Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
MilderJoghurt
rlf-server
Commits
5e39a420
Commit
5e39a420
authored
Jun 22, 2015
by
Fjen Undso
Browse files
contollers: censor owner ids
parent
dc8d3f39
Changes
3
Hide whitespace changes
Inline
Side-by-side
app/controllers/QuestionController.java
View file @
5e39a420
...
...
@@ -26,10 +26,10 @@ public class QuestionController extends Controller {
public
static
Result
createAnswer
(
String
sid
)
{
Session
session
=
Session
.
find
.
byId
(
sid
);
if
(
session
==
null
)
{
return
notFound
(
"session not found"
);
//404
return
notFound
(
"session not found"
);
//
404
}
if
(!
session
.
open
)
{
return
forbidden
(
"session not open"
);
//403
return
forbidden
(
"session not open"
);
//
403
}
JsonNode
json
=
request
().
body
().
asJson
();
...
...
@@ -39,9 +39,9 @@ public class QuestionController extends Controller {
answer
.
answer
);
session
.
addQuestionAnswer
(
inserted
);
session
.
save
();
return
created
(
Json
.
toJson
(
inserted
));
//201
return
created
(
Json
.
toJson
(
inserted
));
//
201
}
else
{
return
badRequest
(
"owner missing"
);
//400
return
badRequest
(
"owner missing"
);
//
400
}
}
...
...
@@ -55,9 +55,12 @@ public class QuestionController extends Controller {
public
static
Result
getAnswers
(
String
sid
)
{
Session
session
=
Session
.
find
.
byId
(
sid
);
if
(
session
==
null
)
{
return
notFound
(
"session not found"
);
//404
return
notFound
(
"session not found"
);
//
404
}
else
{
return
ok
(
Json
.
toJson
(
session
.
questionAnswers
));
//200
for
(
QuestionAnswer
q
:
session
.
questionAnswers
)
{
q
.
owner
=
null
;
// censor owner id
}
return
ok
(
Json
.
toJson
(
session
.
questionAnswers
));
// 200
}
}
...
...
@@ -73,15 +76,15 @@ public class QuestionController extends Controller {
public
static
Result
resetAnswers
(
String
sid
,
String
owner
)
{
Session
session
=
Session
.
find
.
byId
(
sid
);
if
(
session
==
null
)
{
return
notFound
(
"session not found"
);
//404
return
notFound
(
"session not found"
);
//
404
}
if
(
session
.
owner
.
equals
(
owner
))
{
session
.
resetAnswers
();
session
.
save
();
return
noContent
();
//204
return
noContent
();
//
204
}
else
{
return
unauthorized
(
"wrong owner"
);
//401
return
unauthorized
(
"wrong owner"
);
//
401
}
}
}
app/controllers/SessionController.java
View file @
5e39a420
...
...
@@ -22,7 +22,7 @@ public class SessionController extends Controller {
*/
public
static
Result
getSessions
()
{
List
<
Session
>
sessions
=
Session
.
find
.
all
();
return
ok
(
Json
.
toJson
(
sessions
));
//200
return
ok
(
Json
.
toJson
(
sessions
));
//
200
}
/**
...
...
@@ -34,7 +34,10 @@ public class SessionController extends Controller {
*/
public
static
Result
getSessionsByOwner
(
String
owner
)
{
List
<
Session
>
sessions
=
Session
.
findFromOwner
(
owner
);
return
ok
(
Json
.
toJson
(
sessions
));
//200
for
(
Session
s
:
sessions
)
{
s
.
owner
=
null
;
// censor owner id
}
return
ok
(
Json
.
toJson
(
sessions
));
// 200
}
/**
...
...
@@ -46,8 +49,12 @@ public class SessionController extends Controller {
*/
public
static
Result
getSession
(
String
sid
)
{
Session
session
=
Session
.
find
.
byId
(
sid
);
return
session
==
null
?
notFound
(
"session not found"
)
:
ok
(
Json
.
toJson
(
session
));
//200 or 404
if
(
session
==
null
)
{
return
notFound
(
"session not found"
);
// 404
}
else
{
session
.
owner
=
null
;
// censor owner id
return
ok
(
Json
.
toJson
(
session
));
// 200
}
}
/**
...
