From 65adcd82a891e45bc206ef14478c8acabe871817 Mon Sep 17 00:00:00 2001
From: Christoph Thelen <christoph.thelen@mni.thm.de>
Date: Mon, 25 Aug 2014 13:46:03 +0200
Subject: [PATCH] Allow users to display and delete their own interposed
 questions

---
 .../java/de/thm/arsnova/dao/CouchDBDao.java   | 47 ++++++++++++++-----
 .../java/de/thm/arsnova/dao/IDatabaseDao.java |  8 +++-
 .../arsnova/entities/InterposedQuestion.java  |  8 ++++
 .../ApplicationPermissionEvaluator.java       |  5 ++
 .../thm/arsnova/services/QuestionService.java | 19 ++++++--
 .../de/thm/arsnova/dao/StubDatabaseDao.java   | 16 ++++++-
 6 files changed, 82 insertions(+), 21 deletions(-)

diff --git a/src/main/java/de/thm/arsnova/dao/CouchDBDao.java b/src/main/java/de/thm/arsnova/dao/CouchDBDao.java
index a6f7b312..4d89b51a 100644
--- a/src/main/java/de/thm/arsnova/dao/CouchDBDao.java
+++ b/src/main/java/de/thm/arsnova/dao/CouchDBDao.java
@@ -329,7 +329,7 @@ public class CouchDBDao implements IDatabaseDao {
 	}
 
 	@Override
-	public final InterposedQuestion saveQuestion(final Session session, final InterposedQuestion question) {
+	public final InterposedQuestion saveQuestion(final Session session, final InterposedQuestion question, User user) {
 		final Document q = new Document();
 		q.put("type", "interposed_question");
 		q.put("sessionId", session.get_id());
@@ -337,6 +337,7 @@ public class CouchDBDao implements IDatabaseDao {
 		q.put("text", question.getText());
 		q.put("timestamp", System.currentTimeMillis());
 		q.put("read", false);
+		q.put("creator", user.getUsername());
 		try {
 			database.saveDocument(q);
 			question.set_id(q.getId());
@@ -704,42 +705,50 @@ public class CouchDBDao implements IDatabaseDao {
 	}
 
 	@Override
-	public List<InterposedQuestion> getInterposedQuestions(final String sessionKey) {
-		final Session s = getSessionFromKeyword(sessionKey);
-		if (s == null) {
-			throw new NotFoundException();
+	public List<InterposedQuestion> getInterposedQuestions(final Session session) {
+		final NovaView view = new NovaView("interposed_question/by_session");
+		view.setKey(session.get_id());
+		final ViewResults questions = getDatabase().view(view);
+		if (questions == null || questions.isEmpty()) {
+			return null;
 		}
+		return createInterposedList(session, questions);
+	}
 
-		final NovaView view = new NovaView("interposed_question/by_session");
-		view.setKey(s.get_id());
+	@Override
+	public List<InterposedQuestion> getInterposedQuestions(final Session session, final User user) {
+		final NovaView view = new NovaView("interposed_question/by_session_and_creator");
+		view.setKey(session.get_id(), user.getUsername());
 		final ViewResults questions = getDatabase().view(view);
 		if (questions == null || questions.isEmpty()) {
 			return null;
 		}
+		return createInterposedList(session, questions);
+	}
+
+	private List<InterposedQuestion> createInterposedList(
+			final Session session, final ViewResults questions) {
 		final List<InterposedQuestion> result = new ArrayList<InterposedQuestion>();
-		LOGGER.debug("{}", questions.getResults());
 		for (final Document document : questions.getResults()) {
 			final InterposedQuestion question = (InterposedQuestion) JSONObject.toBean(
 					document.getJSONObject().getJSONObject("value"),
 					InterposedQuestion.class
 					);
-			question.setSessionId(sessionKey);
+			question.setSessionId(session.getKeyword());
 			question.set_id(document.getId());
 			result.add(question);
 		}
 		return result;
 	}
 
