@RequestMapping(value = "/remove-userpic.jsp", method = RequestMethod.POST) public ModelAndView removeUserpic(ServletRequest request, @RequestParam("id") User user) throws Exception { Template tmpl = Template.getTemplate(request); if (!tmpl.isSessionAuthorized()) { throw new AccessViolationException("Not autorized"); } User currentUser = tmpl.getCurrentUser(); if (!currentUser.isModerator() && currentUser.getId() != user.getId()) { throw new AccessViolationException("Not permitted"); } if (user.isModerator()) { throw new AccessViolationException( "Пользователю " + user.getNick() + " нельзя удалить картинку"); } if (user.getPhoto() == null) { throw new AccessViolationException("Пользователь " + user.getNick() + " картинки не имеет"); } if (userDao.removePhoto(user, currentUser)) { logger.info("Clearing " + user.getNick() + " userpic by " + currentUser.getNick()); } else { logger.debug("SKIP Clearing " + user.getNick() + " userpic by " + currentUser.getNick()); } return redirectToProfile(user); }