use of fi.otavanopisto.pyramus.domainmodel.users.StaffMember in project pyramus by otavanopisto.
the class StudentRESTService method listCourseAssessments.
@Path("/students/{STUDENTID:[0-9]*}/courses/{COURSEID:[0-9]*}/assessments/")
@GET
@RESTPermit(handling = Handling.INLINE)
public Response listCourseAssessments(@PathParam("STUDENTID") Long studentId, @PathParam("COURSEID") Long courseId) {
if (!sessionController.isLoggedIn()) {
return Response.status(Status.FORBIDDEN).build();
}
Student student = studentController.findStudentById(studentId);
if (student == null || student.getArchived()) {
return Response.status(Status.NOT_FOUND).build();
}
Course course = courseController.findCourseById(courseId);
if (course == null || course.getArchived()) {
return Response.status(Status.NOT_FOUND).build();
}
if (!(UserUtils.isOwnerOf(sessionController.getUser(), student.getPerson()) || sessionController.hasPermission(CourseAssessmentPermissions.LIST_STUDENT_COURSEASSESSMENTS, course))) {
return Response.status(Status.FORBIDDEN).build();
} else {
// User has the required permission, check if it's restricted to limited group of students
if (sessionController.hasEnvironmentPermission(StudentPermissions.FEATURE_OWNED_GROUP_STUDENTS_RESTRICTION)) {
StaffMember staffMember = sessionController.getUser() instanceof StaffMember ? (StaffMember) sessionController.getUser() : null;
if (staffMember != null) {
if (!(courseController.isCourseStaffMember(course, staffMember) || studentController.isStudentGuider(staffMember, student))) {
return Response.status(Status.FORBIDDEN).build();
}
} else {
return Response.status(Status.FORBIDDEN).build();
}
}
}
List<CourseAssessment> courseAssessments = assessmentController.listByCourseAndStudent(course, student);
return Response.ok(objectFactory.createModel(courseAssessments)).build();
}
use of fi.otavanopisto.pyramus.domainmodel.users.StaffMember in project pyramus by otavanopisto.
the class MuikkuRESTService method updateUser.
@Path("/users/{IDENTIFIER}")
@PUT
@RESTPermit(MuikkuPermissions.MUIKKU_UPDATE_STAFF_MEMBER)
public Response updateUser(@Context HttpServletRequest request, @PathParam("IDENTIFIER") String identifier, StaffMemberPayload payload) {
if (!StringUtils.equals(payload.getIdentifier(), identifier)) {
return Response.status(Status.BAD_REQUEST).entity("Payload identifier doesn't match path identifier").build();
}
if (StringUtils.isAnyBlank(payload.getFirstName(), payload.getLastName(), payload.getEmail(), payload.getRole())) {
return Response.status(Status.BAD_REQUEST).entity("Empty fields in payload").build();
}
// Test allowed roles
Role role;
try {
role = Role.valueOf(payload.getRole());
if (role != Role.MANAGER && role != Role.TEACHER) {
return Response.status(Status.BAD_REQUEST).entity(String.format("Unsupported role %s", payload.getRole())).build();
}
} catch (Exception e) {
return Response.status(Status.BAD_REQUEST).entity(String.format("Unsupported role %s", payload.getRole())).build();
}
// Find user
Long staffMemberId = Long.valueOf(payload.getIdentifier());
StaffMember staffMember = userController.findStaffMemberById(staffMemberId);
if (staffMember == null || !UserUtils.canAccessOrganization(sessionController.getUser(), staffMember.getOrganization())) {
return Response.status(Status.NOT_FOUND).build();
}
Role existingRole = staffMember.getRole();
if (existingRole != Role.MANAGER && existingRole != Role.TEACHER) {
role = existingRole;
}
List<Email> staffMemberEmails = userController.listStaffMemberEmails(staffMember);
if (staffMemberEmails.size() != 1) {
return Response.status(Status.BAD_REQUEST).entity("User has several emails").build();
}
Email email = staffMemberEmails.get(0);
String address = StringUtils.trim(StringUtils.lowerCase(payload.getEmail()));
if (!UserUtils.isAllowedEmail(address, email.getContactType(), staffMember.getPerson().getId())) {
return Response.status(Status.CONFLICT).entity(getMessage(request.getLocale(), "error.emailInUse")).build();
}
// Update user
staffMember = userController.updateStaffMember(staffMember, staffMember.getOrganization(), payload.getFirstName(), payload.getLastName(), role);
// Update email
try {
email = userController.updateStaffMemberEmail(staffMember, email, email.getContactType(), address, email.getDefaultAddress());
} catch (UserEmailInUseException e) {
// Set the transaction as rollback only
sessionContext.setRollbackOnly();
return Response.status(Status.CONFLICT).entity(getMessage(request.getLocale(), "error.emailInUse")).build();
}
return Response.ok(toRestModel(staffMember, email)).build();
}
use of fi.otavanopisto.pyramus.domainmodel.users.StaffMember in project pyramus by otavanopisto.
the class MuikkuRESTService method removeStudentGroupMembers.
