public Boolean isFileAuth(AuthorizationFacade facade, Agent agent, Id artifactId) {
// check if this id is attached to any cell
if (artifactId == null) return new Boolean(true);
List cells = getMatrixManager().getCellsByArtifact(artifactId);
if (cells.size() == 0) {
return null;
}
// does this user have access to any of the above cells
for (Iterator i = cells.iterator(); i.hasNext(); ) {
Cell cell = (Cell) i.next();
Id siteId = cell.getMatrix().getScaffolding().getWorksiteId();
if (getExplicitAuthz().isAuthorized(agent, MatrixFunctionConstants.REVIEW_MATRIX, siteId)
|| getExplicitAuthz()
.isAuthorized(agent, MatrixFunctionConstants.EVALUATE_MATRIX, siteId)) {
return new Boolean(true);
}
Boolean returned = isCellAuthForEval(facade, agent, cell.getId());
if (returned != null && returned.booleanValue()) {
return returned;
}
}
return null;
}
public Object fillBackingObject(Object incomingModel, Map request, Map session, Map application)
throws Exception {
// coming from matrix cell, not helper
session.remove(WizardPageHelper.WIZARD_PAGE);
CellFormBean cellBean = (CellFormBean) incomingModel;
String strId = (String) request.get("page_id");
if (strId == null) {
strId = (String) session.get("page_id");
session.remove("page_id");
}
Cell cell;
Id id = getIdManager().getId(strId);
// Check if the cell has been removed, which can happen if:
// (1) user views matrix
// (2) owner removes column or row (the code verifies that no one has
// modified the matrix)
// (3) user selects a cell that has just been removed with the column or
// row
try {
cell = matrixManager.getCellFromPage(id);
cellBean.setCell(cell);
List nodeList = new ArrayList(matrixManager.getPageContents(cell.getWizardPage()));
cellBean.setNodes(nodeList);
if (request.get("view_user") != null) {
session.put("view_user", cell.getWizardPage().getOwner().getId().getValue());
}
} catch (Exception e) {
logger.error("Error with cell: " + strId + " " + e.toString());
// tbd how to report error back to user?
}
clearSession(getSessionManager().getCurrentToolSession());
return cellBean;
}
/* (non-Javadoc)
* @see org.theospi.utils.mvc.intf.Controller#handleRequest(java.lang.Object, java.util.Map, java.util.Map, java.util.Map, org.springframework.validation.Errors)
*/
public ModelAndView handleRequest(
Object requestModel, Map request, Map session, Map application, Errors errors) {
WizardPage page = (WizardPage) session.get(WizardPageHelper.WIZARD_PAGE);
Id cellId = idManager.getId((String) request.get("page_id"));
Id formId = idManager.getId((String) request.get("current_form_id"));
Cell cell = getMatrixManager().getCellFromPage(cellId);
boolean sessionPage = true;
if (page == null) {
sessionPage = false;
page = cell.getWizardPage();
}
String submitAction = (String) request.get("submit");
session.remove(WizardPageHelper.WIZARD_PAGE);
getMatrixManager().removeFromSession(page);
if (submitAction.equals(DELETE_FORM)) {
getMatrixManager().detachForm(page.getId(), formId);
} else // (submitAction.equals(DELETE_FEEDBACK))
{
Id reviewId = idManager.getId((String) request.get("review_id"));
Review review = getReviewManager().getReview(reviewId);
if (review != null) getReviewManager().deleteReview(review);
else logger.warn("Null feedback form (perhaps multiple submits):" + reviewId);
}
if (sessionPage)
session.put(WizardPageHelper.WIZARD_PAGE, getMatrixManager().getWizardPage(page.getId()));
try {
// unlock and delete content
String reviewContentId = contentHosting.getUuid(formId.getValue());
if (getLockManager().isLocked(reviewContentId))
getLockManager().removeLock(reviewContentId, cellId.getValue());
