public FolderDetails retrieveVisibleEntries( String userId, ColumnField field, boolean asc, int start, int limit) { Set<Entry> results; FolderDetails details = new FolderDetails(); Account account = accountController.getByEmail(userId); if (authorization.isAdmin(userId)) { // no filters results = dao.retrieveAllEntries(field, asc, start, limit); } else { // retrieve groups for account and filter by permission Set<Group> accountGroups = new HashSet<>(account.getGroups()); GroupController controller = new GroupController(); Group everybodyGroup = controller.createOrRetrievePublicGroup(); accountGroups.add(everybodyGroup); results = dao.retrieveVisibleEntries(account, accountGroups, field, asc, start, limit); } for (Entry entry : results) { PartData info = ModelToInfoFactory.createTableViewData(userId, entry, false); details.getEntries().add(info); } return details; }
public ArrayList<TraceSequenceAnalysis> getTraceSequences(String userId, long entryId) { Entry entry = dao.get(entryId); if (entry == null) return null; authorization.expectRead(userId, entry); List<TraceSequence> sequences = DAOFactory.getTraceSequenceDAO().getByEntry(entry); ArrayList<TraceSequenceAnalysis> analysisArrayList = new ArrayList<>(); if (sequences == null) return analysisArrayList; AccountController accountController = new AccountController(); for (TraceSequence traceSequence : sequences) { TraceSequenceAnalysis analysis = traceSequence.toDataTransferObject(); AccountTransfer accountTransfer = new AccountTransfer(); String depositor = traceSequence.getDepositor(); boolean canEdit = canEdit(userId, depositor, entry); analysis.setCanEdit(canEdit); Account account = accountController.getByEmail(traceSequence.getDepositor()); if (account != null) { accountTransfer.setFirstName(account.getFirstName()); accountTransfer.setLastName(account.getLastName()); accountTransfer.setEmail(account.getEmail()); accountTransfer.setId(account.getId()); } analysis.setDepositor(accountTransfer); analysisArrayList.add(analysis); } return analysisArrayList; }
public void update(String userId, Entry entry) { if (entry == null) { return; } authorization.expectWrite(userId, entry); boolean scheduleRebuild = sequenceDAO.hasSequence(entry.getId()); entry.setModificationTime(Calendar.getInstance().getTime()); if (entry.getVisibility() == null) entry.setVisibility(Visibility.OK.getValue()); entry = dao.update(entry); // check pi email String piEmail = entry.getPrincipalInvestigatorEmail(); if (StringUtils.isNotEmpty(piEmail)) { Account pi = DAOFactory.getAccountDAO().getByEmail(piEmail); if (pi != null) { // add write permission for the PI (method also checks to see if permission already exists) AccessPermission accessPermission = new AccessPermission(); accessPermission.setArticle(AccessPermission.Article.ACCOUNT); accessPermission.setArticleId(pi.getId()); accessPermission.setType(AccessPermission.Type.WRITE_ENTRY); accessPermission.setTypeId(entry.getId()); permissionsController.addPermission(userId, accessPermission); } } if (scheduleRebuild) { ApplicationController.scheduleBlastIndexRebuildTask(true); } }
public UserComment createEntryComment(String userId, long partId, UserComment newComment) { Entry entry = dao.get(partId); if (entry == null) return null; authorization.canRead(userId, entry); Account account = accountController.getByEmail(userId); Comment comment = new Comment(); comment.setAccount(account); comment.setEntry(entry); comment.setBody(newComment.getMessage()); comment.setCreationTime(new Date()); comment = commentDAO.create(comment); if (newComment.getSamples() != null) { SampleDAO sampleDAO = DAOFactory.getSampleDAO(); for (PartSample partSample : newComment.getSamples()) { Sample sample = sampleDAO.get(partSample.getId()); if (sample == null) continue; comment.getSamples().add(sample); sample.getComments().add(comment); } } comment = commentDAO.update(comment); return comment.toDataTransferObject(); }
