示例#1
0
  private boolean isVdcRestricted(PageDef pageDef, HttpServletRequest request) {
    boolean restricted = false;
    VDC currentVDC = vdcService.getVDCFromRequest(request);
    if (pageDef != null
        && (pageDef.getName().equals(PageDefServiceLocal.LOGIN_PAGE)
            || pageDef.getName().equals(PageDefServiceLocal.LOGOUT_PAGE))) {
      restricted = false;
    } else if (currentVDC != null && currentVDC.isRestricted()) {
      restricted = true;
    }

    return restricted;
  }
 // ACTION METHODS
 public String save_action() {
   String forwardPage = null;
   if (getVDCRequestBean().getCurrentVDCId() == null) {
     // this is a save against the network
     VDCNetwork vdcnetwork = getVDCRequestBean().getVdcNetwork();
     vdcnetwork.setNetworkPageHeader(banner);
     vdcnetwork.setNetworkPageFooter(footer);
     vdcNetworkService.edit(vdcnetwork);
     getVDCRequestBean().getVdcNetwork().setNetworkPageHeader(banner);
     getVDCRequestBean().getVdcNetwork().setNetworkPageFooter(footer);
     forwardPage = "myNetworkOptions";
   } else {
     VDC vdc = vdcService.find(new Long(getVDCRequestBean().getCurrentVDC().getId()));
     vdc.setHeader(banner);
     vdc.setFooter(footer);
     vdc.setDisplayInFrame(displayInFrame);
     vdc.setParentSite(parentSite);
     vdcService.edit(vdc);
     getVDCRequestBean().setCurrentVDC(vdc);
     forwardPage = "myOptions";
   }
   getVDCRequestBean().setSuccessMessage("Successfully updated layout branding.");
   return forwardPage;
 }
示例#3
0
文件: AddSitePage.java 项目: IQSS/dvn
  public void validateAlias(FacesContext context, UIComponent toValidate, Object value) {
    CharacterValidator charactervalidator = new CharacterValidator();
    charactervalidator.validate(context, toValidate, value);
    String alias = (String) value;

    boolean isValid = false;
    VDC vdc = vdcService.findByAlias(alias);
    if (alias.equals("") || vdc != null) {
      isValid = true;
    }

    if (isValid) {
      ((UIInput) toValidate).setValid(false);

      FacesMessage message = new FacesMessage("This alias is already taken.");
      context.addMessage(toValidate.getClientId(context), message);
    }
    resetScholarProperties();
  }
示例#4
0
文件: AddSitePage.java 项目: IQSS/dvn
  public void validateName(FacesContext context, UIComponent toValidate, Object value) {
    String name = (String) value;
    if (name != null && name.trim().length() == 0) {
      FacesMessage message = new FacesMessage("The dataverse name field must have a value.");
      context.addMessage(toValidate.getClientId(context), message);
      context.renderResponse();
    }
    boolean nameFound = false;
    VDC vdc = vdcService.findByName(name);
    if (vdc != null) {
      nameFound = true;
    }
    if (nameFound) {
      ((UIInput) toValidate).setValid(false);

      FacesMessage message = new FacesMessage("This name is already taken.");
      context.addMessage(toValidate.getClientId(context), message);
    }

    resetScholarProperties();
  }
示例#5
0
  private boolean isUserAuthorizedForNonRolePage(
      PageDef pageDef, HttpServletRequest request, LoginBean loginBean, UserGroup ipUserGroup) {
    VDCUser user = null;
    if (loginBean != null) {
      user = loginBean.getUser();
    }

    if (user != null
        && user.getNetworkRole() != null
        && user.getNetworkRole().getName().equals(NetworkRoleServiceLocal.ADMIN)) {
      // If you are network admin, you can do anything!
      return true;
    }

