Esempio n. 1
0
  public Boolean isFileAuth(AuthorizationFacade facade, Agent agent, Id artifactId) {
    // check if this id is attached to any cell
    if (artifactId == null) return new Boolean(true);

    List cells = getMatrixManager().getCellsByArtifact(artifactId);

    if (cells.size() == 0) {
      return null;
    }

    // does this user have access to any of the above cells
    for (Iterator i = cells.iterator(); i.hasNext(); ) {
      Cell cell = (Cell) i.next();
      Id siteId = cell.getMatrix().getScaffolding().getWorksiteId();
      if (getExplicitAuthz().isAuthorized(agent, MatrixFunctionConstants.REVIEW_MATRIX, siteId)
          || getExplicitAuthz()
              .isAuthorized(agent, MatrixFunctionConstants.EVALUATE_MATRIX, siteId)) {
        return new Boolean(true);
      }

      Boolean returned = isCellAuthForEval(facade, agent, cell.getId());
      if (returned != null && returned.booleanValue()) {
        return returned;
      }
    }

    return null;
  }
  public Object fillBackingObject(Object incomingModel, Map request, Map session, Map application)
      throws Exception {
    // coming from matrix cell, not helper
    session.remove(WizardPageHelper.WIZARD_PAGE);

    CellFormBean cellBean = (CellFormBean) incomingModel;

    String strId = (String) request.get("page_id");
    if (strId == null) {
      strId = (String) session.get("page_id");
      session.remove("page_id");
    }

    Cell cell;
    Id id = getIdManager().getId(strId);

    // Check if the cell has been removed, which can happen if:
    // (1) user views matrix
    // (2) owner removes column or row (the code verifies that no one has
    // modified the matrix)
    // (3) user selects a cell that has just been removed with the column or
    // row
    try {
      cell = matrixManager.getCellFromPage(id);

      cellBean.setCell(cell);

      List nodeList = new ArrayList(matrixManager.getPageContents(cell.getWizardPage()));
      cellBean.setNodes(nodeList);

      if (request.get("view_user") != null) {
        session.put("view_user", cell.getWizardPage().getOwner().getId().getValue());
      }
    } catch (Exception e) {
      logger.error("Error with cell: " + strId + " " + e.toString());
      // tbd how to report error back to user?
    }

    clearSession(getSessionManager().getCurrentToolSession());
    return cellBean;
  }
  /* (non-Javadoc)
   * @see org.theospi.utils.mvc.intf.Controller#handleRequest(java.lang.Object, java.util.Map, java.util.Map, java.util.Map, org.springframework.validation.Errors)
   */
  public ModelAndView handleRequest(
      Object requestModel, Map request, Map session, Map application, Errors errors) {
    WizardPage page = (WizardPage) session.get(WizardPageHelper.WIZARD_PAGE);
    Id cellId = idManager.getId((String) request.get("page_id"));
    Id formId = idManager.getId((String) request.get("current_form_id"));
    Cell cell = getMatrixManager().getCellFromPage(cellId);
    boolean sessionPage = true;
    if (page == null) {
      sessionPage = false;
      page = cell.getWizardPage();
    }

    String submitAction = (String) request.get("submit");
    session.remove(WizardPageHelper.WIZARD_PAGE);
    getMatrixManager().removeFromSession(page);
    if (submitAction.equals(DELETE_FORM)) {
      getMatrixManager().detachForm(page.getId(), formId);
    } else // (submitAction.equals(DELETE_FEEDBACK))
    {
      Id reviewId = idManager.getId((String) request.get("review_id"));
      Review review = getReviewManager().getReview(reviewId);
      if (review != null) getReviewManager().deleteReview(review);
      else logger.warn("Null feedback form (perhaps multiple submits):" + reviewId);
    }

    if (sessionPage)
      session.put(WizardPageHelper.WIZARD_PAGE, getMatrixManager().getWizardPage(page.getId()));

    try {
      // unlock and delete content
      String reviewContentId = contentHosting.getUuid(formId.getValue());
      if (getLockManager().isLocked(reviewContentId))
        getLockManager().removeLock(reviewContentId, cellId.getValue());
      getContentHosting().removeResource(formId.getValue());
    } catch (Exception e) {
      logger.warn("Error removing form: " + e.toString());
    }

