Example 31 with InsufficientPermissionException
use of org.akaza.openclinica.web.InsufficientPermissionException in project OpenClinica by OpenClinica.
the class PrintEventCRFServlet method mayProceed.
/**
* Checks whether the user has the correct privilege
*/
@Override
public void mayProceed(HttpServletRequest request, HttpServletResponse response) throws InsufficientPermissionException {
locale = LocaleResolver.getLocale(request);
StudyUserRoleBean currentRole = (StudyUserRoleBean) request.getSession().getAttribute("userRole");
UserAccountBean ub = (UserAccountBean) request.getSession().getAttribute(USER_BEAN_NAME);
if (ub.isSysAdmin()) {
return;
}
if (SubmitDataServlet.mayViewData(ub, currentRole)) {
return;
}
addPageMessage(respage.getString("no_have_correct_privilege_current_study") + respage.getString("change_study_contact_sysadmin"), request);
throw new InsufficientPermissionException(Page.MENU_SERVLET, resexception.getString("not_director"), "1");
}
Also used :
StudyUserRoleBean(org.akaza.openclinica.bean.login.StudyUserRoleBean)
UserAccountBean(org.akaza.openclinica.bean.login.UserAccountBean)
InsufficientPermissionException(org.akaza.openclinica.web.InsufficientPermissionException)
Example 32 with InsufficientPermissionException
use of org.akaza.openclinica.web.InsufficientPermissionException in project OpenClinica by OpenClinica.
the class PrintAllEventCRFServlet method mayProceed.
/**
* Checks whether the user has the correct privilege
*/
@Override
public void mayProceed(HttpServletRequest request, HttpServletResponse response) throws InsufficientPermissionException {
locale = LocaleResolver.getLocale(request);
UserAccountBean ub = (UserAccountBean) request.getSession().getAttribute(USER_BEAN_NAME);
StudyUserRoleBean currentRole = (StudyUserRoleBean) request.getSession().getAttribute("userRole");
if (ub.isSysAdmin()) {
return;
}
if (SubmitDataServlet.mayViewData(ub, currentRole)) {
return;
}
addPageMessage(respage.getString("no_have_correct_privilege_current_study") + respage.getString("change_study_contact_sysadmin"), request);
throw new InsufficientPermissionException(Page.MENU_SERVLET, resexception.getString("not_director"), "1");
}
Also used :
StudyUserRoleBean(org.akaza.openclinica.bean.login.StudyUserRoleBean)
UserAccountBean(org.akaza.openclinica.bean.login.UserAccountBean)
InsufficientPermissionException(org.akaza.openclinica.web.InsufficientPermissionException)
Example 33 with InsufficientPermissionException
use of org.akaza.openclinica.web.InsufficientPermissionException in project OpenClinica by OpenClinica.
the class InitUpdateEventDefinitionServlet method mayProceed.
/**
* Checks whether the user has the correct privilege
*/
@Override
public void mayProceed() throws InsufficientPermissionException {
checkStudyLocked(Page.LIST_DEFINITION_SERVLET, respage.getString("current_study_locked"));
if (ub.isSysAdmin()) {
return;
}
StudyEventDAO sdao = new StudyEventDAO(sm.getDataSource());
// get current studyid
int studyId = currentStudy.getId();
if (ub.hasRoleInStudy(studyId)) {
Role r = ub.getRoleByStudy(studyId).getRole();
if (r.equals(Role.STUDYDIRECTOR) || r.equals(Role.COORDINATOR)) {
return;
} else {
addPageMessage(respage.getString("no_have_permission_to_update_study_event_definition") + respage.getString("please_contact_sysadmin_questions"));
throw new InsufficientPermissionException(Page.LIST_DEFINITION_SERVLET, resexception.getString("not_study_director"), "1");
}
}
// To Do: the following code doesn't apply to admin for now
String idString = request.getParameter("id");
int defId = Integer.valueOf(idString.trim()).intValue();
logger.info("defId" + defId);
ArrayList events = (ArrayList) sdao.findAllByDefinition(defId);
if (events != null && events.size() > 0) {
logger.info("has events");
for (int i = 0; i < events.size(); i++) {
StudyEventBean sb = (StudyEventBean) events.get(i);
if (!sb.getStatus().equals(Status.DELETED) && !sb.getStatus().equals(Status.AUTO_DELETED)) {
logger.info("found one event");
addPageMessage(respage.getString("sorry_but_at_this_time_may_not_modufy_SED"));
throw new InsufficientPermissionException(Page.LIST_DEFINITION_SERVLET, resexception.getString("not_unpopulated"), "1");
}
}
}
}
Also used :
Role(org.akaza.openclinica.bean.core.Role)
StudyEventDAO(org.akaza.openclinica.dao.managestudy.StudyEventDAO)
InsufficientPermissionException(org.akaza.openclinica.web.InsufficientPermissionException)
ArrayList(java.util.ArrayList)
StudyEventBean(org.akaza.openclinica.bean.managestudy.StudyEventBean)
Example 34 with InsufficientPermissionException
use of org.akaza.openclinica.web.InsufficientPermissionException in project OpenClinica by OpenClinica.