...
@@ -64,9 +71,9 @@ public class SessionController extends Controller {
Session
sessionSaved
=
new
Session
(
session
.
owner
,
session
.
name
,
session
.
open
,
session
.
date
);
sessionSaved
.
save
();
return
created
(
Json
.
toJson
(
sessionSaved
));
//201
return
created
(
Json
.
toJson
(
sessionSaved
));
//
201
}
else
{
return
badRequest
(
"name or owner missing"
);
//400
return
badRequest
(
"name or owner missing"
);
//
400
}
}
...
...
@@ -83,17 +90,17 @@ public class SessionController extends Controller {
Session
session
=
Json
.
fromJson
(
json
,
Session
.
class
);
Session
sessionSaved
=
Session
.
find
.
byId
(
sid
);
if
(
sessionSaved
==
null
)
{
return
notFound
(
"session not found"
);
//404
return
notFound
(
"session not found"
);
//
404
}
if
(!
sessionSaved
.
owner
.
equals
(
session
.
owner
))
{
return
unauthorized
(
"wrong owner"
);
//401
return
unauthorized
(
"wrong owner"
);
//
401
}
sessionSaved
.
name
=
session
.
name
;
sessionSaved
.
date
=
session
.
date
;
sessionSaved
.
open
=
session
.
open
;
sessionSaved
.
save
();
return
ok
(
Json
.
toJson
(
sessionSaved
));
//200
return
ok
(
Json
.
toJson
(
sessionSaved
));
//
200
}
/**
...
...
@@ -108,14 +115,14 @@ public class SessionController extends Controller {
public
static
Result
deleteSession
(
String
sid
,
String
owner
)
{
Session
session
=
Session
.
find
.
byId
(
sid
);
if
(
session
==
null
)
{
return
notFound
(
"session not found"
);
//404
return
notFound
(
"session not found"
);
//
404
}
if
(
session
.
owner
.
equals
(
owner
))
{
session
.
delete
();
return
noContent
();
//204
return
noContent
();
//
204
}
else
{
return
unauthorized
(
"wrong owner"
);
//401
return
unauthorized
(
"wrong owner"
);
//
401
}
}
}
app/controllers/VoteController.java
View file @
5e39a420
...
...
@@ -25,10 +25,10 @@ public class VoteController extends Controller {
public
static
Result
createVote
(
String
sid
)
{
Session
session
=
Session
.
find
.
byId
(
sid
);
if
(
session
==
null
)
{
return
notFound
(
"session not found"
);
//404
return
notFound
(
"session not found"
);
//
404
}
if
(!
session
.
open
)
{
return
forbidden
(
"session not open"
);
//403
return
forbidden
(
"session not open"
);
//
403
}
JsonNode
json
=
request
().
body
().
asJson
();
...
...
@@ -37,9 +37,9 @@ public class VoteController extends Controller {
Vote
inserted
=
new
Vote
(
session
,
vote
.
owner
,
vote
.
type
,
vote
.
vote
);
session
.
addVote
(
inserted
);
session
.
save
();
return
created
(
Json
.
toJson
(
inserted
));
//201
return
created
(
Json
.
toJson
(
inserted
));
//
201
}
else
{
return
badRequest
(
"owner missing"
);
//40
1
return
badRequest
(
"owner missing"
);
//
40
0
}
}
...
...
@@ -53,9 +53,12 @@ public class VoteController extends Controller {
public
static
Result
getVotes
(
String
sid
)
{
Session
session
=
Session
.
find
.
byId
(
sid
);
if
(
session
==
null
)
{
return
notFound
(
"session not found"
);
//404
return
notFound
(
"session not found"
);
//
404
}
else
{
return
ok
(
Json
.
toJson
(
session
.
votes
));
//200
for
(
Vote
v
:
session
.
votes
)
{
v
.
owner
=
null
;
// censor owner id
}
return
ok
(
Json
.
toJson
(
session
.
votes
));
// 200
}
}
}
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment