private boolean isVdcRestricted(PageDef pageDef, HttpServletRequest request) {
boolean restricted = false;
VDC currentVDC = vdcService.getVDCFromRequest(request);
if (pageDef != null
&& (pageDef.getName().equals(PageDefServiceLocal.LOGIN_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.LOGOUT_PAGE))) {
restricted = false;
} else if (currentVDC != null && currentVDC.isRestricted()) {
restricted = true;
}
return restricted;
}
// ACTION METHODS
public String save_action() {
String forwardPage = null;
if (getVDCRequestBean().getCurrentVDCId() == null) {
// this is a save against the network
VDCNetwork vdcnetwork = getVDCRequestBean().getVdcNetwork();
vdcnetwork.setNetworkPageHeader(banner);
vdcnetwork.setNetworkPageFooter(footer);
vdcNetworkService.edit(vdcnetwork);
getVDCRequestBean().getVdcNetwork().setNetworkPageHeader(banner);
getVDCRequestBean().getVdcNetwork().setNetworkPageFooter(footer);
forwardPage = "myNetworkOptions";
} else {
VDC vdc = vdcService.find(new Long(getVDCRequestBean().getCurrentVDC().getId()));
vdc.setHeader(banner);
vdc.setFooter(footer);
vdc.setDisplayInFrame(displayInFrame);
vdc.setParentSite(parentSite);
vdcService.edit(vdc);
getVDCRequestBean().setCurrentVDC(vdc);
forwardPage = "myOptions";
}
getVDCRequestBean().setSuccessMessage("Successfully updated layout branding.");
return forwardPage;
}
public void validateAlias(FacesContext context, UIComponent toValidate, Object value) {
CharacterValidator charactervalidator = new CharacterValidator();
charactervalidator.validate(context, toValidate, value);
String alias = (String) value;
boolean isValid = false;
VDC vdc = vdcService.findByAlias(alias);
if (alias.equals("") || vdc != null) {
isValid = true;
}
if (isValid) {
((UIInput) toValidate).setValid(false);
FacesMessage message = new FacesMessage("This alias is already taken.");
context.addMessage(toValidate.getClientId(context), message);
}
resetScholarProperties();
}
public void validateName(FacesContext context, UIComponent toValidate, Object value) {
String name = (String) value;
if (name != null && name.trim().length() == 0) {
FacesMessage message = new FacesMessage("The dataverse name field must have a value.");
context.addMessage(toValidate.getClientId(context), message);
context.renderResponse();
}
boolean nameFound = false;
VDC vdc = vdcService.findByName(name);
if (vdc != null) {
nameFound = true;
}
if (nameFound) {
((UIInput) toValidate).setValid(false);
FacesMessage message = new FacesMessage("This name is already taken.");
context.addMessage(toValidate.getClientId(context), message);
}
resetScholarProperties();
}
private boolean isUserAuthorizedForNonRolePage(
PageDef pageDef, HttpServletRequest request, LoginBean loginBean, UserGroup ipUserGroup) {
VDCUser user = null;
if (loginBean != null) {
user = loginBean.getUser();
}
if (user != null
&& user.getNetworkRole() != null
&& user.getNetworkRole().getName().equals(NetworkRoleServiceLocal.ADMIN)) {
// If you are network admin, you can do anything!
return true;
}
VDC currentVDC = vdcService.getVDCFromRequest(request);
if (currentVDC != null && !isTermsOfUsePage(pageDef) && isVdcRestricted(pageDef, request)) {
if (currentVDC.isVDCRestrictedForUser(user, ipUserGroup)) {
return false;
}
} else if (pageDef != null
&& (pageDef.getName().equals(PageDefServiceLocal.DV_OPTIONS_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.ACCOUNT_OPTIONS_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.ACCOUNT_PAGE)
|| pageDef.getName().equals(PageDefServiceLocal.MANAGE_STUDIES_PAGE))) {
// For these pages, the only requirement is
// to be logged in.
