/** * Moves the specified list of entries to the deleted folder * * @param userId unique identifier for user making the request. Must have write access privileges * on the entries in the list * @param list unique identifiers for entries * @return true or false if operation succeeds on all listed entries or not */ public boolean moveEntriesToTrash(String userId, ArrayList<PartData> list) { List<Entry> toTrash = new LinkedList<>(); for (PartData data : list) { Entry entry = dao.get(data.getId()); if (entry == null || !authorization.canWriteThoroughCheck(userId, entry)) return false; toTrash.add(entry); } // add to bin try { for (Entry entry : toTrash) { entry.setVisibility(Visibility.DELETED.getValue()); dao.update(entry); } } catch (DAOException de) { Logger.error(de); return false; } return true; }
protected PartData retrieveEntryDetails(String userId, Entry entry) { // user must be able to read if not public entry if (!permissionsController.isPubliclyVisible(entry)) authorization.expectRead(userId, entry); PartData partData = ModelToInfoFactory.getInfo(entry); if (partData == null) return null; boolean hasSequence = sequenceDAO.hasSequence(entry.getId()); partData.setHasSequence(hasSequence); boolean hasOriginalSequence = sequenceDAO.hasOriginalSequence(entry.getId()); partData.setHasOriginalSequence(hasOriginalSequence); // permissions partData.setCanEdit(authorization.canWriteThoroughCheck(userId, entry)); partData.setPublicRead(permissionsController.isPubliclyVisible(entry)); // create audit event if not owner // todo : remote access check if (userId != null && authorization.getOwner(entry) != null && !authorization.getOwner(entry).equalsIgnoreCase(userId)) { try { Audit audit = new Audit(); audit.setAction(AuditType.READ.getAbbrev()); audit.setEntry(entry); audit.setUserId(userId); audit.setLocalUser(true); audit.setTime(new Date(System.currentTimeMillis())); auditDAO.create(audit); } catch (Exception e) { Logger.error(e); } } // retrieve more information about linked entries if any (default only contains id) if (partData.getLinkedParts() != null) { ArrayList<PartData> newLinks = new ArrayList<>(); for (PartData link : partData.getLinkedParts()) { Entry linkedEntry = dao.get(link.getId()); if (!authorization.canRead(userId, linkedEntry)) continue; link = ModelToInfoFactory.createTipView(linkedEntry); Sequence sequence = sequenceDAO.getByEntry(linkedEntry); if (sequence != null) { link.setBasePairCount(sequence.getSequence().length()); link.setFeatureCount(sequence.getSequenceFeatures().size()); } newLinks.add(link); } partData.getLinkedParts().clear(); partData.getLinkedParts().addAll(newLinks); } // check if there is a parent available List<Entry> parents = dao.getParents(entry.getId()); if (parents == null) return partData; for (Entry parent : parents) { if (!authorization.canRead(userId, parent)) continue; if (parent.getVisibility() != Visibility.OK.getValue() && !authorization.canWriteThoroughCheck(userId, entry)) continue; EntryType type = EntryType.nameToType(parent.getRecordType()); PartData parentData = new PartData(type); parentData.setId(parent.getId()); parentData.setName(parent.getName()); parentData.setVisibility(Visibility.valueToEnum(parent.getVisibility())); partData.getParents().add(parentData); } return partData; }
protected boolean canEdit(String userId, String depositor, Entry entry) { return userId.equalsIgnoreCase(depositor) || authorization.canWriteThoroughCheck(userId, entry); }