public long updatePart(String userId, long partId, PartData part) { Entry existing = dao.get(partId); authorization.expectWrite(userId, existing); Entry entry = InfoToModelFactory.updateEntryField(part, existing); entry.getLinkedEntries().clear(); if (part.getLinkedParts() != null && part.getLinkedParts().size() > 0) { for (PartData data : part.getLinkedParts()) { Entry linked = dao.getByPartNumber(data.getPartId()); // check permissions on link if (!authorization.canRead(userId, linked)) { continue; } if (!canLink(entry, linked)) continue; entry.getLinkedEntries().add(linked); } } entry.setModificationTime(Calendar.getInstance().getTime()); if (entry.getVisibility() == Visibility.DRAFT.getValue()) { List<EntryField> invalidFields = EntryUtil.validates(part); if (invalidFields.isEmpty()) entry.setVisibility(Visibility.OK.getValue()); } entry = dao.update(entry); // check pi email String piEmail = entry.getPrincipalInvestigatorEmail(); if (StringUtils.isNotEmpty(piEmail)) { Account pi = DAOFactory.getAccountDAO().getByEmail(piEmail); if (pi != null) { // add write permission for the PI (method also checks to see if permission already exists) AccessPermission accessPermission = new AccessPermission(); accessPermission.setArticle(AccessPermission.Article.ACCOUNT); accessPermission.setArticleId(pi.getId()); accessPermission.setType(AccessPermission.Type.WRITE_ENTRY); accessPermission.setTypeId(entry.getId()); permissionsController.addPermission(userId, accessPermission); } } return entry.getId(); }
protected PartData retrieveEntryDetails(String userId, Entry entry) { // user must be able to read if not public entry if (!permissionsController.isPubliclyVisible(entry)) authorization.expectRead(userId, entry); PartData partData = ModelToInfoFactory.getInfo(entry); if (partData == null) return null; boolean hasSequence = sequenceDAO.hasSequence(entry.getId()); partData.setHasSequence(hasSequence); boolean hasOriginalSequence = sequenceDAO.hasOriginalSequence(entry.getId()); partData.setHasOriginalSequence(hasOriginalSequence); // permissions partData.setCanEdit(authorization.canWriteThoroughCheck(userId, entry)); partData.setPublicRead(permissionsController.isPubliclyVisible(entry)); // create audit event if not owner // todo : remote access check if (userId != null && authorization.getOwner(entry) != null && !authorization.getOwner(entry).equalsIgnoreCase(userId)) { try { Audit audit = new Audit(); audit.setAction(AuditType.READ.getAbbrev()); audit.setEntry(entry); audit.setUserId(userId); audit.setLocalUser(true); audit.setTime(new Date(System.currentTimeMillis())); auditDAO.create(audit); } catch (Exception e) { Logger.error(e); } } // retrieve more information about linked entries if any (default only contains id) if (partData.getLinkedParts() != null) { ArrayList<PartData> newLinks = new ArrayList<>(); for (PartData link : partData.getLinkedParts()) { Entry linkedEntry = dao.get(link.getId()); if (!authorization.canRead(userId, linkedEntry)) continue; link = ModelToInfoFactory.createTipView(linkedEntry); Sequence sequence = sequenceDAO.getByEntry(linkedEntry); if (sequence != null) { link.setBasePairCount(sequence.getSequence().length()); link.setFeatureCount(sequence.getSequenceFeatures().size()); } newLinks.add(link); } partData.getLinkedParts().clear(); partData.getLinkedParts().addAll(newLinks); } // check if there is a parent available List<Entry> parents = dao.getParents(entry.getId()); if (parents == null) return partData; for (Entry parent : parents) { if (!authorization.canRead(userId, parent)) continue; if (parent.getVisibility() != Visibility.OK.getValue() && !authorization.canWriteThoroughCheck(userId, entry)) continue; EntryType type = EntryType.nameToType(parent.getRecordType()); PartData parentData = new PartData(type); parentData.setId(parent.getId()); parentData.setName(parent.getName()); parentData.setVisibility(Visibility.valueToEnum(parent.getVisibility())); partData.getParents().add(parentData); } return partData; }