Modified: openmeetings/application/trunk/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/RoomWebService.java URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/RoomWebService.java?rev=1755553&r1=1755552&r2=1755553&view=diff ============================================================================== --- openmeetings/application/trunk/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/RoomWebService.java (original) +++ openmeetings/application/trunk/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/RoomWebService.java Tue Aug 9 03:17:22 2016 @@ -53,6 +53,7 @@ import org.apache.openmeetings.db.dto.ro import org.apache.openmeetings.db.dto.room.RoomDTO; import org.apache.openmeetings.db.entity.room.Invitation; import org.apache.openmeetings.db.entity.room.Invitation.MessageType; +import org.apache.openmeetings.db.entity.server.Sessiondata; import org.apache.openmeetings.db.entity.room.Room; import org.apache.openmeetings.db.util.AuthLevelUtil; import org.apache.openmeetings.util.message.RoomMessage; @@ -109,9 +110,8 @@ public class RoomWebService { @Path("/public/{type}") public List<RoomDTO> getPublic(@QueryParam("sid") @WebParam(name="sid") String sid, @PathParam("type") @WebParam(name="type") String type) throws ServiceException { try { - Long userId = sessionDao.check(sid); - - if (AuthLevelUtil.hasUserLevel(userDao.getRights(userId))) { + Sessiondata sd = sessionDao.check(sid); + if (AuthLevelUtil.hasUserLevel(userDao.getRights(sd.getUserId()))) { return RoomDTO.list(roomDao.getPublicRooms(Room.Type.valueOf(type))); } else { throw new ServiceException("Insufficient permissions"); //TODO code -26 @@ -135,8 +135,8 @@ public class RoomWebService { @GET @Path("/{id}") public RoomDTO getRoomById(@QueryParam("sid") @WebParam(name="sid") String sid, @PathParam("id") @WebParam(name="id") Long id) throws ServiceException { - Long userId = sessionDao.check(sid); - if (AuthLevelUtil.hasUserLevel(userDao.getRights(userId))) { + Sessiondata sd = sessionDao.check(sid); + if (AuthLevelUtil.hasUserLevel(userDao.getRights(sd.getUserId()))) { return new RoomDTO(roomDao.get(id)); } else { throw new ServiceException("Insufficient permissions"); //TODO code -26 @@ -172,7 +172,8 @@ public class RoomWebService { , @PathParam("externalid") @WebParam(name="externalid") Long externalId , @WebParam(name="room") @QueryParam("room") RoomDTO room) throws ServiceException { try { - Long userId = sessionDao.check(sid); + Sessiondata sd = sessionDao.check(sid); + Long userId = sd.getUserId(); if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(userId))) { Room r = roomDao.getExternal(Room.Type.valueOf(type), externalType, externalId); if (r == null) { @@ -209,7 +210,8 @@ public class RoomWebService { @Path("/") public RoomDTO add(@WebParam(name="sid") @QueryParam("sid") String sid, @WebParam(name="room") @FormParam("room") RoomDTO room) throws ServiceException { try { - Long userId = sessionDao.check(sid); + Sessiondata sd = sessionDao.check(sid); + Long userId = sd.getUserId(); if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(userId))) { Room r = room.get(); r = roomDao.update(r, userId); @@ -273,7 +275,8 @@ public class RoomWebService { @DELETE @Path("/{id}") public ServiceResult delete(@WebParam(name="sid") @QueryParam("sid") String sid, @WebParam(name="id") @PathParam("id") long id) throws ServiceException { - Long userId = sessionDao.check(sid); + Sessiondata sd = sessionDao.check(sid); + Long userId = sd.getUserId(); if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(userId))) { Room r = roomDao.get(id); if (r != null) { @@ -307,7 +310,8 @@ public class RoomWebService { @Path("/close/{id}") public ServiceResult close(@WebParam(name="sid") @QueryParam("sid") String sid, @WebParam(name="id") @PathParam("id") long id) throws ServiceException { try { - Long userId = sessionDao.check(sid); + Sessiondata sd = sessionDao.check(sid); + Long userId = sd.getUserId(); log.debug("close " + id); if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(userId))) { @@ -351,7 +355,8 @@ public class RoomWebService { @Path("/open/{id}") public ServiceResult open(@WebParam(name="sid") @QueryParam("sid") String sid, @WebParam(name="id") @PathParam("id") long id) throws ServiceException { try { - Long userId = sessionDao.check(sid); + Sessiondata sd = sessionDao.check(sid); + Long userId = sd.getUserId(); log.debug("open " + id); if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(userId))) { @@ -388,8 +393,8 @@ public class RoomWebService { @Path("/kick/{id}") public ServiceResult kick(@WebParam(name="sid") @QueryParam("sid") String sid, @WebParam(name="id") @PathParam("id") long id) throws ServiceException { try { - Long userId = sessionDao.check(sid); - if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(userId))) { + Sessiondata sd = sessionDao.check(sid); + if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(sd.getUserId()))) { boolean result = userManager.kickUserByStreamId(sid, id); return new ServiceResult(result ? 