2933 |
14 Nov 14 |
olle |
1 |
package net.sf.basedb.meludi.dao; |
2933 |
14 Nov 14 |
olle |
2 |
|
2933 |
14 Nov 14 |
olle |
3 |
import java.lang.reflect.Field; |
2933 |
14 Nov 14 |
olle |
4 |
import java.util.List; |
2933 |
14 Nov 14 |
olle |
5 |
|
2933 |
14 Nov 14 |
olle |
6 |
import org.json.simple.JSONObject; |
2933 |
14 Nov 14 |
olle |
7 |
|
2933 |
14 Nov 14 |
olle |
8 |
import net.sf.basedb.core.DbControl; |
2933 |
14 Nov 14 |
olle |
9 |
import net.sf.basedb.core.Group; |
2933 |
14 Nov 14 |
olle |
10 |
import net.sf.basedb.core.Include; |
2933 |
14 Nov 14 |
olle |
11 |
import net.sf.basedb.core.InvalidDataException; |
2933 |
14 Nov 14 |
olle |
12 |
import net.sf.basedb.core.Item; |
2933 |
14 Nov 14 |
olle |
13 |
import net.sf.basedb.core.ItemNotFoundException; |
2933 |
14 Nov 14 |
olle |
14 |
import net.sf.basedb.core.ItemQuery; |
2933 |
14 Nov 14 |
olle |
15 |
import net.sf.basedb.core.Nameable; |
2933 |
14 Nov 14 |
olle |
16 |
import net.sf.basedb.core.Permission; |
2933 |
14 Nov 14 |
olle |
17 |
import net.sf.basedb.core.PermissionDeniedException; |
2933 |
14 Nov 14 |
olle |
18 |
import net.sf.basedb.core.Role; |
2933 |
14 Nov 14 |
olle |
19 |
import net.sf.basedb.core.SystemItems; |
2933 |
14 Nov 14 |
olle |
20 |
import net.sf.basedb.core.Type; |
2933 |
14 Nov 14 |
olle |
21 |
import net.sf.basedb.core.User; |
2933 |
14 Nov 14 |
olle |
22 |
import net.sf.basedb.core.query.Expressions; |
2933 |
14 Nov 14 |
olle |
23 |
import net.sf.basedb.core.query.Hql; |
2933 |
14 Nov 14 |
olle |
24 |
import net.sf.basedb.core.query.Restrictions; |
2933 |
14 Nov 14 |
olle |
25 |
|
2933 |
14 Nov 14 |
olle |
26 |
/** |
2933 |
14 Nov 14 |
olle |
Used to define a roles for users using MeLuDi. A "role" can be either |
2933 |
14 Nov 14 |
olle |
a BASE Group item or a Role item. |
2933 |
14 Nov 14 |
olle |
29 |
|
2933 |
14 Nov 14 |
olle |
@author nicklas |
2933 |
14 Nov 14 |
olle |
@since 2.14 |
2933 |
14 Nov 14 |
olle |
32 |
*/ |
2933 |
14 Nov 14 |
olle |
33 |
public class MeludiRole<T extends Nameable> |
2933 |
14 Nov 14 |
olle |
34 |
{ |
2933 |
14 Nov 14 |
olle |
35 |
|
2933 |
14 Nov 14 |
olle |
36 |
/** |
2933 |
14 Nov 14 |
olle |
The definition of the "PatientCurator" role. Maps to a BASE group item. |
2933 |
14 Nov 14 |
olle |
38 |
*/ |
2933 |
14 Nov 14 |
olle |
39 |
public static final MeludiRole<Group> PATIENT_CURATOR = new MeludiRole<Group>("PatientCurator", Item.GROUP); |
2933 |
14 Nov 14 |
olle |
40 |
|
2933 |
14 Nov 14 |
olle |
41 |
/** |
2933 |
14 Nov 14 |
olle |
The definition of the "Administrator" role. Maps to a BASE role item. Should already exist in BASE. |
2933 |
14 Nov 14 |
olle |
43 |
*/ |
2933 |
14 Nov 14 |
olle |
44 |
