Exemplo n.º 1
0
  /**
   * Checks that the requesting user can view survey responses for some collection of users. There
   * may not actually be any responses to read or the responses may need to be made public first.
   * This only guarantees that, if the other users have any public responses that the requesting
   * user is allowed to view them. Therefore, this will pass as long as any of the following are
   * true: <br>
   * <br>
   * - If the user is a supervisor or an author.<br>
   * - If the user is an analyst and the campaign is shared.<br>
   * - If the user is the same as all of the requesting users.<br>
   * <br>
   * If you want to check if a user can read survey responses from every user in a campaign, don't
   * pass in any user usernames.
   *
   * @param campaignId The unique identifier for the campaign.
   * @param requesterUsername The requesting user's username.
   * @param userUsernames The array of usernames of specific users to check if the requesting user
   *     has permission to read their information.
   * @throws ServiceException Thrown if none of the rules are true or there is an error.
   */
  public void requesterCanViewUsersSurveyResponses(
      final String campaignId, final String requesterUsername, final String... userUsernames)
      throws ServiceException {
    try {
      // If the requester is asking about other users.
      if (userUsernames.length != 0) {
        // If the requester is the same as all of the users in question.
        boolean otherUsers = false;
        for (String username : userUsernames) {
          if (!requesterUsername.equals(username)) {
            otherUsers = true;
          }
        }
        if (!otherUsers) {
          return;
        }
      }

      List<Campaign.Role> requesterRoles =
          userCampaignQueries.getUserCampaignRoles(requesterUsername, campaignId);

      // If the requester's role list contains supervisor, return.
      if (requesterRoles.contains(Campaign.Role.SUPERVISOR)) {
        return;
      }

      // If the requester's role list contains author, return.
      if (requesterRoles.contains(Campaign.Role.AUTHOR)) {
        return;
      }

      // If the requester's role list contains analyst,
      if (requesterRoles.contains(Campaign.Role.ANALYST)) {
        Campaign.PrivacyState privacyState = campaignQueries.getCampaignPrivacyState(campaignId);

        if ((privacyState != null) && (Campaign.PrivacyState.SHARED.equals(privacyState))) {
          return;
        }
      }

      throw new ServiceException(
          ErrorCode.CAMPAIGN_INSUFFICIENT_PERMISSIONS,
          "The user does not have sufficient permissions to read information about other users.");
    } catch (DataAccessException e) {
      throw new ServiceException(e);
    }
  }
Exemplo n.º 2
0
  /**
   * Verifies that a user is allowed to update a campaign's XML.
   *
   * @param username The username of the user.
   * @param campaignId The campaign's unique identifier.
   * @param id The ID from the new XML.
   * @param name The name from the new XML.
   * @throws ServiceException Thrown if the user isn't allowed to modify the campaign, if the user
   *     is allowed to modify the campaign but responses exist, or if there is an error.
   */
  public void verifyUserCanUpdateCampaignXml(
      final String username, final String campaignId, final String id, final String name)
      throws ServiceException {

    try {
      // Get the user's roles for this campaign.
      List<Campaign.Role> roles = userCampaignQueries.getUserCampaignRoles(username, campaignId);

      // If the user isn't a supervisor or an author, then they aren't
      // allowed to update it.
      if (!(roles.contains(Campaign.Role.SUPERVISOR) || roles.contains(Campaign.Role.AUTHOR))) {

        throw new ServiceException(
            ErrorCode.CAMPAIGN_INSUFFICIENT_PERMISSIONS,
            "The user is not allowed to modify the campaign's XML.");
      }

      // If the campaign already has survey responses, then it cannot be
      // updated by anyone.
      if (campaignSurveyResponseQueries.getNumberOfSurveyResponsesForCampaign(campaignId) != 0) {

        throw new ServiceException(
            ErrorCode.CAMPAIGN_INSUFFICIENT_PERMISSIONS,
            "Survey responses exist; therefore the XML can no longer be modified.");
      }

      // Check to ensure that the ID of the campaign hasn't changed.
      if (!campaignId.equals(id)) {
        throw new ServiceException(
            ErrorCode.CAMPAIGN_XML_HEADER_CHANGED,
            "The campaign's ID in the new XML must be the same as the original XML.");
      }