@Path("/removestudentgroupmembers")
@PUT
@RESTPermit(MuikkuPermissions.MUIKKU_REMOVE_STUDENT_GROUP_MEMBERS)
public Response removeStudentGroupMembers(@Context HttpServletRequest request, StudentGroupMembersPayload payload) {
// Prerequisites
User loggedUser = sessionController.getUser();
if (loggedUser.getOrganization() == null) {
return Response.status(Status.INTERNAL_SERVER_ERROR).entity("Current user lacks organization").build();
}
// Basic payload validation
Long groupId = new Long(payload.getGroupIdentifier());
StudentGroup studentGroup = studentGroupController.findStudentGroupById(groupId);
if (studentGroup == null) {
return Response.status(Status.BAD_REQUEST).entity(String.format("Student group %d not found", groupId)).build();
} else if (!UserUtils.canAccessOrganization(loggedUser, studentGroup.getOrganization())) {
logger.log(Level.SEVERE, String.format("Organization mismatch. User %d attempted to access group %d", loggedUser.getId(), groupId));
return Response.status(Status.BAD_REQUEST).entity("No student group access").build();
}
for (String userIdentifier : payload.getUserIdentifiers()) {
Long userId = new Long(userIdentifier);
User user = userController.findUserById(userId);
if (!UserUtils.canAccessOrganization(loggedUser, user.getOrganization())) {
logger.log(Level.SEVERE, String.format("Organization mismatch. User %d attempted to remove user %d from group %d", loggedUser.getId(), userId, groupId));
return Response.status(Status.BAD_REQUEST).entity("No user access").build();
}
}
for (String userIdentifier : payload.getUserIdentifiers()) {
Long userId = new Long(userIdentifier);
User user = userController.findUserById(userId);
if (user instanceof Student) {
StudentGroupStudent studentGroupStudent = studentGroupController.findStudentGroupStudentByStudentGroupAndStudent(studentGroup, (Student) user);
if (studentGroupStudent != null) {
studentGroupController.deleteStudentGroupStudent(studentGroupStudent);
}
} else if (user instanceof StaffMember) {
StudentGroupUser studentGroupUser = studentGroupController.findStudentGroupUserByStudentGroupAndUser(studentGroup, (StaffMember) user);
if (studentGroupUser != null) {
studentGroupController.deleteStudentGroupUser(studentGroupUser);
}
}
}
return Response.noContent().build();
}
use of fi.otavanopisto.pyramus.domainmodel.users.StaffMember in project pyramus by otavanopisto.
the class StudentRESTService method createStudentGroupStaffMember.
@Path("/studentGroups/{ID:[0-9]*}/staffmembers")
@POST
@RESTPermit(StudentGroupPermissions.CREATE_STUDENTGROUPSTAFFMEMBER)
public Response createStudentGroupStaffMember(@PathParam("ID") Long id, fi.otavanopisto.pyramus.rest.model.StudentGroupUser entity) {
if (entity == null) {
return Response.status(Status.BAD_REQUEST).build();
}
if (entity.getStaffMemberId() == null) {
return Response.status(Status.BAD_REQUEST).build();
}
StudentGroup studentGroup = studentGroupController.findStudentGroupById(id);
if (studentGroup == null || studentGroup.getArchived()) {
return Response.status(Status.NOT_FOUND).build();
}
if (!UserUtils.canAccessOrganization(sessionController.getUser(), studentGroup.getOrganization())) {
return Response.status(Status.FORBIDDEN).build();
}
StaffMember staffMember = userController.findStaffMemberById(entity.getStaffMemberId());
if (staffMember == null) {
return Response.status(Status.BAD_REQUEST).build();
}
StudentGroupUser studentGroupUser = studentGroupController.createStudentGroupStaffMember(studentGroup, staffMember, sessionController.getUser());
return Response.ok(objectFactory.createModel(studentGroupUser)).build();
}
use of fi.otavanopisto.pyramus.domainmodel.users.StaffMember in project pyramus by otavanopisto.
the class StaffRESTService method listStaffMembers.
@Path("/members")
@GET
@RESTPermit(UserPermissions.LIST_STAFFMEMBERS)
public Response listStaffMembers(@QueryParam("firstResult") Integer firstResult, @QueryParam("maxResults") Integer maxResults, @QueryParam("email") String email) {
List<StaffMember> staffMembers;
if (StringUtils.isNotBlank(email)) {
staffMembers = new ArrayList<>();
StaffMember staffMember = userController.findStaffMemberByEmail(email);
if (staffMember != null) {
staffMembers.add(staffMember);
}
} else {
staffMembers = userController.listStaffMembers(firstResult, maxResults);
}
return Response.ok(objectFactory.createModel(staffMembers)).build();
}
Aggregations