/**
* @param request : request)
* @return String : String
*/
private String getDynamicExtensionsURL(HttpServletRequest request) {
// Get Dynamic extensions URL
String dynamicExtensionsURL = request.getContextPath() + WebUIManager.getCreateContainerURL();
final SessionDataBean sessionbean =
(SessionDataBean)
request
.getSession()
.getAttribute(edu.wustl.catissuecore.util.global.Constants.SESSION_DATA);
final String userId = sessionbean.getUserId().toString();
// request.getSession().getAttribute("SESSION_DATA").toString();
String isAuthenticatedUser = "******";
if (userId != null) {
isAuthenticatedUser = "******";
}
// append container id if any
if (request.getParameter("containerId") == null) {
// append callback parameter
dynamicExtensionsURL =
dynamicExtensionsURL
+ "?"
+ WebUIManager.getCallbackURLParamName()
+ "="
+ request.getContextPath()
+ AnnotationConstants.CALLBACK_URL_PATH_ANNOTATION_DEFN
+ "&isAuthenticatedUser="******"?"
+ WebUIManagerConstants.CONATINER_IDENTIFIER_PARAMETER_NAME
+ "="
+ request.getParameter("containerId");
dynamicExtensionsURL =
dynamicExtensionsURL
+ "&"
+ WebUIManager.getCallbackURLParamName()
+ "="
+ request.getContextPath()
+ AnnotationConstants.CALLBACK_URL_PATH_ANNOTATION_DEFN
+ "&isAuthenticatedUser="
+ isAuthenticatedUser;
}
return dynamicExtensionsURL;
}
/**
* This method will be used to establish the session with the database. Declared in AbstractDAO
* class.
*
* @throws DAOException
*/
public void openSession(SessionDataBean sessionDataBean) throws DAOException {
// Logger.out.info("Session opened:------------------------");
try {
session = DBUtil.currentSession();
// Logger.out.info("Transaction begin:---------------------");
transaction = session.beginTransaction();
auditManager = new AuditManager();
if (sessionDataBean != null) {
auditManager.setUserId(sessionDataBean.getUserId());
auditManager.setIpAddress(sessionDataBean.getIpAddress());
} else {
auditManager.setUserId(null);
}
} catch (HibernateException dbex) {
Logger.out.error(dbex.getMessage(), dbex);
throw handleError(Constants.GENERIC_DATABASE_ERROR, dbex);
}
}
/**
* Saves the persistent object in the database.
*
* @param obj The object to be saved.
* @param session The session in which the object is saved.
* @throws DAOException
* @throws HibernateException Exception thrown during hibernate operations.
*/
public void insert(
Object obj, SessionDataBean sessionDataBean, boolean isAuditable, boolean isSecureInsert)
throws DAOException, UserNotAuthorizedException {
// Logger.out.info("inser call---------------------");
boolean isAuthorized = true;
try {
if (isSecureInsert) {
if (null != sessionDataBean) {
String userName = sessionDataBean.getUserName();
if (userName != null) {
isAuthorized =
SecurityManager.getInstance(this.getClass())
.isAuthorized(userName, obj.getClass().getName(), Permissions.CREATE);
} else {
isAuthorized = false;
}
} else {
isAuthorized = false;
}
}
// Logger.out.debug(" User's Authorization to insert "+obj.getClass()+" , "+isAuthorized);
if (isAuthorized) {
session.save(obj);
if (obj instanceof Auditable && isAuditable)
auditManager.compare((Auditable) obj, null, "INSERT");
isUpdated = true;
} else {
throw new UserNotAuthorizedException("Not Authorized to insert");
}
} catch (HibernateException hibExp) {
throw handleError("", hibExp);
} catch (AuditException hibExp) {
throw handleError("", hibExp);
} catch (SMException smex) {
throw handleError("", smex);
}
}
/**
* Updates the persistent object in the database.
*
* @param obj The object to be updated.
* @param session The session in which the object is saved.
* @throws DAOException
* @throws HibernateException Exception thrown during hibernate operations.
*/
public void update(
Object obj,
SessionDataBean sessionDataBean,
boolean isAuditable,
boolean isSecureUpdate,
boolean hasObjectLevelPrivilege)
throws DAOException, UserNotAuthorizedException {
boolean isAuthorized = true;
try {
if (isSecureUpdate) {
if (null != sessionDataBean) {
if (!(obj instanceof AbstractDomainObject) || !hasObjectLevelPrivilege) {
isAuthorized =
SecurityManager.getInstance(this.getClass())
.isAuthorized(
sessionDataBean.getUserName(),
obj.getClass().getName(),
Permissions.UPDATE);
Logger.out.debug(
" User's Authorization to update " + obj.getClass().getName() + " " + isAuthorized);
} else {
isAuthorized =
SecurityManager.getInstance(this.getClass())
.isAuthorized(
sessionDataBean.getUserName(),
obj.getClass().getName() + "_" + ((AbstractDomainObject) obj).getId(),
Permissions.UPDATE);
Logger.out.debug(
" User's Authorization to update " + obj.getClass().getName() + " " + isAuthorized);
}
} else {
isAuthorized = false;
Logger.out.debug(
" User's Authorization to update "
+ obj.getClass().getName()
+ "_"
+ ((AbstractDomainObject) obj).getId()
+ " "
+ isAuthorized);
}
}
if (isAuthorized) {
session.update(obj);
// Object oldObj = retrieve(obj.getClass().getName(),
// ((Auditable)obj).getId());
// if (obj instanceof Auditable && isAuditable)
// auditManager.compare((Auditable) obj, (Auditable)oldObj, "UPDATE");
isUpdated = true;
} else {
throw new UserNotAuthorizedException("Not Authorized to update");
}
} catch (HibernateException hibExp) {
// Logger.out.error(hibExp.getMessage(), hibExp);
// throw new DAOException("Error in update", hibExp);
throw handleError("", hibExp);
}
// catch (AuditException hibExp)
// {
// throw handleError("", hibExp);
// }
catch (SMException smex) {
// Logger.out.error(smex.getMessage(), smex);
// throw new DAOException("Error in update", smex);
throw handleError("", smex);
}
}