getContentHosting().removeResource(formId.getValue());
} catch (Exception e) {
logger.warn("Error removing form: " + e.toString());
}
// if not submit, then cancel, but both submit and cancel have the some view, so
return new ModelAndView("continue", "page_id", page.getId().getValue());
}
protected ModelAndView tagItem(Cell cell, Map request, Map session) {
ModelAndView view = null;
// Get appropriate helperInfo
for (TaggingHelperInfo info :
getHelperInfo(wizardActivityProducer.getItem(cell.getWizardPage()))) {
if (info.getProvider().getId().equals(request.get("providerId"))) {
// Add parameters to session
for (String key : info.getParameterMap().keySet()) {
session.put(key, info.getParameterMap().get(key));
}
session.put("page_id", (String) request.get("page_id"));
view = new ModelAndView(new RedirectView(info.getHelperId() + ".helper"));
break;
}
}
return view;
}
/* (non-Javadoc)
* @see org.theospi.portfolio.security.app.ApplicationAuthorizer#isAuthorized(org.theospi.portfolio.security.AuthorizationFacade, org.theospi.portfolio.shared.model.Agent, java.lang.String, org.theospi.portfolio.shared.model.Id)
*/
public Boolean isAuthorized(AuthorizationFacade facade, Agent agent, String function, Id id) {
logger.debug("isAuthorized?(...) invoked in MatrixAuthorizer");
if (MatrixFunctionConstants.EVALUATE_MATRIX.equals(function)
|| MatrixFunctionConstants.REVIEW_MATRIX.equals(function)
|| MatrixFunctionConstants.USE_SCAFFOLDING.equals(function)) {
return new Boolean(facade.isAuthorized(function, id));
} else if (MatrixFunctionConstants.DELETE_SCAFFOLDING.equals(function)) {
Scaffolding scaffolding = getMatrixManager().getScaffolding(id);
if (scaffolding == null) return new Boolean(facade.isAuthorized(agent, function, id));
if (!scaffolding.isPublished() && (scaffolding.getOwner().equals(agent))
|| facade.isAuthorized(agent, function, scaffolding.getWorksiteId()))
return new Boolean(true);
} else if (ContentHostingService.EVENT_RESOURCE_READ.equals(function)) {
return isFileAuth(facade, agent, id);
} else if (function.equals(MatrixFunctionConstants.CREATE_SCAFFOLDING)) {
return new Boolean(facade.isAuthorized(agent, function, id));
} else if (function.equals(MatrixFunctionConstants.EDIT_SCAFFOLDING)) {
return new Boolean(facade.isAuthorized(agent, function, id));
} else if (function.equals(MatrixFunctionConstants.EXPORT_SCAFFOLDING)) {
return new Boolean(facade.isAuthorized(agent, function, id));
} else if (function.equals(MatrixFunctionConstants.VIEW_SCAFFOLDING_GUIDANCE)) {
// If I can eval, review, or own it
ScaffoldingCell sCell = getMatrixManager().getScaffoldingCellByWizardPageDef(id);
// sCell.getWizardPageDefinition().get
if (sCell == null)
throw new NullPointerException(
"The cell was not found. Wizard Page Def for cell: " + id.getValue());
Boolean returned = null;
Id worksiteId = sCell.getScaffolding().getWorksiteId();
// first check global perms for the site
if (checkPerms(
facade,
new String[] {
MatrixFunctionConstants.USE_SCAFFOLDING,
MatrixFunctionConstants.EVALUATE_MATRIX,
MatrixFunctionConstants.REVIEW_MATRIX
},
worksiteId)) {
return Boolean.valueOf(true);
}
for (Iterator iter = sCell.getCells().iterator(); iter.hasNext(); ) {
Cell cell = (Cell) iter.next();
if (checkPerms(
facade,
new String[] {
MatrixFunctionConstants.EVALUATE_MATRIX, MatrixFunctionConstants.REVIEW_MATRIX
},
cell.getId())) {
return Boolean.valueOf(true);
}
}
returned = Boolean.valueOf(sCell.getScaffolding().getOwner().equals(agent));
if (returned.booleanValue()) return returned;
} else if (function.equals(MatrixFunctionConstants.EDIT_SCAFFOLDING_GUIDANCE)) {
