KB51 Promote LazychatResource#getMessage => PostResource#getPost, handle null login.
Change-Id: I31601b00f1d72ec2282b6f6deedf971644b93a15
diff --git a/src/main/java/eu/mulk/mulkcms2/benki/lazychat/LazychatResource.java b/src/main/java/eu/mulk/mulkcms2/benki/lazychat/LazychatResource.java
index fd672f8..3cb1204 100644
--- a/src/main/java/eu/mulk/mulkcms2/benki/lazychat/LazychatResource.java
+++ b/src/main/java/eu/mulk/mulkcms2/benki/lazychat/LazychatResource.java
@@ -1,7 +1,5 @@
package eu.mulk.mulkcms2.benki.lazychat;
-import static javax.ws.rs.core.MediaType.APPLICATION_JSON;
-
import eu.mulk.mulkcms2.benki.posts.Post;
import eu.mulk.mulkcms2.benki.posts.PostFilter;
import eu.mulk.mulkcms2.benki.posts.PostResource;
@@ -13,12 +11,10 @@
import javax.transaction.Transactional;
import javax.ws.rs.ForbiddenException;
import javax.ws.rs.FormParam;
-import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
@Path("/lazychat")
@@ -79,21 +75,4 @@
return Response.seeOther(new URI("/lazychat")).build();
}
-
- @GET
- @Transactional
- @Produces(APPLICATION_JSON)
- @Path("/p/{id}")
- public LazychatMessage getMessage(@PathParam("id") int id) {
-
- var user = getCurrentUser();
-
- var message = getSession().byId(LazychatMessage.class).load(id);
-
- if (!user.canSee(message)) {
- throw new ForbiddenException();
- }
-
- return message;
- }
}
diff --git a/src/main/java/eu/mulk/mulkcms2/benki/posts/Post.java b/src/main/java/eu/mulk/mulkcms2/benki/posts/Post.java
index 654db5f..5ecccc7 100644
--- a/src/main/java/eu/mulk/mulkcms2/benki/posts/Post.java
+++ b/src/main/java/eu/mulk/mulkcms2/benki/posts/Post.java
@@ -13,6 +13,7 @@
import java.util.Objects;
import java.util.Set;
import javax.annotation.CheckForNull;
+import javax.annotation.Nullable;
import javax.json.bind.annotation.JsonbTransient;
import javax.persistence.Column;
import javax.persistence.Entity;
@@ -163,6 +164,11 @@
return query;
}
+ public final boolean isVisibleTo(@Nullable User user) {
+ // FIXME: Make this more efficient.
+ return getVisibility() == Visibility.PUBLIC || (user != null && visibleTo.contains(user));
+ }
+
public static class PostPage<T extends Post> {
public @CheckForNull Integer prevCursor;
public @CheckForNull Integer cursor;
diff --git a/src/main/java/eu/mulk/mulkcms2/benki/posts/PostResource.java b/src/main/java/eu/mulk/mulkcms2/benki/posts/PostResource.java
index e7b6e9a..03447ad 100644
--- a/src/main/java/eu/mulk/mulkcms2/benki/posts/PostResource.java
+++ b/src/main/java/eu/mulk/mulkcms2/benki/posts/PostResource.java
@@ -1,6 +1,7 @@
package eu.mulk.mulkcms2.benki.posts;
import static javax.ws.rs.core.MediaType.APPLICATION_ATOM_XML;
+import static javax.ws.rs.core.MediaType.APPLICATION_JSON;
import static javax.ws.rs.core.MediaType.TEXT_HTML;
import com.rometools.rome.feed.atom.Content;
@@ -36,6 +37,7 @@
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.ws.rs.BadRequestException;
+import javax.ws.rs.ForbiddenException;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
@@ -280,8 +282,29 @@
}
}
+ @CheckForNull
protected User getCurrentUser() {
+ if (identity.isAnonymous()) {
+ return null;
+ }
+
var userName = identity.getPrincipal().getName();
return User.findByNickname(userName);
}
+
+ @GET
+ @Produces(APPLICATION_JSON)
+ @Path("/p/{id}")
+ public Post getPost(@PathParam("id") int id) {
+
+ var user = getCurrentUser();
+
+ var message = getSession().byId(Post.class).load(id);
+
+ if (!message.isVisibleTo(user)) {
+ throw new ForbiddenException();
+ }
+
+ return message;
+ }
}
diff --git a/src/main/java/eu/mulk/mulkcms2/benki/users/User.java b/src/main/java/eu/mulk/mulkcms2/benki/users/User.java
index ab89baa..c5d491e 100644
--- a/src/main/java/eu/mulk/mulkcms2/benki/users/User.java
+++ b/src/main/java/eu/mulk/mulkcms2/benki/users/User.java
@@ -5,10 +5,10 @@
import eu.mulk.mulkcms2.benki.bookmarks.Bookmark;
import eu.mulk.mulkcms2.benki.lazychat.LazychatMessage;
import eu.mulk.mulkcms2.benki.posts.Post;
-import eu.mulk.mulkcms2.benki.posts.Post.Visibility;
import eu.mulk.mulkcms2.benki.wiki.WikiPageRevision;
import io.quarkus.hibernate.orm.panache.PanacheEntityBase;
import java.util.Collection;
+import java.util.Objects;
import java.util.Set;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
@@ -143,8 +143,24 @@
return User.find("from BenkiUser u join u.nicknames n where ?1 = n", nickname).singleResult();
}
- public boolean canSee(Post message) {
- // FIXME: Make this more efficient.
- return message.getVisibility() == Visibility.PUBLIC || visiblePosts.contains(message);
+ public final boolean canSee(Post message) {
+ return message.isVisibleTo(this);
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) {
+ return true;
+ }
+ if (!(o instanceof User)) {
+ return false;
+ }
+ User user = (User) o;
+ return Objects.equals(id, user.id);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(id);
}
}