Search in sources :

Example 21 with StaffMember

use of fi.otavanopisto.pyramus.domainmodel.users.StaffMember in project pyramus by otavanopisto.

the class StudentRESTService method listCourseAssessments.

@Path("/students/{STUDENTID:[0-9]*}/courses/{COURSEID:[0-9]*}/assessments/")
@GET
@RESTPermit(handling = Handling.INLINE)
public Response listCourseAssessments(@PathParam("STUDENTID") Long studentId, @PathParam("COURSEID") Long courseId) {
    if (!sessionController.isLoggedIn()) {
        return Response.status(Status.FORBIDDEN).build();
    }
    Student student = studentController.findStudentById(studentId);
    if (student == null || student.getArchived()) {
        return Response.status(Status.NOT_FOUND).build();
    }
    Course course = courseController.findCourseById(courseId);
    if (course == null || course.getArchived()) {
        return Response.status(Status.NOT_FOUND).build();
    }
    if (!(UserUtils.isOwnerOf(sessionController.getUser(), student.getPerson()) || sessionController.hasPermission(CourseAssessmentPermissions.LIST_STUDENT_COURSEASSESSMENTS, course))) {
        return Response.status(Status.FORBIDDEN).build();
    } else {
        // User has the required permission, check if it's restricted to limited group of students
        if (sessionController.hasEnvironmentPermission(StudentPermissions.FEATURE_OWNED_GROUP_STUDENTS_RESTRICTION)) {
            StaffMember staffMember = sessionController.getUser() instanceof StaffMember ? (StaffMember) sessionController.getUser() : null;
            if (staffMember != null) {
                if (!(courseController.isCourseStaffMember(course, staffMember) || studentController.isStudentGuider(staffMember, student))) {
                    return Response.status(Status.FORBIDDEN).build();
                }
            } else {
                return Response.status(Status.FORBIDDEN).build();
            }
        }
    }
    List<CourseAssessment> courseAssessments = assessmentController.listByCourseAndStudent(course, student);
    return Response.ok(objectFactory.createModel(courseAssessments)).build();
}
Also used : CourseStudent(fi.otavanopisto.pyramus.domainmodel.courses.CourseStudent) StudentGroupStudent(fi.otavanopisto.pyramus.domainmodel.students.StudentGroupStudent) Student(fi.otavanopisto.pyramus.domainmodel.students.Student) Course(fi.otavanopisto.pyramus.domainmodel.courses.Course) StaffMember(fi.otavanopisto.pyramus.domainmodel.users.StaffMember) CourseAssessment(fi.otavanopisto.pyramus.domainmodel.grading.CourseAssessment) Path(javax.ws.rs.Path) RESTPermit(fi.otavanopisto.pyramus.rest.annotation.RESTPermit) GET(javax.ws.rs.GET)

Example 22 with StaffMember

use of fi.otavanopisto.pyramus.domainmodel.users.StaffMember in project pyramus by otavanopisto.

the class MuikkuRESTService method updateUser.

@Path("/users/{IDENTIFIER}")
@PUT
@RESTPermit(MuikkuPermissions.MUIKKU_UPDATE_STAFF_MEMBER)
public Response updateUser(@Context HttpServletRequest request, @PathParam("IDENTIFIER") String identifier, StaffMemberPayload payload) {
    if (!StringUtils.equals(payload.getIdentifier(), identifier)) {
        return Response.status(Status.BAD_REQUEST).entity("Payload identifier doesn't match path identifier").build();
    }
    if (StringUtils.isAnyBlank(payload.getFirstName(), payload.getLastName(), payload.getEmail(), payload.getRole())) {
        return Response.status(Status.BAD_REQUEST).entity("Empty fields in payload").build();
    }
    // Test allowed roles
    Role role;
    try {
        role = Role.valueOf(payload.getRole());
        if (role != Role.MANAGER && role != Role.TEACHER) {
            return Response.status(Status.BAD_REQUEST).entity(String.format("Unsupported role %s", payload.getRole())).build();
        }
    } catch (Exception e) {
        return Response.status(Status.BAD_REQUEST).entity(String.format("Unsupported role %s", payload.getRole())).build();
    }
    // Find user
    Long staffMemberId = Long.valueOf(payload.getIdentifier());
    StaffMember staffMember = userController.findStaffMemberById(staffMemberId);
    if (staffMember == null || !UserUtils.canAccessOrganization(sessionController.getUser(), staffMember.getOrganization())) {
        return Response.status(Status.NOT_FOUND).build();
    }
    Role existingRole = staffMember.getRole();
    if (existingRole != Role.MANAGER && existingRole != Role.TEACHER) {
        role = existingRole;
    }
    List<Email> staffMemberEmails = userController.listStaffMemberEmails(staffMember);
    if (staffMemberEmails.size() != 1) {
        return Response.status(Status.BAD_REQUEST).entity("User has several emails").build();
    }
    Email email = staffMemberEmails.get(0);
    String address = StringUtils.trim(StringUtils.lowerCase(payload.getEmail()));
    if (!UserUtils.isAllowedEmail(address, email.getContactType(), staffMember.getPerson().getId())) {
        return Response.status(Status.CONFLICT).entity(getMessage(request.getLocale(), "error.emailInUse")).build();
    }
    // Update user
    staffMember = userController.updateStaffMember(staffMember, staffMember.getOrganization(), payload.getFirstName(), payload.getLastName(), role);
    // Update email
    try {
        email = userController.updateStaffMemberEmail(staffMember, email, email.getContactType(), address, email.getDefaultAddress());
    } catch (UserEmailInUseException e) {
        // Set the transaction as rollback only
        sessionContext.setRollbackOnly();
        return Response.status(Status.CONFLICT).entity(getMessage(request.getLocale(), "error.emailInUse")).build();
    }
    return Response.ok(toRestModel(staffMember, email)).build();
}
Also used : Role(fi.otavanopisto.pyramus.domainmodel.users.Role) UserEmailInUseException(fi.otavanopisto.pyramus.framework.UserEmailInUseException) Email(fi.otavanopisto.pyramus.domainmodel.base.Email) StaffMember(fi.otavanopisto.pyramus.domainmodel.users.StaffMember) UserEmailInUseException(fi.otavanopisto.pyramus.framework.UserEmailInUseException) Path(javax.ws.rs.Path) RESTPermit(fi.otavanopisto.pyramus.rest.annotation.RESTPermit) PUT(javax.ws.rs.PUT)