ScaffoldingCell sCell = getMatrixManager().getScaffoldingCellByWizardPageDef(id);
Agent owner = null;
if (sCell != null) {
owner = sCell.getScaffolding().getOwner();
}
return new Boolean(agent.equals(owner));
} else if (function.equals(MatrixFunctionConstants.EVALUATE_SPECIFIC_MATRIXCELL)) {
WizardPage page = getMatrixManager().getWizardPage(id);
Id siteId = idManager.getId(page.getPageDefinition().getSiteId());
// make sure that the target site gets tested
facade.pushAuthzGroups(siteId.getValue());
return new Boolean(
facade.isAuthorized(agent, MatrixFunctionConstants.EVALUATE_MATRIX, siteId));
}
return null; // don't care
}
public ModelAndView handleRequest(
Object requestModel, Map request, Map session, Map application, Errors errors) {
CellFormBean cellBean = (CellFormBean) requestModel;
Cell cell = cellBean.getCell();
// Check for cell being deleted while user was attempting to view
if (cell == null) {
return new ModelAndView("matrixError");
}
// String action = (String)request.get("action");
String submit = (String) request.get("submit");
String matrixAction = (String) request.get("matrix");
String submitAction = (String) request.get("submitAction");
String inviteFeedback = (String) request.get("inviteFeedback");
String submitForReview = (String) request.get("submitForReview");
if (inviteFeedback != null) {
session.put("feedbackCellId", cell.getId().getValue());
session.put("feedbackMatrixCall", "feedbackMatrixCall");
return new ModelAndView("feedbackHelper");
}
if (submitForReview != null) {
Map map = new HashMap();
map.put("page_id", cell.getWizardPage().getId());
map.put("feedbackCellId", cell.getId().getValue());
map.put("cellBean", cellBean);
return new ModelAndView("inviteFeedbackConfirm", map);
}
if ("tagItem".equals(submitAction)) {
return tagItem(cell, request, session);
} else if ("sortList".equals(submitAction)) {
return sortList(request, session);
} else if ("pageList".equals(submitAction)) {
return pageList(request, session);
}
if (submit != null) {
Map map = new HashMap();
map.put("page_id", cell.getWizardPage().getId());
map.put("selectedArtifacts", ListToString(cellBean.getSelectedArtifacts()));
map.put("cellBean", cellBean);
// cwm change this to use the reflection submission confirmation
return new ModelAndView("confirm", map);
}
if (matrixAction != null) {
Map map = new HashMap();
String scaffId = "";
String viewUser = "";
if (getTaggingManager().isTaggable()) {
session.remove(HibernateMatrixManagerImpl.PROVIDERS_PARAM);
}
if (cell.getMatrix() != null) {
scaffId = cell.getMatrix().getScaffolding().getId().getValue();
viewUser = cell.getMatrix().getOwner().getId().getValue();
}
map.put("scaffolding_id", scaffId);
map.put("view_user", viewUser);
if (session.get("is_eval_page_id") != null) {
String eval_page_id = (String) session.get("is_eval_page_id");
String pageId = cell.getWizardPage().getId().getValue();
if (eval_page_id.equals(pageId)) {
return new ModelAndView("cancelEvaluation");
}
}
return new ModelAndView("cancel", map);
}
return new ModelAndView("success", "cellBean", cellBean);
}
public Map referenceData(Map request, Object command, Errors errors) {
Map model = new HashMap();
model.put("feedbackSent", false);
ToolSession session = getSessionManager().getCurrentToolSession();
CellFormBean cell = (CellFormBean) command;
if (cell == null || cell.getCell() == null) {
logger.error("Cell backing bean or cell.getCell() is null");
clearSession(session);
model.put("nullCellError", true);
return model;
}
if (request.get("feedbackReturn") != null) {
// feedbackReturn is returned from FeedbackHelperController and is the Id of the wizardPage of
// the cell.