      // Check to ensure that the name of the campaign hasn't changed.
      if (!campaignQueries.getName(campaignId).equals(name)) {
        throw new ServiceException(
            ErrorCode.CAMPAIGN_XML_HEADER_CHANGED,
            "The campaign's name in the new XML must be the same as the original XML.");
      }
    } catch (DataAccessException e) {
      throw new ServiceException(e);
    }
  }
Exemplo n.º 3
0
  /**
   * Retrieves the information about a campaign.
   *
   * @param campaignId The campaign's unqiue identifier.
   * @param withClasses Whether or not to populate the campaign with its list of classes.
   * @param withUsers Whether or not to populate the campaign with its list of users and their
   *     respective roles.
   * @return The campaign object with the specified information.
   * @throws ServiceException Thrown if there is an error.
   */
  public Campaign getCampaignInformation(
      final String campaignId, final boolean withClasses, final boolean withUsers)
      throws ServiceException {

    try {
      Campaign result = campaignQueries.findCampaignConfiguration(campaignId);

      if (withClasses) {
        try {
          result.addClasses(campaignClassQueries.getClassesAssociatedWithCampaign(campaignId));
        } catch (DomainException e) {
          throw new ServiceException("There was a problem adding a class.", e);
        }
      }

      if (withUsers) {
        List<String> campaignUsernames = userCampaignQueries.getUsersInCampaign(campaignId);

        for (String campaignUsername : campaignUsernames) {
          List<Campaign.Role> userRoles =
              userCampaignQueries.getUserCampaignRoles(campaignUsername, campaignId);

          for (Campaign.Role userRole : userRoles) {
            try {
              result.addUser(campaignUsername, userRole);
            } catch (DomainException e) {
              throw new ServiceException("There was a problem adding a user.", e);
            }
          }
        }
      }

      return result;
    } catch (DataAccessException e) {
      throw new ServiceException(e);
    }
  }
Exemplo n.º 4
0
  /**
   * Gathers the requested information about a campaign. This will be at least its name, description
   * (possibly null), running state, privacy state, creation timestamp, and all of the requesting
   * user's roles in the campaign.<br>
   * <br>
   * The extras include the campaign's XML, all of the users associated with the campaign and their
   * roles, and all of the classes associated with the campaign.
   *
   * @param username The username of the user whose roles in the campaign are desired.
   * @param campaignIds The IDs for the campaigns whose information is desired.
   * @param withExtras A flag to indicate if the extra information should be included in each
   *     Campaign object.
   * @return A map of campaigns and their information to the list of roles for this user in the
   *     campaign.
   * @throws ServiceException Thrown if there is an error.
   */
  public Map<Campaign, List<Campaign.Role>> getCampaignAndUserRolesForCampaigns(
      final String username, final Collection<String> campaignIds, final boolean withExtras)
      throws ServiceException {

    try {
      Map<Campaign, List<Campaign.Role>> result = new HashMap<Campaign, List<Campaign.Role>>();

      for (String campaignId : campaignIds) {
        // Create the Campaign object with the campaign's ID.
        Campaign campaign = campaignQueries.getCampaignInformation(campaignId);

        // Get the user's roles.
        List<Campaign.Role> roles = userCampaignQueries.getUserCampaignRoles(username, campaignId);

        // If we are supposed to get the extra information as well.
        if (withExtras) {

          // Add the classes that are associated with the campaign.
          try {
            campaign.addClasses(campaignClassQueries.getClassesAssociatedWithCampaign(campaignId));
          } catch (DomainException e) {
            throw new ServiceException("There was a problem adding a class.", e);
          }

          // Add the users and their roles to the campaign.
          campaign.addUsers(userCampaignQueries.getUsersAndRolesForCampaign(campaignId));
        }

