Create proper anonymized copy of Session object

Changing the Session object the way it was done previously interferes with the new caching mechanism. The objects are now long-lived so any direct changes to it which are not in the spirit of its use case have to be removed. In this case, changing the creator information invalidated many of the isCreator checks sprinkled through the code, as the new creator's name would have been the string "not visible to you."

Create proper anonymized copy of Session object
Changing the Session object the way it was done previously interferes with the new caching mechanism. The objects are now long-lived so any direct changes to it which are not in the spirit of its use case have to be removed. In this case, changing the creator information invalidated many of the isCreator checks sprinkled through the code, as the new creator's name would have been the string "not visible to you."
f0c17488 · Christoph Thelen · 2526185f · f0c17488 · f0c17488
Commit f0c17488 authored 10 years ago by Christoph Thelen
--- a/src/main/java/de/thm/arsnova/controller/SessionController.java
+++ b/src/main/java/de/thm/arsnova/controller/SessionController.java
@@ -32,7 +32,6 @@ import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.AccessDeniedException;
-import org.springframework.security.core.token.Sha512DigestUtils;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -67,13 +66,7 @@ public class SessionController extends AbstractController {

 	@RequestMapping(value = "/{sessionkey}", method = RequestMethod.GET)
 	public final Session joinSession(@PathVariable final String sessionkey) {
-		final Session session = sessionService.getSession(sessionkey);
-		if (!session.isCreator(userService.getCurrentUser())) {
-			session.setCreator("NOT VISIBLE TO YOU");
-		} else {
-			session.setCreator(Sha512DigestUtils.shaHex(session.getCreator()));
-		}
-		return session;
+		return Session.anonymizedCopy(sessionService.getSession(sessionkey));
 	}

 	@RequestMapping(value = "/{sessionkey}", method = RequestMethod.DELETE)

--- a/src/main/java/de/thm/arsnova/entities/Session.java
+++ b/src/main/java/de/thm/arsnova/entities/Session.java
@@ -52,6 +52,27 @@ public class Session implements Serializable {
 	private String _id;
 	private String _rev;

+	/**
+	 * Returns a copy of the given session without any information that identifies a person.
+	 * @param original The session to create a anonymized copy of
+	 * @return
+	 */
+	public static Session anonymizedCopy(final Session original) {
+		final Session copy = new Session();
+		copy.type = original.type;
+		copy.name = original.name;
+		copy.shortName = original.shortName;
+		copy.keyword = original.keyword;
+		copy.creator = ""; // anonymous
+		copy.active = original.active;
+		copy.lastOwnerActivity = original.lastOwnerActivity;
+		copy.courseType = original.courseType;
+		copy.courseId = original.courseId;
+		copy._id = original._id;
+		copy._rev = original._rev;
+		return copy;
+	}
+
 	public String getType() {
 		return type;
 	}