Esempio n. 1
0
 public String cancel() {
   VDCUser user = getVDCSessionBean().getLoginBean().getUser();
   if (user.isNetworkAdmin()) {
     return "/networkAdmin/NetworkOptionsPage?faces-redirect=true";
   } else {
     return "/login/AccountOptionsPage?faces-redirect=true&userId=" + user.getId();
   }
 }
Esempio n. 2
0
 private boolean isUserStudyCreator(VDCUser user, HttpServletRequest request) {
   boolean ret = false;
   String studyIdParam = getStudyIdFromRequest(request);
   if (studyIdParam != null) {
     Long studyId = new Long(Long.parseLong(studyIdParam));
     Study study = studyService.getStudy(studyId);
     if (study.getCreator().getId().equals(user.getId())) {
       ret = true;
     }
   }
   return ret;
 }
  private void create(VDCUser user, String name, String alias, String dtype, List studyFields) {
    VDC addedSite = new VDC();
    addedSite.setCreator(user);

    VDCNetwork vdcNetwork = vdcNetworkService.find(new Long(1));
    addedSite.setDefaultTemplate(vdcNetwork.getDefaultTemplate());

    em.persist(addedSite);

    addedSite.setName(name);
    addedSite.setAlias(alias);
    addedSite.setDtype(dtype);
    addedSite.setCreatedDate(DateUtil.getTimestamp());
    addedSite.getRootCollection().setName(name);

    addedSite.setDefaultTemplate(vdcNetwork.getDefaultTemplate());
    addedSite.setHeader(vdcNetwork.getDefaultVDCHeader());
    addedSite.setFooter(vdcNetwork.getDefaultVDCFooter());
    addedSite.setRestricted(true);
    addedSite.setDisplayAnnouncements(false);
    ArrayList advancedSearchFields = new ArrayList();
    ArrayList searchResultsFields = new ArrayList();

    for (Iterator it = studyFields.iterator(); it.hasNext(); ) {
      StudyField elem = (StudyField) it.next();
      if (elem.isAdvancedSearchField()) {
        advancedSearchFields.add(elem);
      }
      if (elem.isSearchResultField()) {
        searchResultsFields.add(elem);
      }
    }
    addedSite.setAdvSearchFields(advancedSearchFields);
    addedSite.setSearchResultFields(searchResultsFields);

    userService.addVdcRole(
        user.getId(), findByAlias(addedSite.getAlias()).getId(), roleService.ADMIN);
  }
Esempio n. 4
0
  private boolean isUserAuthorizedForNonRolePage(
      PageDef pageDef, HttpServletRequest request, LoginBean loginBean, UserGroup ipUserGroup) {
    VDCUser user = null;
    if (loginBean != null) {
      user = loginBean.getUser();
    }

    if (user != null
        && user.getNetworkRole() != null
        && user.getNetworkRole().getName().equals(NetworkRoleServiceLocal.ADMIN)) {
      // If you are network admin, you can do anything!
      return true;
    }

    VDC currentVDC = vdcService.getVDCFromRequest(request);
    if (currentVDC != null && !isTermsOfUsePage(pageDef) && isVdcRestricted(pageDef, request)) {
      if (currentVDC.isVDCRestrictedForUser(user, ipUserGroup)) {
        return false;
      }
    } else if (pageDef != null
        && (pageDef.getName().equals(PageDefServiceLocal.DV_OPTIONS_PAGE)
            || pageDef.getName().equals(PageDefServiceLocal.ACCOUNT_OPTIONS_PAGE)
            || pageDef.getName().equals(PageDefServiceLocal.ACCOUNT_PAGE)
            || pageDef.getName().equals(PageDefServiceLocal.MANAGE_STUDIES_PAGE))) {
      // For these  pages, the only requirement is
      // to be logged in.
      if (user == null) {
        return false;
      }
      String userParam = request.getParameter("userId");
      if (userParam != null && !userParam.equals(user.getId().toString())) {
        // To view other users, logged in user must be an admin or curator
        if (!(user.isAdmin(currentVDC) || user.isCurator(currentVDC))) {
          return false;
        }
      }
    } else if (isViewStudyPage(pageDef)) {
      Study study = null;
      StudyVersion studyVersion = null;
      String studyId = VDCBaseBean.getParamFromRequestOrComponent("studyId", request);
      String versionNumber = VDCBaseBean.getParamFromRequestOrComponent("versionNumber", request);
      if (studyId != null) {
        study = studyService.getStudy(Long.parseLong(studyId));
        if (versionNumber != null) {
          studyVersion =
              studyService.getStudyVersion(Long.parseLong(studyId), new Long(versionNumber));
        }
      } else {
        study =
            studyService.getStudyByGlobalId(
                VDCBaseBean.getParamFromRequestOrComponent("globalId", request));
      }
      if (study.isStudyRestrictedForUser(user, ipUserGroup)) {
        return false;
      }
      if (studyVersion != null) {
        // If study has been deaccessioned,
        // only show the page if the user is authorized to edit
        if (study.isDeaccessioned() && (user == null || !study.isUserAuthorizedToEdit(user))) {
          return false;
        }
        // If this is a draft version, only show the version if the user is authorized to edit
        if (studyVersion.isWorkingCopy() && (user == null || !study.isUserAuthorizedToEdit(user))) {
          return false;
        }
      }

