Example 1 with AttachmentType
use of org.activityinfo.model.type.attachment.AttachmentType in project activityinfo by bedatadriven.
the class FormFieldWidgetFactory method createWidget.
public Promise<? extends FormFieldWidget> createWidget(FormClass formClass, FormField field, FieldUpdater valueUpdater) {
FieldType type = field.getType();
if (type instanceof QuantityType) {
return Promise.resolved(new QuantityFieldWidget((QuantityType) type, valueUpdater));
} else if (type instanceof SerialNumberType) {
return Promise.resolved(new SerialNumberFieldWidget((SerialNumberType) type));
} else if (type instanceof NarrativeType) {
return Promise.resolved(new NarrativeFieldWidget(valueUpdater));
} else if (type instanceof TextType) {
return Promise.resolved(new TextFieldWidget((TextType) type, valueUpdater));
} else if (type instanceof CalculatedFieldType) {
return Promise.resolved(new CalculatedFieldWidget(valueUpdater));
} else if (type instanceof LocalDateType) {
return Promise.resolved(new DateFieldWidget(valueUpdater));
} else if (type instanceof LocalDateIntervalType) {
return Promise.resolved(new DateIntervalFieldWidget(valueUpdater));
} else if (type instanceof GeoPointType) {
return Promise.resolved(new GeographicPointWidget(valueUpdater));
} else if (type instanceof EnumType) {
return Promise.resolved(new EnumFieldWidget((EnumType) field.getType(), valueUpdater, fieldWidgetMode));
} else if (type instanceof BooleanType) {
return Promise.resolved(new BooleanFieldWidget(valueUpdater));
} else if (type instanceof AttachmentType) {
AttachmentType attachmentType = (AttachmentType) type;
if (attachmentType.getKind() == AttachmentType.Kind.IMAGE) {
return Promise.resolved(new ImageUploadFieldWidget(formClass.getId(), valueUpdater, fieldWidgetMode));
} else {
return Promise.resolved(new AttachmentUploadFieldWidget(formClass.getId(), valueUpdater, fieldWidgetMode));
}
} else if (type instanceof ReferenceType) {
return createReferenceWidget(field, valueUpdater);
} else if (type instanceof BarcodeType) {
return Promise.resolved(new BarcodeFieldWidget(valueUpdater));
}
Log.error("Unexpected field type " + type.getTypeClass());
throw new UnsupportedOperationException();
}
Also used :
SerialNumberType(org.activityinfo.model.type.SerialNumberType)
ReferenceType(org.activityinfo.model.type.ReferenceType)
AttachmentUploadFieldWidget(org.activityinfo.ui.client.component.form.field.attachment.AttachmentUploadFieldWidget)
ImageUploadFieldWidget(org.activityinfo.ui.client.component.form.field.attachment.ImageUploadFieldWidget)
NarrativeType(org.activityinfo.model.type.NarrativeType)
EnumType(org.activityinfo.model.type.enumerated.EnumType)
CalculatedFieldType(org.activityinfo.model.type.expr.CalculatedFieldType)
AttachmentType(org.activityinfo.model.type.attachment.AttachmentType)
BooleanType(org.activityinfo.model.type.primitive.BooleanType)
LocalDateIntervalType(org.activityinfo.model.type.time.LocalDateIntervalType)
FieldType(org.activityinfo.model.type.FieldType)
CalculatedFieldType(org.activityinfo.model.type.expr.CalculatedFieldType)
TextType(org.activityinfo.model.type.primitive.TextType)
GeoPointType(org.activityinfo.model.type.geo.GeoPointType)
QuantityType(org.activityinfo.model.type.number.QuantityType)
LocalDateType(org.activityinfo.model.type.time.LocalDateType)
BarcodeType(org.activityinfo.model.type.barcode.BarcodeType)
Example 2 with AttachmentType
use of org.activityinfo.model.type.attachment.AttachmentType in project activityinfo by bedatadriven.
the class AttachmentFieldTemplate method create.
