private boolean isTermsOfUsePage(PageDef pageDef) {
if (pageDef != null
&& (pageDef.getName().equals(pageDefService.TERMS_OF_USE_PAGE)
|| pageDef.getName().equals(pageDefService.ACCOUNT_TERMS_OF_USE_PAGE))) {
return true;
}
return false;
}
private void redirectToLogin(
HttpServletRequest request, HttpServletResponse response, VDC currentVDC)
throws IOException, ServletException {
String vdcParam = "?redirect=true";
PageDef loginPage = pageDefService.findByName(PageDefServiceLocal.LOGIN_PAGE);
if (currentVDC != null) {
vdcParam += "&vdcId=" + currentVDC.getId();
}
response.sendRedirect(request.getContextPath() + "/faces" + loginPage.getPath() + vdcParam);
}
private boolean isCheckLockPage(PageDef pageDef) {
if (pageDef != null
&& (pageDef.getName().equals(PageDefServiceLocal.EDIT_STUDY_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.EDIT_VARIABLE_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.DELETE_STUDY_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.STUDY_PERMISSIONS_PAGE))) {
return true;
}
return false;
}
private boolean isRolePage(PageDef pageDef, HttpServletRequest request) {
//
// Return true if pageDef has a network role or a vdc role
//
boolean rolePage = false;
if (pageDef != null && (pageDef.getNetworkRole() != null || pageDef.getRole() != null)) {
rolePage = true;
}
return rolePage;
}
private boolean isVdcRestricted(PageDef pageDef, HttpServletRequest request) {
boolean restricted = false;
VDC currentVDC = vdcService.getVDCFromRequest(request);
if (pageDef != null
&& (pageDef.getName().equals(PageDefServiceLocal.LOGIN_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.LOGOUT_PAGE))) {
restricted = false;
} else if (currentVDC != null && currentVDC.isRestricted()) {
restricted = true;
}
return restricted;
}
private boolean isEditStudyPage(PageDef pageDef) {
if (pageDef != null
&& (pageDef.getName().equals(PageDefServiceLocal.EDIT_STUDY_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.EDIT_VARIABLE_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.ADD_FILES_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.DELETE_STUDY_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.EDIT_FILES_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.SETUP_DATA_EXPLORATION_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.STUDY_PERMISSIONS_PAGE))) {
return true;
}
return false;
}
private boolean isVersionDiffPage(PageDef pageDef) {
if (pageDef != null
&& pageDef.getName().equals(PageDefServiceLocal.STUDY_VERSION_DIFFERENCES_PAGE)) {
return true;
}
return false;
}
private boolean isAuthorizedToEditStudy(
PageDef pageDef, VDCUser user, HttpServletRequest request, VDC currentVDC) {
boolean authorized = false;
// If this is a new study being created, then user is authorized if he or she is admin, curator
// or contributor
// in currentVDC
if (pageDef.getName().equals(PageDefServiceLocal.EDIT_STUDY_PAGE)
&& (getStudyIdFromRequest(request) == null
|| Integer.parseInt(getStudyIdFromRequest(request)) < 0)) {
String currentVDCRoleName = null;
if (currentVDC != null && currentVDC.isAllowRegisteredUsersToContribute()) {
authorized = true;
} else {
if (currentVDC != null && user.getVDCRole(currentVDC) != null) {
currentVDCRoleName = user.getVDCRole(currentVDC).getRole().getName();
}
if (currentVDCRoleName != null
&& (currentVDCRoleName.equals(RoleServiceLocal.ADMIN)
|| currentVDCRoleName.equals(RoleServiceLocal.CURATOR)
|| currentVDCRoleName.equals(RoleServiceLocal.CONTRIBUTOR))) {
authorized = true;
}
}
} else {
// If we are editing an existing study, then the authorization depends on the study
Long studyId = Long.parseLong(getStudyIdFromRequest(request));
Study study = studyService.getStudy(studyId);
authorized = study.isUserAuthorizedToEdit(user);
}
return authorized;
}
private boolean isAddStudyPage(PageDef pageDef, HttpServletRequest request) {
if (pageDef != null
&& pageDef.getName().equals(PageDefServiceLocal.EDIT_STUDY_PAGE)
&& request.getParameter("studyId") == null) {
