Added method stub for session membership check and fixed HTTP code assert

Use this method to implement further checks on session membership.
The old HTTP code assert should never be reached because an
UnauthroizedException should have been thrown first.

src/main/java/de/thm/arsnova/aop/AuthorizationAdviser.java

@@ -18,9 +18,24 @@ public class AuthorizationAdviser {
 		userService = uService;
 	}
 	
+	/** This method checks if the user has a valid authorization from security context 
+	 * 
+	 * @param authenticated
+	 * @param object
+	 */
 	@Before("execution(public * de.thm.arsnova.services.*.*(..)) && @annotation(authenticated) && this(object)")
 	public void checkAuthorization(Authenticated authenticated, Object object) {
 		User u = userService.getUser(SecurityContextHolder.getContext().getAuthentication());
 		if (u == null) throw new UnauthorizedException();
 	}
+	
+	/** This method checks if the user is enlisted in current ARSnova session
+	 *
+	 * @param authenticated
+	 * @param object
+	 */
+	@Before("execution(public * de.thm.arsnova.services.*.*(..)) && @annotation(authenticated) && this(object)")
+	public void checkSessionMembership(Authenticated authenticated, Object object) {
+		//TODO: Implement check based on session membership lists
+	}
 }

src/test/java/de/thm/arsnova/controller/SessionControllerTest.java

@@ -124,7 +124,7 @@ public class SessionControllerTest {
 			final ModelAndView mav = handlerAdapter.handle(request, response,
 					sessionController);
 			assertNull(mav);
-			assertTrue(response.getStatus() == 403);
+			assertTrue(response.getStatus() == 401);
 		} catch (UnauthorizedException e) {
 			return;
 		} catch (Exception e) {