    VDC currentVDC = vdcService.getVDCFromRequest(request);
    if (currentVDC != null && !isTermsOfUsePage(pageDef) && isVdcRestricted(pageDef, request)) {
      if (currentVDC.isVDCRestrictedForUser(user, ipUserGroup)) {
        return false;
      }
    } else if (pageDef != null
        && (pageDef.getName().equals(PageDefServiceLocal.DV_OPTIONS_PAGE)
            || pageDef.getName().equals(PageDefServiceLocal.ACCOUNT_OPTIONS_PAGE)
            || pageDef.getName().equals(PageDefServiceLocal.ACCOUNT_PAGE)
            || pageDef.getName().equals(PageDefServiceLocal.MANAGE_STUDIES_PAGE))) {
      // For these  pages, the only requirement is
      // to be logged in.
      if (user == null) {
        return false;
      }
      String userParam = request.getParameter("userId");
      if (userParam != null && !userParam.equals(user.getId().toString())) {
        // To view other users, logged in user must be an admin or curator
        if (!(user.isAdmin(currentVDC) || user.isCurator(currentVDC))) {
          return false;
        }
      }
    } else if (isViewStudyPage(pageDef)) {
      Study study = null;
      StudyVersion studyVersion = null;
      String studyId = VDCBaseBean.getParamFromRequestOrComponent("studyId", request);
      String versionNumber = VDCBaseBean.getParamFromRequestOrComponent("versionNumber", request);
      if (studyId != null) {
        study = studyService.getStudy(Long.parseLong(studyId));
        if (versionNumber != null) {
          studyVersion =
              studyService.getStudyVersion(Long.parseLong(studyId), new Long(versionNumber));
        }
      } else {
        study =
            studyService.getStudyByGlobalId(
                VDCBaseBean.getParamFromRequestOrComponent("globalId", request));
      }
      if (study.isStudyRestrictedForUser(user, ipUserGroup)) {
        return false;
      }
      if (studyVersion != null) {
        // If study has been deaccessioned,
        // only show the page if the user is authorized to edit
        if (study.isDeaccessioned() && (user == null || !study.isUserAuthorizedToEdit(user))) {
          return false;
        }
        // If this is a draft version, only show the version if the user is authorized to edit
        if (studyVersion.isWorkingCopy() && (user == null || !study.isUserAuthorizedToEdit(user))) {
          return false;
        }
      }

    } else if (isVersionDiffPage(pageDef)) {
      Study study = null;
      StudyVersion studyVersion1 = null;
      StudyVersion studyVersion2 = null;
      String studyId = VDCBaseBean.getParamFromRequestOrComponent("studyId", request);

      Long[] versionList = VDCRequestBean.parseVersionNumberList(request);

      studyVersion1 = studyService.getStudyVersion(Long.parseLong(studyId), versionList[0]);
      studyVersion2 = studyService.getStudyVersion(Long.parseLong(studyId), versionList[1]);

      if (studyId != null) {
        study = studyService.getStudy(Long.parseLong(studyId));

      } else {
        study =
            studyService.getStudyByGlobalId(
                VDCBaseBean.getParamFromRequestOrComponent("globalId", request));
      }
      if (study.isStudyRestrictedForUser(user, ipUserGroup)) {
        return false;
      }

      // If study has been deaccessioned,
      // only show the page if the user is authorized to edit
      if (study.isDeaccessioned() && (user == null || !study.isUserAuthorizedToEdit(user))) {
        return false;
      }
      // If this is a draft version, only show the version if the user is authorized to edit
      if ((studyVersion1.isWorkingCopy() || studyVersion2.isWorkingCopy())
          && (user == null || !study.isUserAuthorizedToEdit(user))) {
        return false;
      }
      if ("confirmRelease".equals(request.getParameter("actionMode"))
          && !study.isUserAuthorizedToRelease(user)) {
        return false;
      }

    } else if (isSubsettingPage(pageDef)) {
      String dtId = VDCBaseBean.getParamFromRequestOrComponent("dtId", request);

      DataTable dataTable = variableService.getDataTable(Long.parseLong(dtId));
      Study study = dataTable.getStudyFile().getStudy();
      if (study.isStudyRestrictedForUser(user, ipUserGroup)) {
        return false;
      }
    } else if (isExploreDataPage(pageDef)) {
      String fileId = VDCBaseBean.getParamFromRequestOrComponent("fileId", request);
      StudyFile sf = studyFileService.getStudyFile(Long.parseLong(fileId));
      if (sf.isFileRestrictedForUser(user, currentVDC, ipUserGroup)) {
        return false;
      }
    } else if (isEditAccountPage(pageDef)) {
      String userId = VDCBaseBean.getParamFromRequestOrComponent("userId", request);
      if (user == null || user.getId() != Long.parseLong(userId)) {
        return false;
      }
    } else if (isManifestPage(pageDef)) {

