Search in sources :

Example 26 with InsufficientPermissionException

use of org.akaza.openclinica.web.InsufficientPermissionException in project OpenClinica by OpenClinica.

the class RunRuleServlet method mayProceed.

@Override
public void mayProceed() throws InsufficientPermissionException {
    locale = LocaleResolver.getLocale(request);
    if (ub.isSysAdmin()) {
        return;
    }
    Role r = currentRole.getRole();
    if (r.equals(Role.STUDYDIRECTOR) || r.equals(Role.COORDINATOR)) {
        return;
    }
    addPageMessage(respage.getString("no_have_correct_privilege_current_study") + respage.getString("change_study_contact_sysadmin"));
    throw new InsufficientPermissionException(Page.MENU_SERVLET, resexception.getString("may_not_submit_data"), "1");
}
Also used : Role(org.akaza.openclinica.bean.core.Role) InsufficientPermissionException(org.akaza.openclinica.web.InsufficientPermissionException)

Example 27 with InsufficientPermissionException

use of org.akaza.openclinica.web.InsufficientPermissionException in project OpenClinica by OpenClinica.

the class CreateCRFVersionServlet method mayProceed.

// < ResourceBundleresword,resexception,respage;
/**
     *
     */
@Override
public void mayProceed() throws InsufficientPermissionException {
    locale = LocaleResolver.getLocale(request);
    if (ub.isSysAdmin()) {
        return;
    }
    Role r = currentRole.getRole();
    if (r.equals(Role.STUDYDIRECTOR) || r.equals(Role.COORDINATOR)) {
        return;
    }
    addPageMessage(respage.getString("no_have_correct_privilege_current_study") + respage.getString("change_study_contact_sysadmin"));
    throw new InsufficientPermissionException(Page.MENU_SERVLET, resexception.getString("may_not_submit_data"), "1");
}
Also used : Role(org.akaza.openclinica.bean.core.Role) InsufficientPermissionException(org.akaza.openclinica.web.InsufficientPermissionException)

Example 28 with InsufficientPermissionException

use of org.akaza.openclinica.web.InsufficientPermissionException in project OpenClinica by OpenClinica.

the class CreateDiscrepancyNoteServlet method processRequest.