the class EnterDataForStudyEventServlet method getStudyEvent.
private StudyEventBean getStudyEvent(int eventId) throws Exception {
StudyEventDAO sedao = new StudyEventDAO(sm.getDataSource());
StudyBean studyWithSED = currentStudy;
if (currentStudy.getParentStudyId() > 0) {
studyWithSED = new StudyBean();
studyWithSED.setId(currentStudy.getParentStudyId());
}
AuditableEntityBean aeb = sedao.findByPKAndStudy(eventId, studyWithSED);
if (!aeb.isActive()) {
addPageMessage(respage.getString("study_event_to_enter_data_not_belong_study"));
throw new InsufficientPermissionException(Page.LIST_STUDY_SUBJECTS_SERVLET, resexception.getString("study_event_not_belong_study"), "1");
}
StudyEventBean seb = (StudyEventBean) aeb;
StudyEventDefinitionDAO seddao = new StudyEventDefinitionDAO(sm.getDataSource());
StudyEventDefinitionBean sedb = (StudyEventDefinitionBean) seddao.findByPK(seb.getStudyEventDefinitionId());
seb.setStudyEventDefinition(sedb);
// A. Hamid mantis issue 5048
if (!(currentRole.isDirector() || currentRole.isCoordinator()) && seb.getSubjectEventStatus().isLocked()) {
seb.setEditable(false);
}
return seb;
}
Also used :
AuditableEntityBean(org.akaza.openclinica.bean.core.AuditableEntityBean)
StudyEventDefinitionDAO(org.akaza.openclinica.dao.managestudy.StudyEventDefinitionDAO)
StudyEventDAO(org.akaza.openclinica.dao.managestudy.StudyEventDAO)
StudyBean(org.akaza.openclinica.bean.managestudy.StudyBean)
InsufficientPermissionException(org.akaza.openclinica.web.InsufficientPermissionException)
StudyEventDefinitionBean(org.akaza.openclinica.bean.managestudy.StudyEventDefinitionBean)
StudyEventBean(org.akaza.openclinica.bean.managestudy.StudyEventBean)
Example 35 with InsufficientPermissionException
use of org.akaza.openclinica.web.InsufficientPermissionException in project OpenClinica by OpenClinica.
the class CoreSecureController method process.
private void process(HttpServletRequest request, HttpServletResponse response) throws OpenClinicaException, UnsupportedEncodingException {
request.setCharacterEncoding("UTF-8");
response.setHeader("Content-Encoding", "gzip");
HttpSession session = request.getSession();
// BWP >> 1/8/2008
try {
// YW 10-03-2007 <<
session.setMaxInactiveInterval(Integer.parseInt(SQLInitServlet.getField("max_inactive_interval")));
// YW >>
} catch (NumberFormatException nfe) {
// BWP>>3600 is the datainfo.properties maxInactiveInterval on
// 1/8/2008
session.setMaxInactiveInterval(3600);
}
// If the session already has a value with key SUPPORT_URL don't reset
if (session.getAttribute(SUPPORT_URL) == null) {
session.setAttribute(SUPPORT_URL, SQLInitServlet.getSupportURL());
}
UserAccountBean ub = (UserAccountBean) session.getAttribute(USER_BEAN_NAME);
StudyBean currentStudy = (StudyBean) session.getAttribute("study");
StudyUserRoleBean currentRole = (StudyUserRoleBean) session.getAttribute("userRole");
// Set current language preferences
Locale locale = LocaleResolver.getLocale(request);
ResourceBundleProvider.updateLocale(locale);
resadmin = ResourceBundleProvider.getAdminBundle(locale);
resaudit = ResourceBundleProvider.getAuditEventsBundle(locale);
resexception = ResourceBundleProvider.getExceptionsBundle(locale);
resformat = ResourceBundleProvider.getFormatBundle(locale);
restext = ResourceBundleProvider.getTextsBundle(locale);
resterm = ResourceBundleProvider.getTermsBundle(locale);
resword = ResourceBundleProvider.getWordsBundle(locale);
respage = ResourceBundleProvider.getPageMessagesBundle(locale);
resworkflow = ResourceBundleProvider.getWorkflowBundle(locale);
try {
String userName = request.getRemoteUser();
ServletContext context = getServletContext();
// BWP 1/8/08<< the sm variable may already be set with a mock
// object,
// from the perspective of
// JUnit servlets tests
/*
* if(sm==null && (!StringUtil.isBlank(userName))) {//check if user
* logged in, then create a new sessionmanger to get ub //create a
* new sm in order to get a new ub object sm = new