public static final MeludiRole<Role> ADMINISTRATOR = new MeludiRole<Role>("Administrator", Item.ROLE); |
2933 |
14 Nov 14 |
olle |
45 |
|
2933 |
14 Nov 14 |
olle |
46 |
/** |
2933 |
14 Nov 14 |
olle |
The definition of the "SamplePrep" role. Maps to a BASE role item. |
2933 |
14 Nov 14 |
olle |
48 |
*/ |
2933 |
14 Nov 14 |
olle |
49 |
public static final MeludiRole<Role> SAMPLE_PREP = new MeludiRole<Role>("SamplePrep", Item.ROLE); |
2933 |
14 Nov 14 |
olle |
50 |
|
2933 |
14 Nov 14 |
olle |
51 |
/** |
2933 |
14 Nov 14 |
olle |
The definition of the "LibraryPrep" role. Maps to a BASE role item. |
2933 |
14 Nov 14 |
olle |
53 |
*/ |
3449 |
28 Jul 15 |
olle |
54 |
public static final MeludiRole<Role> LIBRARY_PREP = new MeludiRole<Role>("LibraryPrep", Item.ROLE); |
2933 |
14 Nov 14 |
olle |
55 |
|
2933 |
14 Nov 14 |
olle |
56 |
/** |
2933 |
14 Nov 14 |
olle |
The definition of the "LibraryPlateDesigner" role. Maps to a BASE role item. |
2933 |
14 Nov 14 |
olle |
58 |
*/ |
3536 |
13 Oct 15 |
olle |
//public static final MeludiRole<Role> LIBRARY_PLATE_DESIGNER = new MeludiRole<Role>("LibraryPlateDesigner", Item.ROLE); |
2933 |
14 Nov 14 |
olle |
60 |
|
2933 |
14 Nov 14 |
olle |
61 |
/** |
2933 |
14 Nov 14 |
olle |
The definition of the "SecondaryAnalysis" group. Maps to a BASE group item. |
2933 |
14 Nov 14 |
olle |
63 |
*/ |
3028 |
11 Dec 14 |
olle |
//public static final MeludiRole<Group> SECONDARY_ANALYSIS = new MeludiRole<Group>("SecondaryAnalysis", Item.GROUP); |
2933 |
14 Nov 14 |
olle |
65 |
|
2933 |
14 Nov 14 |
olle |
66 |
/** |
2933 |
14 Nov 14 |
olle |
Get the subtype by name of the static constant defined in this class. |
2933 |
14 Nov 14 |
olle |
68 |
|
2933 |
14 Nov 14 |
olle |
@param name The name of the static constant |
2933 |
14 Nov 14 |
olle |
@return A subtype object or null if not found |
2933 |
14 Nov 14 |
olle |
@since 2.4 |
2933 |
14 Nov 14 |
olle |
72 |
*/ |
2933 |
14 Nov 14 |
olle |
73 |
public static MeludiRole getByCName(String cName) |
2933 |
14 Nov 14 |
olle |
74 |
{ |
2933 |
14 Nov 14 |
olle |
75 |
if (cName == null) return null; |
2933 |
14 Nov 14 |
olle |
76 |
MeludiRole role = null; |
2933 |
14 Nov 14 |
olle |
77 |
try |
2933 |
14 Nov 14 |
olle |
78 |
{ |
2933 |
14 Nov 14 |
olle |
79 |
Field f = MeludiRole.class.getDeclaredField(cName); |
2933 |
14 Nov 14 |
olle |
80 |
role = (MeludiRole)f.get(null); |
2933 |
14 Nov 14 |
olle |
81 |
} |
2933 |
14 Nov 14 |
olle |
82 |
catch (NoSuchFieldException ex) |
2933 |
14 Nov 14 |
olle |
83 |
{} |
2933 |
14 Nov 14 |
olle |
84 |
catch (IllegalAccessException ex) |
2933 |
14 Nov 14 |
olle |
85 |
{} |
2933 |
14 Nov 14 |
olle |
86 |
catch (ClassCastException ex) |
2933 |
14 Nov 14 |
olle |
87 |
{} |
2933 |
14 Nov 14 |
olle |
88 |
return role; |
2933 |
14 Nov 14 |
olle |
89 |
} |
2933 |
14 Nov 14 |
olle |
90 |
|
2933 |
14 Nov 14 |
olle |
91 |
/** |
2933 |
14 Nov 14 |
olle |
Check if the current user is a member of at least one of the given roles. |
2933 |
14 Nov 14 |
olle |
If {@link MeludiRole#ADMINISTRATOR} is in the list, the method also check |
2933 |
14 Nov 14 |
olle |
if the user is the ROOT user or not. If the user is not member of any |
2933 |
14 Nov 14 |
olle |
of the roles a PermissionDeniedException is thrown. |
2933 |
14 Nov 14 |
olle |
96 |
|
2933 |
14 Nov 14 |
olle |
@param dc An active DbControl |
2933 |
14 Nov 14 |
olle |
@param message A message that is used if the user is not a member: |
2933 |
14 Nov 14 |
olle |
Permission denied: Not allowed to use <message> |
2933 |
14 Nov 14 |
olle |
@param roles A list with the roles to check |
2933 |
14 Nov 14 |
olle |
101 |
|
2933 |
14 Nov 14 |
olle |
102 |
*/ |
2933 |
14 Nov 14 |
olle |
103 |
public static void checkPermission(DbControl dc, String message, MeludiRole... roles) |
2933 |
14 Nov 14 |
olle |
104 |
{ |
2933 |
14 Nov 14 |
olle |
105 |
for (MeludiRole role : roles) |
2933 |
14 Nov 14 |
olle |
106 |
{ |
2933 |
14 Nov 14 |
olle |
107 |
if (role.isMember(dc)) return; |
2933 |
14 Nov 14 |
olle |
108 |
if (role == MeludiRole.ADMINISTRATOR) |
2933 |
14 Nov 14 |
olle |
109 |
{ |
2933 |
14 Nov 14 |
olle |
110 |
boolean isRoot = dc.getSessionControl().getLoggedInUserId() == SystemItems.getId(User.ROOT); |
2933 |
14 Nov 14 |
olle |
111 |
if (isRoot) return; |
2933 |
14 Nov 14 |
olle |
112 |
} |
2933 |
14 Nov 14 |
olle |
113 |
} |
2933 |
14 Nov 14 |
olle |
114 |
throw new PermissionDeniedException(Permission.USE, message); |
2933 |
14 Nov 14 |
olle |
115 |
} |
2933 |
14 Nov 14 |
olle |
116 |
|
2933 |
14 Nov 14 |
olle |
117 |
private final String name; |
2933 |
14 Nov 14 |
olle |
118 |
private final Item actualType; |
2933 |
14 Nov 14 |
olle |
119 |
private int id; |
2933 |
14 Nov 14 |
olle |
120 |
private JSONObject json; |
2933 |
14 Nov 14 |
olle |
121 |
|
2933 |
14 Nov 14 |
olle |
122 |
/** |
2933 |
14 Nov 14 |
olle |
Create a new definition |
2933 |
14 Nov 14 |
olle |
@param name The name of the subtype |
2933 |
14 Nov 14 |
olle |
@param actualType The actual item type of the role (Item.ROLE or Item.GROUP) |
2933 |
14 Nov 14 |
olle |
126 |
*/ |
2933 |
14 Nov 14 |
olle |
127 |
private MeludiRole(String name, Item actualType) |
2933 |
14 Nov 14 |
olle |
128 |
{ |
2933 |
14 Nov 14 |
olle |
129 |
this.name = name; |
2933 |
14 Nov 14 |
olle |
130 |
this.actualType = actualType; |
2933 |
14 Nov 14 |
olle |
131 |
} |
2933 |
14 Nov 14 |
olle |
132 |
|
2933 |
14 Nov 14 |
olle |
133 |
/** |
2933 |
14 Nov 14 |
olle |
Get the name of the role. |
2933 |
14 Nov 14 |
olle |
135 |
*/ |
2933 |
14 Nov 14 |
olle |
136 |
public String getName() |
2933 |
14 Nov 14 |
olle |
137 |
{ |
2933 |
14 Nov 14 |
olle |
138 |
return name; |
2933 |
14 Nov 14 |
olle |
139 |
} |
2933 |
14 Nov 14 |
olle |
140 |
|
2933 |
14 Nov 14 |
olle |
141 |
/** |
2933 |
14 Nov 14 |
olle |
Get the actual item type of the role. |
2933 |
14 Nov 14 |
olle |
143 |
*/ |
2933 |
14 Nov 14 |
olle |
144 |
public Item getActualType() |
2933 |
14 Nov 14 |
olle |
145 |
{ |
2933 |
14 Nov 14 |
olle |
146 |
return actualType; |
2933 |
14 Nov 14 |
olle |
147 |
} |
2933 |
14 Nov 14 |
olle |
148 |
|
2933 |
14 Nov 14 |
olle |
149 |
/** |
2933 |
14 Nov 14 |
olle |
Get the role information as a JSON object ready to be sent as an AJAX response. |
2933 |
14 Nov 14 |
olle |
151 |
*/ |
2933 |
14 Nov 14 |
olle |
152 |
@SuppressWarnings("unchecked") |
2933 |
14 Nov 14 |
olle |
153 |
public JSONObject asJSONObject(DbControl dc) |
2933 |
14 Nov 14 |
olle |
154 |
{ |
2933 |
14 Nov 14 |
olle |
155 |
if (json == null) |
2933 |
14 Nov 14 |
olle |
156 |
{ |
2933 |
14 Nov 14 |
olle |
157 |
if (id==0) load(dc); // Ensure that the subtype has been loaded |
2933 |
14 Nov 14 |
olle |
158 |
json = new JSONObject(); |
2933 |
14 Nov 14 |
olle |
159 |
json.put("id", id); |
2933 |
14 Nov 14 |
olle |
160 |
json.put("name", getName()); |
2933 |
14 Nov 14 |
olle |
161 |
json.put("actualType", getActualType().name()); |
2933 |
14 Nov 14 |
olle |
162 |
} |
2933 |
14 Nov 14 |
olle |
163 |
return json; |
2933 |
14 Nov 14 |
olle |
164 |
} |
2933 |
14 Nov 14 |
olle |
165 |
|
2933 |
14 Nov 14 |
olle |
166 |
/** |
2933 |
14 Nov 14 |
olle |
Load the role as a BASE item. Same as {@link #get(DbControl)} |
2933 |
14 Nov 14 |
olle |
but throw an exception instead of returning null if no BASE |
2933 |
14 Nov 14 |
olle |
item exists. |
2933 |
14 Nov 14 |
olle |
@param dc The DbControl to use for database access |
2933 |
14 Nov 14 |
olle |
@return A Role or Group item |
2933 |
14 Nov 14 |
olle |
172 |
*/ |
2933 |
14 Nov 14 |
olle |
173 |
@SuppressWarnings("unchecked") |
2933 |
14 Nov 14 |
olle |
174 |
public T load(DbControl dc) |
2933 |
14 Nov 14 |
olle |
175 |
{ |
2933 |
14 Nov 14 |
olle |
176 |
T role = null; |
2933 |
14 Nov 14 |
olle |
177 |
if (id == 0) |
2933 |
14 Nov 14 |
olle |
178 |
{ |
2933 |
14 Nov 14 |
olle |
179 |
List<T> result = list(dc); |
2933 |
14 Nov 14 |
olle |
180 |
if (result.size() == 0) |
2933 |
14 Nov 14 |
olle |
181 |
{ |
2933 |
14 Nov 14 |
olle |
182 |
throw new ItemNotFoundException(actualType+"["+name+"]"); |
2933 |
14 Nov 14 |
olle |
183 |
} |
2933 |
14 Nov 14 |
olle |
184 |
else if (result.size() > 1) |
2933 |
14 Nov 14 |
olle |
185 |
{ |
2933 |
14 Nov 14 |
olle |
186 |
throw new InvalidDataException("Found > 1 " + actualType + "["+name+"]"); |