@Override
public FormField create() {
AttachmentType type = (AttachmentType) AttachmentType.TYPE_CLASS.createType();
type.setKind(kind);
FormField formField = new FormField(CuidAdapter.indicatorField(new KeyGenerator().generateInt()));
formField.setType(type);
formField.setLabel(label);
return formField;
}
Also used :
AttachmentType(org.activityinfo.model.type.attachment.AttachmentType)
FormField(org.activityinfo.model.form.FormField)
KeyGenerator(org.activityinfo.model.legacy.KeyGenerator)
Example 3 with AttachmentType
use of org.activityinfo.model.type.attachment.AttachmentType in project activityinfo by bedatadriven.
the class Updater method checkBlobPermissions.
/**
* Verifies that the user has permission to associate the given blob with this record.
*
* <p>Updating blob-valued fields is done by the user in two steps. First, the user uploads a file and
* receives a unique id for the blob. Then, the user updates a record's field with the blob's unique id. </p>
*
* <p>Once the blob is associated with the record, then any user with permission to view the record is extended
* permission to view the blob. This opens an avenue of attack where by an attacker with seeks to obtain access
* to a blob with some id by assigning it to an unrelated record to which they have access.</p>
*
* <p>For this reason, only users who originally uploaded the blob may assign the blob to a record's field value.</p>
*/
private void checkBlobPermissions(FormField field, Optional<FormRecord> existingResource, AttachmentValue updatedValue) {
AttachmentType fieldType = (AttachmentType) field.getType();
// Identity the blob ids that are already associated with this record
Set<String> existingBlobIds = new HashSet<>();
if (existingResource.isPresent()) {
JsonValue existingFieldValue = existingResource.get().getFields().get(field.getId().asString());
if (!existingFieldValue.isJsonNull()) {
AttachmentValue existingValue = fieldType.parseJsonValue(existingFieldValue);
for (Attachment attachment : existingValue.getValues()) {
existingBlobIds.add(attachment.getBlobId());
}
}
}
// Assert that the user owns the blob they are associating with the record
for (Attachment attachment : updatedValue.getValues()) {
if (!existingBlobIds.contains(attachment.getBlobId())) {
if (!blobAuthorizer.isOwner(userId, attachment.getBlobId())) {
throw new InvalidUpdateException(String.format("User %d does not own blob %s", userId, attachment.getBlobId()));
}
}
}
}
Also used :
AttachmentValue(org.activityinfo.model.type.attachment.AttachmentValue)
AttachmentType(org.activityinfo.model.type.attachment.AttachmentType)
JsonValue(org.activityinfo.json.JsonValue)
Attachment(org.activityinfo.model.type.attachment.Attachment)
Aggregations
AttachmentType (org.activityinfo.model.type.attachment.AttachmentType)3
JsonValue (org.activityinfo.json.JsonValue)1
FormField (org.activityinfo.model.form.FormField)1
KeyGenerator (org.activityinfo.model.legacy.KeyGenerator)1
FieldType (org.activityinfo.model.type.FieldType)1
NarrativeType (org.activityinfo.model.type.NarrativeType)1
ReferenceType (org.activityinfo.model.type.ReferenceType)1
SerialNumberType (org.activityinfo.model.type.SerialNumberType)1
Attachment (org.activityinfo.model.type.attachment.Attachment)1
AttachmentValue (org.activityinfo.model.type.attachment.AttachmentValue)1
BarcodeType (org.activityinfo.model.type.barcode.BarcodeType)1
EnumType (org.activityinfo.model.type.enumerated.EnumType)1
CalculatedFieldType (org.activityinfo.model.type.expr.CalculatedFieldType)1
GeoPointType (org.activityinfo.model.type.geo.GeoPointType)1
QuantityType (org.activityinfo.model.type.number.QuantityType)1
BooleanType (org.activityinfo.model.type.primitive.BooleanType)1
TextType (org.activityinfo.model.type.primitive.TextType)1
LocalDateIntervalType (org.activityinfo.model.type.time.LocalDateIntervalType)1
LocalDateType (org.activityinfo.model.type.time.LocalDateType)1
AttachmentUploadFieldWidget (org.activityinfo.ui.client.component.form.field.attachment.AttachmentUploadFieldWidget)1