if (user == null) {
return false;
}
String userParam = request.getParameter("userId");
if (userParam != null && !userParam.equals(user.getId().toString())) {
// To view other users, logged in user must be an admin or curator
if (!(user.isAdmin(currentVDC) || user.isCurator(currentVDC))) {
return false;
}
}
} else if (isViewStudyPage(pageDef)) {
Study study = null;
StudyVersion studyVersion = null;
String studyId = VDCBaseBean.getParamFromRequestOrComponent("studyId", request);
String versionNumber = VDCBaseBean.getParamFromRequestOrComponent("versionNumber", request);
if (studyId != null) {
study = studyService.getStudy(Long.parseLong(studyId));
if (versionNumber != null) {
studyVersion =
studyService.getStudyVersion(Long.parseLong(studyId), new Long(versionNumber));
}
} else {
study =
studyService.getStudyByGlobalId(
VDCBaseBean.getParamFromRequestOrComponent("globalId", request));
}
if (study.isStudyRestrictedForUser(user, ipUserGroup)) {
return false;
}
if (studyVersion != null) {
// If study has been deaccessioned,
// only show the page if the user is authorized to edit
if (study.isDeaccessioned() && (user == null || !study.isUserAuthorizedToEdit(user))) {
return false;
}
// If this is a draft version, only show the version if the user is authorized to edit
if (studyVersion.isWorkingCopy() && (user == null || !study.isUserAuthorizedToEdit(user))) {
return false;
}
}
} else if (isVersionDiffPage(pageDef)) {
Study study = null;
StudyVersion studyVersion1 = null;
StudyVersion studyVersion2 = null;
String studyId = VDCBaseBean.getParamFromRequestOrComponent("studyId", request);
Long[] versionList = VDCRequestBean.parseVersionNumberList(request);
studyVersion1 = studyService.getStudyVersion(Long.parseLong(studyId), versionList[0]);
studyVersion2 = studyService.getStudyVersion(Long.parseLong(studyId), versionList[1]);
if (studyId != null) {
study = studyService.getStudy(Long.parseLong(studyId));
} else {
study =
studyService.getStudyByGlobalId(
VDCBaseBean.getParamFromRequestOrComponent("globalId", request));
}
if (study.isStudyRestrictedForUser(user, ipUserGroup)) {
return false;
}
// If study has been deaccessioned,
// only show the page if the user is authorized to edit
if (study.isDeaccessioned() && (user == null || !study.isUserAuthorizedToEdit(user))) {
return false;
}
// If this is a draft version, only show the version if the user is authorized to edit
if ((studyVersion1.isWorkingCopy() || studyVersion2.isWorkingCopy())
&& (user == null || !study.isUserAuthorizedToEdit(user))) {
return false;
}
if ("confirmRelease".equals(request.getParameter("actionMode"))
&& !study.isUserAuthorizedToRelease(user)) {
return false;
}
} else if (isSubsettingPage(pageDef)) {
String dtId = VDCBaseBean.getParamFromRequestOrComponent("dtId", request);
DataTable dataTable = variableService.getDataTable(Long.parseLong(dtId));
Study study = dataTable.getStudyFile().getStudy();
if (study.isStudyRestrictedForUser(user, ipUserGroup)) {
return false;
}
} else if (isExploreDataPage(pageDef)) {
String fileId = VDCBaseBean.getParamFromRequestOrComponent("fileId", request);
StudyFile sf = studyFileService.getStudyFile(Long.parseLong(fileId));
if (sf.isFileRestrictedForUser(user, currentVDC, ipUserGroup)) {
return false;
}
} else if (isEditAccountPage(pageDef)) {
String userId = VDCBaseBean.getParamFromRequestOrComponent("userId", request);
if (user == null || user.getId() != Long.parseLong(userId)) {
return false;
}
} else if (isManifestPage(pageDef)) {
LockssConfig chkLockssConfig = getLockssConfig(currentVDC);
if (chkLockssConfig == null) {
return false;
} else if (chkLockssConfig.getserverAccess().equals(ServerAccess.GROUP)) {
VDCRole userRole = null;
String userVDCRoleName = null;
if (user != null && currentVDC != null) {
userRole = loginBean.getVDCRole(currentVDC);
}
if (user != null && userRole != null && user.isAdmin(currentVDC)) {
return true;
}
if (user != null
&& user.getNetworkRole() != null
&& user.getNetworkRole().getName().equals(NetworkRoleServiceLocal.ADMIN)) {
// If you are network admin, you can do anything!