    // if not submit, then cancel, but both submit and cancel have the some view, so
    return new ModelAndView("continue", "page_id", page.getId().getValue());
  }
 protected ModelAndView tagItem(Cell cell, Map request, Map session) {
   ModelAndView view = null;
   // Get appropriate helperInfo
   for (TaggingHelperInfo info :
       getHelperInfo(wizardActivityProducer.getItem(cell.getWizardPage()))) {
     if (info.getProvider().getId().equals(request.get("providerId"))) {
       // Add parameters to session
       for (String key : info.getParameterMap().keySet()) {
         session.put(key, info.getParameterMap().get(key));
       }
       session.put("page_id", (String) request.get("page_id"));
       view = new ModelAndView(new RedirectView(info.getHelperId() + ".helper"));
       break;
     }
   }
   return view;
 }
Esempio n. 5
0
  /* (non-Javadoc)
   * @see org.theospi.portfolio.security.app.ApplicationAuthorizer#isAuthorized(org.theospi.portfolio.security.AuthorizationFacade, org.theospi.portfolio.shared.model.Agent, java.lang.String, org.theospi.portfolio.shared.model.Id)
   */
  public Boolean isAuthorized(AuthorizationFacade facade, Agent agent, String function, Id id) {
    logger.debug("isAuthorized?(...) invoked in MatrixAuthorizer");

    if (MatrixFunctionConstants.EVALUATE_MATRIX.equals(function)
        || MatrixFunctionConstants.REVIEW_MATRIX.equals(function)
        || MatrixFunctionConstants.USE_SCAFFOLDING.equals(function)) {
      return new Boolean(facade.isAuthorized(function, id));
    } else if (MatrixFunctionConstants.DELETE_SCAFFOLDING.equals(function)) {
      Scaffolding scaffolding = getMatrixManager().getScaffolding(id);
      if (scaffolding == null) return new Boolean(facade.isAuthorized(agent, function, id));

      if (!scaffolding.isPublished() && (scaffolding.getOwner().equals(agent))
          || facade.isAuthorized(agent, function, scaffolding.getWorksiteId()))
        return new Boolean(true);
    } else if (ContentHostingService.EVENT_RESOURCE_READ.equals(function)) {
      return isFileAuth(facade, agent, id);
    } else if (function.equals(MatrixFunctionConstants.CREATE_SCAFFOLDING)) {
      return new Boolean(facade.isAuthorized(agent, function, id));
    } else if (function.equals(MatrixFunctionConstants.EDIT_SCAFFOLDING)) {
      return new Boolean(facade.isAuthorized(agent, function, id));
    } else if (function.equals(MatrixFunctionConstants.EXPORT_SCAFFOLDING)) {
      return new Boolean(facade.isAuthorized(agent, function, id));
    } else if (function.equals(MatrixFunctionConstants.VIEW_SCAFFOLDING_GUIDANCE)) {
      // If I can eval, review, or own it
      ScaffoldingCell sCell = getMatrixManager().getScaffoldingCellByWizardPageDef(id);
      // sCell.getWizardPageDefinition().get

      if (sCell == null)
        throw new NullPointerException(
            "The cell was not found.  Wizard Page Def for cell: " + id.getValue());

      Boolean returned = null;

      Id worksiteId = sCell.getScaffolding().getWorksiteId();

      // first check global perms for the site
      if (checkPerms(
          facade,
          new String[] {
            MatrixFunctionConstants.USE_SCAFFOLDING,
            MatrixFunctionConstants.EVALUATE_MATRIX,
            MatrixFunctionConstants.REVIEW_MATRIX
          },
          worksiteId)) {
        return Boolean.valueOf(true);
      }

      for (Iterator iter = sCell.getCells().iterator(); iter.hasNext(); ) {
        Cell cell = (Cell) iter.next();
        if (checkPerms(
            facade,
            new String[] {
              MatrixFunctionConstants.EVALUATE_MATRIX, MatrixFunctionConstants.REVIEW_MATRIX
            },
            cell.getId())) {
          return Boolean.valueOf(true);
        }
      }
      returned = Boolean.valueOf(sCell.getScaffolding().getOwner().equals(agent));
      if (returned.booleanValue()) return returned;
    } else if (function.equals(MatrixFunctionConstants.EDIT_SCAFFOLDING_GUIDANCE)) {
      ScaffoldingCell sCell = getMatrixManager().getScaffoldingCellByWizardPageDef(id);
      Agent owner = null;
      if (sCell != null) {
        owner = sCell.getScaffolding().getOwner();
      }
      return new Boolean(agent.equals(owner));
    } else if (function.equals(MatrixFunctionConstants.EVALUATE_SPECIFIC_MATRIXCELL)) {
      WizardPage page = getMatrixManager().getWizardPage(id);
      Id siteId = idManager.getId(page.getPageDefinition().getSiteId());
      //       make sure that the target site gets tested

      facade.pushAuthzGroups(siteId.getValue());
      return new Boolean(
          facade.isAuthorized(agent, MatrixFunctionConstants.EVALUATE_MATRIX, siteId));
    }

    return null; // don't care
  }
  public ModelAndView handleRequest(
      Object requestModel, Map request, Map session, Map application, Errors errors) {
    CellFormBean cellBean = (CellFormBean) requestModel;
    Cell cell = cellBean.getCell();

