/** * Generates a List of unique identifiers for campaigns based on the parameters. The List is based * on the 'campaignIds' parameter unless it is null in which case the List is based on all * campaigns visible to the user. All parameters except 'request' and 'username' are optional and * each will filter the resulting List of campaign identifiers.<br> * <br> * <br> * For example, if 'campaignIds' was null as were 'endDate' and 'privacyState', then what would be * returned would be the intersection of the following lists:<br> * - All of the campaigns to which the user was associated (because 'campaignIds' was null).<br> * - All of the campaigns that are associated with any of the classes whose unique identifier was * in the 'classIds' list.<br> * - All of the campaigns whose creation timestamp was equal to or after 'startDate'<br> * - All of the campaigns whose running state equaled 'runningState'.<br> * - All of the campaigns to which the user had the campaign role 'role'. <br> * <br> * Therefore, if a campaign was associated with a user only through a single class, but that class * wasn't in the 'classIds' list, then that campaign ID would not be returned even if all of the * other parameters matched. * * @param request The Request that is performing this service. * @param username The username of the user. * @param campaignIds An optional Collection of campaign identifiers from which to base the List. * If this is empty, the resulting List will be empty. If this is null, the base List will be * all campaigns to which the user is associated. * @param classIds A Collection of unique identifiers for classes where the resulting list will * only contain campaign identifiers for campaigns that are associated with any of these * classes. * @param startDate A Calendar where only campaigns whose creation timestamp is equal to or after * this date. * @param endDate A Calendar where only campaigns whose creation timestamp is equal to or before * this date. * @param privacyState A campaign privacy state that trims the resulting list of campaigns to only * those that have this privacy state. * @param runningState A campaign running state that trims the resulting list of campaigns to only * those that have this running state. * @param role A campaign role that trims the resulting list of campaigns to only those where the * user has that role in the campaign. * @return A List of campaign unique identifiers based on the 'campaignIds' parameter and trimmed * by the rest of the parameters. * @throws ServiceException Thrown if there is an error. */ public static List<String> getCampaignsForUser( Request request, String username, Collection<String> campaignIds, Collection<String> classIds, Calendar startDate, Calendar endDate, CampaignPrivacyStateCache.PrivacyState privacyState, CampaignRunningStateCache.RunningState runningState, CampaignRoleCache.Role role) throws ServiceException, DataAccessException { Set<String> desiredCampaignIds = new HashSet<String>(); if (campaignIds == null) { // Initializes the list with all of the campaign IDs for the // requesting user. desiredCampaignIds.addAll(UserCampaignDaos.getCampaignIdsAndNameForUser(username).keySet()); } else { // Initializes the list with the campaign IDs in the query. desiredCampaignIds.addAll(campaignIds); } if (classIds != null) { // Get all of the campaigns associated with all of the classes in // the list. for (String classId : classIds) { desiredCampaignIds.retainAll(CampaignClassDaos.getCampaignsAssociatedWithClass(classId)); } } if (startDate != null) { // Get all of the campaigns whose creation timestamp is greater // than or equal to the start date. desiredCampaignIds.retainAll(CampaignDaos.getCampaignsOnOrAfterDate(startDate)); } if (endDate != null) { // Get all of the campaigns whose creation timestamp is less than // or equal to the end date. desiredCampaignIds.retainAll(CampaignDaos.getCampaignsOnOrBeforeDate(endDate)); } if (privacyState != null) { // Get all of the campaigns with a privacy state of 'privacyState'. desiredCampaignIds.retainAll(CampaignDaos.getCampaignsWithPrivacyState(privacyState)); } if (runningState != null) { // Get all of the campaigns with a running state of 'runningState'. desiredCampaignIds.retainAll(CampaignDaos.getCampaignsWithRunningState(runningState)); } if (role != null) { // Get all of the campaigns where the user's role is 'role'. desiredCampaignIds.retainAll(UserCampaignDaos.getCampaignIdsForUserWithRole(username, role)); } return new ArrayList<String>(desiredCampaignIds); }