cell.setCell(
matrixManager.getCellFromPage(idManager.getId(request.get("feedbackReturn").toString())));
if (request.get("feedbackAction") != null
&& request.get("feedbackAction").toString().equals("save")) {
model.put("feedbackSent", true);
}
}
model.put("matrixCanViewCell", false);
if (request.get("comingFromWizard") == null) {
// depending on isDefaultFeedbackEval, either send the scaffolding id or the scaffolding
// cell's id
boolean matrixCanEvaluate =
getMatrixManager()
.hasPermission(
cell.getCell().getScaffoldingCell().isDefaultEvaluators()
? cell.getCell().getScaffoldingCell().getScaffolding().getId()
: cell.getCell().getScaffoldingCell().getWizardPageDefinition().getId(),
cell.getCell().getScaffoldingCell().getScaffolding().getWorksiteId(),
MatrixFunctionConstants.EVALUATE_MATRIX);
model.put("matrixCanEvaluate", matrixCanEvaluate);
// depending on isDefaultFeedbackEval, either send the scaffolding id or the scaffolding
// cell's id
// also, compare first result with the user's cell review list by sending the user's cell id
boolean allowParticipantFeedback =
cell.getCell().getScaffoldingCell().isDefaultReviewers()
? cell.getCell().getScaffoldingCell().getScaffolding().isAllowRequestFeedback()
: cell.getCell()
.getScaffoldingCell()
.getWizardPageDefinition()
.isAllowRequestFeedback();
boolean matrixCanReview =
getMatrixManager()
.hasPermission(
cell.getCell().getScaffoldingCell().isDefaultReviewers()
? cell.getCell().getScaffoldingCell().getScaffolding().getId()
: cell.getCell().getScaffoldingCell().getWizardPageDefinition().getId(),
cell.getCell().getScaffoldingCell().getScaffolding().getWorksiteId(),
MatrixFunctionConstants.REVIEW_MATRIX)
|| (allowParticipantFeedback
&& getMatrixManager()
.hasPermission(
cell.getCell().getWizardPage().getId(),
cell.getCell().getScaffoldingCell().getScaffolding().getWorksiteId(),
MatrixFunctionConstants.FEEDBACK_MATRIX));
model.put("matrixCanReview", matrixCanReview);
boolean hasAnyReviewers =
cell.getCell().getScaffoldingCell().isDefaultReviewers()
? !getMatrixManager()
.getSelectedUsers(
cell.getCell().getScaffoldingCell().getScaffolding(),
MatrixFunctionConstants.REVIEW_MATRIX)
.isEmpty()
: !getMatrixManager()
.getSelectedUsers(
cell.getCell().getScaffoldingCell().getWizardPageDefinition(),
MatrixFunctionConstants.REVIEW_MATRIX)
.isEmpty();
model.put("hasAnyReviewers", hasAnyReviewers);
// NOTE: matrixCanEval or Review both return true if the user is a
// super user:
if (getMatrixManager().canAccessMatrixCell(cell.getCell())) {
model.put("matrixCanViewCell", true);
}
} else {
WizardPage currentWizPage =
getMatrixManager().getWizardPage(cell.getCell().getWizardPage().getId());
Id wizPageDefId = currentWizPage.getPageDefinition().getId();
String wizardId =
getWizardManager()
.getWizardPageSeqByDef(wizPageDefId)
.getCategory()
.getWizard()
.getId()
.getValue();
model.put("wizardId", wizardId);
model.put(
"isWizardOwner",
getSessionManager()
.getCurrentSessionUserId()
.equals(currentWizPage.getOwner().getId().getValue()));
}
if (request.get("decPageId") != null
&& request.get("decWrapperTag") != null
&& request.get("decSiteId") != null) {
// make sure that we are not coming from another wizard page which should grant you access to
// this page
String pageId = (String) request.get("decPageId");
String siteId = (String) request.get("decSiteId");
if (getMatrixManager()
.canUserAccessWizardPageAndLinkedArtifcact(
siteId,
pageId,
"/wizard/page/" + cell.getCell().getWizardPage().getId().getValue())) {
model.put("matrixCanViewCell", true);
}
}
model.put("isMatrix", "true");
model.put("isWizard", "false");
model.put("enableReviewEdit", getEnableReviewEdit());
model.put("currentUser", getSessionManager().getCurrentSessionUserId());
model.put("CURRENT_GUIDANCE_ID_KEY", "session." + GuidanceManager.CURRENT_GUIDANCE_ID);
model.put("isEvaluation", "false");
// This is the tool session so evaluation tool gets "is_eval_page_id"
// and the matrix/wizard does not
if (session.getAttribute("is_eval_page_id") != null) {
String eval_page_id = (String) session.getAttribute("is_eval_page_id");
model.put("isEvaluation", "true");
}
model.put("pageTitleKey", "view_cell");