Example 23 with StaffMember

use of fi.otavanopisto.pyramus.domainmodel.users.StaffMember in project pyramus by otavanopisto.

the class MuikkuRESTService method removeStudentGroupMembers.

@Path("/removestudentgroupmembers")
@PUT
@RESTPermit(MuikkuPermissions.MUIKKU_REMOVE_STUDENT_GROUP_MEMBERS)
public Response removeStudentGroupMembers(@Context HttpServletRequest request, StudentGroupMembersPayload payload) {
    // Prerequisites
    User loggedUser = sessionController.getUser();
    if (loggedUser.getOrganization() == null) {
        return Response.status(Status.INTERNAL_SERVER_ERROR).entity("Current user lacks organization").build();
    }
    // Basic payload validation
    Long groupId = new Long(payload.getGroupIdentifier());
    StudentGroup studentGroup = studentGroupController.findStudentGroupById(groupId);
    if (studentGroup == null) {
        return Response.status(Status.BAD_REQUEST).entity(String.format("Student group %d not found", groupId)).build();
    } else if (!UserUtils.canAccessOrganization(loggedUser, studentGroup.getOrganization())) {
        logger.log(Level.SEVERE, String.format("Organization mismatch. User %d attempted to access group %d", loggedUser.getId(), groupId));
        return Response.status(Status.BAD_REQUEST).entity("No student group access").build();
    }
    for (String userIdentifier : payload.getUserIdentifiers()) {
        Long userId = new Long(userIdentifier);
        User user = userController.findUserById(userId);
        if (!UserUtils.canAccessOrganization(loggedUser, user.getOrganization())) {
            logger.log(Level.SEVERE, String.format("Organization mismatch. User %d attempted to remove user %d from group %d", loggedUser.getId(), userId, groupId));
            return Response.status(Status.BAD_REQUEST).entity("No user access").build();
        }
    }
    for (String userIdentifier : payload.getUserIdentifiers()) {
        Long userId = new Long(userIdentifier);
        User user = userController.findUserById(userId);
        if (user instanceof Student) {
            StudentGroupStudent studentGroupStudent = studentGroupController.findStudentGroupStudentByStudentGroupAndStudent(studentGroup, (Student) user);
            if (studentGroupStudent != null) {
                studentGroupController.deleteStudentGroupStudent(studentGroupStudent);
            }
        } else if (user instanceof StaffMember) {
            StudentGroupUser studentGroupUser = studentGroupController.findStudentGroupUserByStudentGroupAndUser(studentGroup, (StaffMember) user);
            if (studentGroupUser != null) {
                studentGroupController.deleteStudentGroupUser(studentGroupUser);
            }
        }
    }
    return Response.noContent().build();
}
Also used : StudentGroupStudent(fi.otavanopisto.pyramus.domainmodel.students.StudentGroupStudent) StudentGroupUser(fi.otavanopisto.pyramus.domainmodel.students.StudentGroupUser) User(fi.otavanopisto.pyramus.domainmodel.users.User) CourseStudent(fi.otavanopisto.pyramus.domainmodel.courses.CourseStudent) StudentGroupStudent(fi.otavanopisto.pyramus.domainmodel.students.StudentGroupStudent) Student(fi.otavanopisto.pyramus.domainmodel.students.Student) StaffMember(fi.otavanopisto.pyramus.domainmodel.users.StaffMember) StudentGroupUser(fi.otavanopisto.pyramus.domainmodel.students.StudentGroupUser) StudentGroup(fi.otavanopisto.pyramus.domainmodel.students.StudentGroup) Path(javax.ws.rs.Path) RESTPermit(fi.otavanopisto.pyramus.rest.annotation.RESTPermit) PUT(javax.ws.rs.PUT)

Example 24 with StaffMember

use of fi.otavanopisto.pyramus.domainmodel.users.StaffMember in project pyramus by otavanopisto.

the class StudentRESTService method createStudentGroupStaffMember.