2933 |
14 Nov 14 |
olle |
187 |
} |
2933 |
14 Nov 14 |
olle |
188 |
role = result.get(0); |
2933 |
14 Nov 14 |
olle |
189 |
id = role.getId(); |
2933 |
14 Nov 14 |
olle |
190 |
} |
2933 |
14 Nov 14 |
olle |
191 |
else |
2933 |
14 Nov 14 |
olle |
192 |
{ |
2933 |
14 Nov 14 |
olle |
193 |
role = (T)actualType.getById(dc, id); |
2933 |
14 Nov 14 |
olle |
194 |
} |
2933 |
14 Nov 14 |
olle |
195 |
return role; |
2933 |
14 Nov 14 |
olle |
196 |
} |
2933 |
14 Nov 14 |
olle |
197 |
|
2933 |
14 Nov 14 |
olle |
198 |
/** |
2933 |
14 Nov 14 |
olle |
Load the role as a BASE item. Same as {@link #load(DbControl)} but return null |
2933 |
14 Nov 14 |
olle |
if no BASE item is found instead of throwing an exception. |
2933 |
14 Nov 14 |
olle |
@param dc The DbControl to use for database access |
2933 |
14 Nov 14 |
olle |
@return A Role or Group item |
2933 |
14 Nov 14 |
olle |
203 |
*/ |
2933 |
14 Nov 14 |
olle |
204 |
@SuppressWarnings("unchecked") |
2933 |
14 Nov 14 |
olle |
205 |
public T get(DbControl dc) |
2933 |
14 Nov 14 |
olle |
206 |
{ |
2933 |
14 Nov 14 |
olle |
207 |
T role = null; |
2933 |
14 Nov 14 |
olle |
208 |
if (id == 0) |
2933 |
14 Nov 14 |
olle |
209 |
{ |
2933 |
14 Nov 14 |
olle |
210 |
List<T> result = list(dc); |
2933 |
14 Nov 14 |
olle |
211 |
if (result.size() == 1) |
2933 |
14 Nov 14 |
olle |
212 |
{ |
2933 |
14 Nov 14 |
olle |
213 |
role = result.get(0); |
2933 |
14 Nov 14 |
olle |
214 |
id = role.getId(); |
2933 |
14 Nov 14 |
olle |
215 |
} |
2933 |
14 Nov 14 |
olle |
216 |
} |
2933 |
14 Nov 14 |
olle |
217 |
else |
2933 |
14 Nov 14 |
olle |
218 |
{ |
2933 |
14 Nov 14 |
olle |
219 |
role = (T)actualType.getById(dc, id); |
2933 |
14 Nov 14 |
olle |
220 |
} |
2933 |
14 Nov 14 |
olle |
221 |
return role; |
2933 |
14 Nov 14 |
olle |
222 |
|
2933 |
14 Nov 14 |
olle |
223 |
} |
2933 |
14 Nov 14 |
olle |
224 |
|
2933 |
14 Nov 14 |
olle |
225 |
/** |
2933 |
14 Nov 14 |
olle |
List all groups/roles registered in BASE with a name |
2933 |
14 Nov 14 |
olle |
matching this definition. Normally, only a single item |
2933 |
14 Nov 14 |
olle |
should be returned. |
2933 |
14 Nov 14 |
olle |
229 |
*/ |
2933 |
14 Nov 14 |
olle |
230 |
@SuppressWarnings("unchecked") |
2933 |
14 Nov 14 |
olle |
231 |
public List<T> list(DbControl dc) |
2933 |
14 Nov 14 |
olle |
232 |
{ |
2933 |
14 Nov 14 |
olle |
233 |
ItemQuery query = null; |
2933 |
14 Nov 14 |
olle |
234 |
if (actualType == Item.GROUP) |
2933 |
14 Nov 14 |
olle |
235 |
{ |
2933 |
14 Nov 14 |
olle |
236 |
query = Group.getQuery(); |
2933 |
14 Nov 14 |
olle |
237 |
} |
2933 |
14 Nov 14 |
olle |
238 |
else if (actualType == Item.ROLE) |
2933 |
14 Nov 14 |
olle |
239 |
{ |
2933 |
14 Nov 14 |
olle |
240 |
