From a4662a1547842237b57f32e6b6529f038357e62c Mon Sep 17 00:00:00 2001
From: Paul-Christian Volkmer <paul-christian.volkmer@mni.thm.de>
Date: Wed, 17 Oct 2012 13:50:22 +0200
Subject: [PATCH] Added method stub for session membership check and fixed HTTP
 code assert

Use this method to implement further checks on session membership.
The old HTTP code assert should never be reached because an
UnauthroizedException should have been thrown first.
---
 .../de/thm/arsnova/aop/AuthorizationAdviser.java  | 15 +++++++++++++++
 .../arsnova/controller/SessionControllerTest.java |  2 +-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/main/java/de/thm/arsnova/aop/AuthorizationAdviser.java b/src/main/java/de/thm/arsnova/aop/AuthorizationAdviser.java
index 2d889b79..6e7ee94c 100644
--- a/src/main/java/de/thm/arsnova/aop/AuthorizationAdviser.java
+++ b/src/main/java/de/thm/arsnova/aop/AuthorizationAdviser.java
@@ -18,9 +18,24 @@ public class AuthorizationAdviser {
 		userService = uService;
 	}
 	
+	/** This method checks if the user has a valid authorization from security context 
+	 * 
+	 * @param authenticated
+	 * @param object
+	 */
 	@Before("execution(public * de.thm.arsnova.services.*.*(..)) && @annotation(authenticated) && this(object)")
 	public void checkAuthorization(Authenticated authenticated, Object object) {
 		User u = userService.getUser(SecurityContextHolder.getContext().getAuthentication());
 		if (u == null) throw new UnauthorizedException();
 	}
+	
+	/** This method checks if the user is enlisted in current ARSnova session
+	 *
+	 * @param authenticated
+	 * @param object
+	 */
+	@Before("execution(public * de.thm.arsnova.services.*.*(..)) && @annotation(authenticated) && this(object)")
+	public void checkSessionMembership(Authenticated authenticated, Object object) {
+		//TODO: Implement check based on session membership lists
+	}
 }
diff --git a/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java b/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java
index cfe9e41e..44bf2fd5 100644
--- a/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java
+++ b/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java
@@ -124,7 +124,7 @@ public class SessionControllerTest {
 			final ModelAndView mav = handlerAdapter.handle(request, response,
 					sessionController);
 			assertNull(mav);
-			assertTrue(response.getStatus() == 403);
+			assertTrue(response.getStatus() == 401);
 		} catch (UnauthorizedException e) {
 			return;
 		} catch (Exception e) {
-- 
GitLab