Example 1 with IllegalAccessCommandException
use of org.activityinfo.legacy.shared.exception.IllegalAccessCommandException in project activityinfo by bedatadriven.
the class UpdateMonthlyReportsHandler method execute.
@Override
public CommandResult execute(UpdateMonthlyReports cmd, User user) throws CommandException {
// Phantom Row issue occurs when attempting to update Monthly ReportingPeriods concurrently.
// To prevent this, we introduce a locking mechanism to prevent simultaneous insertions into table which result
// in duplicate reporting periods on the given site.
// Once we have acquired a lock, we can then safely execute the command
acquireLock(cmd.getSiteId());
try {
Site site = em.find(Site.class, cmd.getSiteId());
if (site == null) {
throw new CommandException(cmd, "site " + cmd.getSiteId() + " not found for user " + user.getEmail());
}
if (!permissionOracle.isEditAllowed(site, user)) {
throw new IllegalAccessCommandException("Not authorized to modify sites");
}
Map<Month, ReportingPeriod> periods = Maps.newHashMap();
Map<String, Object> siteHistoryChangeMap = createChangeMap();
for (ReportingPeriod period : site.getReportingPeriods()) {
periods.put(HandlerUtil.monthFromRange(period.getDate1(), period.getDate2()), period);
}
for (UpdateMonthlyReports.Change change : cmd.getChanges()) {
if (!periods.containsKey(change.getMonth())) {
ReportingPeriod period = new ReportingPeriod(site);
period.setId(keyGenerator.generateInt());
Calendar calendar = Calendar.getInstance();
calendar.set(Calendar.YEAR, change.getMonth().getYear());
calendar.set(Calendar.MONTH, change.getMonth().getMonth() - 1);
calendar.set(Calendar.DATE, 1);
period.setDate1(calendar.getTime());
calendar.set(Calendar.DATE, calendar.getActualMaximum(Calendar.DATE));
period.setDate2(calendar.getTime());
em.persist(period);
periods.put(change.getMonth(), period);
}
}
for (UpdateMonthlyReports.Change change : cmd.getChanges()) {
updateIndicatorValue(em, periods.get(change.getMonth()), change.getIndicatorId(), change.getValue(), false);
siteHistoryChangeMap.put(getPropertyName(change.getIndicatorId(), change.getMonth()), change.getValue());
}
// update the timestamp on the site entity so changes get picked up
// by the synchro mechanism
site.setVersion(site.getActivity().incrementSiteVersion());
siteHistoryProcessor.persistHistory(site, user, ChangeType.UPDATE, siteHistoryChangeMap);
} finally {
releaseLock(cmd.getSiteId());
}
return new VoidResult();
}
Also used :
UpdateMonthlyReports(org.activityinfo.legacy.shared.command.UpdateMonthlyReports)
VoidResult(org.activityinfo.legacy.shared.command.result.VoidResult)
Calendar(java.util.Calendar)
IllegalAccessCommandException(org.activityinfo.legacy.shared.exception.IllegalAccessCommandException)
CommandException(org.activityinfo.legacy.shared.exception.CommandException)
Month(org.activityinfo.model.type.time.Month)
IllegalAccessCommandException(org.activityinfo.legacy.shared.exception.IllegalAccessCommandException)
Example 2 with IllegalAccessCommandException
use of org.activityinfo.legacy.shared.exception.IllegalAccessCommandException in project activityinfo by bedatadriven.
the class GetMonthlyReportsHandler method execute.
@Override
public CommandResult execute(GetMonthlyReports cmd, User user) throws CommandException {
Site site = em.find(Site.class, cmd.getSiteId());
if (!permissionOracle.isViewAllowed(site, user)) {
LOGGER.severe("User " + user.getEmail() + " has no view privs on site " + site.getId() + "," + "partner = " + site.getPartner().getName() + " " + site.getPartner().getId());
throw new IllegalAccessCommandException();
}
List<ReportingPeriod> periods = em.createQuery("SELECT p from ReportingPeriod p WHERE p.site.id = :siteId", ReportingPeriod.class).setParameter("siteId", cmd.getSiteId()).getResultList();
List<Indicator> indicators = em.createQuery("SELECT i from Indicator i " + "WHERE i.activity.id IN (SELECT s.activity.id FROM Site s WHERE s.id = :siteId) " + "AND i.dateDeleted IS NULL " + "ORDER BY i.sortOrder", Indicator.class).setParameter("siteId", cmd.getSiteId()).getResultList();
List<IndicatorRowDTO> list = new ArrayList<IndicatorRowDTO>();
for (Indicator indicator : indicators) {
IndicatorRowDTO dto = new IndicatorRowDTO();
dto.setIndicatorId(indicator.getId());
dto.setSiteId(cmd.getSiteId());
dto.setIndicatorName(indicator.getName());
dto.setCategory(indicator.getCategory());
dto.setActivityName(indicator.getActivity().getName());
dto.setExpression(indicator.getExpression());
for (ReportingPeriod period : periods) {
Month month = HandlerUtil.monthFromRange(period.getDate1(), period.getDate2());
if (month != null && month.compareTo(cmd.getStartMonth()) >= 0 && month.compareTo(cmd.getEndMonth()) <= 0) {
for (IndicatorValue value : period.getIndicatorValues()) {
if (value.getIndicator().getId() == indicator.getId()) {
dto.setValue(month, value.getValue());
}
}
}
}
list.add(dto);
}
return new MonthlyReportResult(list);
}
Also used :
Month(org.activityinfo.model.type.time.Month)
IllegalAccessCommandException(org.activityinfo.legacy.shared.exception.IllegalAccessCommandException)
ArrayList(java.util.ArrayList)
MonthlyReportResult(org.activityinfo.legacy.shared.command.result.MonthlyReportResult)
IndicatorRowDTO(org.activityinfo.legacy.shared.model.IndicatorRowDTO)
Example 3 with IllegalAccessCommandException
use of org.activityinfo.legacy.shared.exception.IllegalAccessCommandException in project activityinfo by bedatadriven.