@Override
protected void processRequest() throws Exception {
    FormProcessor fp = new FormProcessor(request);
    DiscrepancyNoteDAO dndao = new DiscrepancyNoteDAO(sm.getDataSource());
    List<DiscrepancyNoteType> types = DiscrepancyNoteType.list;
    request.setAttribute(DIS_TYPES, types);
    request.setAttribute(RES_STATUSES, ResolutionStatus.list);
    //this should be set based on a new property of DisplayItemBean
    boolean writeToDB = fp.getBoolean(WRITE_TO_DB, true);
    boolean isReasonForChange = fp.getBoolean(IS_REASON_FOR_CHANGE);
    int entityId = fp.getInt(ENTITY_ID);
    // subjectId has to be added to the database when disc notes area saved
    // as entity_type 'subject'
    int subjectId = fp.getInt(SUBJECT_ID);
    int itemId = fp.getInt(ITEM_ID);
    String entityType = fp.getString(ENTITY_TYPE);
    String field = fp.getString(ENTITY_FIELD);
    String column = fp.getString(ENTITY_COLUMN);
    int parentId = fp.getInt(PARENT_ID);
    //patch for repeating groups and RFC on empty fields
    int isGroup = fp.getInt(IS_GROUP_ITEM);
    //  request.setAttribute(IS_GROUP_ITEM, new Integer(isGroup));
    int eventCRFId = fp.getInt(EVENT_CRF_ID);
    request.setAttribute(EVENT_CRF_ID, new Integer(eventCRFId));
    int rowCount = fp.getInt(PARENT_ROW_COUNT);
    // run only once: try to recalculate writeToDB
    if (!StringUtils.isBlank(entityType) && "itemData".equalsIgnoreCase(entityType) && isGroup != 0 && eventCRFId != 0) {
        //  request.setAttribute(PARENT_ROW_COUNT, new Integer(eventCRFId));
        int ordinal_for_repeating_group_field = calculateOrdinal(isGroup, field, eventCRFId, rowCount);
        int writeToDBStatus = isWriteToDB(isGroup, field, entityId, itemId, ordinal_for_repeating_group_field, eventCRFId);
        writeToDB = (writeToDBStatus == -1) ? false : ((writeToDBStatus == 1) ? true : writeToDB);
    }
    boolean isInError = fp.getBoolean(ERROR_FLAG);
    boolean isNew = fp.getBoolean(NEW_NOTE);
    request.setAttribute(NEW_NOTE, isNew ? "1" : "0");
    String strResStatus = fp.getString(PRESET_RES_STATUS);
    if (!strResStatus.equals("")) {
        request.setAttribute(PRESET_RES_STATUS, strResStatus);
    }
    String monitor = fp.getString("monitor");
    String enterData = fp.getString("enterData");
    request.setAttribute("enterData", enterData);
    boolean enteringData = false;
    if (enterData != null && "1".equalsIgnoreCase(enterData)) {
        // variables are not set in JSP, so not from viewing data and from
        // entering data
        request.setAttribute(CAN_MONITOR, "1");
        request.setAttribute("monitor", monitor);
        enteringData = true;
    } else if ("1".equalsIgnoreCase(monitor)) {
        // change to allow user to
        // enter note for all items,
        // not just blank items
        request.setAttribute(CAN_MONITOR, "1");
        request.setAttribute("monitor", monitor);
    } else {
        request.setAttribute(CAN_MONITOR, "0");
    }
    if ("itemData".equalsIgnoreCase(entityType) && enteringData) {
        request.setAttribute("enterItemData", "yes");
    }
    DateFormat dateFormatter = DateFormat.getDateInstance(DateFormat.DEFAULT, locale);
    int preUserId = 0;
    if (!StringUtils.isBlank(entityType)) {
        if ("itemData".equalsIgnoreCase(entityType) || "itemdata".equalsIgnoreCase(entityType)) {
            ItemBean item = (ItemBean) new ItemDAO(sm.getDataSource()).findByPK(itemId);
            ItemDataBean itemData = (ItemDataBean) new ItemDataDAO(sm.getDataSource()).findByPK(entityId);
            request.setAttribute("entityValue", itemData.getValue());
            request.setAttribute("entityName", item.getName());
            EventCRFDAO ecdao = new EventCRFDAO(sm.getDataSource());
            EventCRFBean ec = (EventCRFBean) ecdao.findByPK(itemData.getEventCRFId());
            preUserId = ec.getOwnerId();
        } else if ("studySub".equalsIgnoreCase(entityType)) {
            StudySubjectBean ssub = (StudySubjectBean) new StudySubjectDAO(sm.getDataSource()).findByPK(entityId);
            SubjectBean sub = (SubjectBean) new SubjectDAO(sm.getDataSource()).findByPK(ssub.getSubjectId());
            preUserId = ssub.getOwnerId();
            if (!StringUtils.isBlank(column)) {
                if ("enrollment_date".equalsIgnoreCase(column)) {
                    if (ssub.getEnrollmentDate() != null) {
                        request.setAttribute("entityValue", dateFormatter.format(ssub.getEnrollmentDate()));
                    } else {
                        request.setAttribute("entityValue", resword.getString("N/A"));
                    }
                    request.setAttribute("entityName", resword.getString("enrollment_date"));
                } else if ("gender".equalsIgnoreCase(column)) {
                    request.setAttribute("entityValue", sub.getGender() + "");
                    request.setAttribute("entityName", resword.getString("gender"));
                } else if ("date_of_birth".equalsIgnoreCase(column)) {
                    if (sub.getDateOfBirth() != null) {
                        request.setAttribute("entityValue", dateFormatter.format(sub.getDateOfBirth()));
                    } else {
                        request.setAttribute("entityValue", resword.getString("N/A"));
                    }
                    request.setAttribute("entityName", resword.getString("date_of_birth"));
                } else if ("unique_identifier".equalsIgnoreCase(column)) {
                    if (sub.getUniqueIdentifier() != null) {
                        request.setAttribute("entityValue", sub.getUniqueIdentifier());
                    }
                    request.setAttribute("entityName", resword.getString("unique_identifier"));
                }
            }
        } else if ("subject".equalsIgnoreCase(entityType)) {
            SubjectBean sub = (SubjectBean) new SubjectDAO(sm.getDataSource()).findByPK(entityId);
            preUserId = sub.getOwnerId();
            if (!StringUtils.isBlank(column)) {
                if ("gender".equalsIgnoreCase(column)) {
                    request.setAttribute("entityValue", sub.getGender() + "");
                    request.setAttribute("entityName", resword.getString("gender"));
                } else if ("date_of_birth".equalsIgnoreCase(column)) {
                    if (sub.getDateOfBirth() != null) {
                        request.setAttribute("entityValue", dateFormatter.format(sub.getDateOfBirth()));
                    }
                    request.setAttribute("entityName", resword.getString("date_of_birth"));
                } else if ("unique_identifier".equalsIgnoreCase(column)) {
                    request.setAttribute("entityValue", sub.getUniqueIdentifier());
                    request.setAttribute("entityName", resword.getString("unique_identifier"));
                }
            }
        } else if ("studyEvent".equalsIgnoreCase(entityType)) {
            StudyEventBean se = (StudyEventBean) new StudyEventDAO(sm.getDataSource()).findByPK(entityId);
            preUserId = se.getOwnerId();
            if (!StringUtils.isBlank(column)) {
                if ("location".equalsIgnoreCase(column)) {
                    request.setAttribute("entityValue", se.getLocation().equals("") || se.getLocation() == null ? resword.getString("N/A") : se.getLocation());