* SessionManager(ub, userName); }
*/
// BWP 01/08 >>
// sm = new SessionManager(ub, userName);
SessionManager sm = new SessionManager(ub, userName, SpringServletAccess.getApplicationContext(context));
ub = sm.getUserBean();
request.getSession().setAttribute("sm", sm);
session.setAttribute("userBean", ub);
StudyDAO sdao = new StudyDAO(getDataSource());
if (currentStudy == null || currentStudy.getId() <= 0) {
if (ub.getId() > 0 && ub.getActiveStudyId() > 0) {
StudyParameterValueDAO spvdao = new StudyParameterValueDAO(getDataSource());
currentStudy = (StudyBean) sdao.findByPK(ub.getActiveStudyId());
ArrayList studyParameters = spvdao.findParamConfigByStudy(currentStudy);
currentStudy.setStudyParameters(studyParameters);
StudyConfigService scs = new StudyConfigService(getDataSource());
if (currentStudy.getParentStudyId() <= 0) {
// top study
scs.setParametersForStudy(currentStudy);
} else {
// YW <<
currentStudy.setParentStudyName(((StudyBean) sdao.findByPK(currentStudy.getParentStudyId())).getName());
// YW >>
scs.setParametersForSite(currentStudy);
}
// set up the panel here, tbh
panel.reset();
/*
* panel.setData("Study", currentStudy.getName());
* panel.setData("Summary", currentStudy.getSummary());
* panel.setData("Start Date",
* sdf.format(currentStudy.getDatePlannedStart()));
* panel.setData("End Date",
* sdf.format(currentStudy.getDatePlannedEnd()));
* panel.setData("Principal Investigator",
* currentStudy.getPrincipalInvestigator());
*/
session.setAttribute(STUDY_INFO_PANEL, panel);
} else {
currentStudy = new StudyBean();
}
// The above line is moved here since currentstudy's value is set in else block and could change
session.setAttribute("study", currentStudy);
} else if (currentStudy.getId() > 0) {
// restored
if (currentStudy.getParentStudyId() > 0) {
currentStudy.setParentStudyName(((StudyBean) sdao.findByPK(currentStudy.getParentStudyId())).getName());
}
// YW >>
}
if (currentStudy.getParentStudyId() > 0) {
/*
* The Role decription will be set depending on whether the user
* logged in at study lever or site level. issue-2422
*/
List roles = Role.toArrayList();
for (Iterator it = roles.iterator(); it.hasNext(); ) {
Role role = (Role) it.next();
switch(role.getId()) {
case 2:
role.setDescription("site_Study_Coordinator");
break;
case 3:
role.setDescription("site_Study_Director");
break;
case 4:
role.setDescription("site_investigator");
break;
case 5:
role.setDescription("site_Data_Entry_Person");
break;
case 6:
role.setDescription("site_monitor");
break;
case 7:
role.setDescription("site_Data_Entry_Person2");
break;
default:
}
}
} else {
/*
* If the current study is a site, we will change the role
* description. issue-2422
*/
List roles = Role.toArrayList();
for (Iterator it = roles.iterator(); it.hasNext(); ) {
Role role = (Role) it.next();
switch(role.getId()) {
case 2:
role.setDescription("Study_Coordinator");
break;
case 3:
role.setDescription("Study_Director");
break;
case 4:
role.setDescription("Investigator");
break;
case 5:
role.setDescription("Data_Entry_Person");
break;
case 6:
role.setDescription("Monitor");
break;
default:
}
}
}
if (currentRole == null || currentRole.getId() <= 0) {
// kept as "invalid" -- YW 06-21-2007
if (ub.getId() > 0 && currentStudy.getId() > 0 && !currentStudy.getStatus().getName().equals("removed")) {
currentRole = ub.getRoleByStudy(currentStudy.getId());
if (currentStudy.getParentStudyId() > 0) {
// Checking if currentStudy has been removed or not will
// ge good enough -- YW 10-17-2007
StudyUserRoleBean roleInParent = ub.getRoleByStudy(currentStudy.getParentStudyId());
// inherited role from parent study, pick the higher
// role
currentRole.setRole(Role.max(currentRole.getRole(), roleInParent.getRole()));
}
// logger.info("currentRole:" + currentRole.getRoleName());
} else {
currentRole = new StudyUserRoleBean();
}
session.setAttribute("userRole", currentRole);
} else // active study has been removed.