public List<PartData> retrieveOwnerEntries( String userId, String ownerEmail, ColumnField sort, boolean asc, int start, int limit) { List<Entry> entries; Account account = DAOFactory.getAccountDAO().getByEmail(userId); if (authorization.isAdmin(userId) || account.getEmail().equals(ownerEmail)) { entries = dao.retrieveOwnerEntries(ownerEmail, sort, asc, start, limit); } else { Set<Group> accountGroups = new HashSet<>(account.getGroups()); GroupController controller = new GroupController(); Group everybodyGroup = controller.createOrRetrievePublicGroup(); accountGroups.add(everybodyGroup); // retrieve entries for user that can be read by others entries = dao.retrieveUserEntries(account, ownerEmail, accountGroups, sort, asc, start, limit); } ArrayList<PartData> data = new ArrayList<>(); for (Entry entry : entries) { PartData info = ModelToInfoFactory.createTableViewData(userId, entry, false); info.setViewCount(DAOFactory.getAuditDAO().getHistoryCount(entry)); data.add(info); } return data; }
public long updatePart(String userId, long partId, PartData part) { Entry existing = dao.get(partId); authorization.expectWrite(userId, existing); Entry entry = InfoToModelFactory.updateEntryField(part, existing); entry.getLinkedEntries().clear(); if (part.getLinkedParts() != null && part.getLinkedParts().size() > 0) { for (PartData data : part.getLinkedParts()) { Entry linked = dao.getByPartNumber(data.getPartId()); // check permissions on link if (!authorization.canRead(userId, linked)) { continue; } if (!canLink(entry, linked)) continue; entry.getLinkedEntries().add(linked); } } entry.setModificationTime(Calendar.getInstance().getTime()); if (entry.getVisibility() == Visibility.DRAFT.getValue()) { List<EntryField> invalidFields = EntryUtil.validates(part); if (invalidFields.isEmpty()) entry.setVisibility(Visibility.OK.getValue()); } entry = dao.update(entry); // check pi email String piEmail = entry.getPrincipalInvestigatorEmail(); if (StringUtils.isNotEmpty(piEmail)) { Account pi = DAOFactory.getAccountDAO().getByEmail(piEmail); if (pi != null) { // add write permission for the PI (method also checks to see if permission already exists) AccessPermission accessPermission = new AccessPermission(); accessPermission.setArticle(AccessPermission.Article.ACCOUNT); accessPermission.setArticleId(pi.getId()); accessPermission.setType(AccessPermission.Type.WRITE_ENTRY); accessPermission.setTypeId(entry.getId()); permissionsController.addPermission(userId, accessPermission); } } return entry.getId(); }
public PartData retrieveEntryTipDetails(String userId, String id) { Entry entry = getEntry(id); if (entry == null) return null; if (!permissionsController.isPubliclyVisible(entry) && !authorization.canRead(userId, entry)) return null; return ModelToInfoFactory.createTipView(entry); }
public boolean deleteHistory(String userId, long entryId, long historyId) { Entry entry = dao.get(entryId); if (entry == null) return false; authorization.expectWrite(userId, entry); Audit audit = auditDAO.get(historyId); if (audit == null) return true; auditDAO.delete(audit); return true; }
public long getNumberOfOwnerEntries(String requesterUserEmail, String ownerEmail) { Account account = DAOFactory.getAccountDAO().getByEmail(requesterUserEmail); if (authorization.isAdmin(requesterUserEmail) || account.getEmail().equals(ownerEmail)) { return dao.ownerEntryCount(ownerEmail); } Set<Group> accountGroups = new HashSet<>(account.getGroups()); GroupController controller = new GroupController(); Group everybodyGroup = controller.createOrRetrievePublicGroup(); accountGroups.add(everybodyGroup); return dao.ownerEntryCount(account, ownerEmail, accountGroups); }
public ArrayList<UserComment> retrieveEntryComments(String userId, long partId) { Entry entry = dao.get(partId); if (entry == null) return null; authorization.expectRead(userId, entry); // comments ArrayList<Comment> comments = commentDAO.retrieveComments(entry); ArrayList<UserComment> userComments = new ArrayList<>(); for (Comment comment : comments) { userComments.add(comment.toDataTransferObject()); } return userComments; }