the class GetActivityFormHandler method applyPermissions.
private Promise<ActivityFormDTO> applyPermissions(final ExecutionContext context, final ActivityFormDTO form) {
final Promise<ActivityFormDTO> result = new Promise<>();
SqlQuery.selectAll().appendColumn("allowView").appendColumn("allowViewAll").appendColumn("allowEdit").appendColumn("allowEditAll").appendColumn("allowDesign").appendColumn("partnerId").from(Tables.USER_PERMISSION, "p").where("p.UserId").equalTo(context.getUser().getId()).where("p.DatabaseId").equalTo(form.getDatabaseId()).execute(context.getTransaction(), new SqlResultCallback() {
@Override
public void onSuccess(SqlTransaction tx, SqlResultSet results) {
if (results.getRows().isEmpty()) {
if (form.getPublished() == Published.ALL_ARE_PUBLISHED.getIndex()) {
result.resolve(form);
} else {
result.reject(new IllegalAccessCommandException("User " + context.getUser().getId() + " does not have access to form " + form.getId()));
}
return;
}
SqlResultSetRow row = results.getRow(0);
if (!row.getBoolean("allowView")) {
if (form.getPublished() == Published.ALL_ARE_PUBLISHED.getIndex()) {
result.resolve(form);
} else {
result.reject(new IllegalAccessCommandException("User " + context.getUser().getId() + " does not have access to form " + form.getId()));
}
return;
}
form.setEditAllowed(row.getBoolean("allowEdit"));
form.setEditAllAllowed(row.getBoolean("allowEditAll"));
form.setDesignAllowed(row.getBoolean("allowDesign"));
form.setCurrentPartnerId(row.getInt("partnerId"));
result.resolve(form);
}
});
return result;
}
Also used :
Promise(org.activityinfo.promise.Promise)
SqlResultSet(com.bedatadriven.rebar.sql.client.SqlResultSet)
IllegalAccessCommandException(org.activityinfo.legacy.shared.exception.IllegalAccessCommandException)
SqlResultCallback(com.bedatadriven.rebar.sql.client.SqlResultCallback)
SqlTransaction(com.bedatadriven.rebar.sql.client.SqlTransaction)
SqlResultSetRow(com.bedatadriven.rebar.sql.client.SqlResultSetRow)
Example 4 with IllegalAccessCommandException
use of org.activityinfo.legacy.shared.exception.IllegalAccessCommandException in project activityinfo by bedatadriven.
the class UpdateReportModelHandler method execute.
@Override
public CommandResult execute(final UpdateReportModel cmd, final User user) throws CommandException {
Query query = em.createQuery("select r from ReportDefinition r where r.id in (:id)").setParameter("id", cmd.getModel().getId());
ReportDefinition result = (ReportDefinition) query.getSingleResult();
if (result.getOwner().getId() != user.getId()) {
throw new IllegalAccessCommandException("Current user does not have the right to edit this report");
}
// Invalidate the cache BEFORE attempting to update the database,
// otherwise, we will leave the system in an inconsistent state if
// the database update succeeds, but the memcache delete fails.
invalidateMemcache(cmd.getModel().getId());
// Now that we're sure that the memcache is clear of the old copy,
// we can safely update the underlying persistant datastore
result.setTitle(cmd.getModel().getTitle());
try {
result.setXml(ReportParserJaxb.createXML(cmd.getModel()));
} catch (JAXBException e) {
throw new UnexpectedCommandException(e);
}
em.persist(result);
return null;
}
Also used :
Query(javax.persistence.Query)
IllegalAccessCommandException(org.activityinfo.legacy.shared.exception.IllegalAccessCommandException)
UnexpectedCommandException(org.activityinfo.legacy.shared.exception.UnexpectedCommandException)
JAXBException(javax.xml.bind.JAXBException)
ReportDefinition(org.activityinfo.server.database.hibernate.entity.ReportDefinition)
Aggregations
IllegalAccessCommandException (org.activityinfo.legacy.shared.exception.IllegalAccessCommandException)4
Month (org.activityinfo.model.type.time.Month)2
SqlResultCallback (com.bedatadriven.rebar.sql.client.SqlResultCallback)1
SqlResultSet (com.bedatadriven.rebar.sql.client.SqlResultSet)1
SqlResultSetRow (com.bedatadriven.rebar.sql.client.SqlResultSetRow)1
SqlTransaction (com.bedatadriven.rebar.sql.client.SqlTransaction)1
ArrayList (java.util.ArrayList)1
Calendar (java.util.Calendar)1
Query (javax.persistence.Query)1
JAXBException (javax.xml.bind.JAXBException)1
UpdateMonthlyReports (org.activityinfo.legacy.shared.command.UpdateMonthlyReports)1
MonthlyReportResult (org.activityinfo.legacy.shared.command.result.MonthlyReportResult)1
VoidResult (org.activityinfo.legacy.shared.command.result.VoidResult)1
CommandException (org.activityinfo.legacy.shared.exception.CommandException)1
UnexpectedCommandException (org.activityinfo.legacy.shared.exception.UnexpectedCommandException)1
IndicatorRowDTO (org.activityinfo.legacy.shared.model.IndicatorRowDTO)1
Promise (org.activityinfo.promise.Promise)1
ReportDefinition (org.activityinfo.server.database.hibernate.entity.ReportDefinition)1