return true;
} else {
return false;
}
}
private Long determineStudyId(PageDef pageDef, HttpServletRequest request) {
if (pageDef.getName().equals(PageDefServiceLocal.EDIT_VARIABLE_PAGE)) {
String dtIdParam = getIdFromRequest("dtId", request);
return varService.getDataTable(new Long(dtIdParam)).getStudyFile().getStudy().getId();
}
String studyIdParam = getStudyIdFromRequest(request);
if (studyIdParam != null) {
return new Long(studyIdParam);
}
return null;
}
private boolean isExploreDataPage(PageDef pageDef) {
if (pageDef != null && pageDef.getName().equals(pageDefService.EXPLOREDATA_PAGE)) {
return true;
}
return false;
}
private boolean isSubsettingPage(PageDef pageDef) {
if (pageDef != null && pageDef.getName().equals(pageDefService.SUBSETTING_PAGE)) {
return true;
}
return false;
}
private boolean isEditAccountPage(PageDef pageDef) {
if (pageDef != null && pageDef.getName().equals(pageDefService.EDIT_ACCOUNT_PAGE)) {
return true;
}
return false;
}
private boolean isUserAuthorizedForRolePage(
PageDef pageDef, HttpServletRequest request, LoginBean loginBean) {
if (loginBean == null) {
return false;
}
VDC currentVDC = vdcService.getVDCFromRequest(request);
VDCUser user = loginBean.getUser();
VDCRole userRole = null;
String userVDCRoleName = null;
if (currentVDC != null) {
userRole = loginBean.getVDCRole(currentVDC);
}
if (userRole != null) {
userVDCRoleName = userRole.getRole().getName();
}
if (user.getNetworkRole() != null
&& user.getNetworkRole().getName().equals(NetworkRoleServiceLocal.ADMIN)) {
// If you are network admin, you can do anything!
return true;
}
// Do special authorization for EditStudyPages
if (isEditStudyPage(pageDef)) {
return isAuthorizedToEditStudy(pageDef, user, request, currentVDC);
}
// If this page has only has a network role, or if it has both network and vdc roles, but no
// current vdc,
// do authorization based on network role.
if (pageDef != null && (pageDef.getNetworkRole() != null && pageDef.getRole() == null)
|| (pageDef.getNetworkRole() != null && pageDef.getRole() != null && currentVDC == null)) {
if (user.getNetworkRole() != null) {
if (user.getNetworkRole().getId().equals(pageDef.getNetworkRole().getId())) {
return true;
} else {
return false;
}
} else return false;
}
// If this page only has a VDC Role, or if it has both roles and currentVDC exists,
// do authorization based on VDC role.
if (pageDef != null && (pageDef.getRole() != null && pageDef.getNetworkRole() == null)
|| (pageDef.getNetworkRole() != null && pageDef.getRole() != null && currentVDC != null)) {
if (currentVDC == null) {
return false;
}
String pageRoleName = pageDef.getRole().getName();
if (userVDCRoleName == null && !isUserStudyCreator(user, request)) {
return false;
}
if (pageRoleName.equals(RoleServiceLocal.ADMIN)) {
if (userVDCRoleName.equals(RoleServiceLocal.ADMIN)) {
return true;
} else {
return false;
}
}
if (pageRoleName.equals(RoleServiceLocal.CURATOR)) {
if (userVDCRoleName.equals(RoleServiceLocal.CURATOR)
|| userVDCRoleName.equals(RoleServiceLocal.ADMIN)
|| isUserStudyCreator(user, request)) {
return true;
} else {
return false;
}
}
if (pageRoleName.equals(RoleServiceLocal.CONTRIBUTOR)) {
if (userVDCRoleName.equals(RoleServiceLocal.CONTRIBUTOR)
|| userVDCRoleName.equals(RoleServiceLocal.CURATOR)
|| userVDCRoleName.equals(RoleServiceLocal.ADMIN)) {
return true;
} else {
return false;
}
}
}
return false;
}
private boolean isManifestPage(PageDef pageDef) {
if (pageDef != null && pageDef.getName().equals(PageDefServiceLocal.MANIFEST_PAGE)) {
return true;
}
return false;
}
private boolean isUserAuthorizedForNonRolePage(
PageDef pageDef, HttpServletRequest request, LoginBean loginBean, UserGroup ipUserGroup) {
VDCUser user = null;
if (loginBean != null) {
user = loginBean.getUser();
}
if (user != null
&& user.getNetworkRole() != null
&& user.getNetworkRole().getName().equals(NetworkRoleServiceLocal.ADMIN)) {
// If you are network admin, you can do anything!