-	public Question getInterposedQuestion(final String sessionKey, final String documentId) {
+	public InterposedQuestion getInterposedQuestion(final String sessionKey, final String documentId) {
 		try {
 			final Document document = getDatabase().getDocument(documentId);
 			if (document == null) {
 				LOGGER.error("Document is NULL");
 				return null;
 			}
-			final Question question = (Question) JSONObject.toBean(document.getJSONObject(), Question.class);
-			question.setQuestionType("interposed_question");
-			return question;
+			return (InterposedQuestion) JSONObject.toBean(document.getJSONObject(), InterposedQuestion.class);
 		} catch (final IOException e) {
 			LOGGER.error("Error while retrieving interposed question", e);
 		}
@@ -1289,6 +1298,18 @@ public class CouchDBDao implements IDatabaseDao {
 		final NovaView view = new NovaView("interposed_question/by_session");
 		view.setKey(session.get_id());
 		final ViewResults questions = getDatabase().view(view);
+		deleteAllInterposedQuestions(session, questions);
+	}
+
+	@Override
+	public void deleteAllInterposedQuestions(final Session session, final User user) {
+		final NovaView view = new NovaView("interposed_question/by_session_and_creator");
+		view.setKey(session.get_id(), user.getUsername());
+		final ViewResults questions = getDatabase().view(view);
+		deleteAllInterposedQuestions(session, questions);
+	}
+
+	private void deleteAllInterposedQuestions(final Session session, final ViewResults questions) {
 		if (questions == null || questions.isEmpty()) {
 			return;
 		}
diff --git a/src/main/java/de/thm/arsnova/dao/IDatabaseDao.java b/src/main/java/de/thm/arsnova/dao/IDatabaseDao.java
index 70b76c55..e1a81d40 100644
--- a/src/main/java/de/thm/arsnova/dao/IDatabaseDao.java
+++ b/src/main/java/de/thm/arsnova/dao/IDatabaseDao.java
@@ -45,7 +45,7 @@ public interface IDatabaseDao {
 
 	Question saveQuestion(Session session, Question question);
 
-	InterposedQuestion saveQuestion(Session session, InterposedQuestion question);
+	InterposedQuestion saveQuestion(Session session, InterposedQuestion question, User user);
 
 	Question getQuestion(String id);
 
@@ -83,7 +83,9 @@ public interface IDatabaseDao {
 
 	InterposedReadingCount getInterposedReadingCount(Session session);
 
-	List<InterposedQuestion> getInterposedQuestions(String sessionKey);
+	List<InterposedQuestion> getInterposedQuestions(Session session);
+
+	List<InterposedQuestion> getInterposedQuestions(Session session, User user);
 
 	void vote(User me, String menu);
 
@@ -155,6 +157,8 @@ public interface IDatabaseDao {
 
 	void deleteAllInterposedQuestions(Session session);
 
+	void deleteAllInterposedQuestions(Session session, User user);
+
 	void publishAllQuestions(Session session, boolean publish);
 
 	void deleteAllQuestionsAnswers(Session session);
diff --git a/src/main/java/de/thm/arsnova/entities/InterposedQuestion.java b/src/main/java/de/thm/arsnova/entities/InterposedQuestion.java
index 204bb9d3..c316a259 100644
--- a/src/main/java/de/thm/arsnova/entities/InterposedQuestion.java
+++ b/src/main/java/de/thm/arsnova/entities/InterposedQuestion.java
@@ -34,6 +34,7 @@ public class InterposedQuestion {
 	private String sessionId;
 	private long timestamp;
 	private boolean read;
+	private String creator;
 
 	public String get_id() {
 		return _id;
@@ -84,4 +85,11 @@ public class InterposedQuestion {
 		this.timestamp = timestamp;
 	}
 