                    request.setAttribute("entityName", resword.getString("location"));
                } else if ("start_date".equalsIgnoreCase(column)) {
                    if (se.getDateStarted() != null) {
                        request.setAttribute("entityValue", dateFormatter.format(se.getDateStarted()));
                    } else {
                        request.setAttribute("entityValue", resword.getString("N/A"));
                    }
                    request.setAttribute("entityName", resword.getString("start_date"));
                } else if ("end_date".equalsIgnoreCase(column)) {
                    if (se.getDateEnded() != null) {
                        request.setAttribute("entityValue", dateFormatter.format(se.getDateEnded()));
                    } else {
                        request.setAttribute("entityValue", resword.getString("N/A"));
                    }
                    request.setAttribute("entityName", resword.getString("end_date"));
                }
            }
        } else if ("eventCrf".equalsIgnoreCase(entityType)) {
            EventCRFBean ec = (EventCRFBean) new EventCRFDAO(sm.getDataSource()).findByPK(entityId);
            preUserId = ec.getOwnerId();
            if (!StringUtils.isBlank(column)) {
                if ("date_interviewed".equals(column)) {
                    if (ec.getDateInterviewed() != null) {
                        request.setAttribute("entityValue", dateFormatter.format(ec.getDateInterviewed()));
                    } else {
                        request.setAttribute("entityValue", resword.getString("N/A"));
                    }
                    request.setAttribute("entityName", resword.getString("date_interviewed"));
                } else if ("interviewer_name".equals(column)) {
                    request.setAttribute("entityValue", ec.getInterviewerName());
                    request.setAttribute("entityName", resword.getString("interviewer_name"));
                }
            }
        }
    }
    // finds all the related notes
    ArrayList notes = (ArrayList) dndao.findAllByEntityAndColumn(entityType, entityId, column);
    DiscrepancyNoteBean parent = new DiscrepancyNoteBean();
    if (parentId > 0) {
        dndao.setFetchMapping(true);
        parent = (DiscrepancyNoteBean) dndao.findByPK(parentId);
        if (parent.isActive()) {
            request.setAttribute("parent", parent);
        }
        dndao.setFetchMapping(false);
    }
    FormDiscrepancyNotes newNotes = (FormDiscrepancyNotes) session.getAttribute(AddNewSubjectServlet.FORM_DISCREPANCY_NOTES_NAME);
    if (newNotes == null) {
        newNotes = new FormDiscrepancyNotes();
    }
    boolean isNotesExistInSession = (!newNotes.getNotes(field).isEmpty()) ? true : (!newNotes.getNotes(eventCRFId + "_" + field).isEmpty()) ? true : false;
    if (!notes.isEmpty() || isNotesExistInSession) {
        request.setAttribute("hasNotes", "yes");
    } else {
        request.setAttribute("hasNotes", "no");
        logger.debug("has notes:" + "no");
    }
    //only for adding a new thread
    if (currentRole.getRole().equals(Role.RESEARCHASSISTANT) || currentRole.getRole().equals(Role.RESEARCHASSISTANT2) || currentRole.getRole().equals(Role.INVESTIGATOR)) {
        ArrayList<ResolutionStatus> resStatuses = new ArrayList<ResolutionStatus>();
        resStatuses.add(ResolutionStatus.OPEN);
        resStatuses.add(ResolutionStatus.RESOLVED);
        request.setAttribute(RES_STATUSES, resStatuses);
        List<DiscrepancyNoteType> types2 = new ArrayList<DiscrepancyNoteType>(DiscrepancyNoteType.list);
        types2.remove(DiscrepancyNoteType.QUERY);
        request.setAttribute(DIS_TYPES, types2);
        request.setAttribute(WHICH_RES_STATUSES, "22");
    } else if (currentRole.getRole().equals(Role.MONITOR)) {
        ArrayList<ResolutionStatus> resStatuses = new ArrayList();
        resStatuses.add(ResolutionStatus.OPEN);
        resStatuses.add(ResolutionStatus.UPDATED);
        resStatuses.add(ResolutionStatus.CLOSED);
        request.setAttribute(RES_STATUSES, resStatuses);
        request.setAttribute(WHICH_RES_STATUSES, "1");
        ArrayList<DiscrepancyNoteType> types2 = new ArrayList<DiscrepancyNoteType>();
        types2.add(DiscrepancyNoteType.QUERY);
        request.setAttribute(DIS_TYPES, types2);
    } else {
        //Role.STUDYDIRECTOR Role.COORDINATOR
        List<ResolutionStatus> resStatuses = new ArrayList<ResolutionStatus>(ResolutionStatus.list);
        resStatuses.remove(ResolutionStatus.NOT_APPLICABLE);
        request.setAttribute(RES_STATUSES, resStatuses);
        ;
        request.setAttribute(WHICH_RES_STATUSES, "2");
    }
    if (!fp.isSubmitted()) {
        DiscrepancyNoteBean dnb = new DiscrepancyNoteBean();
        if (subjectId > 0) {
            // BWP: this doesn't seem correct, because the SubjectId should
            // be the id for
            // the SubjectBean, different from StudySubjectBean
            StudySubjectDAO ssdao = new StudySubjectDAO(sm.getDataSource());
            StudySubjectBean ssub = (StudySubjectBean) ssdao.findByPK(subjectId);
            dnb.setSubjectName(ssub.getName());
            dnb.setSubjectId(ssub.getId());
            dnb.setStudySub(ssub);
            StudyDAO studyDAO = new StudyDAO(sm.getDataSource());
            int parentStudyForSubject = 0;
            StudyBean studyBeanSub = (StudyBean) studyDAO.findByPK(ssub.getStudyId());
            if (null != studyBeanSub) {
                parentStudyForSubject = studyBeanSub.getParentStudyId();
            }
            if (ssub.getStudyId() != currentStudy.getId() && currentStudy.getId() != parentStudyForSubject) {
                addPageMessage(noAccessMessage);
                throw new InsufficientPermissionException(Page.MENU_SERVLET, exceptionName, "1");
            }
        }
        if (itemId > 0) {
            ItemBean item = (ItemBean) new ItemDAO(sm.getDataSource()).findByPK(itemId);
            dnb.setEntityName(item.getName());
            request.setAttribute("item", item);
        }
        dnb.setEntityType(entityType);
        dnb.setColumn(column);
        dnb.setEntityId(entityId);
        dnb.setField(field);
        dnb.setParentDnId(parent.getId());
        dnb.setCreatedDate(new Date());
        if (parent.getId() == 0 || isNew) {
            // no parent, new note thread
            if (enteringData) {
                if (isInError) {
                    dnb.setDiscrepancyNoteTypeId(DiscrepancyNoteType.FAILEDVAL.getId());
                } else {
                    dnb.setDiscrepancyNoteTypeId(DiscrepancyNoteType.ANNOTATION.getId());
                    dnb.setResolutionStatusId(ResolutionStatus.NOT_APPLICABLE.getId());
                // >> tbh WHO bug: set an assigned user for the parent
                // note
                // dnb.setAssignedUser(ub);
                // dnb.setAssignedUserId(ub.getId());
                // << tbh 08/2009
                }
                if (isReasonForChange) {
                    dnb.setDiscrepancyNoteTypeId(DiscrepancyNoteType.REASON_FOR_CHANGE.getId());
                    dnb.setResolutionStatusId(ResolutionStatus.NOT_APPLICABLE.getId());
                }
                // << tbh 02/2010, trumps failed evaluation error checks
