Commit 5e39a420 authored by Fjen Undso's avatar Fjen Undso
Browse files

contollers: censor owner ids

parent dc8d3f39
......@@ -26,10 +26,10 @@ public class QuestionController extends Controller {
public static Result createAnswer(String sid) {
Session session = Session.find.byId(sid);
if (session == null) {
return notFound("session not found"); //404
return notFound("session not found"); // 404
}
if (!session.open) {
return forbidden("session not open"); //403
return forbidden("session not open"); // 403
}
JsonNode json = request().body().asJson();
......@@ -39,9 +39,9 @@ public class QuestionController extends Controller {
answer.answer);
session.addQuestionAnswer(inserted);
session.save();
return created(Json.toJson(inserted)); //201
return created(Json.toJson(inserted)); // 201
} else {
return badRequest("owner missing"); //400
return badRequest("owner missing"); // 400
}
}
......@@ -55,9 +55,12 @@ public class QuestionController extends Controller {
public static Result getAnswers(String sid) {
Session session = Session.find.byId(sid);
if (session == null) {
return notFound("session not found"); //404
return notFound("session not found"); // 404
} else {
return ok(Json.toJson(session.questionAnswers)); //200
for (QuestionAnswer q : session.questionAnswers) {
q.owner = null; // censor owner id
}
return ok(Json.toJson(session.questionAnswers)); // 200
}
}
......@@ -73,15 +76,15 @@ public class QuestionController extends Controller {
public static Result resetAnswers(String sid, String owner) {
Session session = Session.find.byId(sid);
if (session == null) {
return notFound("session not found"); //404
return notFound("session not found"); // 404
}
if (session.owner.equals(owner)) {
session.resetAnswers();
session.save();
return noContent(); //204
return noContent(); // 204
} else {
return unauthorized("wrong owner"); //401
return unauthorized("wrong owner"); // 401
}
}
}
......@@ -22,7 +22,7 @@ public class SessionController extends Controller {
*/
public static Result getSessions() {
List<Session> sessions = Session.find.all();
return ok(Json.toJson(sessions)); //200
return ok(Json.toJson(sessions)); // 200
}
/**
......@@ -34,7 +34,10 @@ public class SessionController extends Controller {
*/
public static Result getSessionsByOwner(String owner) {
List<Session> sessions = Session.findFromOwner(owner);
return ok(Json.toJson(sessions)); //200
for (Session s : sessions) {
s.owner = null; // censor owner id
}
return ok(Json.toJson(sessions)); // 200
}
/**
......@@ -46,8 +49,12 @@ public class SessionController extends Controller {
*/
public static Result getSession(String sid) {
Session session = Session.find.byId(sid);
return session == null ? notFound("session not found") : ok(Json
.toJson(session)); //200 or 404
if (session == null) {
return notFound("session not found"); // 404
} else {
session.owner = null; // censor owner id
return ok(Json.toJson(session)); // 200
}
}
/**
......@@ -64,9 +71,9 @@ public class SessionController extends Controller {
Session sessionSaved = new Session(session.owner, session.name,
session.open, session.date);
sessionSaved.save();
return created(Json.toJson(sessionSaved)); //201
return created(Json.toJson(sessionSaved)); // 201
} else {
return badRequest("name or owner missing"); //400
return badRequest("name or owner missing"); // 400
}
}
......@@ -83,17 +90,17 @@ public class SessionController extends Controller {
Session session = Json.fromJson(json, Session.class);
Session sessionSaved = Session.find.byId(sid);
if (sessionSaved == null) {
return notFound("session not found"); //404
return notFound("session not found"); // 404
}
if (!sessionSaved.owner.equals(session.owner)) {
return unauthorized("wrong owner"); //401
return unauthorized("wrong owner"); // 401
}
sessionSaved.name = session.name;
sessionSaved.date = session.date;
sessionSaved.open = session.open;
sessionSaved.save();
return ok(Json.toJson(sessionSaved)); //200
return ok(Json.toJson(sessionSaved)); // 200
}
/**
......@@ -108,14 +115,14 @@ public class SessionController extends Controller {
public static Result deleteSession(String sid, String owner) {
Session session = Session.find.byId(sid);
if (session == null) {
return notFound("session not found"); //404
return notFound("session not found"); // 404
}
if (session.owner.equals(owner)) {
session.delete();
return noContent(); //204
return noContent(); // 204
} else {
return unauthorized("wrong owner"); //401
return unauthorized("wrong owner"); // 401
}
}
}
......@@ -25,10 +25,10 @@ public class VoteController extends Controller {
public static Result createVote(String sid) {
Session session = Session.find.byId(sid);
if (session == null) {
return notFound("session not found"); //404
return notFound("session not found"); // 404
}
if (!session.open) {
return forbidden("session not open"); //403
return forbidden("session not open"); // 403
}
JsonNode json = request().body().asJson();
......@@ -37,9 +37,9 @@ public class VoteController extends Controller {
Vote inserted = new Vote(session, vote.owner, vote.type, vote.vote);
session.addVote(inserted);
session.save();
return created(Json.toJson(inserted)); //201
return created(Json.toJson(inserted)); // 201
} else {
return badRequest("owner missing"); //401
return badRequest("owner missing"); // 400
}
}
......@@ -53,9 +53,12 @@ public class VoteController extends Controller {
public static Result getVotes(String sid) {
Session session = Session.find.byId(sid);
if (session == null) {
return notFound("session not found"); //404
return notFound("session not found"); // 404
} else {
return ok(Json.toJson(session.votes)); //200
for (Vote v : session.votes) {
v.owner = null; // censor owner id
}
return ok(Json.toJson(session.votes)); // 200
}
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment