Added security cheks for downloads

ispyb-ejb/src/main/java/ispyb/server/common/services/sessions/Session3Service.java

@@ -175,6 +175,8 @@ public List<Session3VO> findByStartDateAndBeamLineNameAndNbShifts(final Integer
 	 */
 	public Session3VO findByAutoProcScalingId(final Integer autoProcScalingId) throws Exception;
 
+	public Session3VO findByAutoProcProgramAttachmentId(final Integer autoProcProgramAttachmentId) throws Exception;
+
 	public void protectSession(Integer sessionId) throws Exception;
 
 	/**
@@ -195,6 +197,8 @@ public List<Session3VO> findByStartDateAndBeamLineNameAndNbShifts(final Integer
 	 */
 	public Integer getNbOfTests(final Integer sesId) throws Exception;
 
+	public Session3VO findByAutoProcProgramId(int autoProcProgramId);
+
 
 
 }

ispyb-ejb/src/main/java/ispyb/server/common/services/sessions/Session3ServiceBean.java

@@ -111,6 +111,19 @@ private static final String FIND_ALL(boolean fetchDataCollectionGroup, boolean f
 			+ " where s.sessionId = g.sessionId and  " + " g.dataCollectionGroupId = c.dataCollectionGroupId and "
 			+ " c.dataCollectionId = api.dataCollectionId and " + " api.autoProcIntegrationId = apshi.autoProcIntegrationId and "
 			+ " apshi.autoProcScalingId = aps.autoProcScalingId and " + " aps.autoProcScalingId = :autoProcScalingId ";
+
+	private static final String FIND_BY_AUTOPROCPROGRAMATTACHMENT_ID = "select s.* from BLSession s, "
+			+ " DataCollectionGroup g, DataCollection c, AutoProcIntegration api, AutoProcProgram autoprocProgram, AutoProcProgramAttachment autoProcProgramAttachment"
+			+ " where s.sessionId = g.sessionId and  g.dataCollectionGroupId = c.dataCollectionGroupId and autoprocProgram.autoProcProgramId = api.autoProcProgramId"
+			+ " and c.dataCollectionId = api.dataCollectionId and autoprocProgram.autoProcProgramId = autoProcProgramAttachment.autoProcProgramId "
+			+ " and autoProcProgramAttachment.autoProcProgramAttachmentId = :autoProcProgramAttachmentId ";
+
+
+	private static final String FIND_BY_AUTOPROCPROGRAM_ID = "select s.* from BLSession s, "
+			+ " DataCollectionGroup g, DataCollection c, AutoProcIntegration api, AutoProcProgram autoprocProgram "
+			+ " where s.sessionId = g.sessionId and  g.dataCollectionGroupId = c.dataCollectionGroupId and autoprocProgram.autoProcProgramId = api.autoProcProgramId"
+			+ " and c.dataCollectionId = api.dataCollectionId and autoprocProgram.autoProcProgramId = :autoProcProgramId ";
+
 
 	private static String getProposalCodeNumberQuery() {
 		String query = "select * " + " FROM BLSession ses, Proposal pro "
@@ -525,6 +538,32 @@ public Session3VO findByAutoProcScalingId(final Integer autoProcScalingId) throw
 		}
 		return null;
 	}
+
+
+	@SuppressWarnings("unchecked")
+	public Session3VO findByAutoProcProgramAttachmentId(final Integer autoProcProgramAttachmentId) throws Exception {
+		String query = FIND_BY_AUTOPROCPROGRAMATTACHMENT_ID;
+		List<Session3VO> col = this.entityManager.createNativeQuery(query, "sessionNativeQuery")
+					.setParameter("autoProcProgramAttachmentId", autoProcProgramAttachmentId).getResultList();
+		if (col != null && col.size() > 0) {
+				return col.get(0);
+		}
+		return null;
+	}
+
+
+	@Override
+	public Session3VO findByAutoProcProgramId(int autoProcProgramId) {
+		String query = FIND_BY_AUTOPROCPROGRAM_ID;
+		@SuppressWarnings("unchecked")
+		List<Session3VO> col = this.entityManager.createNativeQuery(query, "sessionNativeQuery")
+					.setParameter("autoProcProgramId", autoProcProgramId).getResultList();
+		if (col != null && col.size() > 0) {
+				return col.get(0);
+		}
+		return null;
+	}
+
 
 
 	/**
@@ -818,4 +857,6 @@ private void checkChangeRemoveAccess(Session3VO vo) throws AccessDeniedException
 
 
 
+
+
 }