private void getSiteParticipantList(String siteId, HttpServletResponse res) {
// get the user id
String userId = SessionManager.getCurrentSessionUserId();
if (userId == null) {
// fail the request, user not logged in yet.
log.warn(
this
+ " HttpAccess for printing participant of site id ="
+ siteId
+ " without user loggin. ");
} else {
String siteReference = SiteService.siteReference(siteId);
// check whether the user has permission to view the site roster or is super user
if (SecurityService.unlock(userId, SiteService.SECURE_VIEW_ROSTER, siteReference)
|| SecurityService.isSuperUser()) {
print_participant(siteId);
} else {
log.warn(
this
+ " HttpAccess for printing participant of site id ="
+ siteId
+ " with user id = "
+ userId
+ ": user does not have permission to view roster. ");
}
}
}
/** @see SakaiPersonManager#save(SakaiPerson) */
public void save(SakaiPerson sakaiPerson) {
if (LOG.isDebugEnabled()) {
LOG.debug("save(SakaiPerson " + sakaiPerson + ")");
}
if (sakaiPerson == null)
throw new IllegalArgumentException("Illegal sakaiPerson argument passed!");
if (!isSupportedType(sakaiPerson.getTypeUuid()))
throw new IllegalArgumentException("The sakaiPerson argument contains an invalid Type!");
// AuthZ
// Only superusers can update system records
if (getSystemMutableType().getUuid().equals(sakaiPerson.getTypeUuid())
&& !SecurityService.isSuperUser()) {
throw new IllegalAccessError("System mutable records cannot be updated.");
}
// if it is a user mutable record, ensure the user is updating their own record
// this can be overriden with a security advisor so the admin user to allow access
if (!SecurityService.unlock(
UserDirectoryService.ADMIN_ID,
SakaiPerson.PROFILE_SAVE_PERMISSION,
sakaiPerson.getAgentUuid())) {
if (!StringUtils.equals(SessionManager.getCurrentSessionUserId(), sakaiPerson.getAgentUuid())
&& !SecurityService.isSuperUser()) {
// AuthZ - Ensure the current user is updating their own record
if (!StringUtils.equals(
SessionManager.getCurrentSessionUserId(), sakaiPerson.getAgentUuid())) {
throw new IllegalAccessError("You do not have permissions to update this record!");
}
}
}
// store record
if (!(sakaiPerson instanceof SakaiPersonImpl)) {
// TODO support alternate implementations of SakaiPerson
// copy bean properties into new SakaiPersonImpl with beanutils?
throw new UnsupportedOperationException("Unknown SakaiPerson implementation found!");
} else {
// update lastModifiedDate
SakaiPersonImpl spi = (SakaiPersonImpl) sakaiPerson;
persistableHelper.modifyPersistableFields(spi);
// if the repository path is set save if there
if (photoService.overRidesDefault()) {
photoService.savePhoto(spi.getJpegPhoto(), spi.getAgentUuid());
spi.setJpegPhoto(null);
}
// use update(..) method to ensure someone does not try to insert a
// prototype.
getHibernateTemplate().update(spi);
// set the event
String ref = getReference(spi);
LOG.debug("got ref of: " + ref + " about to set events");
eventTrackingService.post(eventTrackingService.newEvent("profile.update", ref, true));
LOG.debug("User record updated for Id :-" + spi.getAgentUuid());
// update the account too -only if not system profile
if (serverConfigurationService.getBoolean("profile.updateUser", false)
&& spi.getTypeUuid().equals(this.userMutableType.getUuid())) {
try {
UserEdit userEdit = null;
userEdit = userDirectoryService.editUser(spi.getAgentUuid());
userEdit.setFirstName(spi.getGivenName());
userEdit.setLastName(spi.getSurname());
userEdit.setEmail(spi.getMail());
userDirectoryService.commitEdit(userEdit);
LOG.debug("Saved user object");
} catch (Exception e) {
e.printStackTrace();
}
}
}
}