return true;
}
VDC currentVDC = vdcService.getVDCFromRequest(request);
if (currentVDC != null && !isTermsOfUsePage(pageDef) && isVdcRestricted(pageDef, request)) {
if (currentVDC.isVDCRestrictedForUser(user, ipUserGroup)) {
return false;
}
} else if (pageDef != null
&& (pageDef.getName().equals(PageDefServiceLocal.DV_OPTIONS_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.ACCOUNT_OPTIONS_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.ACCOUNT_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.MANAGE_STUDIES_PAGE))) {
// For these pages, the only requirement is
// to be logged in.
if (user == null) {
return false;
}
String userParam = request.getParameter("userId");
if (userParam != null && !userParam.equals(user.getId().toString())) {
// To view other users, logged in user must be an admin or curator
if (!(user.isAdmin(currentVDC) || user.isCurator(currentVDC))) {
return false;
}
}
} else if (isViewStudyPage(pageDef)) {
Study study = null;
StudyVersion studyVersion = null;
String studyId = VDCBaseBean.getParamFromRequestOrComponent("studyId", request);
String versionNumber = VDCBaseBean.getParamFromRequestOrComponent("versionNumber", request);
if (studyId != null) {
study = studyService.getStudy(Long.parseLong(studyId));
if (versionNumber != null) {
studyVersion =
studyService.getStudyVersion(Long.parseLong(studyId), new Long(versionNumber));
}
} else {
study =
studyService.getStudyByGlobalId(
VDCBaseBean.getParamFromRequestOrComponent("globalId", request));
}
if (study.isStudyRestrictedForUser(user, ipUserGroup)) {
return false;
}
if (studyVersion != null) {
// If study has been deaccessioned,
// only show the page if the user is authorized to edit
if (study.isDeaccessioned() && (user == null || !study.isUserAuthorizedToEdit(user))) {
return false;
}
// If this is a draft version, only show the version if the user is authorized to edit
if (studyVersion.isWorkingCopy() && (user == null || !study.isUserAuthorizedToEdit(user))) {
return false;
}
}
} else if (isVersionDiffPage(pageDef)) {
Study study = null;
StudyVersion studyVersion1 = null;
StudyVersion studyVersion2 = null;
String studyId = VDCBaseBean.getParamFromRequestOrComponent("studyId", request);
Long[] versionList = VDCRequestBean.parseVersionNumberList(request);
studyVersion1 = studyService.getStudyVersion(Long.parseLong(studyId), versionList[0]);
studyVersion2 = studyService.getStudyVersion(Long.parseLong(studyId), versionList[1]);
if (studyId != null) {
study = studyService.getStudy(Long.parseLong(studyId));
} else {
study =
studyService.getStudyByGlobalId(
VDCBaseBean.getParamFromRequestOrComponent("globalId", request));
}
if (study.isStudyRestrictedForUser(user, ipUserGroup)) {
return false;
}
// If study has been deaccessioned,
// only show the page if the user is authorized to edit
if (study.isDeaccessioned() && (user == null || !study.isUserAuthorizedToEdit(user))) {
return false;
}
// If this is a draft version, only show the version if the user is authorized to edit
if ((studyVersion1.isWorkingCopy() || studyVersion2.isWorkingCopy())
&& (user == null || !study.isUserAuthorizedToEdit(user))) {
return false;
}
if ("confirmRelease".equals(request.getParameter("actionMode"))
&& !study.isUserAuthorizedToRelease(user)) {
return false;
}