if (currentRole.getId() > 0 && (currentStudy.getStatus().equals(Status.DELETED) || currentStudy.getStatus().equals(Status.AUTO_DELETED))) {
currentRole.setRole(Role.INVALID);
currentRole.setStatus(Status.DELETED);
session.setAttribute("userRole", currentRole);
}
// YW 06-19-2007 >>
request.setAttribute("isAdminServlet", getAdminServlet());
// logger.info(rq_names);
if (!request.getRequestURI().endsWith("ResetPassword")) {
passwdTimeOut(request, response, ub);
}
mayProceed(request, response);
// pingJobServer(request);
processRequest(request, response);
} catch (InconsistentStateException ise) {
ise.printStackTrace();
LOGGER.warn("InconsistentStateException: org.akaza.openclinica.control.CoreSecureController: ", ise);
unlockCRFOnError(request);
addPageMessage(ise.getOpenClinicaMessage(), request);
forwardPage(ise.getGoTo(), request, response);
} catch (InsufficientPermissionException ipe) {
ipe.printStackTrace();
LOGGER.warn("InsufficientPermissionException: org.akaza.openclinica.control.CoreSecureController: ", ipe);
unlockCRFOnError(request);
// addPageMessage(ipe.getOpenClinicaMessage());
forwardPage(ipe.getGoTo(), request, response);
} catch (Exception e) {
LOGGER.error("Error processing request", e);
unlockCRFOnError(request);
forwardPage(Page.ERROR, request, response);
}
}
Also used :
Locale(java.util.Locale)
HttpSession(javax.servlet.http.HttpSession)
SessionManager(org.akaza.openclinica.core.SessionManager)
StudyBean(org.akaza.openclinica.bean.managestudy.StudyBean)
StudyUserRoleBean(org.akaza.openclinica.bean.login.StudyUserRoleBean)
ArrayList(java.util.ArrayList)
InsufficientPermissionException(org.akaza.openclinica.web.InsufficientPermissionException)
InconsistentStateException(org.akaza.openclinica.web.InconsistentStateException)
ServletException(javax.servlet.ServletException)
OpenClinicaException(org.akaza.openclinica.exception.OpenClinicaException)
MessagingException(javax.mail.MessagingException)
MailException(org.springframework.mail.MailException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
InconsistentStateException(org.akaza.openclinica.web.InconsistentStateException)
InsufficientPermissionException(org.akaza.openclinica.web.InsufficientPermissionException)
SchedulerException(org.quartz.SchedulerException)
IOException(java.io.IOException)
Role(org.akaza.openclinica.bean.core.Role)
StudyConfigService(org.akaza.openclinica.dao.service.StudyConfigService)
UserAccountBean(org.akaza.openclinica.bean.login.UserAccountBean)
Iterator(java.util.Iterator)
ServletContext(javax.servlet.ServletContext)
List(java.util.List)
ArrayList(java.util.ArrayList)
StudyParameterValueDAO(org.akaza.openclinica.dao.service.StudyParameterValueDAO)
StudyDAO(org.akaza.openclinica.dao.managestudy.StudyDAO)
Aggregations
InsufficientPermissionException (org.akaza.openclinica.web.InsufficientPermissionException)43
Role (org.akaza.openclinica.bean.core.Role)25
FormProcessor (org.akaza.openclinica.control.form.FormProcessor)14
UserAccountBean (org.akaza.openclinica.bean.login.UserAccountBean)12
StudyUserRoleBean (org.akaza.openclinica.bean.login.StudyUserRoleBean)10
StudyBean (org.akaza.openclinica.bean.managestudy.StudyBean)10
ArrayList (java.util.ArrayList)8
StudyEventBean (org.akaza.openclinica.bean.managestudy.StudyEventBean)8
StudyEventDAO (org.akaza.openclinica.dao.managestudy.StudyEventDAO)8
StudyDAO (org.akaza.openclinica.dao.managestudy.StudyDAO)7
EventCRFBean (org.akaza.openclinica.bean.submit.EventCRFBean)6
StudySubjectDAO (org.akaza.openclinica.dao.managestudy.StudySubjectDAO)6
HttpSession (javax.servlet.http.HttpSession)5
StudyEventDefinitionBean (org.akaza.openclinica.bean.managestudy.StudyEventDefinitionBean)5
StudyEventDefinitionDAO (org.akaza.openclinica.dao.managestudy.StudyEventDefinitionDAO)5
EventCRFDAO (org.akaza.openclinica.dao.submit.EventCRFDAO)5
DateFormat (java.text.DateFormat)4
Date (java.util.Date)4
HashMap (java.util.HashMap)4
List (java.util.List)4