return true;
}
if (!lockssAuth.isAuthorizedLockssServer(currentVDC, request)) {
return false;
}
}
}
return true;
}
private boolean isUserAuthorizedForRolePage(
PageDef pageDef, HttpServletRequest request, LoginBean loginBean) {
if (loginBean == null) {
return false;
}
VDC currentVDC = vdcService.getVDCFromRequest(request);
VDCUser user = loginBean.getUser();
VDCRole userRole = null;
String userVDCRoleName = null;
if (currentVDC != null) {
userRole = loginBean.getVDCRole(currentVDC);
}
if (userRole != null) {
userVDCRoleName = userRole.getRole().getName();
}
if (user.getNetworkRole() != null
&& user.getNetworkRole().getName().equals(NetworkRoleServiceLocal.ADMIN)) {
// If you are network admin, you can do anything!
return true;
}
// Do special authorization for EditStudyPages
if (isEditStudyPage(pageDef)) {
return isAuthorizedToEditStudy(pageDef, user, request, currentVDC);
}
// If this page has only has a network role, or if it has both network and vdc roles, but no
// current vdc,
// do authorization based on network role.
if (pageDef != null && (pageDef.getNetworkRole() != null && pageDef.getRole() == null)
|| (pageDef.getNetworkRole() != null && pageDef.getRole() != null && currentVDC == null)) {
if (user.getNetworkRole() != null) {
if (user.getNetworkRole().getId().equals(pageDef.getNetworkRole().getId())) {
return true;
} else {
return false;
}
} else return false;
}
// If this page only has a VDC Role, or if it has both roles and currentVDC exists,
// do authorization based on VDC role.
if (pageDef != null && (pageDef.getRole() != null && pageDef.getNetworkRole() == null)
|| (pageDef.getNetworkRole() != null && pageDef.getRole() != null && currentVDC != null)) {
if (currentVDC == null) {
return false;
}
String pageRoleName = pageDef.getRole().getName();
if (userVDCRoleName == null && !isUserStudyCreator(user, request)) {
return false;
}
if (pageRoleName.equals(RoleServiceLocal.ADMIN)) {
if (userVDCRoleName.equals(RoleServiceLocal.ADMIN)) {
return true;
} else {
return false;
}
}
if (pageRoleName.equals(RoleServiceLocal.CURATOR)) {
if (userVDCRoleName.equals(RoleServiceLocal.CURATOR)
|| userVDCRoleName.equals(RoleServiceLocal.ADMIN)
|| isUserStudyCreator(user, request)) {
return true;
} else {
return false;
}
}
if (pageRoleName.equals(RoleServiceLocal.CONTRIBUTOR)) {
if (userVDCRoleName.equals(RoleServiceLocal.CONTRIBUTOR)
|| userVDCRoleName.equals(RoleServiceLocal.CURATOR)
|| userVDCRoleName.equals(RoleServiceLocal.ADMIN)) {
return true;
} else {
return false;
}
}
}
return false;
}
/**
* @param request The servlet request we are processing
* @param result The servlet response we are creating
* @param chain The filter chain we are processing
* @exception IOException if an input/output error occurs
* @exception ServletException if a servlet error occurs
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
String requestPath = httpRequest.getPathInfo();
VDC currentVDC = vdcService.getVDCFromRequest(httpRequest);
if (requestPath != null && requestPath.endsWith(".jsp")) {
String redirectURL = httpRequest.getContextPath();
if (currentVDC != null) {
redirectURL += "/dv/" + currentVDC.getAlias();
}
httpResponse.sendRedirect(redirectURL + "/faces/NotFoundPage.xhtml");
return;
}
PageDef pageDef = pageDefService.findByPath(requestPath);
// check for invalid study Id or study versionNumber
// for right now, do this with a sendRedirect, though we should try to figure out a solution
// with a forward isntead; that way the user can fix the issue in the URL and easily try again
if (isViewStudyPage(pageDef) || isEditStudyPage(pageDef) || isVersionDiffPage(pageDef)) {
Long studyId = determineStudyId(pageDef, httpRequest);
if (isVersionDiffPage(pageDef)) {
Long[] versionDiffNumbers = VDCRequestBean.parseVersionNumberList(httpRequest);
if (versionDiffNumbers == null || studyId == null) {
String redirectURL = httpRequest.getContextPath();
if (currentVDC != null) {
redirectURL += "/dv/" + currentVDC.getAlias();
}
httpResponse.sendRedirect(redirectURL + "/faces/NotFoundPage.xhtml");
return;
} else {
try {
// Get the studyVersions to test that the versionNumbers exist for this study.
