private boolean isTermsOfUsePage(PageDef pageDef) {
if (pageDef != null
&& (pageDef.getName().equals(pageDefService.TERMS_OF_USE_PAGE)
|| pageDef.getName().equals(pageDefService.ACCOUNT_TERMS_OF_USE_PAGE))) {
return true;
}
return false;
}
private boolean isCheckLockPage(PageDef pageDef) {
if (pageDef != null
&& (pageDef.getName().equals(PageDefServiceLocal.EDIT_STUDY_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.EDIT_VARIABLE_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.DELETE_STUDY_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.STUDY_PERMISSIONS_PAGE))) {
return true;
}
return false;
}
private boolean isVdcRestricted(PageDef pageDef, HttpServletRequest request) {
boolean restricted = false;
VDC currentVDC = vdcService.getVDCFromRequest(request);
if (pageDef != null
&& (pageDef.getName().equals(PageDefServiceLocal.LOGIN_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.LOGOUT_PAGE))) {
restricted = false;
} else if (currentVDC != null && currentVDC.isRestricted()) {
restricted = true;
}
return restricted;
}
private boolean isEditStudyPage(PageDef pageDef) {
if (pageDef != null
&& (pageDef.getName().equals(PageDefServiceLocal.EDIT_STUDY_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.EDIT_VARIABLE_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.ADD_FILES_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.DELETE_STUDY_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.EDIT_FILES_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.SETUP_DATA_EXPLORATION_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.STUDY_PERMISSIONS_PAGE))) {
return true;
}
return false;
}
private boolean isAuthorizedToEditStudy(
PageDef pageDef, VDCUser user, HttpServletRequest request, VDC currentVDC) {
boolean authorized = false;
// If this is a new study being created, then user is authorized if he or she is admin, curator
// or contributor
// in currentVDC
if (pageDef.getName().equals(PageDefServiceLocal.EDIT_STUDY_PAGE)
&& (getStudyIdFromRequest(request) == null
|| Integer.parseInt(getStudyIdFromRequest(request)) < 0)) {
String currentVDCRoleName = null;
if (currentVDC != null && currentVDC.isAllowRegisteredUsersToContribute()) {
authorized = true;
} else {
if (currentVDC != null && user.getVDCRole(currentVDC) != null) {
currentVDCRoleName = user.getVDCRole(currentVDC).getRole().getName();
}
if (currentVDCRoleName != null
&& (currentVDCRoleName.equals(RoleServiceLocal.ADMIN)
|| currentVDCRoleName.equals(RoleServiceLocal.CURATOR)
|| currentVDCRoleName.equals(RoleServiceLocal.CONTRIBUTOR))) {
authorized = true;
}
}
} else {
// If we are editing an existing study, then the authorization depends on the study
Long studyId = Long.parseLong(getStudyIdFromRequest(request));
Study study = studyService.getStudy(studyId);
authorized = study.isUserAuthorizedToEdit(user);
}
return authorized;
}
private boolean isVersionDiffPage(PageDef pageDef) {
if (pageDef != null
&& pageDef.getName().equals(PageDefServiceLocal.STUDY_VERSION_DIFFERENCES_PAGE)) {
return true;
}
return false;
}
private boolean isAddStudyPage(PageDef pageDef, HttpServletRequest request) {
if (pageDef != null
&& pageDef.getName().equals(PageDefServiceLocal.EDIT_STUDY_PAGE)
&& request.getParameter("studyId") == null) {
return true;
} else {
return false;
}
}
private Long determineStudyId(PageDef pageDef, HttpServletRequest request) {
if (pageDef.getName().equals(PageDefServiceLocal.EDIT_VARIABLE_PAGE)) {
String dtIdParam = getIdFromRequest("dtId", request);
return varService.getDataTable(new Long(dtIdParam)).getStudyFile().getStudy().getId();
}
String studyIdParam = getStudyIdFromRequest(request);
if (studyIdParam != null) {
return new Long(studyIdParam);
}
return null;
}
private boolean isExploreDataPage(PageDef pageDef) {
if (pageDef != null && pageDef.getName().equals(pageDefService.EXPLOREDATA_PAGE)) {
return true;
}
return false;
}
private boolean isSubsettingPage(PageDef pageDef) {
if (pageDef != null && pageDef.getName().equals(pageDefService.SUBSETTING_PAGE)) {
return true;
}
return false;
}
private boolean isEditAccountPage(PageDef pageDef) {
if (pageDef != null && pageDef.getName().equals(pageDefService.EDIT_ACCOUNT_PAGE)) {
return true;
}
return false;
}
private boolean isViewStudyPage(PageDef pageDef) {
if (pageDef != null && pageDef.getName().equals(pageDefService.VIEW_STUDY_PAGE)) {
return true;
}
return false;
}
private boolean isManifestPage(PageDef pageDef) {
if (pageDef != null && pageDef.getName().equals(PageDefServiceLocal.MANIFEST_PAGE)) {
return true;
}
return false;
}
private boolean isUserAuthorizedForNonRolePage(
PageDef pageDef, HttpServletRequest request, LoginBean loginBean, UserGroup ipUserGroup) {
VDCUser user = null;
if (loginBean != null) {
user = loginBean.getUser();
}
if (user != null
&& user.getNetworkRole() != null
&& user.getNetworkRole().getName().equals(NetworkRoleServiceLocal.ADMIN)) {
// If you are network admin, you can do anything!