@Path("/studentGroups/{ID:[0-9]*}/staffmembers")
@POST
@RESTPermit(StudentGroupPermissions.CREATE_STUDENTGROUPSTAFFMEMBER)
public Response createStudentGroupStaffMember(@PathParam("ID") Long id, fi.otavanopisto.pyramus.rest.model.StudentGroupUser entity) {
    if (entity == null) {
        return Response.status(Status.BAD_REQUEST).build();
    }
    if (entity.getStaffMemberId() == null) {
        return Response.status(Status.BAD_REQUEST).build();
    }
    StudentGroup studentGroup = studentGroupController.findStudentGroupById(id);
    if (studentGroup == null || studentGroup.getArchived()) {
        return Response.status(Status.NOT_FOUND).build();
    }
    if (!UserUtils.canAccessOrganization(sessionController.getUser(), studentGroup.getOrganization())) {
        return Response.status(Status.FORBIDDEN).build();
    }
    StaffMember staffMember = userController.findStaffMemberById(entity.getStaffMemberId());
    if (staffMember == null) {
        return Response.status(Status.BAD_REQUEST).build();
    }
    StudentGroupUser studentGroupUser = studentGroupController.createStudentGroupStaffMember(studentGroup, staffMember, sessionController.getUser());
    return Response.ok(objectFactory.createModel(studentGroupUser)).build();
}
Also used : StaffMember(fi.otavanopisto.pyramus.domainmodel.users.StaffMember) StudentGroupUser(fi.otavanopisto.pyramus.domainmodel.students.StudentGroupUser) StudentGroup(fi.otavanopisto.pyramus.domainmodel.students.StudentGroup) Path(javax.ws.rs.Path) RESTPermit(fi.otavanopisto.pyramus.rest.annotation.RESTPermit) POST(javax.ws.rs.POST)

Example 25 with StaffMember

use of fi.otavanopisto.pyramus.domainmodel.users.StaffMember in project pyramus by otavanopisto.

the class StaffRESTService method listStaffMembers.

@Path("/members")
@GET
@RESTPermit(UserPermissions.LIST_STAFFMEMBERS)
public Response listStaffMembers(@QueryParam("firstResult") Integer firstResult, @QueryParam("maxResults") Integer maxResults, @QueryParam("email") String email) {
    List<StaffMember> staffMembers;
    if (StringUtils.isNotBlank(email)) {
        staffMembers = new ArrayList<>();
        StaffMember staffMember = userController.findStaffMemberByEmail(email);
        if (staffMember != null) {
            staffMembers.add(staffMember);
        }
    } else {
        staffMembers = userController.listStaffMembers(firstResult, maxResults);
    }
    return Response.ok(objectFactory.createModel(staffMembers)).build();
}
Also used : StaffMember(fi.otavanopisto.pyramus.domainmodel.users.StaffMember) Path(javax.ws.rs.Path) RESTPermit(fi.otavanopisto.pyramus.rest.annotation.RESTPermit) GET(javax.ws.rs.GET)

Aggregations

StaffMember (fi.otavanopisto.pyramus.domainmodel.users.StaffMember)128 StaffMemberDAO (fi.otavanopisto.pyramus.dao.users.StaffMemberDAO)83 Student (fi.otavanopisto.pyramus.domainmodel.students.Student)38 RESTPermit (fi.otavanopisto.pyramus.rest.annotation.RESTPermit)26 Path (javax.ws.rs.Path)26 User (fi.otavanopisto.pyramus.domainmodel.users.User)25 Date (java.util.Date)24 StudentDAO (fi.otavanopisto.pyramus.dao.students.StudentDAO)23 Organization (fi.otavanopisto.pyramus.domainmodel.base.Organization)23 SmvcRuntimeException (fi.internetix.smvc.SmvcRuntimeException)22 CourseStudent (fi.otavanopisto.pyramus.domainmodel.courses.CourseStudent)20 Tag (fi.otavanopisto.pyramus.domainmodel.base.Tag)18 OrganizationDAO (fi.otavanopisto.pyramus.dao.base.OrganizationDAO)16 Course (fi.otavanopisto.pyramus.domainmodel.courses.Course)16 StudentGroup (fi.otavanopisto.pyramus.domainmodel.students.StudentGroup)16 ApplicationDAO (fi.otavanopisto.pyramus.dao.application.ApplicationDAO)14 Person (fi.otavanopisto.pyramus.domainmodel.base.Person)14 HashMap (java.util.HashMap)14 HashSet (java.util.HashSet)14 Curriculum (fi.otavanopisto.pyramus.domainmodel.base.Curriculum)13