DeleteAddressController xref

View Javadoc

1   /*
2    * Copyright (C) 2007 Alf Mikula
3    * 
4    * This file is part of PromoteGo.
5    *
6    * PromoteGo is free software: you can redistribute it and/or modify
7    * it under the terms of the GNU General Public License as published by
8    * the Free Software Foundation, either version 3 of the License, or
9    * (at your option) any later version.
10   *
11   * PromoteGo is distributed in the hope that it will be useful,
12   * but WITHOUT ANY WARRANTY; without even the implied warranty of
13   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14   * GNU General Public License for more details.
15   *
16   * You should have received a copy of the GNU General Public License
17   * along with PromoteGo.  If not, see <http://www.gnu.org/licenses/>.
18   */
19  package org.promotego.controllers;
20  
21  import javax.servlet.http.HttpServletRequest;
22  import javax.servlet.http.HttpServletResponse;
23  
24  import org.promotego.beans.Address;
25  import org.promotego.beans.UserHolder;
26  import org.promotego.dao.interfaces.AddressDao;
27  import org.springframework.beans.factory.annotation.Required;
28  import org.springframework.transaction.annotation.Transactional;
29  import org.springframework.web.servlet.ModelAndView;
30  import org.springframework.web.servlet.mvc.AbstractController;
31  
32  public class DeleteAddressController extends AbstractController
33  {
34      private AddressDao m_addressDao;
35      private UserHolder m_userHolder;
36      
37      @Transactional
38      @Override
39      protected ModelAndView handleRequestInternal(HttpServletRequest request,
40              HttpServletResponse response) throws Exception
41      {
42          Address address = retrieveAndValidateAddress(request);
43          
44          m_addressDao.delete(address);
45          
46          return new ModelAndView("redirect:listaddresses.do", "messageKey", "address.deleted");
47      }
48  
49      /***
50       * Retrieve address from the request, ensuring correct user and existing address.
51       * 
52       * @param request The HttpServletRequest of the current request.
53       * @return Address identified by addressId on the request.
54       */
55      private Address retrieveAndValidateAddress(HttpServletRequest request)
56      {
57          String addressIdString = request.getParameter("addressId");
58          if (addressIdString == null)
59          {
60              throw new IllegalArgumentException("addressId may not be null");
61          }
62          
63          Address address = m_addressDao.getById(Long.parseLong(addressIdString));
64          if (address == null)
65          {
66              throw new IllegalArgumentException("Invalid address ID");
67          }
68          
69          assert m_userHolder.getUser() != null : "User object may not be null";
70          if (m_userHolder.getUser().getId() != address.getUser().getId())
71          {
72              throw new IllegalArgumentException("User does not have permission to edit other users' addresses");
73          }
74          return address;
75      }
76      
77      @Required
78      public void setAddressDao(AddressDao addressDao)
79      {
80          m_addressDao = addressDao;
81      }
82      
83      @Required
84      public void setUserHolder(UserHolder theUserHolder)
85      {
86          m_userHolder = theUserHolder;
87      }
88  }