예제 #1
0
  @Override
  public Attachment shareFile(Long attachmentId, long who, Long with) {
    if (log.isTraceEnabled()) {
      log.trace(">> shareFile(): attachmentId=" + attachmentId + ", who=" + who + ", with=" + with);
    }

    Attachment att = em.find(Attachment.class, attachmentId);
    if (att == null) {
      if (log.isTraceEnabled()) {
        log.trace("<< shareFile(): null - no such attachment");
      }
      return null;
    }
    boolean canShare = false;
    try {
      // canShare |= um.isAdmin(who);
      User actor = em.find(User.class, who);
      if (actor != null && actor.getUserGroup() == 1) {
        canShare = true;
      }
    } catch (Exception ex) {
    }
    if (!canShare) {
      for (User u : att.getUser()) {
        if (u.getId() == who) {
          canShare = true;
          break;
        }
      }
    }
    if (!canShare) {
      if (log.isTraceEnabled()) {
        log.trace("<< shareFile(): null - operation is not permitted");
      }
      return null;
    }
    User w = em.find(User.class, with);
    if (w == null) {
      if (log.isTraceEnabled()) {
        log.trace("<< shareFile(): cannot share with nobody, and owners list was not modified");
      }
      return att;
    }
    att.getUser().add(w);
    em.persist(att);

    return att;
  }
예제 #2
0
 @javax.ejb.TransactionAttribute(javax.ejb.TransactionAttributeType.SUPPORTS)
 private boolean isOwner(User u, Attachment a) {
   for (User usr : a.getUser()) {
     if (usr.getId().equals(u.getId())) {
       if (log.isTraceEnabled()) {
         log.trace("<< isOwner(): true // owner of the file");
       }
       return true;
     }
   }
   if (log.isTraceEnabled()) {
     log.trace("<< isOwner(): false");
   }
   return false;
 }
예제 #3
0
  @Override
  public Attachment reuploadFiles(
      User user, Long attachmentId, List<ReshakaUploadedFile> files, String tags) {
    if (attachmentId == null) {
      return uploadFiles(user, files, tags);
    }
    if (!checkUploadRights(user)) {
      return null;
    }
    Attachment original = em.find(Attachment.class, attachmentId);
    if (original == null) {
      return null;
    }

    Set<User> u = original.getUser();
    removeAttachmentFromDisk(original);
    original = prepareAttachment(user, files, tags);
    original.setId(attachmentId);
    original.setUser(u);
    return em.merge(original);
  }
예제 #4
0
  /** Checks if user has the right to download specified attachment */
  @javax.ejb.TransactionAttribute(javax.ejb.TransactionAttributeType.SUPPORTS)
  private boolean checkDownloadRights(User u, Attachment a) {
    if (log.isTraceEnabled()) {
      log.trace(">> checkDownloadRights(): user="******"SELECT u FROM User u WHERE u.avatarId = :avatarId", User.class);
    q.setParameter("avatarId", a.getId());
    List<User> lst = q.getResultList();
    if (lst != null && !lst.isEmpty()) {
      if (log.isTraceEnabled()) {
        log.trace("<< checkDownloadRights(): true // this is an avatar");
      }
      return true;
    }

    if (a == null) {
      if (log.isTraceEnabled()) {
        log.trace("<< checkDownloadRights(): false // attachment = null");
      }
      return false;
    }

    // do check if it is a problem statement
    q = em.createQuery("SELECT o FROM Order o WHERE o.conditionId = :conditionId", Order.class);
    q.setParameter("conditionId", a.getId());
    lst = q.getResultList();
    if (lst != null && !lst.isEmpty()) {
      if (log.isTraceEnabled()) {
        log.trace("<< checkDownloadRights(): true // this is a problem statement");
      }
      return true;
    }

    // do check if it is a solution to closed order
    q =
        em.createQuery(
            "SELECT o FROM Order o WHERE o.solutionId = :solutionId and o.status in :statuses",
            Order.class);
    q.setParameter("solutionId", a.getId());
    q.setParameter(
        "statuses",
        new ArrayList() {
          {
            add(Order.CLOSED_OFFLINE_ORDER_STATUS);
            add(Order.FULL_PAYED_OFFLINE_ORDER_STATUS);
            add(Order.EXPIRED_OFFLINE_ORDER_STATUS);
            add(Order.EXPIRED_ONLINE_ORDER_STATUS);
          }
        });
    lst = q.getResultList();
    if (lst != null && !lst.isEmpty()) {
      if (log.isTraceEnabled()) {
        log.trace("<< checkDownloadRights(): true // this is a problem statement");
      }
      return true;
    }

    if (u == null) {
      // guest tries to download file (not condition or avatar)
      if (log.isTraceEnabled()) {
        log.trace("<< checkDownloadRights(): false // user = null");
      }
      return false;
    }

    // Admin ?
    if (u.getUserGroup() == 1) {
      return true;
    }

    try {
      // check whether the requestor is owner of the file
      if (log.isTraceEnabled()) {
        log.trace("checkDownloadRights(): file owners >> " + a.getUser().size());
      }
      if (isOwner(u, a)) return true;
    } catch (Exception ex) {
      if (log.isTraceEnabled()) {
        log.trace("checkDownloadRights(): false // exception while processing owners list", ex);
      }
      return false;
    }

    // we might as well return false...
    if (log.isTraceEnabled()) {
      log.trace("<< checkDownloadRigths(): false");
    }
    return false;
  }