} else if (isSubsettingPage(pageDef)) {
String dtId = VDCBaseBean.getParamFromRequestOrComponent("dtId", request);
DataTable dataTable = variableService.getDataTable(Long.parseLong(dtId));
Study study = dataTable.getStudyFile().getStudy();
if (study.isStudyRestrictedForUser(user, ipUserGroup)) {
return false;
}
} else if (isExploreDataPage(pageDef)) {
String fileId = VDCBaseBean.getParamFromRequestOrComponent("fileId", request);
StudyFile sf = studyFileService.getStudyFile(Long.parseLong(fileId));
if (sf.isFileRestrictedForUser(user, currentVDC, ipUserGroup)) {
return false;
}
} else if (isEditAccountPage(pageDef)) {
String userId = VDCBaseBean.getParamFromRequestOrComponent("userId", request);
if (user == null || user.getId() != Long.parseLong(userId)) {
return false;
}
} else if (isManifestPage(pageDef)) {
LockssConfig chkLockssConfig = getLockssConfig(currentVDC);
if (chkLockssConfig == null) {
return false;
} else if (chkLockssConfig.getserverAccess().equals(ServerAccess.GROUP)) {
VDCRole userRole = null;
String userVDCRoleName = null;
if (user != null && currentVDC != null) {
userRole = loginBean.getVDCRole(currentVDC);
}
if (user != null && userRole != null && user.isAdmin(currentVDC)) {
return true;
}
if (user != null
&& user.getNetworkRole() != null
&& user.getNetworkRole().getName().equals(NetworkRoleServiceLocal.ADMIN)) {
// If you are network admin, you can do anything!
return true;
}
if (!lockssAuth.isAuthorizedLockssServer(currentVDC, request)) {
return false;
}
}
}
return true;
}
private boolean isViewStudyPage(PageDef pageDef) {
if (pageDef != null && pageDef.getName().equals(pageDefService.VIEW_STUDY_PAGE)) {
return true;
}
return false;
}
/**
* @param request The servlet request we are processing
* @param result The servlet response we are creating
* @param chain The filter chain we are processing
* @exception IOException if an input/output error occurs
* @exception ServletException if a servlet error occurs
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
String requestPath = httpRequest.getPathInfo();
VDC currentVDC = vdcService.getVDCFromRequest(httpRequest);
if (requestPath != null && requestPath.endsWith(".jsp")) {
String redirectURL = httpRequest.getContextPath();
if (currentVDC != null) {
redirectURL += "/dv/" + currentVDC.getAlias();
}
httpResponse.sendRedirect(redirectURL + "/faces/NotFoundPage.xhtml");
return;
}
PageDef pageDef = pageDefService.findByPath(requestPath);
// check for invalid study Id or study versionNumber
// for right now, do this with a sendRedirect, though we should try to figure out a solution
// with a forward isntead; that way the user can fix the issue in the URL and easily try again
if (isViewStudyPage(pageDef) || isEditStudyPage(pageDef) || isVersionDiffPage(pageDef)) {
Long studyId = determineStudyId(pageDef, httpRequest);
if (isVersionDiffPage(pageDef)) {
Long[] versionDiffNumbers = VDCRequestBean.parseVersionNumberList(httpRequest);
if (versionDiffNumbers == null || studyId == null) {
String redirectURL = httpRequest.getContextPath();
if (currentVDC != null) {
redirectURL += "/dv/" + currentVDC.getAlias();
}
httpResponse.sendRedirect(redirectURL + "/faces/NotFoundPage.xhtml");
return;
} else {
try {
// Get the studyVersions to test that the versionNumbers exist for this study.
