search

fabioturazzi / HMS_Project

Integrated Management System developed using Spring Boot and H2 (SQL)
1 stars 1 forks source link

Fix Control access issue on GET and POST data #45

Closed fcasaloti-student closed 3 years ago

fcasaloti-student commented 3 years ago

Daniil, Fabio, please, fix the Access Control on your GET and POST data. Please insert the following statement in the beggining of each GET and POST. Today, if a user does not have either a valid session or a valid userType attribute, the Page return an error message that a null value is found when it can try to get the attribute.

Customer Users:

    // Check if user is logged in and if it is a Customer
    if (!user.hasValidSession(session))
        return "denied";
    else if (!session.getAttribute("userType").equals("Customer"))
        return "denied";

Staff Users: // Check if user is logged in and if it is a Customer if (!user.hasValidSession(session)) return "denied"; else if (!session.getAttribute("userType").equals("Staff")) return "denied";

fabioturazzidouglas commented 3 years ago

Fixed it to roomSearch, now it only allows customers to access