                // can we put this in admin editing
                request.setAttribute("autoView", "0");
            // above set to automatically open up the user panel
            } else {
                // when the user is a CRC and is adding a note to the thread
                // it should default to Resolution Proposed,
                // and the assigned should be the user who logged the query,
                // NOT the one who is proposing the solution, tbh 02/2009
                // if (currentRole.getRole().equals(Role.COORDINATOR)) {
                // dnb.setDiscrepancyNoteTypeId(DiscrepancyNoteType.
                // REASON_FOR_CHANGE.getId());
                // request.setAttribute("autoView", "1");
                // // above set to automatically open up the user panel
                // } else {
                dnb.setDiscrepancyNoteTypeId(DiscrepancyNoteType.QUERY.getId());
                //if (currentRole.getRole().equals(Role.RESEARCHASSISTANT) && currentStudy.getId() != currentStudy.getParentStudyId()
                if (currentRole.getRole().equals(Role.RESEARCHASSISTANT) || currentRole.getRole().equals(Role.RESEARCHASSISTANT2) || currentRole.getRole().equals(Role.INVESTIGATOR)) {
                    request.setAttribute("autoView", "0");
                } else {
                    request.setAttribute("autoView", "1");
                    dnb.setAssignedUserId(preUserId);
                }
            // above set to automatically open up the user panel
            // }
            }
        } else if (parent.getDiscrepancyNoteTypeId() > 0) {
            dnb.setDiscrepancyNoteTypeId(parent.getDiscrepancyNoteTypeId());
            // adding second rule here, tbh 08/2009
            if ((currentRole.getRole().equals(Role.RESEARCHASSISTANT) || currentRole.getRole().equals(Role.RESEARCHASSISTANT2)) && currentStudy.getId() != currentStudy.getParentStudyId()) {
                dnb.setResolutionStatusId(ResolutionStatus.RESOLVED.getId());
                request.setAttribute("autoView", "0");
            // hide the panel, tbh
            } else {
                dnb.setResolutionStatusId(ResolutionStatus.UPDATED.getId());
            }
        }
        dnb.setOwnerId(parent.getOwnerId());
        String detailedDes = fp.getString("strErrMsg");
        if (detailedDes != null) {
            dnb.setDetailedNotes(detailedDes);
            logger.debug("found strErrMsg: " + fp.getString("strErrMsg"));
        }
        // #4346 TBH 10/2009
        //If the data entry form has not been saved yet, collecting info from parent page.
        // populate note infos
        dnb = getNoteInfo(dnb);
        if (dnb.getEventName() == null || dnb.getEventName().equals("")) {
            if (!fp.getString("eventName").equals("")) {
                dnb.setEventName(fp.getString("eventName"));
            } else {
                dnb.setEventName(getStudyEventDefinition(eventCRFId).getName());
            }
        }
        if (dnb.getEventStart() == null) {
            if (fp.getDate("eventDate") != null) {
                dnb.setEventStart(fp.getDate("eventDate"));
            } else {
                dnb.setEventStart(getStudyEvent(eventCRFId).getDateStarted());
            }
        }
        if (dnb.getCrfName() == null || dnb.getCrfName().equals("")) {
            if (!fp.getString("crfName").equals("")) {
                dnb.setCrfName(fp.getString("crfName"));
            } else {
                dnb.setCrfName(getCrf(eventCRFId).getName());
            }
        }
        //            // #4346 TBH 10/2009
        request.setAttribute(DIS_NOTE, dnb);
        request.setAttribute("unlock", "0");
        //this should go from UI & here
        request.setAttribute(WRITE_TO_DB, writeToDB ? "1" : "0");
        ArrayList userAccounts = this.generateUserAccounts(ub.getActiveStudyId(), subjectId);
        request.setAttribute(USER_ACCOUNTS, userAccounts);
        // ideally should be only two cases
        if ((currentRole.getRole().equals(Role.RESEARCHASSISTANT) || currentRole.getRole().equals(Role.RESEARCHASSISTANT2)) && currentStudy.getId() != currentStudy.getParentStudyId()) {
            // assigning back to OP, tbh
            request.setAttribute(USER_ACCOUNT_ID, Integer.valueOf(parent.getOwnerId()).toString());
            logger.debug("assigned owner id: " + parent.getOwnerId());
        } else if (dnb.getEventCRFId() > 0) {
            logger.debug("found a event crf id: " + dnb.getEventCRFId());
            EventCRFDAO eventCrfDAO = new EventCRFDAO(sm.getDataSource());
            EventCRFBean eventCrfBean = new EventCRFBean();
            eventCrfBean = (EventCRFBean) eventCrfDAO.findByPK(dnb.getEventCRFId());
            request.setAttribute(USER_ACCOUNT_ID, Integer.valueOf(eventCrfBean.getOwnerId()).toString());
            logger.debug("assigned owner id: " + eventCrfBean.getOwnerId());
        } else {
        // the end case
        }
        // set the user account id for the user who completed data entry
        forwardPage(Page.ADD_DISCREPANCY_NOTE);
    } else {
        FormDiscrepancyNotes noteTree = (FormDiscrepancyNotes) session.getAttribute(AddNewSubjectServlet.FORM_DISCREPANCY_NOTES_NAME);
        FormDiscrepancyNotes noteTree_RFC_REPEAT = (FormDiscrepancyNotes) session.getAttribute(FLAG_DISCREPANCY_RFC);
        ;
        if (noteTree_RFC_REPEAT == null)
            noteTree_RFC_REPEAT = new FormDiscrepancyNotes();
        if (noteTree == null) {
            noteTree = new FormDiscrepancyNotes();
            logger.debug("No note tree initailized in session");
        }
        Validator v = new Validator(request);
        String description = fp.getString("description");
        int typeId = fp.getInt("typeId");
        int assignedUserAccountId = fp.getInt(SUBMITTED_USER_ACCOUNT_ID);
        int resStatusId = fp.getInt(RES_STATUS_ID);
        String detailedDes = fp.getString("detailedDes");
        int sectionId = fp.getInt("sectionId");
        DiscrepancyNoteBean note = new DiscrepancyNoteBean();
        v.addValidation("description", Validator.NO_BLANKS);
        v.addValidation("description", Validator.LENGTH_NUMERIC_COMPARISON, NumericComparisonOperator.LESS_THAN_OR_EQUAL_TO, 255);
        v.addValidation("detailedDes", Validator.LENGTH_NUMERIC_COMPARISON, NumericComparisonOperator.LESS_THAN_OR_EQUAL_TO, 1000);
        v.addValidation("typeId", Validator.NO_BLANKS);
        HashMap errors = v.validate();
        note.setDescription(description);
        note.setDetailedNotes(detailedDes);
        note.setOwner(ub);
        note.setOwnerId(ub.getId());
        note.setCreatedDate(new Date());
        note.setResolutionStatusId(resStatusId);
        note.setDiscrepancyNoteTypeId(typeId);
        note.setParentDnId(parent.getId());
        if (typeId != DiscrepancyNoteType.ANNOTATION.getId() && typeId != DiscrepancyNoteType.FAILEDVAL.getId() && typeId != DiscrepancyNoteType.REASON_FOR_CHANGE.getId()) {
            if (assignedUserAccountId > 0) {
                note.setAssignedUserId(assignedUserAccountId);
                logger.debug("^^^ found assigned user id: " + assignedUserAccountId);
            } else {
                // a little bit of a workaround, should ideally be always from
                // the form
                note.setAssignedUserId(parent.getOwnerId());
