/** Note that details is the only optional field */
public String createEntity(EntityReference ref, Object entity, Map<String, Object> params) {
Poll poll = (Poll) entity;
poll.setCreationDate(new Date());
if (poll.getId() == null) {
poll.setId(UUID.randomUUID().toString());
}
if (poll.getOwner() == null) {
poll.setOwner(developerHelperService.getCurrentUserId());
}
String siteId = developerHelperService.getCurrentLocationId();
if (poll.getSiteId() == null) {
poll.setSiteId(siteId);
} else {
siteId = poll.getSiteId();
}
String userReference = developerHelperService.getCurrentUserReference();
String location = "/site/" + siteId;
boolean allowed =
developerHelperService.isUserAllowedInEntityReference(
userReference, PollListManager.PERMISSION_ADD, location);
if (!allowed) {
throw new SecurityException(
"Current user ("
+ userReference
+ ") cannot create polls in location ("
+ location
+ ")");
}
pollListManager.savePoll(poll);
return poll.getPollId() + "";
}
@Deprecated
public List<?> getEntities(EntityReference ref, Search search) {
// get the pollId
Restriction pollRes = search.getRestrictionByProperty("pollId");
if (pollRes == null || pollRes.getSingleValue() == null) {
throw new IllegalArgumentException(
"Must include a non-null pollId in order to retreive a list of votes");
}
Long pollId = null;
try {
pollId = developerHelperService.convert(pollRes.getSingleValue(), Long.class);
} catch (UnsupportedOperationException e) {
throw new IllegalArgumentException(
"Invalid: pollId must be a long number: " + e.getMessage(), e);
}
// get the poll
Poll poll = pollListManager.getPollById(pollId);
if (poll == null) {
throw new IllegalArgumentException(
"pollId (" + pollId + ") is invalid and does not match any known polls");
} else {
boolean allowedPublic = pollListManager.isPollPublic(poll);
if (!allowedPublic) {
String userReference = developerHelperService.getCurrentUserReference();
if (userReference == null) {
throw new EntityException(
"User must be logged in in order to access poll data",
ref.getId(),
HttpServletResponse.SC_UNAUTHORIZED);
} else {
boolean allowedManage = false;
boolean allowedVote = false;
allowedManage =
developerHelperService.isUserAllowedInEntityReference(
userReference, PollListManager.PERMISSION_ADD, "/site/" + poll.getSiteId());
allowedVote =
developerHelperService.isUserAllowedInEntityReference(
userReference, PollListManager.PERMISSION_VOTE, "/site/" + poll.getSiteId());
if (!(allowedManage || allowedVote)) {
throw new SecurityException(
"User (" + userReference + ") not allowed to access poll data: " + ref);
}
}
}
}
// get the options
List<Option> options = pollListManager.getOptionsForPoll(pollId);
return options;
}
/**
* Checks if the given user can create/update/delete options
*
* @param userRef
* @param option
*/
@Deprecated
private void checkOptionPermission(String userRef, Option option) {
if (option.getPollId() == null) {
throw new IllegalArgumentException(
"Poll Id must be set in the option to check permissions: " + option);
}
Long pollId = option.getPollId();
// validate poll exists
Poll poll = pollListManager.getPollById(pollId, false);
if (poll == null) {
throw new IllegalArgumentException(
"Invalid poll id (" + pollId + "), could not find poll from option: " + option);
}
// check permissions
String siteRef = "/site/" + poll.getSiteId();
if (!developerHelperService.isUserAllowedInEntityReference(
userRef, PollListManager.PERMISSION_ADD, siteRef)) {
throw new SecurityException(
"User ("
+ userRef
+ ") is not allowed to create/update/delete options in this poll ("
+ pollId
+ ")");
}
}
public void updateEntity(EntityReference ref, Object entity, Map<String, Object> params) {
String id = ref.getId();
if (id == null) {
throw new IllegalArgumentException(
"The reference must include an id for updates (id is currently null)");
}
String userReference = developerHelperService.getCurrentUserReference();
if (userReference == null) {
throw new SecurityException("anonymous user cannot update poll: " + ref);
}
Poll current = getPollById(id);
if (current == null) {
throw new IllegalArgumentException("No poll found to update for the given reference: " + ref);
}
Poll poll = (Poll) entity;
String siteId = developerHelperService.getCurrentLocationId();
if (poll.getSiteId() == null) {
poll.setSiteId(siteId);
} else {
siteId = poll.getSiteId();
}
String location = "/site/" + siteId;
// should this check a different permission?
boolean allowed =
developerHelperService.isUserAllowedInEntityReference(
userReference, PollListManager.PERMISSION_ADD, location);
if (!allowed) {
throw new SecurityException(
"Current user ("
+ userReference
+ ") cannot update polls in location ("
+ location
+ ")");
}
developerHelperService.copyBean(
poll,
current,
0,
new String[] {
"id", "pollId", "owner", "siteId", "creationDate", "reference", "url", "properties"
},
true);
pollListManager.savePoll(current);
}
public Object getEntity(EntityReference ref) {
String id = ref.getId();
if (id == null) {
return new Poll();
}
Poll poll = getPollById(id);
if (poll == null) {
throw new IllegalArgumentException("No poll found for the given reference: " + ref);
}
Long pollId = poll.getPollId();
String currentUserId = developerHelperService.getCurrentUserId();
boolean allowedManage = false;
if (!developerHelperService.isEntityRequestInternal(ref + "")) {
if (!pollListManager.isPollPublic(poll)) {
// this is not a public poll? (ie .anon role has poll.vote)
String userReference = developerHelperService.getCurrentUserReference();
if (userReference == null) {
throw new EntityException(
"User must be logged in in order to access poll data",
ref.getId(),
HttpServletResponse.SC_UNAUTHORIZED);
}
allowedManage =
developerHelperService.isUserAllowedInEntityReference(
userReference, PollListManager.PERMISSION_ADD, "/site/" + poll.getSiteId());
boolean allowedVote =
developerHelperService.isUserAllowedInEntityReference(
userReference, PollListManager.PERMISSION_VOTE, "/site/" + poll.getSiteId());
if (!allowedManage && !allowedVote) {
throw new SecurityException(
"User (" + userReference + ") not allowed to access poll data: " + ref);
}
}
}
Boolean includeVotes = requestStorage.getStoredValueAsType(Boolean.class, "includeVotes");
if (includeVotes == null) {
includeVotes = false;
}
if (includeVotes) {
List<Vote> votes = pollVoteManager.getAllVotesForPoll(poll);
poll.setVotes(votes);
}
Boolean includeOptions = requestStorage.getStoredValueAsType(Boolean.class, "includeOptions");
if (includeOptions == null) {
includeOptions = false;
}
if (includeOptions) {
List<Option> options = pollListManager.getOptionsForPoll(poll);
poll.setOptions(options);
}
// add in the indicator that this user has replied
if (currentUserId != null) {
Map<Long, List<Vote>> voteMap =
pollVoteManager.getVotesForUser(currentUserId, new Long[] {pollId});
List<Vote> l = voteMap.get(pollId);
if (l != null) {
poll.setCurrentUserVoted(true);
poll.setCurrentUserVotes(l);
} else {
poll.setCurrentUserVoted(false);
}
}
return poll;
}