return true;
}
VDC currentVDC = vdcService.getVDCFromRequest(request);
if (currentVDC != null && !isTermsOfUsePage(pageDef) && isVdcRestricted(pageDef, request)) {
if (currentVDC.isVDCRestrictedForUser(user, ipUserGroup)) {
return false;
}
} else if (pageDef != null
&& (pageDef.getName().equals(PageDefServiceLocal.DV_OPTIONS_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.ACCOUNT_OPTIONS_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.ACCOUNT_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.MANAGE_STUDIES_PAGE))) {
// For these pages, the only requirement is
// to be logged in.
if (user == null) {
return false;
}
String userParam = request.getParameter("userId");
if (userParam != null && !userParam.equals(user.getId().toString())) {
// To view other users, logged in user must be an admin or curator
if (!(user.isAdmin(currentVDC) || user.isCurator(currentVDC))) {
return false;
}
}
} else if (isViewStudyPage(pageDef)) {
Study study = null;
StudyVersion studyVersion = null;
String studyId = VDCBaseBean.getParamFromRequestOrComponent("studyId", request);
String versionNumber = VDCBaseBean.getParamFromRequestOrComponent("versionNumber", request);
if (studyId != null) {
study = studyService.getStudy(Long.parseLong(studyId));
if (versionNumber != null) {
studyVersion =
studyService.getStudyVersion(Long.parseLong(studyId), new Long(versionNumber));
}
} else {
study =
studyService.getStudyByGlobalId(
VDCBaseBean.getParamFromRequestOrComponent("globalId", request));
}
if (study.isStudyRestrictedForUser(user, ipUserGroup)) {
return false;
}
if (studyVersion != null) {
// If study has been deaccessioned,
// only show the page if the user is authorized to edit
if (study.isDeaccessioned() && (user == null || !study.isUserAuthorizedToEdit(user))) {
return false;
}
// If this is a draft version, only show the version if the user is authorized to edit
if (studyVersion.isWorkingCopy() && (user == null || !study.isUserAuthorizedToEdit(user))) {
return false;
}
}
} else if (isVersionDiffPage(pageDef)) {
Study study = null;
StudyVersion studyVersion1 = null;
StudyVersion studyVersion2 = null;
String studyId = VDCBaseBean.getParamFromRequestOrComponent("studyId", request);
Long[] versionList = VDCRequestBean.parseVersionNumberList(request);
studyVersion1 = studyService.getStudyVersion(Long.parseLong(studyId), versionList[0]);
studyVersion2 = studyService.getStudyVersion(Long.parseLong(studyId), versionList[1]);
if (studyId != null) {
study = studyService.getStudy(Long.parseLong(studyId));
} else {
study =
studyService.getStudyByGlobalId(
VDCBaseBean.getParamFromRequestOrComponent("globalId", request));
}
if (study.isStudyRestrictedForUser(user, ipUserGroup)) {
return false;
}
// If study has been deaccessioned,
// only show the page if the user is authorized to edit
if (study.isDeaccessioned() && (user == null || !study.isUserAuthorizedToEdit(user))) {
return false;
}
// If this is a draft version, only show the version if the user is authorized to edit
if ((studyVersion1.isWorkingCopy() || studyVersion2.isWorkingCopy())
&& (user == null || !study.isUserAuthorizedToEdit(user))) {
return false;
}
if ("confirmRelease".equals(request.getParameter("actionMode"))
&& !study.isUserAuthorizedToRelease(user)) {
return false;
}
} else if (isSubsettingPage(pageDef)) {
String dtId = VDCBaseBean.getParamFromRequestOrComponent("dtId", request);
DataTable dataTable = variableService.getDataTable(Long.parseLong(dtId));
Study study = dataTable.getStudyFile().getStudy();
if (study.isStudyRestrictedForUser(user, ipUserGroup)) {
return false;
}
} else if (isExploreDataPage(pageDef)) {
String fileId = VDCBaseBean.getParamFromRequestOrComponent("fileId", request);
StudyFile sf = studyFileService.getStudyFile(Long.parseLong(fileId));
if (sf.isFileRestrictedForUser(user, currentVDC, ipUserGroup)) {
return false;
}
} else if (isEditAccountPage(pageDef)) {
String userId = VDCBaseBean.getParamFromRequestOrComponent("userId", request);
if (user == null || user.getId() != Long.parseLong(userId)) {
return false;
}
} else if (isManifestPage(pageDef)) {
LockssConfig chkLockssConfig = getLockssConfig(currentVDC);
if (chkLockssConfig == null) {
return false;
} else if (chkLockssConfig.getserverAccess().equals(ServerAccess.GROUP)) {
VDCRole userRole = null;
String userVDCRoleName = null;
if (user != null && currentVDC != null) {
userRole = loginBean.getVDCRole(currentVDC);
}
if (user != null && userRole != null && user.isAdmin(currentVDC)) {
return true;
}
if (user != null
&& user.getNetworkRole() != null
&& user.getNetworkRole().getName().equals(NetworkRoleServiceLocal.ADMIN)) {
// If you are network admin, you can do anything!
return true;
}
if (!lockssAuth.isAuthorizedLockssServer(currentVDC, request)) {
return false;
}
}
}
return true;
}