[Treebase-guts] SF.net SVN: treebase:[439] trunk/treebase-web/src/main/java/org/cipres/ treebase/web/controllers/SearchSummaryController.java

[<rv...@us...>]

Revision: 439
          http://treebase.svn.sourceforge.net/treebase/?rev=439&view=rev
Author:   rvos
Date:     2010-01-14 16:12:28 +0000 (Thu, 14 Jan 2010)

Log Message:
-----------
Now throws exception if access isn't granted through x-access-code

Modified Paths:
--------------
    trunk/treebase-web/src/main/java/org/cipres/treebase/web/controllers/SearchSummaryController.java

Modified: trunk/treebase-web/src/main/java/org/cipres/treebase/web/controllers/SearchSummaryController.java
===================================================================
--- trunk/treebase-web/src/main/java/org/cipres/treebase/web/controllers/SearchSummaryController.java	2010-01-14 15:59:53 UTC (rev 438)
+++ trunk/treebase-web/src/main/java/org/cipres/treebase/web/controllers/SearchSummaryController.java	2010-01-14 16:12:28 UTC (rev 439)
@@ -70,6 +70,7 @@
 	
 	class NoStudySpecifiedError extends Error { }
 	class UnknownStudyError extends Error { }
+	class RestrictedStudyError extends Error { }
 	
 	Study theStudy = null;
 	CharacterMatrix theMatrix = null; // XXX What if it isn't a CharacterMatrix?
@@ -90,6 +91,13 @@
 			theStudy = getStudyService().findByID(studyID);
 			if (theStudy == null) { throw new UnknownStudyError(); }
 			LOGGER.debug("formBackingObject found study " + theStudy);
+			if ( ! theStudy.isPublished() ) {
+				String hashedId = theStudy.getNamespacedGUID().getHashedIDString();
+				String xAccessCode = request.getParameter(Constants.X_ACCESS_CODE);
+				if ( ! hashedId.equals(xAccessCode) ) {
+					throw new RestrictedStudyError();
+				}
+			}
 		}
 		
 		theTree = null;


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.