[Treebase-guts] SF.net SVN: treebase:[415] trunk/treebase-web/src/main/java/org/cipres/ treebase/web/controllers/BaseFormController.java

[<rv...@us...>]

Revision: 415
          http://treebase.svn.sourceforge.net/treebase/?rev=415&view=rev
Author:   rvos
Date:     2010-01-12 17:18:04 +0000 (Tue, 12 Jan 2010)

Log Message:
-----------
Added boolean isReviewerAccessGranted(req) method, which checks whether the access has been granted through the special URL for reviewers

Modified Paths:
--------------
    trunk/treebase-web/src/main/java/org/cipres/treebase/web/controllers/BaseFormController.java

Modified: trunk/treebase-web/src/main/java/org/cipres/treebase/web/controllers/BaseFormController.java
===================================================================
--- trunk/treebase-web/src/main/java/org/cipres/treebase/web/controllers/BaseFormController.java	2010-01-12 17:08:47 UTC (rev 414)
+++ trunk/treebase-web/src/main/java/org/cipres/treebase/web/controllers/BaseFormController.java	2010-01-12 17:18:04 UTC (rev 415)
@@ -12,6 +12,12 @@
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.log4j.Logger;
+import org.cipres.treebase.NamespacedGUID;
+import org.cipres.treebase.TreebaseIDString;
+import org.cipres.treebase.TreebaseUtil;
+import org.cipres.treebase.domain.study.Study;
+import org.cipres.treebase.web.Constants;
+import org.cipres.treebase.web.util.ControllerUtil;
 import org.springframework.beans.propertyeditors.CustomDateEditor;
 import org.springframework.beans.propertyeditors.CustomNumberEditor;
 import org.springframework.validation.BindException;
@@ -138,17 +144,32 @@
 
 	@Override
 	protected ModelAndView showForm(
-		HttpServletRequest pArg0,
-		HttpServletResponse pArg1,
-		BindException pArg2,
-		Map pArg3) throws Exception {
-		if (isAuthorizationChecked()) {
-			return super.showForm(pArg0, pArg1, pArg2, pArg3);
+		HttpServletRequest pRequest,
+		HttpServletResponse pResponse,
+		BindException pBindException,
+		Map pMap) throws Exception {
+		if (isAuthorizationChecked() || isReviewerAccessGranted(pRequest)) {
+			return super.showForm(pRequest, pResponse, pBindException, pMap);
 		} else {
 			return new ModelAndView(AUTHORIZATION_VIOLATION_VIEW);
 		}
 	}
 
+	private boolean isReviewerAccessGranted(HttpServletRequest pRequest) {
+		boolean reviewerAccessGranted = false;
+		String storedHashedStudyId = pRequest.getSession().getAttribute(Constants.X_ACCESS_CODE).toString();		
+		if ( ! TreebaseUtil.isEmpty(storedHashedStudyId) ) {
+			Long studyId = ControllerUtil.getStudyId(pRequest);
+			TreebaseIDString treebaseIDString = new TreebaseIDString(Study.class,studyId);
+			NamespacedGUID namespacedGUID = treebaseIDString.getNamespacedGUID();
+			String computedHashedStudyId = namespacedGUID.getHashedIDString();
+			if ( storedHashedStudyId.equals(computedHashedStudyId) ) {
+				reviewerAccessGranted = true;
+			}
+		}
+		return reviewerAccessGranted;
+	}
+
 	protected ModelAndView setAttributeAndShowForm(
 		HttpServletRequest request,
 		HttpServletResponse response,


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.