// If they don't exist, an EJBException will be thrown.
StudyVersion sv1 = studyService.getStudyVersion(studyId, versionDiffNumbers[0]);
StudyVersion sv2 = studyService.getStudyVersion(studyId, versionDiffNumbers[1]);
} catch (EJBException e) {
if (e.getCause() instanceof IllegalArgumentException) {
String redirectURL = httpRequest.getContextPath();
if (currentVDC != null) {
redirectURL += "/dv/" + currentVDC.getAlias();
}
httpResponse.sendRedirect(redirectURL + "/faces/IdDoesNotExistPage.xhtml");
return;
} else {
throw e;
}
}
}
} else if (studyId != null) {
try {
String versionNumberParam = httpRequest.getParameter("versionNumber");
if (versionNumberParam != null) {
Long versionNumber = new Long(versionNumberParam);
StudyVersion sv = studyService.getStudyVersion(studyId, versionNumber);
} else {
// Get the study to make sure that the studyId exists.
// If it doesn't exist, and EJBException will be thrown.
Study study = studyService.getStudy(studyId);
}
} catch (EJBException e) {
if (e.getCause() instanceof IllegalArgumentException) {
String redirectURL = httpRequest.getContextPath();
if (currentVDC != null) {
redirectURL += "/dv/" + currentVDC.getAlias();
}
httpResponse.sendRedirect(redirectURL + "/faces/IdDoesNotExistPage.xhtml");
return;
} else {
throw e;
}
} catch (NumberFormatException e) {
String redirectURL = httpRequest.getContextPath();
if (currentVDC != null) {
redirectURL += "/dv/" + currentVDC.getAlias();
}
httpResponse.sendRedirect(redirectURL + "/faces/NotFoundPage.xhtml");
return;
}
}
}
setOriginalUrl(httpRequest, httpResponse, currentVDC);
LoginBean loginBean = getLoginBean(request);
UserGroup ipUserGroup = null;
if (loginBean == null) {
ipUserGroup = getIpGroup(httpRequest);
} else {
HttpSession session = ((HttpServletRequest) request).getSession(false);
}
String loginURI = (String) httpRequest.getSession().getAttribute("LOGIN_REDIRECT");
if (loginURI != null) {
httpRequest.getSession().removeAttribute("LOGIN_REDIRECT");
httpResponse.sendRedirect(loginURI);
} else {
boolean authorized = false;
if (isRolePage(pageDef, httpRequest)) {
if (isUserAuthorizedForRolePage(pageDef, httpRequest, loginBean)) {
authorized = true;
}
} else if (isUserAuthorizedForNonRolePage(pageDef, httpRequest, loginBean, ipUserGroup)) {
authorized = true;
}
if (!authorized) {
if (loginBean == null) {
redirectToLogin(httpRequest, httpResponse, currentVDC);
} else {
PageDef redirectPageDef =
pageDefService.findByName(PageDefServiceLocal.UNAUTHORIZED_PAGE);
httpResponse.sendRedirect(
httpRequest.getContextPath() + "/faces" + redirectPageDef.getPath());
}
} else {
if (isCheckLockPage(pageDef) && studyLockedMessage(pageDef, httpRequest) != null) {
PageDef redirectPageDef = pageDefService.findByName(PageDefServiceLocal.STUDYLOCKED_PAGE);
httpResponse.sendRedirect(
httpRequest.getContextPath()
+ "/faces"
+ redirectPageDef.getPath()
+ "?message="
+ studyLockedMessage(pageDef, httpRequest));
} else {
try {
chain.doFilter(request, response);
} catch (Throwable t) {
//
// If an exception is thrown somewhere down the filter chain,
// we still want to execute our after processing, and then
// rethrow the problem after that.