        // Add the user's roles.
        result.put(campaign, roles);
      }

      return result;
    } catch (DataAccessException e) {
      throw new ServiceException(e);
    }
  }
Exemplo n.º 5
0
  /**
   * Gathers the information about the classes that match the criteria based on the user's
   * permissions. If the requesting user is an admin, they will see all campaigns; otherwise, they
   * will only see the campaigns to which they belong.
   *
   * @param username The requesting user's username. This parameter is required.
   * @param campaignIds A list of campaign unique identifiers. This is optional and may be null. It
   *     limits the results to only those campaigns to which the user belongs.
   * @param classIds A list of class unique identifiers. This is optional and may be null. It limits
   *     the results to only those campaigns that are associated with any class in this list.
   * @param nameTokens A collection of token strings which limit the results to only those campaigns
   *     whose name contains at least one of the tokens.
   * @param descriptionTokens A collection of token strings which limit the results to only those
   *     campaigns that have a description and whose description contains at least one of the
   *     tokens.
   * @param startDate A date that limits the results to only those campaigns that were created on or
   *     after this date.
   * @param endDate A date that limits the results to only those campaigns that were created on or
   *     before this date.
   * @param privacyState A campaign privacy state the limits the results to only those campaigns
   *     that have this privacy state.
   * @param runningState A campaign running state that limits the results to only those campaigns
   *     that have this running state.
   * @param role A campaign role which limits the results to only those campaigns where the
   *     requesting user has this role in the campaign.
   * @param withClasses Whether or not to aggregate all of the classes associated with this
   *     campaign.
   * @param withUsers Whether or not to aggregate all of the users and their respective roles for
   *     this campaign.
   * @return A map of Campaign objects to the requesting user's respective roles.
   * @throws ServiceException There was an error.
   */
  public Map<Campaign, Collection<Campaign.Role>> getCampaignInformation(
      final String username,
      final Collection<String> campaignIds,
      final Collection<String> classIds,
      final Collection<String> nameTokens,
      final Collection<String> descriptionTokens,
      final DateTime startDate,
      final DateTime endDate,
      final Campaign.PrivacyState privacyState,
      final Campaign.RunningState runningState,
      final Campaign.Role role,
      final boolean withClasses,
      final boolean withUsers)
      throws ServiceException {

    try {
      QueryResultsList<Campaign> queryResult =
          campaignQueries.getCampaignInformation(
              username,
              campaignIds,
              classIds,
              nameTokens,
              descriptionTokens,
              startDate,
              endDate,
              privacyState,
              runningState,
              role);
      List<Campaign> campaignResults = queryResult.getResults();

      Map<Campaign, Collection<Campaign.Role>> result =
          new HashMap<Campaign, Collection<Campaign.Role>>(campaignResults.size());

      for (Campaign campaign : campaignResults) {
        result.put(campaign, userCampaignQueries.getUserCampaignRoles(username, campaign.getId()));

        if (withClasses) {
          try {
            campaign.addClasses(
                campaignClassQueries.getClassesAssociatedWithCampaign(campaign.getId()));
          } catch (DomainException e) {
            throw new ServiceException("There was a problem adding the classes.", e);
          }
        }

        if (withUsers) {
          // Add the users and their roles to the campaign.
          campaign.addUsers(userCampaignQueries.getUsersAndRolesForCampaign(campaign.getId()));
        }

        // Get and apply the masks for this campaign.
        campaign.addMasks(
            userCampaignQueries.getCampaignMasks(
                null, null, null, null, username, campaign.getId()));
      }