/** * Retrieve the number of entries that is visible to a particular user * * @param userId user account unique identifier * @return Number of entries that user with account referenced in the parameter can read. */ public long getNumberOfVisibleEntries(String userId) { Account account = accountController.getByEmail(userId); if (account == null) return -1; if (authorization.isAdmin(userId)) { return dao.getAllEntryCount(); } Set<Group> accountGroups = new HashSet<>(account.getGroups()); GroupController controller = new GroupController(); Group everybodyGroup = controller.createOrRetrievePublicGroup(); accountGroups.add(everybodyGroup); return dao.visibleEntryCount(account, accountGroups); }
public UserComment updateEntryComment( String userId, long partId, long commentId, UserComment userComment) { Entry entry = dao.get(partId); if (entry == null) return null; authorization.canRead(userId, entry); Comment comment = commentDAO.get(commentId); if (comment == null) return createEntryComment(userId, partId, userComment); if (comment.getEntry().getId() != partId) return null; if (userComment.getMessage() == null || userComment.getMessage().isEmpty()) return null; comment.setBody(userComment.getMessage()); comment.setModificationTime(new Date()); return commentDAO.update(comment).toDataTransferObject(); }
public ArrayList<History> getHistory(String userId, long entryId) { Entry entry = dao.get(entryId); if (entry == null) return null; authorization.expectWrite(userId, entry); List<Audit> list = auditDAO.getAuditsForEntry(entry); ArrayList<History> result = new ArrayList<>(); for (Audit audit : list) { History history = audit.toDataTransferObject(); if (history.isLocalUser()) { history.setAccount( accountController.getByEmail(history.getUserId()).toDataTransferObject()); } result.add(history); } return result; }
public PartStatistics retrieveEntryStatistics(String userId, long entryId) { Entry entry = dao.get(entryId); if (entry == null) return null; authorization.expectRead(userId, entry); PartStatistics statistics = new PartStatistics(); statistics.setEntryId(entryId); statistics.setCommentCount(commentDAO.getCommentCount(entry)); int traceSequenceCount = DAOFactory.getTraceSequenceDAO().getTraceSequenceCount(entry); statistics.setTraceSequenceCount(traceSequenceCount); int sampleCount = DAOFactory.getSampleDAO().getSampleCount(entry); statistics.setSampleCount(sampleCount); int historyCount = DAOFactory.getAuditDAO().getHistoryCount(entry); statistics.setHistoryCount(historyCount); int eddCount = DAOFactory.getExperimentDAO().getExperimentCount(entryId); statistics.setExperimentalDataCount(eddCount); return statistics; }
/** * Moves the specified list of entries to the deleted folder * * @param userId unique identifier for user making the request. Must have write access privileges * on the entries in the list * @param list unique identifiers for entries * @return true or false if operation succeeds on all listed entries or not */ public boolean moveEntriesToTrash(String userId, ArrayList<PartData> list) { List<Entry> toTrash = new LinkedList<>(); for (PartData data : list) { Entry entry = dao.get(data.getId()); if (entry == null || !authorization.canWriteThoroughCheck(userId, entry)) return false; toTrash.add(entry); } // add to bin try { for (Entry entry : toTrash) { entry.setVisibility(Visibility.DELETED.getValue()); dao.update(entry); } } catch (DAOException de) { Logger.error(de); return false; } return true; }
protected boolean canEdit(String userId, String depositor, Entry entry) { return userId.equalsIgnoreCase(depositor) || authorization.canWriteThoroughCheck(userId, entry); }
