCurrentUser();
 		List<Session> sessions = null;
 
-		/* TODO Could @Authorized annotation be used instead of this check? */
-		if (null == user) {
-			response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
-			return null;
-		}
-
 		/* TODO implement all parameter combinations, implement use of user parameter */
 		if (ownedOnly && !visitedOnly) {
 			sessions = sessionService.getMySessions(user);
diff --git a/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java b/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java
index 0fdd78d5..3512a899 100644
--- a/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java
+++ b/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java
@@ -85,4 +85,28 @@ public class SessionControllerTest {
 		mockMvc.perform(post("/session/").contentType(MediaType.APPLICATION_JSON).content("{\"keyword\":12345678}"))
 		.andExpect(status().isUnauthorized());
 	}
+
+	@Test
+	public void testShouldNotReturnMySessionsIfUnauthorized() throws Exception {
+		setAuthenticated(false);
+
+		mockMvc.perform(get("/session/").param("ownedonly", "true"))
+		.andExpect(status().isUnauthorized());
+	}
+
+	@Test
+	public void testShouldNotReturnMyVisitedSessionsIfUnauthorized() throws Exception {
+		setAuthenticated(false);
+
+		mockMvc.perform(get("/session/").param("visitedonly", "true"))
+		.andExpect(status().isUnauthorized());
+	}
+
+	@Test
+	public void testShouldShowUnimplementedIfNoFlagIsSet() throws Exception {
+		setAuthenticated(false);
+
+		mockMvc.perform(get("/session/"))
+		.andExpect(status().isNotImplemented());
+	}
 }
-- 
GitLab