@RequestMapping( value = "/memories.jsp", params = {"remove"}, method = RequestMethod.POST) public @ResponseBody void remove(ServletRequest request, @RequestParam("id") int id) throws Exception { Template tmpl = Template.getTemplate(request); if (!tmpl.isSessionAuthorized()) { throw new AccessViolationException("Not authorized"); } User user = tmpl.getCurrentUser(); user.checkBlocked(); user.checkAnonymous(); MemoriesListItem m = memoriesDao.getMemoriesListItem(id); if (m != null) { if (m.getUserid() != user.getId()) { throw new AccessViolationException("Нельзя удалить чужую запись"); } memoriesDao.delete(id); } }
@RequestMapping( value = "/memories.jsp", params = {"add"}, method = RequestMethod.POST) public @ResponseBody Integer add(ServletRequest request, @RequestParam("msgid") int msgid) throws Exception { Template tmpl = Template.getTemplate(request); if (!tmpl.isSessionAuthorized()) { throw new AccessViolationException("Not authorized"); } User user = tmpl.getCurrentUser(); user.checkBlocked(); user.checkAnonymous(); Topic topic = messageDao.getById(msgid); if (topic.isDeleted()) { throw new UserErrorException("Тема удалена"); } return memoriesDao.addToMemories(user.getId(), topic.getId()); }