      return result;
    } catch (DataAccessException e) {
      throw new ServiceException(e);
    }
  }
Exemplo n.º 6
0
  /**
   * Generates a List of unique identifiers for campaigns based on the parameters. The List is based
   * on the 'campaignIds' parameter unless it is null in which case the List is based on all
   * campaigns visible to the user. All parameters except 'request' and 'username' are optional and
   * each will filter the resulting List of campaign identifiers.<br>
   * <br>
   * <br>
   * For example, if 'campaignIds' was null as were 'endDate' and 'privacyState', then what would be
   * returned would be the intersection of the following lists:<br>
   * - All of the campaigns to which the user was associated (because 'campaignIds' was null).<br>
   * - All of the campaigns that are associated with any of the classes whose unique identifier was
   * in the 'classIds' list.<br>
   * - All of the campaigns whose creation timestamp was equal to or after 'startDate'<br>
   * - All of the campaigns whose running state equaled 'runningState'.<br>
   * - All of the campaigns to which the user had the campaign role 'role'. <br>
   * <br>
   * Therefore, if a campaign was associated with a user only through a single class, but that class
   * wasn't in the 'classIds' list, then that campaign ID would not be returned even if all of the
   * other parameters matched.
   *
   * @param username The username of the user.
   * @param campaignIds An optional Collection of campaign identifiers from which to base the List.
   *     If this is empty, the resulting List will be empty. If this is null, the base List will be
   *     all campaigns to which the user is associated.
   * @param classIds A Collection of unique identifiers for classes where the resulting list will
   *     only contain campaign identifiers for campaigns that are associated with any of these
   *     classes.
   * @param startDate A Calendar where only campaigns whose creation timestamp is equal to or after
   *     this date.
   * @param endDate A Calendar where only campaigns whose creation timestamp is equal to or before
   *     this date.
   * @param privacyState A campaign privacy state that trims the resulting list of campaigns to only
   *     those that have this privacy state.
   * @param runningState A campaign running state that trims the resulting list of campaigns to only
   *     those that have this running state.
   * @param role A campaign role that trims the resulting list of campaigns to only those where the
   *     user has that role in the campaign.
   * @return A Set of campaign unique identifiers based on the 'campaignIds' parameter and trimmed
   *     by the rest of the parameters.
   * @throws ServiceException Thrown if there is an error.
   */
  public Set<String> getCampaignsForUser(
      final String username,
      final Collection<String> campaignIds,
      final Collection<String> classIds,
      final DateTime startDate,
      final DateTime endDate,
      final Campaign.PrivacyState privacyState,
      final Campaign.RunningState runningState,
      final Campaign.Role role)
      throws ServiceException {

    try {
      Set<String> desiredCampaignIds = new HashSet<String>();

      if (campaignIds == null) {
        // Initializes the list with all of the campaign IDs for the
        // requesting user.
        desiredCampaignIds.addAll(
            userCampaignQueries.getCampaignIdsAndNameForUser(username).keySet());
      } else {
        // Initializes the list with the campaign IDs in the query.
        desiredCampaignIds.addAll(campaignIds);
      }

      if (desiredCampaignIds.size() == 0) {
        return Collections.emptySet();
      }

      if (classIds != null) {
        // Get all of the campaigns associated with all of the classes in
        // the list.
        for (String classId : classIds) {
          desiredCampaignIds.retainAll(
              campaignClassQueries.getCampaignsAssociatedWithClass(classId));
        }

        if (desiredCampaignIds.size() == 0) {
          return Collections.emptySet();
        }
      }

      if (startDate != null) {
        // Get all of the campaigns whose creation timestamp is greater
        // than or equal to the start date.
        desiredCampaignIds.retainAll(campaignQueries.getCampaignsOnOrAfterDate(startDate));

        if (desiredCampaignIds.size() == 0) {
          return Collections.emptySet();
        }
      }

      if (endDate != null) {
        // Get all of the campaigns whose creation timestamp is less than
        // or equal to the end date.
        desiredCampaignIds.retainAll(campaignQueries.getCampaignsOnOrBeforeDate(endDate));

        if (desiredCampaignIds.size() == 0) {
          return Collections.emptySet();
        }
      }

      if (privacyState != null) {
        // Get all of the campaigns with a privacy state of 'privacyState'.
        desiredCampaignIds.retainAll(campaignQueries.getCampaignsWithPrivacyState(privacyState));

        if (desiredCampaignIds.size() == 0) {
          return Collections.emptySet();
        }
      }

      if (runningState != null) {
        // Get all of the campaigns with a running state of 'runningState'.
        desiredCampaignIds.retainAll(campaignQueries.getCampaignsWithRunningState(runningState));

        if (desiredCampaignIds.size() == 0) {
          return Collections.emptySet();
        }
      }

      if (role != null) {
        // Get all of the campaigns where the user's role is 'role'.
        desiredCampaignIds.retainAll(
            userCampaignQueries.getCampaignIdsForUserWithRole(username, role));

        if (desiredCampaignIds.size() == 0) {
          return Collections.emptySet();
        }
      }

      return desiredCampaignIds;
    } catch (DataAccessException e) {
      throw new ServiceException(e);
    }
  }