private boolean isAuthorizedToEditStudy( PageDef pageDef, VDCUser user, HttpServletRequest request, VDC currentVDC) { boolean authorized = false; // If this is a new study being created, then user is authorized if he or she is admin, curator // or contributor // in currentVDC if (pageDef.getName().equals(PageDefServiceLocal.EDIT_STUDY_PAGE) && (getStudyIdFromRequest(request) == null || Integer.parseInt(getStudyIdFromRequest(request)) < 0)) { String currentVDCRoleName = null; if (currentVDC != null && currentVDC.isAllowRegisteredUsersToContribute()) { authorized = true; } else { if (currentVDC != null && user.getVDCRole(currentVDC) != null) { currentVDCRoleName = user.getVDCRole(currentVDC).getRole().getName(); } if (currentVDCRoleName != null && (currentVDCRoleName.equals(RoleServiceLocal.ADMIN) || currentVDCRoleName.equals(RoleServiceLocal.CURATOR) || currentVDCRoleName.equals(RoleServiceLocal.CONTRIBUTOR))) { authorized = true; } } } else { // If we are editing an existing study, then the authorization depends on the study Long studyId = Long.parseLong(getStudyIdFromRequest(request)); Study study = studyService.getStudy(studyId); authorized = study.isUserAuthorizedToEdit(user); } return authorized; }