From a92e0c2ccaa738642e32c4e8886e87ee73bb37d4 Mon Sep 17 00:00:00 2001
From: tekay <tom.kaesler@mni.thm.de>
Date: Wed, 11 May 2016 14:31:23 +0200
Subject: [PATCH] fix getUserVisitedSession

---
 .../arsnova/controller/SessionController.java | 48 ++++++++++---------
 .../thm/arsnova/services/SessionService.java  |  2 +-
 2 files changed, 26 insertions(+), 24 deletions(-)

diff --git a/src/main/java/de/thm/arsnova/controller/SessionController.java b/src/main/java/de/thm/arsnova/controller/SessionController.java
index 1db2a8e3..f846b836 100644
--- a/src/main/java/de/thm/arsnova/controller/SessionController.java
+++ b/src/main/java/de/thm/arsnova/controller/SessionController.java
@@ -173,31 +173,33 @@ public class SessionController extends PaginationController {
 			) {
 		List<Session> sessions = null;
 
-		if (username.equals("")) try {
-			if (ownedOnly && !visitedOnly) {
-				sessions = sessionService.getUserSessions(username);
-			} else if (visitedOnly && !ownedOnly) {
-				sessions = sessionService.getUserVisitedSessions(username);
-			} else {
-				response.setStatus(HttpStatus.NOT_IMPLEMENTED.value());
-				return null;
+		if (!username.equals("")) {
+			try {
+				if (ownedOnly && !visitedOnly) {
+					sessions = sessionService.getUserSessions(username);
+				} else if (visitedOnly && !ownedOnly) {
+					sessions = sessionService.getUserVisitedSessions(username);
+				} else {
+					response.setStatus(HttpStatus.NOT_IMPLEMENTED.value());
+					return null;
+				}
+			} catch (final AccessDeniedException e) {
+				throw new UnauthorizedException();
 			}
-		} catch (final AccessDeniedException e) {
-			throw new UnauthorizedException();
-		}
-
-		/* TODO implement all parameter combinations, implement use of user parameter */
-		try {
-			if (ownedOnly && !visitedOnly) {
-				sessions = sessionService.getMySessions(offset, limit);
-			} else if (visitedOnly && !ownedOnly) {
-				sessions = sessionService.getMyVisitedSessions(offset, limit);
-			} else {
-				response.setStatus(HttpStatus.NOT_IMPLEMENTED.value());
-				return null;
+		} else {
+			/* TODO implement all parameter combinations, implement use of user parameter */
+			try {
+				if (ownedOnly && !visitedOnly) {
+					sessions = sessionService.getMySessions(offset, limit);
+				} else if (visitedOnly && !ownedOnly) {
+					sessions = sessionService.getMyVisitedSessions(offset, limit);
+				} else {
+					response.setStatus(HttpStatus.NOT_IMPLEMENTED.value());
+					return null;
+				}
+			} catch (final AccessDeniedException e) {
+				throw new UnauthorizedException();
 			}
-		} catch (final AccessDeniedException e) {
-			throw new UnauthorizedException();
 		}
 
 		if (sessions == null || sessions.isEmpty()) {
diff --git a/src/main/java/de/thm/arsnova/services/SessionService.java b/src/main/java/de/thm/arsnova/services/SessionService.java
index 2e44e2aa..8894b82c 100644
--- a/src/main/java/de/thm/arsnova/services/SessionService.java
+++ b/src/main/java/de/thm/arsnova/services/SessionService.java
@@ -233,7 +233,7 @@ public class SessionService implements ISessionService, ApplicationEventPublishe
 	}
 
 	@Override
-	@PreAuthorize("isAuthenticated() and hasPermission(#sessionkey, 'session', 'owner')")
+	@PreAuthorize("isAuthenticated() and hasPermission(1, 'motd', 'admin')")
 	public List<Session> getUserVisitedSessions(String username) {
 		return databaseDao.getVisitedSessionsForUsername(username, 0, 0);
 	}
-- 
GitLab