Example 1 with InsufficientPermissionException
use of org.akaza.openclinica.web.InsufficientPermissionException in project OpenClinica by OpenClinica.
the class UpdateStudyServletNew method mayProceed.
/**
*
*/
@Override
public void mayProceed() throws InsufficientPermissionException {
if (ub.isSysAdmin()) {
return;
}
Role r = currentRole.getRole();
if (r.equals(Role.STUDYDIRECTOR) || r.equals(Role.COORDINATOR)) {
return;
}
addPageMessage(respage.getString("no_have_correct_privilege_current_study") + respage.getString("change_study_contact_sysadmin"));
throw new InsufficientPermissionException(Page.MENU_SERVLET, resexception.getString("may_not_submit_data"), "1");
}
Also used :
Role(org.akaza.openclinica.bean.core.Role)
InsufficientPermissionException(org.akaza.openclinica.web.InsufficientPermissionException)
Example 2 with InsufficientPermissionException
use of org.akaza.openclinica.web.InsufficientPermissionException in project OpenClinica by OpenClinica.
the class AuditLogStudyServlet method mayProceed.
/*
* (non-Javadoc) Since access to this servlet is admin-only, restricts user
* to see logs of specific users only @author thickerson
*
* @see org.akaza.openclinica.control.core.SecureController#mayProceed()
*/
@Override
protected void mayProceed() throws InsufficientPermissionException {
if (ub.isSysAdmin()) {
return;
}
Role r = currentRole.getRole();
if (r.equals(Role.STUDYDIRECTOR) || r.equals(Role.COORDINATOR)) {
return;
}
addPageMessage(respage.getString("no_have_correct_privilege_current_study") + respage.getString("change_study_contact_sysadmin"));
throw new InsufficientPermissionException(Page.MENU_SERVLET, resexception.getString("not_director"), "1");
}
Also used :
Role(org.akaza.openclinica.bean.core.Role)
InsufficientPermissionException(org.akaza.openclinica.web.InsufficientPermissionException)
Example 3 with InsufficientPermissionException
use of org.akaza.openclinica.web.InsufficientPermissionException in project OpenClinica by OpenClinica.
the class ViewLogMessageServlet method processRequest.
@Override
protected void processRequest() throws Exception {
try {
File destDirectory = new File(ImportSpringJob.IMPORT_DIR_2);
FormProcessor fp = new FormProcessor(request);
// all whitespace, one or more times
String regex = "\\s+";
// replace with underscores
String replacement = "_";
String fileName = fp.getString("n");
String triggerName = fp.getString("tn");
String groupName = fp.getString("gn");
logger.debug("found trigger name " + triggerName + " group name " + groupName);
File logDestDirectory = new File(destDirectory + File.separator + fileName.replaceAll(regex, replacement) + ".log.txt" + File.separator + "log.txt");
// StringBuffer sbu = new StringBuffer();
// BufferedReader r = new BufferedReader(new FileReader(logDestDirectory));
// char[] buffer = new char[1024];
// int amount = 0;
// while ((amount = r.read(buffer, 0, buffer.length)) != -1) {
// sbu.append(buffer);
// }
// r.close();
String fileContents = readFromFile(logDestDirectory);
request.setAttribute(this.LOG_MESSAGE, fileContents);
request.setAttribute(this.FILE_NAME, fileName);
request.setAttribute(this.TRIGGER_NAME, triggerName);
request.setAttribute(this.GROUP_NAME, groupName);
// need to also set the information back to the original view jobs
// so we have to get back to this type of page:
// http://localhost:8081/OpenClinica-3.0-SNAPSHOT/ViewSingleJob?tname=test%20job%2001&gname=1
forwardPage(Page.VIEW_LOG_MESSAGE);
} catch (Exception e) {
// TODO Auto-generated catch block
logger.error("found IO exception: " + e.getMessage());
addPageMessage(respage.getString("no_have_correct_privilege_current_study") + respage.getString("change_study_contact_sysadmin"));
// throw new InsufficientPermissionException(Page.MENU, resexception.getString("not_allowed_access_extract_data_servlet"), "1");
forwardPage(Page.MENU);
}
}
Also used :
FormProcessor(org.akaza.openclinica.control.form.FormProcessor)
File(java.io.File)
InsufficientPermissionException(org.akaza.openclinica.web.InsufficientPermissionException)
Example 4 with InsufficientPermissionException
use of org.akaza.openclinica.web.InsufficientPermissionException in project OpenClinica by OpenClinica.
the class UpdateCRFServlet method mayProceed.