// If they don't exist, an EJBException will be thrown.
StudyVersion sv1 = studyService.getStudyVersion(studyId, versionDiffNumbers[0]);
StudyVersion sv2 = studyService.getStudyVersion(studyId, versionDiffNumbers[1]);
} catch (EJBException e) {
if (e.getCause() instanceof IllegalArgumentException) {
String redirectURL = httpRequest.getContextPath();
if (currentVDC != null) {
redirectURL += "/dv/" + currentVDC.getAlias();
}
httpResponse.sendRedirect(redirectURL + "/faces/IdDoesNotExistPage.xhtml");
return;
} else {
throw e;
}
}
}
} else if (studyId != null) {
try {
String versionNumberParam = httpRequest.getParameter("versionNumber");
if (versionNumberParam != null) {
Long versionNumber = new Long(versionNumberParam);
StudyVersion sv = studyService.getStudyVersion(studyId, versionNumber);
} else {
// Get the study to make sure that the studyId exists.
// If it doesn't exist, and EJBException will be thrown.
Study study = studyService.getStudy(studyId);
}
} catch (EJBException e) {
if (e.getCause() instanceof IllegalArgumentException) {
String redirectURL = httpRequest.getContextPath();
if (currentVDC != null) {
redirectURL += "/dv/" + currentVDC.getAlias();
}
httpResponse.sendRedirect(redirectURL + "/faces/IdDoesNotExistPage.xhtml");
return;
} else {
throw e;
}
} catch (NumberFormatException e) {
String redirectURL = httpRequest.getContextPath();
if (currentVDC != null) {
redirectURL += "/dv/" + currentVDC.getAlias();
}
httpResponse.sendRedirect(redirectURL + "/faces/NotFoundPage.xhtml");
return;
}
}
}
setOriginalUrl(httpRequest, httpResponse, currentVDC);
LoginBean loginBean = getLoginBean(request);
UserGroup ipUserGroup = null;
if (loginBean == null) {
ipUserGroup = getIpGroup(httpRequest);
} else {
HttpSession session = ((HttpServletRequest) request).getSession(false);
}
String loginURI = (String) httpRequest.getSession().getAttribute("LOGIN_REDIRECT");
if (loginURI != null) {
httpRequest.getSession().removeAttribute("LOGIN_REDIRECT");
httpResponse.sendRedirect(loginURI);
} else {
boolean authorized = false;
if (isRolePage(pageDef, httpRequest)) {
if (isUserAuthorizedForRolePage(pageDef, httpRequest, loginBean)) {
authorized = true;
}
} else if (isUserAuthorizedForNonRolePage(pageDef, httpRequest, loginBean, ipUserGroup)) {
authorized = true;
}
if (!authorized) {
if (loginBean == null) {
redirectToLogin(httpRequest, httpResponse, currentVDC);
} else {
PageDef redirectPageDef =
pageDefService.findByName(PageDefServiceLocal.UNAUTHORIZED_PAGE);
httpResponse.sendRedirect(
httpRequest.getContextPath() + "/faces" + redirectPageDef.getPath());
}
} else {
if (isCheckLockPage(pageDef) && studyLockedMessage(pageDef, httpRequest) != null) {
PageDef redirectPageDef = pageDefService.findByName(PageDefServiceLocal.STUDYLOCKED_PAGE);
httpResponse.sendRedirect(
httpRequest.getContextPath()
+ "/faces"
+ redirectPageDef.getPath()
+ "?message="
+ studyLockedMessage(pageDef, httpRequest));
} else {
try {
chain.doFilter(request, response);
} catch (Throwable t) {
//
// If an exception is thrown somewhere down the filter chain,
// we still want to execute our after processing, and then
// rethrow the problem after that.
//
t.printStackTrace();
}
}
}
}
}