/** Note that details is the only optional field */ public String createEntity(EntityReference ref, Object entity, Map<String, Object> params) { Poll poll = (Poll) entity; poll.setCreationDate(new Date()); if (poll.getId() == null) { poll.setId(UUID.randomUUID().toString()); } if (poll.getOwner() == null) { poll.setOwner(developerHelperService.getCurrentUserId()); } String siteId = developerHelperService.getCurrentLocationId(); if (poll.getSiteId() == null) { poll.setSiteId(siteId); } else { siteId = poll.getSiteId(); } String userReference = developerHelperService.getCurrentUserReference(); String location = "/site/" + siteId; boolean allowed = developerHelperService.isUserAllowedInEntityReference( userReference, PollListManager.PERMISSION_ADD, location); if (!allowed) { throw new SecurityException( "Current user (" + userReference + ") cannot create polls in location (" + location + ")"); } pollListManager.savePoll(poll); return poll.getPollId() + ""; }
@Deprecated public List<?> getEntities(EntityReference ref, Search search) { // get the pollId Restriction pollRes = search.getRestrictionByProperty("pollId"); if (pollRes == null || pollRes.getSingleValue() == null) { throw new IllegalArgumentException( "Must include a non-null pollId in order to retreive a list of votes"); } Long pollId = null; try { pollId = developerHelperService.convert(pollRes.getSingleValue(), Long.class); } catch (UnsupportedOperationException e) { throw new IllegalArgumentException( "Invalid: pollId must be a long number: " + e.getMessage(), e); } // get the poll Poll poll = pollListManager.getPollById(pollId); if (poll == null) { throw new IllegalArgumentException( "pollId (" + pollId + ") is invalid and does not match any known polls"); } else { boolean allowedPublic = pollListManager.isPollPublic(poll); if (!allowedPublic) { String userReference = developerHelperService.getCurrentUserReference(); if (userReference == null) { throw new EntityException( "User must be logged in in order to access poll data", ref.getId(), HttpServletResponse.SC_UNAUTHORIZED); } else { boolean allowedManage = false; boolean allowedVote = false; allowedManage = developerHelperService.isUserAllowedInEntityReference( userReference, PollListManager.PERMISSION_ADD, "/site/" + poll.getSiteId()); allowedVote = developerHelperService.isUserAllowedInEntityReference( userReference, PollListManager.PERMISSION_VOTE, "/site/" + poll.getSiteId()); if (!(allowedManage || allowedVote)) { throw new SecurityException( "User (" + userReference + ") not allowed to access poll data: " + ref); } } } } // get the options List<Option> options = pollListManager.getOptionsForPoll(pollId); return options; }
/** * Checks if the given user can create/update/delete options * * @param userRef * @param option */ @Deprecated private void checkOptionPermission(String userRef, Option option) { if (option.getPollId() == null) { throw new IllegalArgumentException( "Poll Id must be set in the option to check permissions: " + option); } Long pollId = option.getPollId(); // validate poll exists Poll poll = pollListManager.getPollById(pollId, false); if (poll == null) { throw new IllegalArgumentException( "Invalid poll id (" + pollId + "), could not find poll from option: " + option); } // check permissions String siteRef = "/site/" + poll.getSiteId(); if (!developerHelperService.isUserAllowedInEntityReference( userRef, PollListManager.PERMISSION_ADD, siteRef)) { throw new SecurityException( "User (" + userRef + ") is not allowed to create/update/delete options in this poll (" + pollId + ")"); } }
public void updateEntity(EntityReference ref, Object entity, Map<String, Object> params) { String id = ref.getId(); if (id == null) { throw new IllegalArgumentException( "The reference must include an id for updates (id is currently null)"); } String userReference = developerHelperService.getCurrentUserReference(); if (userReference == null) { throw new SecurityException("anonymous user cannot update poll: " + ref); } Poll current = getPollById(id); if (current == null) { throw new IllegalArgumentException("No poll found to update for the given reference: " + ref); } Poll poll = (Poll) entity; String siteId = developerHelperService.getCurrentLocationId(); if (poll.getSiteId() == null) { poll.setSiteId(siteId); } else { siteId = poll.getSiteId(); } String location = "/site/" + siteId; // should this check a different permission? boolean allowed = developerHelperService.isUserAllowedInEntityReference( userReference, PollListManager.PERMISSION_ADD, location); if (!allowed) { throw new SecurityException( "Current user (" + userReference + ") cannot update polls in location (" + location + ")"); } developerHelperService.copyBean( poll, current, 0, new String[] { "id", "pollId", "owner", "siteId", "creationDate", "reference", "url", "properties" }, true); pollListManager.savePoll(current); }
public Object getEntity(EntityReference ref) { String id = ref.getId(); if (id == null) { return new Poll(); } Poll poll = getPollById(id); if (poll == null) { throw new IllegalArgumentException("No poll found for the given reference: " + ref); } Long pollId = poll.getPollId(); String currentUserId = developerHelperService.getCurrentUserId(); boolean allowedManage = false; if (!developerHelperService.isEntityRequestInternal(ref + "")) { if (!pollListManager.isPollPublic(poll)) { // this is not a public poll? (ie .anon role has poll.vote) String userReference = developerHelperService.getCurrentUserReference(); if (userReference == null) { throw new EntityException( "User must be logged in in order to access poll data", ref.getId(), HttpServletResponse.SC_UNAUTHORIZED); } allowedManage = developerHelperService.isUserAllowedInEntityReference( userReference, PollListManager.PERMISSION_ADD, "/site/" + poll.getSiteId()); boolean allowedVote = developerHelperService.isUserAllowedInEntityReference( userReference, PollListManager.PERMISSION_VOTE, "/site/" + poll.getSiteId()); if (!allowedManage && !allowedVote) { throw new SecurityException( "User (" + userReference + ") not allowed to access poll data: " + ref); } } } Boolean includeVotes = requestStorage.getStoredValueAsType(Boolean.class, "includeVotes"); if (includeVotes == null) { includeVotes = false; } if (includeVotes) { List<Vote> votes = pollVoteManager.getAllVotesForPoll(poll); poll.setVotes(votes); } Boolean includeOptions = requestStorage.getStoredValueAsType(Boolean.class, "includeOptions"); if (includeOptions == null) { includeOptions = false; } if (includeOptions) { List<Option> options = pollListManager.getOptionsForPoll(poll); poll.setOptions(options); } // add in the indicator that this user has replied if (currentUserId != null) { Map<Long, List<Vote>> voteMap = pollVoteManager.getVotesForUser(currentUserId, new Long[] {pollId}); List<Vote> l = voteMap.get(pollId); if (l != null) { poll.setCurrentUserVoted(true); poll.setCurrentUserVotes(l); } else { poll.setCurrentUserVoted(false); } } return poll; }