1L : 0L, "Kicked", Type.SUCCESS); } else { @@ -417,8 +422,8 @@ public class RoomWebService { public List<RoomCountBean> counters(@WebParam(name="sid") @QueryParam("sid") String sid, @WebParam(name="id") @QueryParam("id") List<Long> ids) throws ServiceException { List<RoomCountBean> roomBeans = new ArrayList<RoomCountBean>(); try { - Long userId = sessionDao.check(sid); - if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(userId))) { + Sessiondata sd = sessionDao.check(sid); + if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(sd.getUserId()))) { List<Room> rooms = roomDao.get(ids); for (Room room : rooms) { @@ -460,7 +465,8 @@ public class RoomWebService { ) throws ServiceException { try { - Long userId = sessionDao.check(sid); + Sessiondata sd = sessionDao.check(sid); + Long userId = sd.getUserId(); if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(userId))) { Invitation i = invite.get(userId, userDao, roomDao); i = invitationDao.update(i);
Modified: openmeetings/application/trunk/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/ServerWebService.java URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/ServerWebService.java?rev=1755553&r1=1755552&r2=1755553&view=diff ============================================================================== --- openmeetings/application/trunk/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/ServerWebService.java (original) +++ openmeetings/application/trunk/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/ServerWebService.java Tue Aug 9 03:17:22 2016 @@ -43,6 +43,7 @@ import org.apache.openmeetings.db.dto.ba import org.apache.openmeetings.db.dto.basic.ServiceResult.Type; import org.apache.openmeetings.db.dto.server.ServerDTO; import org.apache.openmeetings.db.entity.server.Server; +import org.apache.openmeetings.db.entity.server.Sessiondata; import org.apache.openmeetings.db.util.AuthLevelUtil; import org.apache.openmeetings.webservice.error.ServiceException; import org.red5.logging.Red5LoggerFactory; @@ -90,9 +91,9 @@ public class ServerWebService { ) throws ServiceException { log.debug("getServers enter"); - Long userId = sessionDao.check(sid); + Sessiondata sd = sessionDao.check(sid); - if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(userId))) { + if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(sd.getUserId()))) { return ServerDTO.list(serverDao.get(start, max)); } else { log.warn("Insuffisient permissions"); @@ -113,9 +114,9 @@ public class ServerWebService { @Path("/count") public long count(@QueryParam("sid") @WebParam(name="sid") String sid) throws ServiceException { log.debug("getServerCount enter"); - Long userId = sessionDao.check(sid); + Sessiondata sd = sessionDao.check(sid); - if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(userId))) { + if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(sd.getUserId()))) { return serverDao.count(); } else { throw new ServiceException("Insufficient permissions"); //TODO code -26 @@ -136,7 +137,8 @@ public class ServerWebService { @Path("/") public ServerDTO add(@WebParam(name="sid") @QueryParam("sid") String sid, @WebParam(name="server") @QueryParam("server") ServerDTO server) throws ServiceException { log.debug("saveServerCount enter"); - Long userId = sessionDao.check(sid); + Sessiondata sd = sessionDao.check(sid); + Long userId = sd.getUserId(); if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(userId))) { Server s = server.get(); return new ServerDTO(serverDao.update(s, userId)); @@ -160,7 +162,8 @@ public class ServerWebService { @Path("/{id}") public ServiceResult delete(@WebParam(name="sid") @QueryParam("sid") String sid, @WebParam(name="id") @PathParam("id") long id) throws ServiceException { log.debug("saveServerCount enter"); - Long userId = sessionDao.check(sid); + Sessiondata sd = sessionDao.check(sid); + Long userId = sd.getUserId(); if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(userId))) { Server s = serverDao.get(id); Modified: openmeetings/application/trunk/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/UserWebService.java URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/UserWebService.java?rev=1755553&r1=1755552&r2=1755553&view=diff ============================================================================== --- openmeetings/application/trunk/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/UserWebService.java (original) +++ openmeetings/application/trunk/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/UserWebService.java Tue Aug 9 03:17:22 2016 @@ -132,9 +132,8 @@ public class UserWebService implements U @Path("/") public List<UserDTO> get(@WebParam(name="sid") @QueryParam("sid") String sid) throws ServiceException { try { - Long authUserId = sessionDao.check(sid); - - if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(authUserId))) { + Sessiondata sd = sessionDao.check(sid); + if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(sd.getUserId()))) { return UserDTO.list(userDao.getAllUsers()); } else { throw new ServiceException("Insufficient permissions"); //TODO code -26 @@ -159,9 +158,8 @@ public class UserWebService implements U ) throws ServiceException { try { - Long authUserId = sessionDao.check(sid); - - if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(authUserId))) { + Sessiondata sd = sessionDao.check(sid); + if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(sd.getUserId()))) { User testUser = userDao.getExternalUser(user.getExternalId(), user.getExternalType()); if (testUser != null) { @@ -200,7 +198,7 @@ public class UserWebService implements U u.setExternalType(user.getExternalType()); } - u = userDao.update(u, authUserId); + u = userDao.update(u, sd.getUserId()); return new UserDTO(u); } else { @@ -223,10 +221,9 @@ public class UserWebService implements U @Path("/{id}") public ServiceResult delete(@WebParam(name="sid") @QueryParam("sid") String sid, @WebParam(name="id") @PathParam("id") long id) throws ServiceException { try { - Long authUserId = sessionDao.check(sid); - - if (AuthLevelUtil.hasAdminLevel(userDao.getRights(authUserId))) { - userDao.delete(userDao.get(id), authUserId); + Sessiondata sd = sessionDao.check(sid); + if (AuthLevelUtil.hasAdminLevel(userDao.getRights(sd.getUserId()))) { + userDao.delete(userDao.get(id), sd.getUserId()); return new ServiceResult(id, "Deleted", Type.SUCCESS); } else { @@ -251,13 +248,12 @@ public class UserWebService implements U ) throws ServiceException { try { - Long authUserId = sessionDao.check(sid); - - if (AuthLevelUtil.hasAdminLevel(userDao.getRights(authUserId))) { + Sessiondata sd = sessionDao.check(sid); + if (AuthLevelUtil.hasAdminLevel(userDao.getRights(sd.getUserId()))) { User user = userDao.getExternalUser(externalId, externalType); // Setting user deleted - userDao.delete(user, authUserId); + userDao.delete(user, sd.getUserId()); return new ServiceResult(user.getId(), "Deleted", Type.SUCCESS); } else { @@ -283,8 +279,8 @@ public class UserWebService implements U ) throws ServiceException { try { - Long userId = sessionDao.check(sid); - if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(userId))) { + Sessiondata sd = sessionDao.check(sid); + if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(sd.getUserId()))) { RemoteSessionObject remoteSessionObject = new RemoteSessionObject( user.getLogin(), user.getFirstname(), user.getLastname() , user.getProfilePictureUrl(), user.getEmail() @@ -306,7 +302,6 @@ public class UserWebService implements U ); if (hash != null) { - Sessiondata sd = sessionDao.get(sid); if (options.isAllowSameURLMultipleTimes()) { sd.setPermanent(true); } @@ -333,8 +328,8 @@ public class UserWebService implements U @Path("/kick/{publicsid}") public ServiceResult kick(@WebParam(name="sid") @QueryParam("sid") String sid, @WebParam(name="publicsid") @PathParam("publicsid") String publicSID) throws ServiceException { try { - Long userId = sessionDao.check(sid); - if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(userId))) { + Sessiondata sd = sessionDao.check(sid); + if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(sd.getUserId()))) { Boolean success = userManagement.kickUserByPublicSID(sid, publicSID); return new ServiceResult(Boolean.TRUE.equals(success) ? 1L : 0L, Boolean.TRUE.equals(success) ? "deleted" : "not deleted", Type.SUCCESS); @@ -355,9 +350,8 @@ public class UserWebService implements U @GET @Path("/count/{roomid}") public int count(@WebParam(name="sid") @QueryParam("sid") String sid, @WebParam(name="roomid") @PathParam("roomid") Long roomId) { - Long userId = sessionDao.check(sid); - - if (AuthLevelUtil.hasUserLevel(userDao.getRights(userId))) { + Sessiondata sd = sessionDao.check(sid); + if (AuthLevelUtil.hasUserLevel(userDao.getRights(sd.getUserId()))) { return conferenceService.getRoomClientsListByRoomId(roomId).size(); } return -1;