      LockssConfig chkLockssConfig = getLockssConfig(currentVDC);
      if (chkLockssConfig == null) {
        return false;
      } else if (chkLockssConfig.getserverAccess().equals(ServerAccess.GROUP)) {
        VDCRole userRole = null;
        String userVDCRoleName = null;
        if (user != null && currentVDC != null) {
          userRole = loginBean.getVDCRole(currentVDC);
        }
        if (user != null && userRole != null && user.isAdmin(currentVDC)) {
          return true;
        }

        if (user != null
            && user.getNetworkRole() != null
            && user.getNetworkRole().getName().equals(NetworkRoleServiceLocal.ADMIN)) {
          // If you are network admin, you can do anything!
          return true;
        }

        if (!lockssAuth.isAuthorizedLockssServer(currentVDC, request)) {
          return false;
        }
      }
    }
    return true;
  }
示例#6
0
  private boolean isUserAuthorizedForRolePage(
      PageDef pageDef, HttpServletRequest request, LoginBean loginBean) {
    if (loginBean == null) {
      return false;
    }
    VDC currentVDC = vdcService.getVDCFromRequest(request);
    VDCUser user = loginBean.getUser();

    VDCRole userRole = null;
    String userVDCRoleName = null;
    if (currentVDC != null) {
      userRole = loginBean.getVDCRole(currentVDC);
    }
    if (userRole != null) {
      userVDCRoleName = userRole.getRole().getName();
    }

    if (user.getNetworkRole() != null
        && user.getNetworkRole().getName().equals(NetworkRoleServiceLocal.ADMIN)) {
      // If you are network admin, you can do anything!
      return true;
    }
    // Do special authorization for EditStudyPages
    if (isEditStudyPage(pageDef)) {
      return isAuthorizedToEditStudy(pageDef, user, request, currentVDC);
    }

    // If this page has only has a network role, or if it has both network and vdc roles, but no
    // current vdc,
    // do authorization based on network role.
    if (pageDef != null && (pageDef.getNetworkRole() != null && pageDef.getRole() == null)
        || (pageDef.getNetworkRole() != null && pageDef.getRole() != null && currentVDC == null)) {
      if (user.getNetworkRole() != null) {
        if (user.getNetworkRole().getId().equals(pageDef.getNetworkRole().getId())) {
          return true;
        } else {
          return false;
        }
      } else return false;
    }
    // If this page only has a VDC Role,  or if it has both roles and  currentVDC exists,
    // do authorization based on VDC role.
    if (pageDef != null && (pageDef.getRole() != null && pageDef.getNetworkRole() == null)
        || (pageDef.getNetworkRole() != null && pageDef.getRole() != null && currentVDC != null)) {
      if (currentVDC == null) {
        return false;
      }
      String pageRoleName = pageDef.getRole().getName();
      if (userVDCRoleName == null && !isUserStudyCreator(user, request)) {
        return false;
      }

      if (pageRoleName.equals(RoleServiceLocal.ADMIN)) {
        if (userVDCRoleName.equals(RoleServiceLocal.ADMIN)) {
          return true;
        } else {
          return false;
        }
      }
      if (pageRoleName.equals(RoleServiceLocal.CURATOR)) {
        if (userVDCRoleName.equals(RoleServiceLocal.CURATOR)
            || userVDCRoleName.equals(RoleServiceLocal.ADMIN)
            || isUserStudyCreator(user, request)) {
          return true;
        } else {
          return false;
        }
      }
      if (pageRoleName.equals(RoleServiceLocal.CONTRIBUTOR)) {
        if (userVDCRoleName.equals(RoleServiceLocal.CONTRIBUTOR)
            || userVDCRoleName.equals(RoleServiceLocal.CURATOR)
            || userVDCRoleName.equals(RoleServiceLocal.ADMIN)) {
          return true;
        } else {
          return false;
        }
      }
    }

    return false;
  }
示例#7
0
  /**
   * @param request The servlet request we are processing
   * @param result The servlet response we are creating
   * @param chain The filter chain we are processing
   * @exception IOException if an input/output error occurs
   * @exception ServletException if a servlet error occurs
   */
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
      throws IOException, ServletException {

    HttpServletRequest httpRequest = (HttpServletRequest) request;
    HttpServletResponse httpResponse = (HttpServletResponse) response;
    String requestPath = httpRequest.getPathInfo();
    VDC currentVDC = vdcService.getVDCFromRequest(httpRequest);

    if (requestPath != null && requestPath.endsWith(".jsp")) {
      String redirectURL = httpRequest.getContextPath();
      if (currentVDC != null) {
        redirectURL += "/dv/" + currentVDC.getAlias();
      }
      httpResponse.sendRedirect(redirectURL + "/faces/NotFoundPage.xhtml");
      return;
    }
    PageDef pageDef = pageDefService.findByPath(requestPath);