/** * Gathers the requested information about a campaign. This will be at least its name, description * (possibly null), running state, privacy state, creation timestamp, and all of the requesting * user's roles in the campaign.<br> * <br> * The extras include the campaign's XML, all of the users associated with the campaign and their * roles, and all of the classes associated with the campaign. * * @param request The Request that is performing this service. * @param username The username of the user whose roles in the campaign are desired. * @param campaignIds The IDs for the campaigns whose information is desired. * @param withExtras A flag to indicate if the extra information should be included in each * Campaign object. * @return A map of campaigns and their information to the list of roles for this user in the * campaign. * @throws ServiceException Thrown if there is an error. */ public static Map<CampaignInformation, List<CampaignRoleCache.Role>> getCampaignAndUserRolesForCampaigns( Request request, String username, Collection<String> campaignIds, boolean withExtras) throws ServiceException { try { Map<CampaignInformation, List<CampaignRoleCache.Role>> result = new HashMap<CampaignInformation, List<CampaignRoleCache.Role>>(); for (String campaignId : campaignIds) { // Create the Campaign object with the campaign's ID. CampaignInformation campaign = CampaignDaos.getCampaignInformation(campaignId); // Get the user's roles. List<CampaignRoleCache.Role> roles = UserCampaignDaos.getUserCampaignRoles(username, campaignId); // If we are supposed to get the extra information as well. if (withExtras) { // Add the campaign's XML. campaign.setXml(CampaignDaos.getXml(campaignId)); // Add the classes that are associated with the campaign. campaign.addClasses(CampaignClassDaos.getClassesAssociatedWithCampaign(campaignId)); // Add the list of roles and all of the users with those // roles. List<String> campaignUsernames = UserCampaignDaos.getUsersInCampaign(campaignId); for (String campaignUsername : campaignUsernames) { List<CampaignRoleCache.Role> userRoles = UserCampaignDaos.getUserCampaignRoles(campaignUsername, campaignId); for (CampaignRoleCache.Role userRole : userRoles) { if (CampaignRoleCache.Role.SUPERVISOR.equals(userRole)) { campaign.addSupervisor(campaignUsername); } else if (CampaignRoleCache.Role.AUTHOR.equals(userRole)) { campaign.addAuthor(campaignUsername); } else if (CampaignRoleCache.Role.ANALYST.equals(userRole)) { campaign.addAnalyst(campaignUsername); } else if (CampaignRoleCache.Role.PARTICIPANT.equals(userRole)) { campaign.addParticipant(campaignUsername); } } } } // Add the user's roles. result.put(campaign, roles); } return result; } catch (DataAccessException e) { request.setFailed(); throw new ServiceException(e); } }
/** * Checks that the requesting user can view survey responses for some collection of users. There * may not actually be any responses to read or the responses may need to be made public first. * This only guarantees that, if the other users have any public responses that the requesting * user is allowed to view them. Therefore, this will pass as long as any of the following are * true: <br> * <br> * - If the user is a supervisor or an author.<br> * - If the user is an analyst and the campaign is shared.<br> * - If the user is the same as all of the requesting users.<br> * <br> * If you want to check if a user can read survey responses from every user in a campaign, don't * pass in any user usernames. * * @param request The Request that is performing this service. * @param campaignId The unique identifier for the campaign. * @param requesterUsername The requesting user's username. * @param userUsernames The array of usernames of specific users to check if the requesting user * has permission to read their information. * @throws ServiceException Thrown if none of the rules are true or there is an error. */ public static void requesterCanViewUsersSurveyResponses( Request request, String campaignId, String requesterUsername, String... userUsernames) throws ServiceException { try { // If the requester is the same as all of the users in question. boolean otherUsers = false; for (String username : userUsernames) { if (!requesterUsername.equals(username)) { otherUsers = true; } } if (!otherUsers) { return; } List<CampaignRoleCache.Role> requesterRoles = UserCampaignDaos.getUserCampaignRoles(requesterUsername, campaignId); // If the requester's role list contains supervisor, return. if (requesterRoles.contains(CampaignRoleCache.Role.SUPERVISOR)) { return; } // If the requester's role list contains author, return. if (requesterRoles.contains(CampaignRoleCache.Role.AUTHOR)) { return; } // If the requester's role list contains analyst, if (requesterRoles.contains(CampaignRoleCache.Role.ANALYST)) { CampaignPrivacyStateCache.PrivacyState privacyState = CampaignDaos.getCampaignPrivacyState(campaignId); if ((privacyState != null) && (CampaignPrivacyStateCache.PrivacyState.SHARED.equals(privacyState))) { return; } } request.setFailed( ErrorCodes.CAMPAIGN_INSUFFICIENT_PERMISSIONS, "The user does not have sufficient permissions to read information about other users."); throw new ServiceException( "The user does not have sufficient permissions to read information about other users."); } catch (DataAccessException e) { request.setFailed(); throw new ServiceException(e); } }