// Check for cell being deleted while user was attempting to view
if (cell.getCell() == null) {
clearSession(session);
return model;
}
String pageId = cell.getCell().getWizardPage().getId().getValue();
String siteId = cell.getCell().getWizardPage().getPageDefinition().getSiteId();
model.put("siteId", idManager.getId(siteId));
List reviews =
getReviewManager()
.getReviewsByParentAndType(pageId, Review.FEEDBACK_TYPE, siteId, getEntityProducer());
ArrayList<Node> cellForms =
new ArrayList<Node>(getMatrixManager().getPageForms(cell.getCell().getWizardPage()));
Collections.sort(cellForms, new NodeNameComparator());
if (cell.getCell().getScaffoldingCell().getWizardPageDefinition().isDefaultCustomForm()
&& request.get("comingFromWizard") == null) {
model.put(
"cellFormDefs",
processAdditionalForms(
cell.getCell().getScaffoldingCell().getScaffolding().getAdditionalForms()));
} else {
model.put(
"cellFormDefs",
processAdditionalForms(cell.getCell().getScaffoldingCell().getAdditionalForms()));
}
model.put("assignments", getUserAssignments(cell));
model.put("reviews", reviews); // feedback
model.put(
"evaluations",
getReviewManager()
.getReviewsByParentAndType(
pageId, Review.EVALUATION_TYPE, siteId, getEntityProducer()));
model.put(
"reflections",
getReviewManager()
.getReviewsByParentAndType(
pageId, Review.REFLECTION_TYPE, siteId, getEntityProducer()));
model.put("cellForms", cellForms);
model.put("numCellForms", cellForms.size());
Boolean readOnly = Boolean.valueOf(false);
// Matrix-only initializations
if (cell.getCell().getMatrix() != null) {
model.put(
"allowItemFeedback",
getAllowItemFeedback(
cell.getCell().getScaffoldingCell().getScaffolding().getItemFeedbackOption(),
reviews,
cellForms,
cell.getNodes()));
model.put(
"allowGeneralFeedback",
getAllowGeneralFeedback(
cell.getCell().getScaffoldingCell().getScaffolding().getGeneralFeedbackOption(),
reviews));
model.put(
"generalFeedbackNone",
cell.getCell().getScaffoldingCell().getScaffolding().isGeneralFeedbackNone());
Agent owner = cell.getCell().getMatrix().getOwner();
readOnly =
isReadOnly(
owner,
getIdManager().getId(cell.getCell().getMatrix().getScaffolding().getReference()));
Cell pageCell = getMatrixManager().getCellFromPage(getIdManager().getId(pageId));
Scaffolding scaffolding = pageCell.getMatrix().getScaffolding();
model.put("objectId", scaffolding.getId().getValue());
model.put("objectTitle", scaffolding.getTitle());
model.put("objectDesc", scaffolding.getDescription());
model.put(
"wizardOwner",
rb.getFormattedMessage("matrix_of", new Object[] {owner.getDisplayName()}));
}
model.put("readOnlyMatrix", readOnly);
model.put(
"styles",
getStyleManager()
.createStyleUrlList(getStyleManager().getStyles(getIdManager().getId(pageId))));
if (getTaggingManager().isTaggable()) {
TaggableItem item = wizardActivityProducer.getItem(cell.getCell().getWizardPage());
model.put("taggable", "true");
// getMatrixManager().getTaggableItems will put the providers into the session
Set<DecoratedTaggableItem> decoTaggableItems =
getMatrixManager()
.getDecoratedTaggableItems(
item,
cell.getCell().getWizardPage().getPageDefinition().getReference(),
cell.getCell().getWizardPage().getOwner().getId().getValue());
List<DecoratedTaggableItem> decoTaggableItemList =
new ArrayList<DecoratedTaggableItem>(decoTaggableItems);
Collections.sort(decoTaggableItemList, decoTaggableItemComparator);
model.put("taggableItems", decoTaggableItemList);
ToolSession toolSession = getSessionManager().getCurrentToolSession();
List<DecoratedTaggingProvider> providers =
(List) toolSession.getAttribute(HibernateMatrixManagerImpl.PROVIDERS_PARAM);
// but just double check to make sure that providers doesn't exist
if (providers == null) {
providers = getMatrixManager().getDecoratedProviders(item.getActivity());
toolSession.setAttribute(HibernateMatrixManagerImpl.PROVIDERS_PARAM, providers);
}
model.put("helperInfoList", getHelperInfo(item));
model.put("providers", providers);
model.put("criteriaRef", cell.getCell().getWizardPage().getPageDefinition().getReference());
model.put("decoWrapper", "ospMatrix_" + siteId + "_" + pageId);
}
clearSession(session);
return model;
}