    // check for invalid study Id or study versionNumber
    // for right now, do this with a sendRedirect, though we should try to figure out a solution
    // with a forward isntead; that way the user can fix the issue in the URL and easily try again
    if (isViewStudyPage(pageDef) || isEditStudyPage(pageDef) || isVersionDiffPage(pageDef)) {
      Long studyId = determineStudyId(pageDef, httpRequest);

      if (isVersionDiffPage(pageDef)) {
        Long[] versionDiffNumbers = VDCRequestBean.parseVersionNumberList(httpRequest);
        if (versionDiffNumbers == null || studyId == null) {
          String redirectURL = httpRequest.getContextPath();
          if (currentVDC != null) {
            redirectURL += "/dv/" + currentVDC.getAlias();
          }
          httpResponse.sendRedirect(redirectURL + "/faces/NotFoundPage.xhtml");
          return;
        } else {
          try {
            // Get the studyVersions to test that the versionNumbers exist for this study.
            // If they don't exist, an EJBException will be thrown.
            StudyVersion sv1 = studyService.getStudyVersion(studyId, versionDiffNumbers[0]);
            StudyVersion sv2 = studyService.getStudyVersion(studyId, versionDiffNumbers[1]);
          } catch (EJBException e) {
            if (e.getCause() instanceof IllegalArgumentException) {
              String redirectURL = httpRequest.getContextPath();
              if (currentVDC != null) {
                redirectURL += "/dv/" + currentVDC.getAlias();
              }
              httpResponse.sendRedirect(redirectURL + "/faces/IdDoesNotExistPage.xhtml");
              return;
            } else {
              throw e;
            }
          }
        }
      } else if (studyId != null) {
        try {
          String versionNumberParam = httpRequest.getParameter("versionNumber");

          if (versionNumberParam != null) {
            Long versionNumber = new Long(versionNumberParam);
            StudyVersion sv = studyService.getStudyVersion(studyId, versionNumber);

          } else {
            // Get the study to make sure that the studyId exists.
            // If it doesn't exist, and EJBException will be thrown.
            Study study = studyService.getStudy(studyId);
          }
        } catch (EJBException e) {
          if (e.getCause() instanceof IllegalArgumentException) {
            String redirectURL = httpRequest.getContextPath();
            if (currentVDC != null) {
              redirectURL += "/dv/" + currentVDC.getAlias();
            }
            httpResponse.sendRedirect(redirectURL + "/faces/IdDoesNotExistPage.xhtml");
            return;
          } else {
            throw e;
          }
        } catch (NumberFormatException e) {
          String redirectURL = httpRequest.getContextPath();
          if (currentVDC != null) {
            redirectURL += "/dv/" + currentVDC.getAlias();
          }
          httpResponse.sendRedirect(redirectURL + "/faces/NotFoundPage.xhtml");
          return;
        }
      }
    }

    setOriginalUrl(httpRequest, httpResponse, currentVDC);

    LoginBean loginBean = getLoginBean(request);
    UserGroup ipUserGroup = null;
    if (loginBean == null) {
      ipUserGroup = getIpGroup(httpRequest);
    } else {
      HttpSession session = ((HttpServletRequest) request).getSession(false);
    }

    String loginURI = (String) httpRequest.getSession().getAttribute("LOGIN_REDIRECT");
    if (loginURI != null) {
      httpRequest.getSession().removeAttribute("LOGIN_REDIRECT");
      httpResponse.sendRedirect(loginURI);
    } else {
      boolean authorized = false;
      if (isRolePage(pageDef, httpRequest)) {
        if (isUserAuthorizedForRolePage(pageDef, httpRequest, loginBean)) {
          authorized = true;
        }

      } else if (isUserAuthorizedForNonRolePage(pageDef, httpRequest, loginBean, ipUserGroup)) {
        authorized = true;
      }

      if (!authorized) {
        if (loginBean == null) {
          redirectToLogin(httpRequest, httpResponse, currentVDC);
        } else {
          PageDef redirectPageDef =
              pageDefService.findByName(PageDefServiceLocal.UNAUTHORIZED_PAGE);
          httpResponse.sendRedirect(
              httpRequest.getContextPath() + "/faces" + redirectPageDef.getPath());
        }
      } else {
        if (isCheckLockPage(pageDef) && studyLockedMessage(pageDef, httpRequest) != null) {

