[Pollen-commits] r3841 - trunk/pollen-services/src/main/java/org/chorem/pollen/services/service

1 Jul 2013

Author: tchemit
Date: 2013-07-01 07:33:57 +0200 (Mon, 01 Jul 2013)
New Revision: 3841

Url: http://chorem.org/projects/pollen/repository/revisions/3841

Log:
comment business security validation code to move

Modified:
   trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/SecurityService.java

Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/SecurityService.java
===================================================================

--- trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/SecurityService.java	2013-06-26 17:50:48 UTC (rev 3840)
+++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/SecurityService.java	2013-07-01 05:33:57 UTC (rev 3841)
@@ -26,7 +26,6 @@
 import com.google.common.base.Preconditions;
 import com.google.common.collect.Maps;
 import com.google.common.collect.Sets;
-import org.apache.shiro.subject.SimplePrincipalCollection;
 import org.apache.shiro.subject.Subject;
 import org.chorem.pollen.persistence.dao.ChoiceJpaDao;
 import org.chorem.pollen.persistence.dao.CommentJpaDao;
@@ -35,7 +34,6 @@
 import org.chorem.pollen.persistence.dao.VoteJpaDao;
 import org.chorem.pollen.persistence.entity.Choice;
 import org.chorem.pollen.persistence.entity.Comment;
-import org.chorem.pollen.persistence.entity.CommentVisibility;
 import org.chorem.pollen.persistence.entity.Poll;
 import org.chorem.pollen.persistence.entity.PollenPrincipal;
 import org.chorem.pollen.persistence.entity.PollenUser;
@@ -178,20 +176,30 @@
                         }
                     }
 
-                    if (poll.isAddChoiceRunning(now)) {
-
-                        permissions.add(createSubjectPermission(PermissionVerb.addChoice, entity));
+                    // add editVote / deleteVote for any voter
+                    if (!poll.isVoteEmpty()) {
+                        for (Vote vote : poll.getVote()) {
+                            String id = vote.getVoter().getId();
+                            permissions.add(createSubjectPermission(id, PermissionVerb.editVote, vote));
+                            permissions.add(createSubjectPermission(id, PermissionVerb.deleteVote, vote));
+                        }
                     }
 
-                    if (poll.getCommentVisibility() != CommentVisibility.NOBODY) {
-                        //FIXME Should see with voter ?
-                        permissions.add(createSubjectPermission(PermissionVerb.addComment, entity));
-                    }
+                    //TODO Not do this here, but later in business code
+//                    if (poll.isAddChoiceRunning(now)) {
+//
+//                        permissions.add(createSubjectPermission(PermissionVerb.addChoice, entity));
+//                    }
+//
+//                    if (poll.getCommentVisibility() != CommentVisibility.NOBODY) {
+//                        //FIXME Should see with voter ?
+//                        permissions.add(createSubjectPermission(PermissionVerb.addComment, entity));
+//                    }
+//
+//                    if (poll.isRunning(now)) {
+//                        permissions.add(createSubjectPermission(PermissionVerb.addVote, entity));
+//                    }
 
-                    if (poll.isRunning(now)) {
-                        permissions.add(createSubjectPermission(PermissionVerb.addVote, entity));
-                    }
-
                     //TODO Do for editVote,...
                 }
             }

    

[Pollen-commits] r3841 - trunk/pollen-services/src/main/java/org/chorem/pollen/services/service

tchemit＠users.chorem.org