//
t.printStackTrace();
}
}
}
}
}
public String createScholarDataverse() {
String dataversetype = dataverseType;
String name = (String) dataverseName.getValue();
String alias = (String) dataverseAlias.getValue();
String strAffiliation = (String) affiliation.getValue();
String strShortDescription = (String) shortDescription.getValue();
Long userId = getVDCSessionBean().getLoginBean().getUser().getId();
if (validateClassificationCheckBoxes()) {
vdcService.createScholarDataverse(
userId, firstName, lastName, name, strAffiliation, alias, dataversetype);
VDC createdScholarDataverse = vdcService.findScholarDataverseByAlias(alias);
saveClassifications(createdScholarDataverse);
// add default values to the VDC table and commit/set the vdc bean props
createdScholarDataverse.setDisplayNetworkAnnouncements(
getVDCRequestBean().getCurrentVdcNetwork().isDisplayAnnouncements());
createdScholarDataverse.setDisplayAnnouncements(
getVDCRequestBean().getCurrentVdcNetwork().isDisplayVDCAnnouncements());
// on create if description is blank uncheck display flag
if (strShortDescription.isEmpty()) {
createdScholarDataverse.setDisplayAnnouncements(false);
}
createdScholarDataverse.setAnnouncements(
getVDCRequestBean().getCurrentVdcNetwork().getDefaultVDCAnnouncements());
createdScholarDataverse.setDisplayNewStudies(
getVDCRequestBean().getCurrentVdcNetwork().isDisplayVDCRecentStudies());
createdScholarDataverse.setAboutThisDataverse(
getVDCRequestBean().getCurrentVdcNetwork().getDefaultVDCAboutText());
createdScholarDataverse.setContactEmail(
getVDCSessionBean().getLoginBean().getUser().getEmail());
createdScholarDataverse.setDvnDescription(strShortDescription);
createdScholarDataverse.setAnnouncements(
strShortDescription); // also set default dv home page description from the the DVN home
// page short description
VDCNetwork vdcNetwork;
if (selectSubNetworkId != null && selectSubNetworkId > 0) {
vdcNetwork = vdcNetworkService.findById(selectSubNetworkId);
createdScholarDataverse.setVdcNetwork(vdcNetwork);
} else {
vdcNetwork = vdcNetworkService.findRootNetwork();
createdScholarDataverse.setVdcNetwork(vdcNetwork);
}
// Set default template to subnet's default template
Template template = vdcNetwork.getDefaultTemplate();
createdScholarDataverse.setDefaultTemplate(template);
vdcService.edit(createdScholarDataverse);
String hostUrl = PropertyUtil.getHostUrl();
VDCUser creator =
userService.findByUserName(getVDCSessionBean().getLoginBean().getUser().getUserName());
String toMailAddress = getVDCSessionBean().getLoginBean().getUser().getEmail();
String siteAddress = hostUrl + "/dvn/dv/" + createdScholarDataverse.getAlias();
mailService.sendAddSiteNotification(toMailAddress, name, siteAddress);
// Refresh User object in LoginBean so it contains the user's new role of VDC administrator.
getVDCSessionBean().getLoginBean().setUser(creator);
getVDCRenderBean().getFlash().put("successMessage", "Your new dataverse has been created!");
return "/site/AddSiteSuccessPage?faces-redirect=true&vdcId="
+ createdScholarDataverse.getId();
} else {
return null;
}
}