          PageDef redirectPageDef = pageDefService.findByName(PageDefServiceLocal.STUDYLOCKED_PAGE);
          httpResponse.sendRedirect(
              httpRequest.getContextPath()
                  + "/faces"
                  + redirectPageDef.getPath()
                  + "?message="
                  + studyLockedMessage(pageDef, httpRequest));
        } else {

          try {
            chain.doFilter(request, response);
          } catch (Throwable t) {
            //
            // If an exception is thrown somewhere down the filter chain,
            // we still want to execute our after processing, and then
            // rethrow the problem after that.
            //

            t.printStackTrace();
          }
        }
      }
    }
  }
示例#8
0
文件: AddSitePage.java 项目: IQSS/dvn
  public String createScholarDataverse() {
    String dataversetype = dataverseType;

    String name = (String) dataverseName.getValue();
    String alias = (String) dataverseAlias.getValue();
    String strAffiliation = (String) affiliation.getValue();
    String strShortDescription = (String) shortDescription.getValue();
    Long userId = getVDCSessionBean().getLoginBean().getUser().getId();

    if (validateClassificationCheckBoxes()) {
      vdcService.createScholarDataverse(
          userId, firstName, lastName, name, strAffiliation, alias, dataversetype);
      VDC createdScholarDataverse = vdcService.findScholarDataverseByAlias(alias);
      saveClassifications(createdScholarDataverse);

      //  add default values to the VDC table and commit/set the vdc bean props
      createdScholarDataverse.setDisplayNetworkAnnouncements(
          getVDCRequestBean().getCurrentVdcNetwork().isDisplayAnnouncements());
      createdScholarDataverse.setDisplayAnnouncements(
          getVDCRequestBean().getCurrentVdcNetwork().isDisplayVDCAnnouncements());
      // on create if description is blank uncheck display flag
      if (strShortDescription.isEmpty()) {
        createdScholarDataverse.setDisplayAnnouncements(false);
      }
      createdScholarDataverse.setAnnouncements(
          getVDCRequestBean().getCurrentVdcNetwork().getDefaultVDCAnnouncements());
      createdScholarDataverse.setDisplayNewStudies(
          getVDCRequestBean().getCurrentVdcNetwork().isDisplayVDCRecentStudies());
      createdScholarDataverse.setAboutThisDataverse(
          getVDCRequestBean().getCurrentVdcNetwork().getDefaultVDCAboutText());
      createdScholarDataverse.setContactEmail(
          getVDCSessionBean().getLoginBean().getUser().getEmail());
      createdScholarDataverse.setDvnDescription(strShortDescription);
      createdScholarDataverse.setAnnouncements(
          strShortDescription); // also set default dv home page description from the the DVN home
                                // page short description
      VDCNetwork vdcNetwork;
      if (selectSubNetworkId != null && selectSubNetworkId > 0) {
        vdcNetwork = vdcNetworkService.findById(selectSubNetworkId);
        createdScholarDataverse.setVdcNetwork(vdcNetwork);
      } else {
        vdcNetwork = vdcNetworkService.findRootNetwork();
        createdScholarDataverse.setVdcNetwork(vdcNetwork);
      }
      // Set default template to subnet's default template
      Template template = vdcNetwork.getDefaultTemplate();
      createdScholarDataverse.setDefaultTemplate(template);

      vdcService.edit(createdScholarDataverse);

      String hostUrl = PropertyUtil.getHostUrl();
      VDCUser creator =
          userService.findByUserName(getVDCSessionBean().getLoginBean().getUser().getUserName());
      String toMailAddress = getVDCSessionBean().getLoginBean().getUser().getEmail();
      String siteAddress = hostUrl + "/dvn/dv/" + createdScholarDataverse.getAlias();

      mailService.sendAddSiteNotification(toMailAddress, name, siteAddress);

      // Refresh User object in LoginBean so it contains the user's new role of VDC administrator.
      getVDCSessionBean().getLoginBean().setUser(creator);
      getVDCRenderBean().getFlash().put("successMessage", "Your new dataverse has been created!");
      return "/site/AddSiteSuccessPage?faces-redirect=true&vdcId="
          + createdScholarDataverse.getId();
    } else {
      return null;
    }
  }