                logger.debug("found user assigned id, in the PARENT OWNER ID: " + parent.getOwnerId() + " note that user assgined id did not work: " + assignedUserAccountId);
            }
        }
        note.setField(field);
        if (DiscrepancyNoteType.ANNOTATION.getId() == note.getDiscrepancyNoteTypeId()) {
            updateStudyEvent(entityType, entityId);
            updateStudySubjectStatus(entityType, entityId);
        }
        if (DiscrepancyNoteType.ANNOTATION.getId() == note.getDiscrepancyNoteTypeId() || DiscrepancyNoteType.REASON_FOR_CHANGE.getId() == note.getDiscrepancyNoteTypeId()) {
            note.setResStatus(ResolutionStatus.NOT_APPLICABLE);
            note.setResolutionStatusId(ResolutionStatus.NOT_APPLICABLE.getId());
        }
        if (DiscrepancyNoteType.FAILEDVAL.getId() == note.getDiscrepancyNoteTypeId() || DiscrepancyNoteType.QUERY.getId() == note.getDiscrepancyNoteTypeId()) {
            if (ResolutionStatus.NOT_APPLICABLE.getId() == note.getResolutionStatusId()) {
                Validator.addError(errors, RES_STATUS_ID, restext.getString("not_valid_res_status"));
            }
        }
        if (!parent.isActive()) {
            note.setEntityId(entityId);
            note.setEntityType(entityType);
            note.setColumn(column);
        } else {
            note.setEntityId(parent.getEntityId());
            note.setEntityType(parent.getEntityType());
            if (!StringUtils.isBlank(parent.getColumn())) {
                note.setColumn(parent.getColumn());
            } else {
                note.setColumn(column);
            }
            note.setParentDnId(parent.getId());
        }
        note.setStudyId(currentStudy.getId());
        // populate note infos
        note = getNoteInfo(note);
        request.setAttribute(DIS_NOTE, note);
        //this should go from UI & here
        request.setAttribute(WRITE_TO_DB, writeToDB ? "1" : "0");
        ArrayList userAccounts = this.generateUserAccounts(ub.getActiveStudyId(), subjectId);
        request.setAttribute(USER_ACCOUNT_ID, Integer.valueOf(note.getAssignedUserId()).toString());
        // formality more than anything else, we should go to say the note
        // is done
        Role r = currentRole.getRole();
        if (r.equals(Role.MONITOR) || r.equals(Role.INVESTIGATOR) || r.equals(Role.RESEARCHASSISTANT) || r.equals(Role.RESEARCHASSISTANT2) || r.equals(Role.COORDINATOR)) {
            // investigator
            request.setAttribute("unlock", "1");
            logger.debug("set UNLOCK to ONE");
        } else {
            request.setAttribute("unlock", "0");
            logger.debug("set UNLOCK to ZERO");
        }
        request.setAttribute(USER_ACCOUNTS, userAccounts);
        if (errors.isEmpty()) {
            if (!writeToDB) {
                noteTree.addNote(field, note);
                noteTree.addIdNote(note.getEntityId(), field);
                noteTree_RFC_REPEAT.addNote(EVENT_CRF_ID + "_" + field, note);
                noteTree_RFC_REPEAT.addIdNote(note.getEntityId(), field);
                //-> catcher                //   FORM_DISCREPANCY_NOTES_NAME
                session.setAttribute(AddNewSubjectServlet.FORM_DISCREPANCY_NOTES_NAME, noteTree);
                session.setAttribute(FLAG_DISCREPANCY_RFC, noteTree_RFC_REPEAT);
                //
                /*Setting a marker to check later while saving administrative edited data. This is needed to make
                    * sure the system flags error while changing data for items which already has a DiscrepanyNote*/
                manageReasonForChangeState(session, eventCRFId + "_" + field);
                forwardPage(Page.ADD_DISCREPANCY_NOTE_DONE);
            } else {
                // if not creating a new thread(note), update exsiting notes
                // if necessary
                //if ("itemData".equalsIgnoreCase(entityType) && !isNew) {
                int pdnId = note != null ? note.getParentDnId() : 0;
                if (pdnId > 0) {
                    logger.debug("Create:find parent note for item data:" + note.getEntityId());
                    DiscrepancyNoteBean pNote = (DiscrepancyNoteBean) dndao.findByPK(pdnId);
                    logger.debug("setting DN owner id: " + pNote.getOwnerId());
                    note.setOwnerId(pNote.getOwnerId());
                    if (note.getDiscrepancyNoteTypeId() == pNote.getDiscrepancyNoteTypeId()) {
                        if (note.getResolutionStatusId() != pNote.getResolutionStatusId()) {
                            pNote.setResolutionStatusId(note.getResolutionStatusId());
                            dndao.update(pNote);
                        }
                        if (note.getAssignedUserId() != pNote.getAssignedUserId()) {
                            pNote.setAssignedUserId(note.getAssignedUserId());
                            if (pNote.getAssignedUserId() > 0) {
                                dndao.updateAssignedUser(pNote);
                            } else {
                                dndao.updateAssignedUserToNull(pNote);
                            }
                        }
                    }
                }
                note = (DiscrepancyNoteBean) dndao.create(note);
                dndao.createMapping(note);
                request.setAttribute(DIS_NOTE, note);
                if (note.getParentDnId() == 0) {
                    // see issue 2659 this is a new thread, we will create
                    // two notes in this case,
                    // This way one can be the parent that updates as the
                    // status changes, but one also stays as New.
                    note.setParentDnId(note.getId());
                    note = (DiscrepancyNoteBean) dndao.create(note);
                    dndao.createMapping(note);
                }
                /*Setting a marker to check later while saving administrative edited data. This is needed to make
                    * sure the system flags error while changing data for items which already has a DiscrepanyNote*/
                //session.setAttribute(DataEntryServlet.NOTE_SUBMITTED, true);
                //session.setAttribute(DataEntryServlet.NOTE_SUBMITTED, true);
                // String field_id_for_RFC_hash = buildDiscrepancyNoteIdForRFCHash(eventCRFId,entityId, isGroup, field, ordinal_for_repeating_group_field);
                String field_id_for_RFC_hash = eventCRFId + "_" + field;
                manageReasonForChangeState(session, field_id_for_RFC_hash);
                logger.debug("found resolution status: " + note.getResolutionStatusId());
                String email = fp.getString(EMAIL_USER_ACCOUNT);
                logger.debug("found email: " + email);
                if (note.getAssignedUserId() > 0 && "1".equals(email.trim()) && DiscrepancyNoteType.QUERY.getId() == note.getDiscrepancyNoteTypeId()) {
                    logger.debug("++++++ found our way here: " + note.getDiscrepancyNoteTypeId() + " id number and " + note.getDisType().getName());
                    // generate email for user here
                    StringBuffer message = new StringBuffer();
                    // generate message here
                    UserAccountDAO userAccountDAO = new UserAccountDAO(sm.getDataSource());
                    ItemDAO itemDAO = new ItemDAO(sm.getDataSource());
