private boolean isAuthorizedToEditStudy(
PageDef pageDef, VDCUser user, HttpServletRequest request, VDC currentVDC) {
boolean authorized = false;
// If this is a new study being created, then user is authorized if he or she is admin, curator
// or contributor
// in currentVDC
if (pageDef.getName().equals(PageDefServiceLocal.EDIT_STUDY_PAGE)
&& (getStudyIdFromRequest(request) == null
|| Integer.parseInt(getStudyIdFromRequest(request)) < 0)) {
String currentVDCRoleName = null;
if (currentVDC != null && currentVDC.isAllowRegisteredUsersToContribute()) {
authorized = true;
} else {
if (currentVDC != null && user.getVDCRole(currentVDC) != null) {
currentVDCRoleName = user.getVDCRole(currentVDC).getRole().getName();
}
if (currentVDCRoleName != null
&& (currentVDCRoleName.equals(RoleServiceLocal.ADMIN)
|| currentVDCRoleName.equals(RoleServiceLocal.CURATOR)
|| currentVDCRoleName.equals(RoleServiceLocal.CONTRIBUTOR))) {
authorized = true;
}
}
} else {
// If we are editing an existing study, then the authorization depends on the study
Long studyId = Long.parseLong(getStudyIdFromRequest(request));
Study study = studyService.getStudy(studyId);
authorized = study.isUserAuthorizedToEdit(user);
}
return authorized;
}