/**
*
*/
@Override
public void mayProceed() throws InsufficientPermissionException {
if (ub.isSysAdmin()) {
return;
}
boolean isStudyDirectorInParent = false;
if (currentStudy.getParentStudyId() > 0) {
logger.info("2222");
Role r = ub.getRoleByStudy(currentStudy.getParentStudyId()).getRole();
if (r.equals(Role.STUDYDIRECTOR) || r.equals(Role.ADMIN)) {
isStudyDirectorInParent = true;
}
}
// get current studyid
int studyId = currentStudy.getId();
if (ub.hasRoleInStudy(studyId)) {
Role r = ub.getRoleByStudy(studyId).getRole();
if (isStudyDirectorInParent || r.equals(Role.STUDYDIRECTOR) || r.equals(Role.ADMIN)) {
return;
}
}
addPageMessage(respage.getString("you_not_have_permission_update_a_CRF") + respage.getString("change_study_contact_sysadmin"));
throw new InsufficientPermissionException(Page.CRF_LIST_SERVLET, resexception.getString("not_study_director"), "1");
}
Also used :
Role(org.akaza.openclinica.bean.core.Role)
InsufficientPermissionException(org.akaza.openclinica.web.InsufficientPermissionException)
Example 5 with InsufficientPermissionException
use of org.akaza.openclinica.web.InsufficientPermissionException in project OpenClinica by OpenClinica.
the class SecureController method process.
private void process(HttpServletRequest request, HttpServletResponse response) throws OpenClinicaException, UnsupportedEncodingException {
request.setCharacterEncoding("UTF-8");
session = request.getSession();
// BWP >> 1/8/2008
try {
// YW 10-03-2007 <<
session.setMaxInactiveInterval(Integer.parseInt(SQLInitServlet.getField("max_inactive_interval")));
// YW >>
} catch (NumberFormatException nfe) {
// BWP>>3600 is the datainfo.properties maxInactiveInterval on
// 1/8/2008
session.setMaxInactiveInterval(3600);
}
// If the session already has a value with key SUPPORT_URL don't reset
if (session.getAttribute(SUPPORT_URL) == null) {
session.setAttribute(SUPPORT_URL, SQLInitServlet.getSupportURL());
}
ub = (UserAccountBean) session.getAttribute(USER_BEAN_NAME);
currentStudy = (StudyBean) session.getAttribute("study");
currentRole = (StudyUserRoleBean) session.getAttribute("userRole");
// Set current language preferences
Locale locale = LocaleResolver.getLocale(request);
ResourceBundleProvider.updateLocale(locale);
resadmin = ResourceBundleProvider.getAdminBundle(locale);
resaudit = ResourceBundleProvider.getAuditEventsBundle(locale);
resexception = ResourceBundleProvider.getExceptionsBundle(locale);
resformat = ResourceBundleProvider.getFormatBundle(locale);
restext = ResourceBundleProvider.getTextsBundle(locale);
resterm = ResourceBundleProvider.getTermsBundle(locale);
resword = ResourceBundleProvider.getWordsBundle(locale);
respage = ResourceBundleProvider.getPageMessagesBundle(locale);
resworkflow = ResourceBundleProvider.getWorkflowBundle(locale);
local_df = I18nFormatUtil.getDateFormat(locale);
try {
String userName = request.getRemoteUser();
// BWP 1/8/08<< the sm variable may already be set with a mock
// object,
// from the perspective of
// JUnit servlets tests
/*
* if(sm==null && (!StringUtil.isBlank(userName))) {//check if user logged in, then create a new sessionmanger to
* get ub //create a new sm in order to get a new ub object sm = new SessionManager(ub, userName); }
*/
// BWP 01/08 >>
// sm = new SessionManager(ub, userName);
sm = new SessionManager(ub, userName, SpringServletAccess.getApplicationContext(context));
ub = sm.getUserBean();
session.setAttribute("userBean", ub);
StudyDAO sdao = new StudyDAO(sm.getDataSource());