                    ItemDataDAO iddao = new ItemDataDAO(sm.getDataSource());
                    ItemBean item = new ItemBean();
                    ItemDataBean itemData = new ItemDataBean();
                    SectionBean section = new SectionBean();
                    StudyDAO studyDAO = new StudyDAO(sm.getDataSource());
                    UserAccountBean assignedUser = (UserAccountBean) userAccountDAO.findByPK(note.getAssignedUserId());
                    String alertEmail = assignedUser.getEmail();
                    message.append(MessageFormat.format(respage.getString("mailDNHeader"), assignedUser.getFirstName(), assignedUser.getLastName()));
                    message.append("<A HREF='" + SQLInitServlet.getField("sysURL.base") + "ViewNotes?module=submit&listNotes_f_discrepancyNoteBean.user=" + assignedUser.getName() + "&listNotes_f_entityName=" + note.getEntityName() + "'>" + SQLInitServlet.getField("sysURL.base") + "</A><BR/>");
                    message.append(respage.getString("you_received_this_from"));
                    StudyBean study = (StudyBean) studyDAO.findByPK(note.getStudyId());
                    SectionDAO sectionDAO = new SectionDAO(sm.getDataSource());
                    if ("itemData".equalsIgnoreCase(entityType)) {
                        itemData = (ItemDataBean) iddao.findByPK(note.getEntityId());
                        item = (ItemBean) itemDAO.findByPK(itemData.getItemId());
                        if (sectionId > 0) {
                            section = (SectionBean) sectionDAO.findByPK(sectionId);
                        } else {
                        //Todo section should be initialized when sectionId = 0
                        }
                    }
                    message.append(respage.getString("email_body_separator"));
                    message.append(respage.getString("disc_note_info"));
                    message.append(respage.getString("email_body_separator"));
                    message.append(MessageFormat.format(respage.getString("mailDNParameters1"), note.getDescription(), note.getDetailedNotes(), ub.getName()));
                    message.append(respage.getString("email_body_separator"));
                    message.append(respage.getString("entity_information"));
                    message.append(respage.getString("email_body_separator"));
                    message.append(MessageFormat.format(respage.getString("mailDNParameters2"), study.getName(), note.getSubjectName()));
                    if (!("studySub".equalsIgnoreCase(entityType) || "subject".equalsIgnoreCase(entityType))) {
                        message.append(MessageFormat.format(respage.getString("mailDNParameters3"), note.getEventName()));
                        if (!"studyEvent".equalsIgnoreCase(note.getEntityType())) {
                            message.append(MessageFormat.format(respage.getString("mailDNParameters4"), note.getCrfName()));
                            if (!"eventCrf".equalsIgnoreCase(note.getEntityType())) {
                                if (sectionId > 0) {
                                    message.append(MessageFormat.format(respage.getString("mailDNParameters5"), section.getName()));
                                }
                                message.append(MessageFormat.format(respage.getString("mailDNParameters6"), item.getName()));
                            }
                        }
                    }
                    message.append(respage.getString("email_body_separator"));
                    message.append(MessageFormat.format(respage.getString("mailDNThanks"), study.getName()));
                    message.append(respage.getString("email_body_separator"));
                    message.append(respage.getString("disclaimer"));
                    message.append(respage.getString("email_body_separator"));
                    message.append(respage.getString("email_footer"));
                    String emailBodyString = message.toString();
                    sendEmail(alertEmail.trim(), EmailEngine.getAdminEmail(), MessageFormat.format(respage.getString("mailDNSubject"), study.getName(), note.getEntityName()), emailBodyString, true, null, null, true);
                } else {
                    logger.debug("did not send email, but did save DN");
                }
                // addPageMessage(
                // "Your discrepancy note has been saved into database.");
                addPageMessage(respage.getString("note_saved_into_db"));
                addPageMessage(respage.getString("page_close_automatically"));
                forwardPage(Page.ADD_DISCREPANCY_NOTE_SAVE_DONE);
            }
        } else {
            if (parentId > 0) {
                if (note.getResolutionStatusId() == ResolutionStatus.NOT_APPLICABLE.getId()) {
                    request.setAttribute("autoView", "0");
                }
            } else {
                if (note.getDiscrepancyNoteTypeId() == DiscrepancyNoteType.QUERY.getId()) {
                    request.setAttribute("autoView", "1");
                } else {
                    request.setAttribute("autoView", "0");
                }
            }
            setInputMessages(errors);
            forwardPage(Page.ADD_DISCREPANCY_NOTE);
        }
    }
}
Also used : ItemBean(org.akaza.openclinica.bean.submit.ItemBean) ItemDAO(org.akaza.openclinica.dao.submit.ItemDAO) HashMap(java.util.HashMap) StudySubjectDAO(org.akaza.openclinica.dao.managestudy.StudySubjectDAO) SubjectDAO(org.akaza.openclinica.dao.submit.SubjectDAO) ArrayList(java.util.ArrayList) InsufficientPermissionException(org.akaza.openclinica.web.InsufficientPermissionException) StudyEventBean(org.akaza.openclinica.bean.managestudy.StudyEventBean) ItemDataDAO(org.akaza.openclinica.dao.submit.ItemDataDAO) ResolutionStatus(org.akaza.openclinica.bean.core.ResolutionStatus) DiscrepancyNoteType(org.akaza.openclinica.bean.core.DiscrepancyNoteType) EventCRFBean(org.akaza.openclinica.bean.submit.EventCRFBean) ItemDataBean(org.akaza.openclinica.bean.submit.ItemDataBean) StudyEventDAO(org.akaza.openclinica.dao.managestudy.StudyEventDAO) UserAccountBean(org.akaza.openclinica.bean.login.UserAccountBean) List(java.util.List) ArrayList(java.util.ArrayList) StudyDAO(org.akaza.openclinica.dao.managestudy.StudyDAO) EventCRFDAO(org.akaza.openclinica.dao.submit.EventCRFDAO) DiscrepancyNoteDAO(org.akaza.openclinica.dao.managestudy.DiscrepancyNoteDAO) FormDiscrepancyNotes(org.akaza.openclinica.control.form.FormDiscrepancyNotes) FormProcessor(org.akaza.openclinica.control.form.FormProcessor) StudyBean(org.akaza.openclinica.bean.managestudy.StudyBean) StudySubjectDAO(org.akaza.openclinica.dao.managestudy.StudySubjectDAO) UserAccountDAO(org.akaza.openclinica.dao.login.UserAccountDAO) Date(java.util.Date) Role(org.akaza.openclinica.bean.core.Role) SubjectBean(org.akaza.openclinica.bean.submit.SubjectBean) StudySubjectBean(org.akaza.openclinica.bean.managestudy.StudySubjectBean) SectionBean(org.akaza.openclinica.bean.submit.SectionBean) StudySubjectBean(org.akaza.openclinica.bean.managestudy.StudySubjectBean) DiscrepancyNoteBean(org.akaza.openclinica.bean.managestudy.DiscrepancyNoteBean) DateFormat(java.text.DateFormat) Validator(org.akaza.openclinica.control.form.Validator) SectionDAO(org.akaza.openclinica.dao.submit.SectionDAO)