    // Check for cell being deleted while user was attempting to view
    if (cell == null) {
      return new ModelAndView("matrixError");
    }

    // String action = (String)request.get("action");
    String submit = (String) request.get("submit");
    String matrixAction = (String) request.get("matrix");
    String submitAction = (String) request.get("submitAction");
    String inviteFeedback = (String) request.get("inviteFeedback");
    String submitForReview = (String) request.get("submitForReview");

    if (inviteFeedback != null) {
      session.put("feedbackCellId", cell.getId().getValue());
      session.put("feedbackMatrixCall", "feedbackMatrixCall");

      return new ModelAndView("feedbackHelper");
    }
    if (submitForReview != null) {
      Map map = new HashMap();
      map.put("page_id", cell.getWizardPage().getId());
      map.put("feedbackCellId", cell.getId().getValue());
      map.put("cellBean", cellBean);
      return new ModelAndView("inviteFeedbackConfirm", map);
    }

    if ("tagItem".equals(submitAction)) {
      return tagItem(cell, request, session);
    } else if ("sortList".equals(submitAction)) {
      return sortList(request, session);
    } else if ("pageList".equals(submitAction)) {
      return pageList(request, session);
    }

    if (submit != null) {
      Map map = new HashMap();
      map.put("page_id", cell.getWizardPage().getId());
      map.put("selectedArtifacts", ListToString(cellBean.getSelectedArtifacts()));
      map.put("cellBean", cellBean);
      // cwm change this to use the reflection submission confirmation
      return new ModelAndView("confirm", map);
    }

    if (matrixAction != null) {
      Map map = new HashMap();
      String scaffId = "";
      String viewUser = "";
      if (getTaggingManager().isTaggable()) {
        session.remove(HibernateMatrixManagerImpl.PROVIDERS_PARAM);
      }

      if (cell.getMatrix() != null) {
        scaffId = cell.getMatrix().getScaffolding().getId().getValue();
        viewUser = cell.getMatrix().getOwner().getId().getValue();
      }

      map.put("scaffolding_id", scaffId);
      map.put("view_user", viewUser);

      if (session.get("is_eval_page_id") != null) {
        String eval_page_id = (String) session.get("is_eval_page_id");
        String pageId = cell.getWizardPage().getId().getValue();
        if (eval_page_id.equals(pageId)) {
          return new ModelAndView("cancelEvaluation");
        }
      }

      return new ModelAndView("cancel", map);
    }

    return new ModelAndView("success", "cellBean", cellBean);
  }
  public Map referenceData(Map request, Object command, Errors errors) {

    Map model = new HashMap();
    model.put("feedbackSent", false);
    ToolSession session = getSessionManager().getCurrentToolSession();

    CellFormBean cell = (CellFormBean) command;
    if (cell == null || cell.getCell() == null) {
      logger.error("Cell backing bean or cell.getCell() is null");
      clearSession(session);
      model.put("nullCellError", true);
      return model;
    }

    if (request.get("feedbackReturn") != null) {
      // feedbackReturn is returned from FeedbackHelperController and is the Id of the wizardPage of
      // the cell.
      cell.setCell(
          matrixManager.getCellFromPage(idManager.getId(request.get("feedbackReturn").toString())));
      if (request.get("feedbackAction") != null
          && request.get("feedbackAction").toString().equals("save")) {
        model.put("feedbackSent", true);
      }
    }