if (currentStudy == null || currentStudy.getId() <= 0) {
if (ub.getId() > 0 && ub.getActiveStudyId() > 0) {
StudyParameterValueDAO spvdao = new StudyParameterValueDAO(sm.getDataSource());
currentStudy = (StudyBean) sdao.findByPK(ub.getActiveStudyId());
ArrayList studyParameters = spvdao.findParamConfigByStudy(currentStudy);
currentStudy.setStudyParameters(studyParameters);
StudyConfigService scs = new StudyConfigService(sm.getDataSource());
if (currentStudy.getParentStudyId() <= 0) {
// top study
scs.setParametersForStudy(currentStudy);
} else {
// YW <<
currentStudy.setParentStudyName(((StudyBean) sdao.findByPK(currentStudy.getParentStudyId())).getName());
// YW >>
scs.setParametersForSite(currentStudy);
}
// set up the panel here, tbh
panel.reset();
/*
* panel.setData("Study", currentStudy.getName()); panel.setData("Summary", currentStudy.getSummary());
* panel.setData("Start Date", sdf.format(currentStudy.getDatePlannedStart())); panel.setData("End Date",
* sdf.format(currentStudy.getDatePlannedEnd())); panel.setData("Principal Investigator",
* currentStudy.getPrincipalInvestigator());
*/
session.setAttribute(STUDY_INFO_PANEL, panel);
} else {
currentStudy = new StudyBean();
}
session.setAttribute("study", currentStudy);
} else if (currentStudy.getId() > 0) {
// restored
if (currentStudy.getParentStudyId() > 0) {
currentStudy.setParentStudyName(((StudyBean) sdao.findByPK(currentStudy.getParentStudyId())).getName());
}
// YW >>
}
if (currentStudy.getParentStudyId() > 0) {
/*
* The Role decription will be set depending on whether the user logged in at study lever or site level.
* issue-2422
*/
List roles = Role.toArrayList();
for (Iterator it = roles.iterator(); it.hasNext(); ) {
Role role = (Role) it.next();
switch(role.getId()) {
case 2:
role.setDescription("site_Study_Coordinator");
break;
case 3:
role.setDescription("site_Study_Director");
break;
case 4:
role.setDescription("site_investigator");
break;
case 5:
role.setDescription("site_Data_Entry_Person");
break;
case 6:
role.setDescription("site_monitor");
break;
case 7:
role.setDescription("site_Data_Entry_Person2");
break;
default:
}
}
} else {
/*
* If the current study is a site, we will change the role description. issue-2422
*/
List roles = Role.toArrayList();
for (Iterator it = roles.iterator(); it.hasNext(); ) {
Role role = (Role) it.next();
switch(role.getId()) {
case 2:
role.setDescription("Study_Coordinator");
break;
case 3:
role.setDescription("Study_Director");
break;
case 4:
role.setDescription("Investigator");
break;
case 5:
role.setDescription("Data_Entry_Person");
break;
case 6:
role.setDescription("Monitor");
break;
default:
}
}
}
if (currentRole == null || currentRole.getId() <= 0) {
// kept as "invalid" -- YW 06-21-2007
if (ub.getId() > 0 && currentStudy.getId() > 0 && !currentStudy.getStatus().getName().equals("removed")) {
currentRole = ub.getRoleByStudy(currentStudy.getId());
if (currentStudy.getParentStudyId() > 0) {
// Checking if currentStudy has been removed or not will
// ge good enough -- YW 10-17-2007
StudyUserRoleBean roleInParent = ub.getRoleByStudy(currentStudy.getParentStudyId());
// inherited role from parent study, pick the higher
// role
currentRole.setRole(Role.max(currentRole.getRole(), roleInParent.getRole()));
}
// logger.info("currentRole:" + currentRole.getRoleName());
} else {
currentRole = new StudyUserRoleBean();
}
session.setAttribute("userRole", currentRole);
} else // active study has been removed.