Example 29 with InsufficientPermissionException

use of org.akaza.openclinica.web.InsufficientPermissionException in project OpenClinica by OpenClinica.

the class DataEntryServlet method getInputBeans.

/**
     * Get the input beans - the EventCRFBean and the SectionBean. For both beans, look first in the request attributes to see if the bean has been stored
     * there. If not, look in the parameters for the bean id, and then retrieve the bean from the database. The beans are stored as protected class members.
     * @param request TODO
     */
protected void getInputBeans(HttpServletRequest request) throws InsufficientPermissionException {
    HttpSession session = request.getSession();
    StudyBean currentStudy = (StudyBean) session.getAttribute("study");
    // BWP >>we should have the correct crfVersionId, in order to acquire
    // the correct
    // section IDs
    FormProcessor fp = new FormProcessor(request);
    EventCRFDAO ecdao = new EventCRFDAO(getDataSource());
    SectionDAO sdao = new SectionDAO(getDataSource());
    EventCRFBean ecb = (EventCRFBean) request.getAttribute(INPUT_EVENT_CRF);
    //JN:Happening when drilling down?
    if (ecb == null) {
        int eventCRFId = fp.getInt(INPUT_EVENT_CRF_ID, true);
        LOGGER.debug("found event crf id: " + eventCRFId);
        if (eventCRFId > 0) {
            LOGGER.debug("***NOTE*** that we didnt have to create an event crf because we already have one: " + eventCRFId);
            // there is an event CRF already, only need to update
            ecb = (EventCRFBean) ecdao.findByPK(eventCRFId);
            // ecb.setUpdatedDate(new Date());
            // ecb.setUpdater(ub);
            // ecb = (EventCRFBean) ecdao.update(ecb);
            // logger.trace("found an event crf id "+eventCRFId);
            // YW 11-12-2007 << if interviewer or/and interview date
            // has/have been updated for study/site from "blank" to
            // "pre-populated"
            // But at this point, this update only shows on web page and
            // will not be updated to database.
            int studyEventId = fp.getInt(INPUT_STUDY_EVENT_ID);
            request.setAttribute(INPUT_EVENT_CRF, ecb);
            if (studyEventId > 0) {
                StudyEventDAO sedao = new StudyEventDAO(getDataSource());
                StudyEventBean sEvent = (StudyEventBean) sedao.findByPK(studyEventId);
                ecb = updateECB(sEvent, request);
            }
            request.setAttribute(INPUT_EVENT_CRF, ecb);
        // YW >>
        } else {
            // CRF id <=0, so we need to create a new CRF
            // use toCreateCRF as a flag to prevent user to submit event CRF
            // more than once
            // for example, user reloads the page
            String toCreateCRF = (String) session.getAttribute("to_create_crf");
            if (StringUtil.isBlank(toCreateCRF) || "0".equals(toCreateCRF)) {
                session.setAttribute("to_create_crf", "1");
            }
            try {
                // if (ecb.getInterviewerName() != null) {
                LOGGER.debug("Initial: to create an event CRF.");
                String toCreateCRF1 = (String) session.getAttribute("to_create_crf");
                if (!StringUtil.isBlank(toCreateCRF1) && "1".equals(toCreateCRF1)) {
                    ecb = createEventCRF(request, fp);
                    session.setAttribute("ecb", ecb);
                    request.setAttribute(INPUT_EVENT_CRF, ecb);
                    session.setAttribute("to_create_crf", "0");
                } else {
                    ecb = (EventCRFBean) session.getAttribute("ecb");
                }
            // }
            } catch (InconsistentStateException ie) {
                ie.printStackTrace();
                addPageMessage(ie.getOpenClinicaMessage(), request);
                throw new InsufficientPermissionException(Page.LIST_STUDY_SUBJECTS_SERVLET, ie.getOpenClinicaMessage(), "1");
            } catch (NullPointerException ne) {
                ne.printStackTrace();
                addPageMessage(ne.getMessage(), request);
                throw new InsufficientPermissionException(Page.LIST_STUDY_SUBJECTS_SERVLET, ne.getMessage(), "1");
            }
        }
    }
    // added to allow sections shown on this page
    DisplayTableOfContentsBean displayBean = new DisplayTableOfContentsBean();
    displayBean = TableOfContentsServlet.getDisplayBean(ecb, getDataSource(), currentStudy);
    // escape apostrophe in event name
    displayBean.getStudyEventDefinition().setName(StringEscapeUtils.escapeJavaScript(displayBean.getStudyEventDefinition().getName()));
    request.setAttribute(TOC_DISPLAY, displayBean);
    int sectionId = fp.getInt(INPUT_SECTION_ID, true);
    ArrayList sections;
    if (sectionId <= 0) {
        StudyEventDAO studyEventDao = new StudyEventDAO(getDataSource());
        int maximumSampleOrdinal = studyEventDao.getMaxSampleOrdinal(displayBean.getStudyEventDefinition(), displayBean.getStudySubject());
        request.setAttribute("maximumSampleOrdinal", maximumSampleOrdinal);
        sections = sdao.findAllByCRFVersionId(ecb.getCRFVersionId());
        for (int i = 0; i < sections.size(); i++) {
            SectionBean sb = (SectionBean) sections.get(i);
            // find the first section of this CRF
            sectionId = sb.getId();
            break;
        }
    }
    SectionBean sb = new SectionBean();
    if (sectionId > 0) {
        // int sectionId = fp.getInt(INPUT_SECTION_ID, true);
        //synchronized(this)
        {
            sb = (SectionBean) sdao.findByPK(sectionId);
        }
    }
    int tabId = fp.getInt("tab", true);
    if (tabId <= 0) {
        tabId = 1;
    }
    request.setAttribute(INPUT_TAB, new Integer(tabId));
    request.setAttribute(SECTION_BEAN, sb);
}
Also used : HttpSession(javax.servlet.http.HttpSession) FormProcessor(org.akaza.openclinica.control.form.FormProcessor) StudyBean(org.akaza.openclinica.bean.managestudy.StudyBean) InsufficientPermissionException(org.akaza.openclinica.web.InsufficientPermissionException) ArrayList(java.util.ArrayList) DisplayTableOfContentsBean(org.akaza.openclinica.bean.submit.DisplayTableOfContentsBean) StudyEventBean(org.akaza.openclinica.bean.managestudy.StudyEventBean) InconsistentStateException(org.akaza.openclinica.web.InconsistentStateException) SectionBean(org.akaza.openclinica.bean.submit.SectionBean) DisplaySectionBean(org.akaza.openclinica.bean.submit.DisplaySectionBean) EventCRFBean(org.akaza.openclinica.bean.submit.EventCRFBean) StudyEventDAO(org.akaza.openclinica.dao.managestudy.StudyEventDAO) EventCRFDAO(org.akaza.openclinica.dao.submit.EventCRFDAO) SectionDAO(org.akaza.openclinica.dao.submit.SectionDAO)

