private boolean isRolePage(PageDef pageDef, HttpServletRequest request) {
//
// Return true if pageDef has a network role or a vdc role
//
boolean rolePage = false;
if (pageDef != null && (pageDef.getNetworkRole() != null || pageDef.getRole() != null)) {
rolePage = true;
}
return rolePage;
}
private boolean isUserAuthorizedForRolePage(
PageDef pageDef, HttpServletRequest request, LoginBean loginBean) {
if (loginBean == null) {
return false;
}
VDC currentVDC = vdcService.getVDCFromRequest(request);
VDCUser user = loginBean.getUser();
VDCRole userRole = null;
String userVDCRoleName = null;
if (currentVDC != null) {
userRole = loginBean.getVDCRole(currentVDC);
}
if (userRole != null) {
userVDCRoleName = userRole.getRole().getName();
}
if (user.getNetworkRole() != null
&& user.getNetworkRole().getName().equals(NetworkRoleServiceLocal.ADMIN)) {
// If you are network admin, you can do anything!
return true;
}
// Do special authorization for EditStudyPages
if (isEditStudyPage(pageDef)) {
return isAuthorizedToEditStudy(pageDef, user, request, currentVDC);
}
// If this page has only has a network role, or if it has both network and vdc roles, but no
// current vdc,
// do authorization based on network role.
if (pageDef != null && (pageDef.getNetworkRole() != null && pageDef.getRole() == null)
|| (pageDef.getNetworkRole() != null && pageDef.getRole() != null && currentVDC == null)) {
if (user.getNetworkRole() != null) {
if (user.getNetworkRole().getId().equals(pageDef.getNetworkRole().getId())) {
return true;
} else {
return false;
}
} else return false;
}
// If this page only has a VDC Role, or if it has both roles and currentVDC exists,
// do authorization based on VDC role.
if (pageDef != null && (pageDef.getRole() != null && pageDef.getNetworkRole() == null)
|| (pageDef.getNetworkRole() != null && pageDef.getRole() != null && currentVDC != null)) {
if (currentVDC == null) {
return false;
}
String pageRoleName = pageDef.getRole().getName();
if (userVDCRoleName == null && !isUserStudyCreator(user, request)) {
return false;
}
if (pageRoleName.equals(RoleServiceLocal.ADMIN)) {
if (userVDCRoleName.equals(RoleServiceLocal.ADMIN)) {
return true;
} else {
return false;
}
}
if (pageRoleName.equals(RoleServiceLocal.CURATOR)) {
if (userVDCRoleName.equals(RoleServiceLocal.CURATOR)
|| userVDCRoleName.equals(RoleServiceLocal.ADMIN)
|| isUserStudyCreator(user, request)) {
return true;
} else {
return false;
}
}
if (pageRoleName.equals(RoleServiceLocal.CONTRIBUTOR)) {
if (userVDCRoleName.equals(RoleServiceLocal.CONTRIBUTOR)
|| userVDCRoleName.equals(RoleServiceLocal.CURATOR)
|| userVDCRoleName.equals(RoleServiceLocal.ADMIN)) {
return true;
} else {
return false;
}
}
}
return false;
}