contollers: censor owner ids

app/controllers/QuestionController.java

@@ -26,10 +26,10 @@ public class QuestionController extends Controller {
 	public static Result createAnswer(String sid) {
 		Session session = Session.find.byId(sid);
 		if (session == null) {
-			return notFound("session not found"); //404
+			return notFound("session not found"); // 404
 		}
 		if (!session.open) {
-			return forbidden("session not open"); //403
+			return forbidden("session not open"); // 403
 		}
 
 		JsonNode json = request().body().asJson();
@@ -39,9 +39,9 @@ public class QuestionController extends Controller {
 					answer.answer);
 			session.addQuestionAnswer(inserted);
 			session.save();
-			return created(Json.toJson(inserted)); //201
+			return created(Json.toJson(inserted)); // 201
 		} else {
-			return badRequest("owner missing"); //400
+			return badRequest("owner missing"); // 400
 		}
 	}
 
@@ -55,9 +55,12 @@ public class QuestionController extends Controller {
 	public static Result getAnswers(String sid) {
 		Session session = Session.find.byId(sid);
 		if (session == null) {
-			return notFound("session not found"); //404
+			return notFound("session not found"); // 404
 		} else {
-			return ok(Json.toJson(session.questionAnswers)); //200
+			for (QuestionAnswer q : session.questionAnswers) {
+				q.owner = null; // censor owner id
+			}
+			return ok(Json.toJson(session.questionAnswers)); // 200
 		}
 	}
 
@@ -73,15 +76,15 @@ public class QuestionController extends Controller {
 	public static Result resetAnswers(String sid, String owner) {
 		Session session = Session.find.byId(sid);
 		if (session == null) {
-			return notFound("session not found"); //404
+			return notFound("session not found"); // 404
 		}
 
 		if (session.owner.equals(owner)) {
 			session.resetAnswers();
 			session.save();
-			return noContent(); //204
+			return noContent(); // 204
 		} else {
-			return unauthorized("wrong owner"); //401
+			return unauthorized("wrong owner"); // 401
 		}
 	}
 }

app/controllers/SessionController.java

@@ -22,7 +22,7 @@ public class SessionController extends Controller {
 	 */
 	public static Result getSessions() {
 		List<Session> sessions = Session.find.all();
-		return ok(Json.toJson(sessions)); //200
+		return ok(Json.toJson(sessions)); // 200
 	}
 
 	/**
@@ -34,7 +34,10 @@ public class SessionController extends Controller {
 	 */
 	public static Result getSessionsByOwner(String owner) {
 		List<Session> sessions = Session.findFromOwner(owner);
-		return ok(Json.toJson(sessions)); //200
+		for (Session s : sessions) {
+			s.owner = null; // censor owner id
+		}
+		return ok(Json.toJson(sessions)); // 200
 	}
 
 	/**
@@ -46,8 +49,12 @@ public class SessionController extends Controller {
 	 */
 	public static Result getSession(String sid) {
 		Session session = Session.find.byId(sid);
-		return session == null ? notFound("session not found") : ok(Json
-				.toJson(session)); //200 or 404
+		if (session == null) {
+			return notFound("session not found"); // 404
+		} else {
+			session.owner = null; // censor owner id
+			return ok(Json.toJson(session)); // 200
+		}
 	}
 
 	/**
@@ -64,9 +71,9 @@ public class SessionController extends Controller {
 			Session sessionSaved = new Session(session.owner, session.name,
 					session.open, session.date);
 			sessionSaved.save();
-			return created(Json.toJson(sessionSaved)); //201
+			return created(Json.toJson(sessionSaved)); // 201
 		} else {
-			return badRequest("name or owner missing"); //400
+			return badRequest("name or owner missing"); // 400
 		}
 	}
 
@@ -83,17 +90,17 @@ public class SessionController extends Controller {
 		Session session = Json.fromJson(json, Session.class);
 		Session sessionSaved = Session.find.byId(sid);
 		if (sessionSaved == null) {
-			return notFound("session not found"); //404
+			return notFound("session not found"); // 404
 		}
 		if (!sessionSaved.owner.equals(session.owner)) {
-			return unauthorized("wrong owner"); //401
+			return unauthorized("wrong owner"); // 401
 		}
 
 		sessionSaved.name = session.name;
 		sessionSaved.date = session.date;
 		sessionSaved.open = session.open;
 		sessionSaved.save();
-		return ok(Json.toJson(sessionSaved)); //200
+		return ok(Json.toJson(sessionSaved)); // 200
 	}
 
 	/**
@@ -108,14 +115,14 @@ public class SessionController extends Controller {
 	public static Result deleteSession(String sid, String owner) {
 		Session session = Session.find.byId(sid);
 		if (session == null) {
-			return notFound("session not found"); //404
+			return notFound("session not found"); // 404
 		}
 
 		if (session.owner.equals(owner)) {
 			session.delete();
-			return noContent(); //204
+			return noContent(); // 204
 		} else {
-			return unauthorized("wrong owner"); //401
+			return unauthorized("wrong owner"); // 401
 		}
 	}
 }

app/controllers/VoteController.java

@@ -25,10 +25,10 @@ public class VoteController extends Controller {
 	public static Result createVote(String sid) {
 		Session session = Session.find.byId(sid);
 		if (session == null) {
-			return notFound("session not found"); //404
+			return notFound("session not found"); // 404
 		}
 		if (!session.open) {
-			return forbidden("session not open"); //403
+			return forbidden("session not open"); // 403
 		}
 
 		JsonNode json = request().body().asJson();
@@ -37,9 +37,9 @@ public class VoteController extends Controller {
 			Vote inserted = new Vote(session, vote.owner, vote.type, vote.vote);
 			session.addVote(inserted);
 			session.save();
-			return created(Json.toJson(inserted)); //201
+			return created(Json.toJson(inserted)); // 201
 		} else {
-			return badRequest("owner missing"); //401
+			return badRequest("owner missing"); // 400
 		}
 	}
 
@@ -53,9 +53,12 @@ public class VoteController extends Controller {
 	public static Result getVotes(String sid) {
 		Session session = Session.find.byId(sid);
 		if (session == null) {
-			return notFound("session not found"); //404
+			return notFound("session not found"); // 404
 		} else {
-			return ok(Json.toJson(session.votes)); //200
+			for (Vote v : session.votes) {
+				v.owner = null; // censor owner id
+			}
+			return ok(Json.toJson(session.votes)); // 200
 		}
 	}
 }