Example 30 with InsufficientPermissionException

use of org.akaza.openclinica.web.InsufficientPermissionException in project OpenClinica by OpenClinica.

the class DataEntryServlet method mayAccess.

public void mayAccess(HttpServletRequest request) throws InsufficientPermissionException {
    FormProcessor fp = new FormProcessor(request);
    EventCRFDAO edao = new EventCRFDAO(getDataSource());
    UserAccountBean ub = (UserAccountBean) request.getSession().getAttribute(USER_BEAN_NAME);
    int eventCRFId = fp.getInt("ecId", true);
    if (eventCRFId == 0) {
        eventCRFId = fp.getInt("eventCRFId", true);
    }
    if (eventCRFId > 0) {
        if (!entityIncluded(eventCRFId, ub.getName(), edao, getDataSource())) {
            addPageMessage(respage.getString("required_event_CRF_belong"), request);
            throw new InsufficientPermissionException(Page.MENU_SERVLET, resexception.getString("entity_not_belong_studies"), "1");
        }
    }
}
Also used : FormProcessor(org.akaza.openclinica.control.form.FormProcessor) UserAccountBean(org.akaza.openclinica.bean.login.UserAccountBean) InsufficientPermissionException(org.akaza.openclinica.web.InsufficientPermissionException) EventCRFDAO(org.akaza.openclinica.dao.submit.EventCRFDAO)

Aggregations

InsufficientPermissionException (org.akaza.openclinica.web.InsufficientPermissionException)43 Role (org.akaza.openclinica.bean.core.Role)25 FormProcessor (org.akaza.openclinica.control.form.FormProcessor)14 UserAccountBean (org.akaza.openclinica.bean.login.UserAccountBean)12 StudyUserRoleBean (org.akaza.openclinica.bean.login.StudyUserRoleBean)10 StudyBean (org.akaza.openclinica.bean.managestudy.StudyBean)10 ArrayList (java.util.ArrayList)8 StudyEventBean (org.akaza.openclinica.bean.managestudy.StudyEventBean)8 StudyEventDAO (org.akaza.openclinica.dao.managestudy.StudyEventDAO)8 StudyDAO (org.akaza.openclinica.dao.managestudy.StudyDAO)7 EventCRFBean (org.akaza.openclinica.bean.submit.EventCRFBean)6 StudySubjectDAO (org.akaza.openclinica.dao.managestudy.StudySubjectDAO)6 HttpSession (javax.servlet.http.HttpSession)5 StudyEventDefinitionBean (org.akaza.openclinica.bean.managestudy.StudyEventDefinitionBean)5 StudyEventDefinitionDAO (org.akaza.openclinica.dao.managestudy.StudyEventDefinitionDAO)5 EventCRFDAO (org.akaza.openclinica.dao.submit.EventCRFDAO)5 DateFormat (java.text.DateFormat)4 Date (java.util.Date)4 HashMap (java.util.HashMap)4 List (java.util.List)4