+	public String getCreator() {
+		return creator;
+	}
+
+	public void setCreator(String creator) {
+		this.creator = creator;
+	}
 }
diff --git a/src/main/java/de/thm/arsnova/security/ApplicationPermissionEvaluator.java b/src/main/java/de/thm/arsnova/security/ApplicationPermissionEvaluator.java
index 98a98b22..d61aedca 100644
--- a/src/main/java/de/thm/arsnova/security/ApplicationPermissionEvaluator.java
+++ b/src/main/java/de/thm/arsnova/security/ApplicationPermissionEvaluator.java
@@ -107,6 +107,11 @@ public class ApplicationPermissionEvaluator implements PermissionEvaluator {
 		if (permission instanceof String && permission.equals("owner")) {
 			final InterposedQuestion question = dao.getInterposedQuestion(targetId.toString());
 			if (question != null) {
+				// Does the creator want to delete his own question?
+				if (question.getCreator() != null && question.getCreator().equals(username)) {
+					return true;
+				}
+				// Allow deletion if requested by session owner
 				final Session session = dao.getSessionFromKeyword(question.getSessionId());
 				if (session == null) {
 					return false;
diff --git a/src/main/java/de/thm/arsnova/services/QuestionService.java b/src/main/java/de/thm/arsnova/services/QuestionService.java
index 9d1fdfea..33afeb26 100644
--- a/src/main/java/de/thm/arsnova/services/QuestionService.java
+++ b/src/main/java/de/thm/arsnova/services/QuestionService.java
@@ -118,7 +118,7 @@ public class QuestionService implements IQuestionService {
 	@PreAuthorize("isAuthenticated()")
 	public boolean saveQuestion(final InterposedQuestion question) {
 		final Session session = databaseDao.getSessionFromKeyword(question.getSessionId());
-		final InterposedQuestion result = databaseDao.saveQuestion(session, question);
+		final InterposedQuestion result = databaseDao.saveQuestion(session, question, userService.getCurrentUser());
 
 		if (null != result) {
 			socketIoServer.reportAudienceQuestionAvailable(result.getSessionId(), result.get_id());
@@ -186,13 +186,18 @@ public class QuestionService implements IQuestionService {
 	}
 
 	@Override
-	@PreAuthorize("isAuthenticated() and hasPermission(#sessionKeyword, 'session', 'owner')")
+	@PreAuthorize("isAuthenticated()")
 	public void deleteAllInterposedQuestions(final String sessionKeyword) {
 		final Session session = databaseDao.getSessionFromKeyword(sessionKeyword);
 		if (session == null) {
 			throw new UnauthorizedException();
 		}
-		databaseDao.deleteAllInterposedQuestions(session);
+		final User user = getCurrentUser();
+		if (session.isCreator(user)) {
+			databaseDao.deleteAllInterposedQuestions(session);
+		} else {
+			databaseDao.deleteAllInterposedQuestions(session, user);
+		}
 	}
 
 	@Override
@@ -326,7 +331,13 @@ public class QuestionService implements IQuestionService {
 	@Override
 	@PreAuthorize("isAuthenticated()")
 	public List<InterposedQuestion> getInterposedQuestions(final String sessionKey) {
-		return databaseDao.getInterposedQuestions(sessionKey);
+		final Session session = this.getSession(sessionKey);
+		final User user = getCurrentUser();
+		if (session.isCreator(user)) {
+			return databaseDao.getInterposedQuestions(session);
+		} else {
+			return databaseDao.getInterposedQuestions(session, user);
+		}
 	}
 
 	@Override
diff --git a/src/test/java/de/thm/arsnova/dao/StubDatabaseDao.java b/src/test/java/de/thm/arsnova/dao/StubDatabaseDao.java
index 0c61d957..b3ba0a4e 100644
--- a/src/test/java/de/thm/arsnova/dao/StubDatabaseDao.java
+++ b/src/test/java/de/thm/arsnova/dao/StubDatabaseDao.java
@@ -252,7 +252,7 @@ public class StubDatabaseDao implements IDatabaseDao {
 	}
 
 	@Override
-	public List<InterposedQuestion> getInterposedQuestions(String sessionKey) {
+	public List<InterposedQuestion> getInterposedQuestions(Session session) {
 		// TODO Auto-generated method stub
 		return null;
 	}
@@ -276,7 +276,7 @@ public class StubDatabaseDao implements IDatabaseDao {
 	}
 
 	@Override
-	public InterposedQuestion saveQuestion(Session session, InterposedQuestion question) {
+	public InterposedQuestion saveQuestion(Session session, InterposedQuestion question, User user) {
 		// TODO Auto-generated method stub
 		return null;
 	}
@@ -517,4 +517,16 @@ public class StubDatabaseDao implements IDatabaseDao {
 		// TODO Auto-generated method stub
 		return false;
 	}
+
+	@Override
+	public List<InterposedQuestion> getInterposedQuestions(Session session, User user) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public void deleteAllInterposedQuestions(Session session, User user) {
+		// TODO Auto-generated method stub
+		
+	}
 }
-- 
GitLab