public boolean addTraceSequence(String userId, long partId, File file, String uploadFileName) { Entry entry = dao.get(partId); if (entry == null) return false; authorization.expectRead(userId, entry); FileInputStream inputStream; try { inputStream = new FileInputStream(file); } catch (FileNotFoundException e) { Logger.error(e); return false; } if (uploadFileName.toLowerCase().endsWith(".zip")) { try (ZipInputStream zis = new ZipInputStream(inputStream)) { ZipEntry zipEntry; while (true) { zipEntry = zis.getNextEntry(); if (zipEntry != null) { if (!zipEntry.isDirectory() && !zipEntry.getName().startsWith("__MACOSX")) { ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); int c; while ((c = zis.read()) != -1) { byteArrayOutputStream.write(c); } boolean parsed = parseTraceSequence( userId, entry, zipEntry.getName(), byteArrayOutputStream.toByteArray()); if (!parsed) { String errMsg = ("Could not parse \"" + zipEntry.getName() + "\". Only Fasta, GenBank & ABI files are supported."); Logger.error(errMsg); return false; } } } else { break; } } } catch (IOException e) { String errMsg = ("Could not parse zip file."); Logger.error(errMsg); return false; } } else { try { boolean parsed = parseTraceSequence(userId, entry, uploadFileName, IOUtils.toByteArray(inputStream)); if (!parsed) { String errMsg = ("Could not parse \"" + uploadFileName + "\". Only Fasta, GenBank & ABI files are supported."); Logger.error(errMsg); return false; } } catch (IOException e) { Logger.error(e); return false; } } return true; }
protected PartData retrieveEntryDetails(String userId, Entry entry) { // user must be able to read if not public entry if (!permissionsController.isPubliclyVisible(entry)) authorization.expectRead(userId, entry); PartData partData = ModelToInfoFactory.getInfo(entry); if (partData == null) return null; boolean hasSequence = sequenceDAO.hasSequence(entry.getId()); partData.setHasSequence(hasSequence); boolean hasOriginalSequence = sequenceDAO.hasOriginalSequence(entry.getId()); partData.setHasOriginalSequence(hasOriginalSequence); // permissions partData.setCanEdit(authorization.canWriteThoroughCheck(userId, entry)); partData.setPublicRead(permissionsController.isPubliclyVisible(entry)); // create audit event if not owner // todo : remote access check if (userId != null && authorization.getOwner(entry) != null && !authorization.getOwner(entry).equalsIgnoreCase(userId)) { try { Audit audit = new Audit(); audit.setAction(AuditType.READ.getAbbrev()); audit.setEntry(entry); audit.setUserId(userId); audit.setLocalUser(true); audit.setTime(new Date(System.currentTimeMillis())); auditDAO.create(audit); } catch (Exception e) { Logger.error(e); } } // retrieve more information about linked entries if any (default only contains id) if (partData.getLinkedParts() != null) { ArrayList<PartData> newLinks = new ArrayList<>(); for (PartData link : partData.getLinkedParts()) { Entry linkedEntry = dao.get(link.getId()); if (!authorization.canRead(userId, linkedEntry)) continue; link = ModelToInfoFactory.createTipView(linkedEntry); Sequence sequence = sequenceDAO.getByEntry(linkedEntry); if (sequence != null) { link.setBasePairCount(sequence.getSequence().length()); link.setFeatureCount(sequence.getSequenceFeatures().size()); } newLinks.add(link); } partData.getLinkedParts().clear(); partData.getLinkedParts().addAll(newLinks); } // check if there is a parent available List<Entry> parents = dao.getParents(entry.getId()); if (parents == null) return partData; for (Entry parent : parents) { if (!authorization.canRead(userId, parent)) continue; if (parent.getVisibility() != Visibility.OK.getValue() && !authorization.canWriteThoroughCheck(userId, entry)) continue; EntryType type = EntryType.nameToType(parent.getRecordType()); PartData parentData = new PartData(type); parentData.setId(parent.getId()); parentData.setName(parent.getName()); parentData.setVisibility(Visibility.valueToEnum(parent.getVisibility())); partData.getParents().add(parentData); } return partData; }