if (currentRole.getId() > 0 && (currentStudy.getStatus().equals(Status.DELETED) || currentStudy.getStatus().equals(Status.AUTO_DELETED))) {
currentRole.setRole(Role.INVALID);
currentRole.setStatus(Status.DELETED);
session.setAttribute("userRole", currentRole);
}
// YW 06-19-2007 >>
request.setAttribute("isAdminServlet", getAdminServlet());
this.request = request;
this.response = response;
// logger.info(rq_names);
if (!request.getRequestURI().endsWith("ResetPassword")) {
passwdTimeOut();
}
mayProceed();
pingJobServer(request);
processRequest();
} catch (InconsistentStateException ise) {
ise.printStackTrace();
logger.warn("InconsistentStateException: org.akaza.openclinica.control.SecureController: " + ise.getMessage());
addPageMessage(ise.getOpenClinicaMessage());
forwardPage(ise.getGoTo());
} catch (InsufficientPermissionException ipe) {
ipe.printStackTrace();
logger.warn("InsufficientPermissionException: org.akaza.openclinica.control.SecureController: " + ipe.getMessage());
// addPageMessage(ipe.getOpenClinicaMessage());
forwardPage(ipe.getGoTo());
} catch (OutOfMemoryError ome) {
ome.printStackTrace();
long heapSize = Runtime.getRuntime().totalMemory();
session.setAttribute("ome", "yes");
} catch (Exception e) {
e.printStackTrace();
logger.error(SecureController.getStackTrace(e));
forwardPage(Page.ERROR);
}
}
Also used :
Locale(java.util.Locale)
SessionManager(org.akaza.openclinica.core.SessionManager)
StudyBean(org.akaza.openclinica.bean.managestudy.StudyBean)
StudyUserRoleBean(org.akaza.openclinica.bean.login.StudyUserRoleBean)
ArrayList(java.util.ArrayList)
InsufficientPermissionException(org.akaza.openclinica.web.InsufficientPermissionException)
InconsistentStateException(org.akaza.openclinica.web.InconsistentStateException)
ServletException(javax.servlet.ServletException)
OpenClinicaException(org.akaza.openclinica.exception.OpenClinicaException)
MessagingException(javax.mail.MessagingException)
MailException(org.springframework.mail.MailException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
InconsistentStateException(org.akaza.openclinica.web.InconsistentStateException)
InsufficientPermissionException(org.akaza.openclinica.web.InsufficientPermissionException)
SchedulerException(org.quartz.SchedulerException)
MalformedURLException(java.net.MalformedURLException)
Role(org.akaza.openclinica.bean.core.Role)
StudyConfigService(org.akaza.openclinica.dao.service.StudyConfigService)
Iterator(java.util.Iterator)
List(java.util.List)
ArrayList(java.util.ArrayList)
StudyParameterValueDAO(org.akaza.openclinica.dao.service.StudyParameterValueDAO)
StudyDAO(org.akaza.openclinica.dao.managestudy.StudyDAO)
Aggregations
InsufficientPermissionException (org.akaza.openclinica.web.InsufficientPermissionException)43
Role (org.akaza.openclinica.bean.core.Role)25
FormProcessor (org.akaza.openclinica.control.form.FormProcessor)14
UserAccountBean (org.akaza.openclinica.bean.login.UserAccountBean)12
StudyUserRoleBean (org.akaza.openclinica.bean.login.StudyUserRoleBean)10
StudyBean (org.akaza.openclinica.bean.managestudy.StudyBean)10
ArrayList (java.util.ArrayList)8
StudyEventBean (org.akaza.openclinica.bean.managestudy.StudyEventBean)8
StudyEventDAO (org.akaza.openclinica.dao.managestudy.StudyEventDAO)8
StudyDAO (org.akaza.openclinica.dao.managestudy.StudyDAO)7
EventCRFBean (org.akaza.openclinica.bean.submit.EventCRFBean)6
StudySubjectDAO (org.akaza.openclinica.dao.managestudy.StudySubjectDAO)6
HttpSession (javax.servlet.http.HttpSession)5
StudyEventDefinitionBean (org.akaza.openclinica.bean.managestudy.StudyEventDefinitionBean)5
StudyEventDefinitionDAO (org.akaza.openclinica.dao.managestudy.StudyEventDefinitionDAO)5
EventCRFDAO (org.akaza.openclinica.dao.submit.EventCRFDAO)5
DateFormat (java.text.DateFormat)4
Date (java.util.Date)4
HashMap (java.util.HashMap)4
List (java.util.List)4