    model.put("matrixCanViewCell", false);
    if (request.get("comingFromWizard") == null) {
      // depending on isDefaultFeedbackEval, either send the scaffolding id or the scaffolding
      // cell's id
      boolean matrixCanEvaluate =
          getMatrixManager()
              .hasPermission(
                  cell.getCell().getScaffoldingCell().isDefaultEvaluators()
                      ? cell.getCell().getScaffoldingCell().getScaffolding().getId()
                      : cell.getCell().getScaffoldingCell().getWizardPageDefinition().getId(),
                  cell.getCell().getScaffoldingCell().getScaffolding().getWorksiteId(),
                  MatrixFunctionConstants.EVALUATE_MATRIX);
      model.put("matrixCanEvaluate", matrixCanEvaluate);
      // depending on isDefaultFeedbackEval, either send the scaffolding id or the scaffolding
      // cell's id
      // also, compare first result with the user's cell review list by sending the user's cell id
      boolean allowParticipantFeedback =
          cell.getCell().getScaffoldingCell().isDefaultReviewers()
              ? cell.getCell().getScaffoldingCell().getScaffolding().isAllowRequestFeedback()
              : cell.getCell()
                  .getScaffoldingCell()
                  .getWizardPageDefinition()
                  .isAllowRequestFeedback();
      boolean matrixCanReview =
          getMatrixManager()
                  .hasPermission(
                      cell.getCell().getScaffoldingCell().isDefaultReviewers()
                          ? cell.getCell().getScaffoldingCell().getScaffolding().getId()
                          : cell.getCell().getScaffoldingCell().getWizardPageDefinition().getId(),
                      cell.getCell().getScaffoldingCell().getScaffolding().getWorksiteId(),
                      MatrixFunctionConstants.REVIEW_MATRIX)
              || (allowParticipantFeedback
                  && getMatrixManager()
                      .hasPermission(
                          cell.getCell().getWizardPage().getId(),
                          cell.getCell().getScaffoldingCell().getScaffolding().getWorksiteId(),
                          MatrixFunctionConstants.FEEDBACK_MATRIX));
      model.put("matrixCanReview", matrixCanReview);

      boolean hasAnyReviewers =
          cell.getCell().getScaffoldingCell().isDefaultReviewers()
              ? !getMatrixManager()
                  .getSelectedUsers(
                      cell.getCell().getScaffoldingCell().getScaffolding(),
                      MatrixFunctionConstants.REVIEW_MATRIX)
                  .isEmpty()
              : !getMatrixManager()
                  .getSelectedUsers(
                      cell.getCell().getScaffoldingCell().getWizardPageDefinition(),
                      MatrixFunctionConstants.REVIEW_MATRIX)
                  .isEmpty();
      model.put("hasAnyReviewers", hasAnyReviewers);

      // NOTE: matrixCanEval or Review both return true if the user is a
      // super user:
      if (getMatrixManager().canAccessMatrixCell(cell.getCell())) {
        model.put("matrixCanViewCell", true);
      }
    } else {
      WizardPage currentWizPage =
          getMatrixManager().getWizardPage(cell.getCell().getWizardPage().getId());
      Id wizPageDefId = currentWizPage.getPageDefinition().getId();
      String wizardId =
          getWizardManager()
              .getWizardPageSeqByDef(wizPageDefId)
              .getCategory()
              .getWizard()
              .getId()
              .getValue();
      model.put("wizardId", wizardId);
      model.put(
          "isWizardOwner",
          getSessionManager()
              .getCurrentSessionUserId()
              .equals(currentWizPage.getOwner().getId().getValue()));
    }

    if (request.get("decPageId") != null
        && request.get("decWrapperTag") != null
        && request.get("decSiteId") != null) {
      // make sure that we are not coming from another wizard page which should grant you access to
      // this page
      String pageId = (String) request.get("decPageId");
      String siteId = (String) request.get("decSiteId");

      if (getMatrixManager()
          .canUserAccessWizardPageAndLinkedArtifcact(
              siteId,
              pageId,
              "/wizard/page/" + cell.getCell().getWizardPage().getId().getValue())) {
        model.put("matrixCanViewCell", true);
      }
    }

    model.put("isMatrix", "true");
    model.put("isWizard", "false");
    model.put("enableReviewEdit", getEnableReviewEdit());
    model.put("currentUser", getSessionManager().getCurrentSessionUserId());
    model.put("CURRENT_GUIDANCE_ID_KEY", "session." + GuidanceManager.CURRENT_GUIDANCE_ID);

    model.put("isEvaluation", "false");

    // This is the tool session so evaluation tool gets "is_eval_page_id"
    // and the matrix/wizard does not
    if (session.getAttribute("is_eval_page_id") != null) {
      String eval_page_id = (String) session.getAttribute("is_eval_page_id");
      model.put("isEvaluation", "true");
    }

    model.put("pageTitleKey", "view_cell");

    // Check for cell being deleted while user was attempting to view
    if (cell.getCell() == null) {
      clearSession(session);
      return model;
    }