query = Role.getQuery(); |
2933 |
14 Nov 14 |
olle |
241 |
} |
2933 |
14 Nov 14 |
olle |
242 |
query.restrict( |
2933 |
14 Nov 14 |
olle |
243 |
Restrictions.eq( |
2933 |
14 Nov 14 |
olle |
244 |
Hql.property("name"), |
2933 |
14 Nov 14 |
olle |
245 |
Expressions.parameter("name", getName(), Type.STRING) |
2933 |
14 Nov 14 |
olle |
246 |
)); |
2933 |
14 Nov 14 |
olle |
247 |
query.include(Include.ALL); |
2933 |
14 Nov 14 |
olle |
248 |
return (List<T>)query.list(dc); |
2933 |
14 Nov 14 |
olle |
249 |
} |
2933 |
14 Nov 14 |
olle |
250 |
|
2933 |
14 Nov 14 |
olle |
251 |
|
2933 |
14 Nov 14 |
olle |
252 |
@SuppressWarnings("unchecked") |
2933 |
14 Nov 14 |
olle |
253 |
public T create(DbControl dc) |
2933 |
14 Nov 14 |
olle |
254 |
{ |
2933 |
14 Nov 14 |
olle |
255 |
T item = null; |
2933 |
14 Nov 14 |
olle |
256 |
if (actualType == Item.GROUP) |
2933 |
14 Nov 14 |
olle |
257 |
{ |
2933 |
14 Nov 14 |
olle |
258 |
item = (T)Group.getNew(dc); |
2933 |
14 Nov 14 |
olle |
259 |
} |
2933 |
14 Nov 14 |
olle |
260 |
else if (actualType == Item.ROLE) |
2933 |
14 Nov 14 |
olle |
261 |
{ |
2933 |
14 Nov 14 |
olle |
262 |
item = (T)Role.getNew(dc); |
2933 |
14 Nov 14 |
olle |
263 |
} |
2933 |
14 Nov 14 |
olle |
264 |
return item; |
2933 |
14 Nov 14 |
olle |
265 |
} |
2933 |
14 Nov 14 |
olle |
266 |
|
2933 |
14 Nov 14 |
olle |
267 |
/** |
2933 |
14 Nov 14 |
olle |
Check if the currently logged in user is a member of this role/group. |
2933 |
14 Nov 14 |
olle |
269 |
*/ |
2933 |
14 Nov 14 |
olle |
270 |
public boolean isMember(DbControl dc) |
2933 |
14 Nov 14 |
olle |
271 |
{ |
2933 |
14 Nov 14 |
olle |
272 |
T item = null; |
2933 |
14 Nov 14 |
olle |
273 |
try |
2933 |
14 Nov 14 |
olle |
274 |
{ |
2933 |
14 Nov 14 |
olle |
275 |
item = get(dc); |
2933 |
14 Nov 14 |
olle |
276 |
} |
2933 |
14 Nov 14 |
olle |
277 |
catch (RuntimeException ex) |
2933 |
14 Nov 14 |
olle |
278 |
{} |
2933 |
14 Nov 14 |
olle |
279 |
|
2933 |
14 Nov 14 |
olle |
280 |
boolean isMember = false; |
2933 |
14 Nov 14 |
olle |
281 |
if (item != null) |
2933 |
14 Nov 14 |
olle |
282 |
{ |
2933 |
14 Nov 14 |
olle |
283 |
if (actualType == Item.GROUP) |
2933 |
14 Nov 14 |
olle |
284 |
{ |
2933 |
14 Nov 14 |
olle |
285 |
isMember = dc.getSessionControl().isMemberOf((Group)item); |
2933 |
14 Nov 14 |
olle |
286 |
} |
2933 |
14 Nov 14 |
olle |
287 |
else if (actualType == Item.ROLE) |
2933 |
14 Nov 14 |
olle |
288 |
{ |
2933 |
14 Nov 14 |
olle |
289 |
isMember = dc.getSessionControl().isMemberOf((Role)item); |
2933 |
14 Nov 14 |
olle |
290 |
} |
2933 |
14 Nov 14 |
olle |
291 |
} |
2933 |
14 Nov 14 |
olle |
292 |
|
2933 |
14 Nov 14 |
olle |
293 |
return isMember; |
2933 |
14 Nov 14 |
olle |
294 |
} |
2933 |
14 Nov 14 |
olle |
295 |
} |