    } else if (isVersionDiffPage(pageDef)) {
      Study study = null;
      StudyVersion studyVersion1 = null;
      StudyVersion studyVersion2 = null;
      String studyId = VDCBaseBean.getParamFromRequestOrComponent("studyId", request);

      Long[] versionList = VDCRequestBean.parseVersionNumberList(request);

      studyVersion1 = studyService.getStudyVersion(Long.parseLong(studyId), versionList[0]);
      studyVersion2 = studyService.getStudyVersion(Long.parseLong(studyId), versionList[1]);

      if (studyId != null) {
        study = studyService.getStudy(Long.parseLong(studyId));

      } else {
        study =
            studyService.getStudyByGlobalId(
                VDCBaseBean.getParamFromRequestOrComponent("globalId", request));
      }
      if (study.isStudyRestrictedForUser(user, ipUserGroup)) {
        return false;
      }

      // If study has been deaccessioned,
      // only show the page if the user is authorized to edit
      if (study.isDeaccessioned() && (user == null || !study.isUserAuthorizedToEdit(user))) {
        return false;
      }
      // If this is a draft version, only show the version if the user is authorized to edit
      if ((studyVersion1.isWorkingCopy() || studyVersion2.isWorkingCopy())
          && (user == null || !study.isUserAuthorizedToEdit(user))) {
        return false;
      }
      if ("confirmRelease".equals(request.getParameter("actionMode"))
          && !study.isUserAuthorizedToRelease(user)) {
        return false;
      }

    } else if (isSubsettingPage(pageDef)) {
      String dtId = VDCBaseBean.getParamFromRequestOrComponent("dtId", request);

      DataTable dataTable = variableService.getDataTable(Long.parseLong(dtId));
      Study study = dataTable.getStudyFile().getStudy();
      if (study.isStudyRestrictedForUser(user, ipUserGroup)) {
        return false;
      }
    } else if (isExploreDataPage(pageDef)) {
      String fileId = VDCBaseBean.getParamFromRequestOrComponent("fileId", request);
      StudyFile sf = studyFileService.getStudyFile(Long.parseLong(fileId));
      if (sf.isFileRestrictedForUser(user, currentVDC, ipUserGroup)) {
        return false;
      }
    } else if (isEditAccountPage(pageDef)) {
      String userId = VDCBaseBean.getParamFromRequestOrComponent("userId", request);
      if (user == null || user.getId() != Long.parseLong(userId)) {
        return false;
      }
    } else if (isManifestPage(pageDef)) {

      LockssConfig chkLockssConfig = getLockssConfig(currentVDC);
      if (chkLockssConfig == null) {
        return false;
      } else if (chkLockssConfig.getserverAccess().equals(ServerAccess.GROUP)) {
        VDCRole userRole = null;
        String userVDCRoleName = null;
        if (user != null && currentVDC != null) {
          userRole = loginBean.getVDCRole(currentVDC);
        }
        if (user != null && userRole != null && user.isAdmin(currentVDC)) {
          return true;
        }

        if (user != null
            && user.getNetworkRole() != null
            && user.getNetworkRole().getName().equals(NetworkRoleServiceLocal.ADMIN)) {
          // If you are network admin, you can do anything!
          return true;
        }

        if (!lockssAuth.isAuthorizedLockssServer(currentVDC, request)) {
          return false;
        }
      }
    }
    return true;
  }