    String pageId = cell.getCell().getWizardPage().getId().getValue();
    String siteId = cell.getCell().getWizardPage().getPageDefinition().getSiteId();
    model.put("siteId", idManager.getId(siteId));
    List reviews =
        getReviewManager()
            .getReviewsByParentAndType(pageId, Review.FEEDBACK_TYPE, siteId, getEntityProducer());
    ArrayList<Node> cellForms =
        new ArrayList<Node>(getMatrixManager().getPageForms(cell.getCell().getWizardPage()));
    Collections.sort(cellForms, new NodeNameComparator());

    if (cell.getCell().getScaffoldingCell().getWizardPageDefinition().isDefaultCustomForm()
        && request.get("comingFromWizard") == null) {
      model.put(
          "cellFormDefs",
          processAdditionalForms(
              cell.getCell().getScaffoldingCell().getScaffolding().getAdditionalForms()));
    } else {
      model.put(
          "cellFormDefs",
          processAdditionalForms(cell.getCell().getScaffoldingCell().getAdditionalForms()));
    }

    model.put("assignments", getUserAssignments(cell));
    model.put("reviews", reviews); // feedback
    model.put(
        "evaluations",
        getReviewManager()
            .getReviewsByParentAndType(
                pageId, Review.EVALUATION_TYPE, siteId, getEntityProducer()));
    model.put(
        "reflections",
        getReviewManager()
            .getReviewsByParentAndType(
                pageId, Review.REFLECTION_TYPE, siteId, getEntityProducer()));
    model.put("cellForms", cellForms);
    model.put("numCellForms", cellForms.size());

    Boolean readOnly = Boolean.valueOf(false);

    // Matrix-only initializations
    if (cell.getCell().getMatrix() != null) {
      model.put(
          "allowItemFeedback",
          getAllowItemFeedback(
              cell.getCell().getScaffoldingCell().getScaffolding().getItemFeedbackOption(),
              reviews,
              cellForms,
              cell.getNodes()));
      model.put(
          "allowGeneralFeedback",
          getAllowGeneralFeedback(
              cell.getCell().getScaffoldingCell().getScaffolding().getGeneralFeedbackOption(),
              reviews));
      model.put(
          "generalFeedbackNone",
          cell.getCell().getScaffoldingCell().getScaffolding().isGeneralFeedbackNone());

      Agent owner = cell.getCell().getMatrix().getOwner();
      readOnly =
          isReadOnly(
              owner,
              getIdManager().getId(cell.getCell().getMatrix().getScaffolding().getReference()));

      Cell pageCell = getMatrixManager().getCellFromPage(getIdManager().getId(pageId));
      Scaffolding scaffolding = pageCell.getMatrix().getScaffolding();

      model.put("objectId", scaffolding.getId().getValue());
      model.put("objectTitle", scaffolding.getTitle());
      model.put("objectDesc", scaffolding.getDescription());
      model.put(
          "wizardOwner",
          rb.getFormattedMessage("matrix_of", new Object[] {owner.getDisplayName()}));
    }

    model.put("readOnlyMatrix", readOnly);

    model.put(
        "styles",
        getStyleManager()
            .createStyleUrlList(getStyleManager().getStyles(getIdManager().getId(pageId))));

    if (getTaggingManager().isTaggable()) {
      TaggableItem item = wizardActivityProducer.getItem(cell.getCell().getWizardPage());
      model.put("taggable", "true");

      // getMatrixManager().getTaggableItems will put the providers into the session
      Set<DecoratedTaggableItem> decoTaggableItems =
          getMatrixManager()
              .getDecoratedTaggableItems(
                  item,
                  cell.getCell().getWizardPage().getPageDefinition().getReference(),
                  cell.getCell().getWizardPage().getOwner().getId().getValue());
      List<DecoratedTaggableItem> decoTaggableItemList =
          new ArrayList<DecoratedTaggableItem>(decoTaggableItems);

      Collections.sort(decoTaggableItemList, decoTaggableItemComparator);
      model.put("taggableItems", decoTaggableItemList);

      ToolSession toolSession = getSessionManager().getCurrentToolSession();
      List<DecoratedTaggingProvider> providers =
          (List) toolSession.getAttribute(HibernateMatrixManagerImpl.PROVIDERS_PARAM);
      // but just double check to make sure that providers doesn't exist
      if (providers == null) {
        providers = getMatrixManager().getDecoratedProviders(item.getActivity());
        toolSession.setAttribute(HibernateMatrixManagerImpl.PROVIDERS_PARAM, providers);
      }
      model.put("helperInfoList", getHelperInfo(item));
      model.put("providers", providers);
      model.put("criteriaRef", cell.getCell().getWizardPage().getPageDefinition().getReference());

      model.put("decoWrapper", "ospMatrix_" + siteId + "_" + pageId);
    }

    clearSession(session);
    return model;
  }