Examples with PermissionsController org.jbei.ice.lib.access.PermissionsController used on opensource projects

Example 1 with PermissionsController

use of org.jbei.ice.lib.access.PermissionsController in project ice by JBEI.

the class EntryAuthorization method canRead.

@Override
public boolean canRead(String userId, Entry entry) {
    // super checks for owner or admin
    if (userId == null) {
        return new PermissionsController().isPubliclyVisible(entry);
    }
    if (super.canRead(userId, entry) || super.canWrite(userId, entry))
        return true;
    Account account = getAccount(userId);
    // get groups for account. if account is null, this will return everyone group
    List<Group> accountGroups = groupController.getAllGroups(account);
    // ie. belongs to group that has read privileges for entry (or a group whose parent group does)
    if (permissionDAO.hasPermissionMulti(entry, null, null, accountGroups, true, false))
        return true;
    if (permissionDAO.hasPermissionMulti(entry, null, null, accountGroups, false, true))
        return true;
    // check explicit read permission
    if (permissionDAO.hasPermissionMulti(entry, null, account, null, true, false))
        return true;
    Set<Folder> entryFolders = entry.getFolders();
    // is in a public folder
    for (Folder folder : entryFolders) {
        if (folder.getType() == FolderType.PUBLIC)
            return true;
    }
    // can any group that account belongs to read any folder that entry is contained in?
    if (permissionDAO.hasPermissionMulti(null, entryFolders, null, accountGroups, true, false))
        return true;
    // can account read any folder that entry is contained in?
    return permissionDAO.hasPermissionMulti(null, entryFolders, account, null, true, false) || canWrite(userId, entry);
}

Example 2 with PermissionsController

use of org.jbei.ice.lib.access.PermissionsController in project ice by JBEI.

the class WebEntries method getPart.

/**
     * Checks the local database for the entry with id <code>recordId</code>
     * If it exists locally and is public, it returns it. Otherwise it checks the
     * other ICE instances that it partners with, in turn, to see if it exists on there
     *
     * @param recordId unique record identifier for the desired entry
     * @return entry details if found, else null
     * @throws PermissionException if the entry exists locally but is not a public entry
     */
public PartData getPart(String recordId) {
    // check local first
    Entry entry = this.entryDAO.getByRecordId(recordId);
    if (entry != null && entry.getVisibility() != Visibility.REMOTE.getValue()) {
        PermissionsController permissionsController = new PermissionsController();
        if (permissionsController.isPubliclyVisible(entry))
            return ModelToInfoFactory.getInfo(entry);
    }
    List<RemotePartner> partners = this.remotePartnerDAO.getRegistryPartners();
    for (RemotePartner partner : partners) {
        if (partner.getPartnerStatus() != RemotePartnerStatus.APPROVED)
            continue;
        PartData partData = this.remoteContact.getPublicEntry(partner.getUrl(), recordId, partner.getApiKey());
        // if the part is just a remote then the main one is on some other ICE instance
        if (partData == null || partData.getVisibility() == Visibility.REMOTE)
            continue;
        return partData;
    }
    return null;
}

Example 3 with PermissionsController

use of org.jbei.ice.lib.access.PermissionsController in project ice by JBEI.

the class BulkUploadController method addPermission.

/**
     * Adds specified access permission to the bulk upload.
     *
     * @param userId   unique identifier of user making the request. Must be an admin or owner of the upload
     * @param uploadId unique identifier for bulk upload
     * @param access   details about the permission to the added
     * @return added permission with identifier that can be used to remove/delete the permission
     * @throws java.lang.IllegalArgumentException if the upload cannot be located using its identifier
     */
public AccessPermission addPermission(String userId, long uploadId, AccessPermission access) {
    BulkUpload upload = dao.get(uploadId);
    if (upload == null)
        throw new IllegalArgumentException("Could not locate bulk upload with id " + uploadId);
    access.setTypeId(uploadId);
    Permission permission = new PermissionsController().addPermission(userId, access);
    upload.getPermissions().add(permission);
    dao.update(upload);
    return permission.toDataTransferObject();
}

Example 4 with PermissionsController

use of org.jbei.ice.lib.access.PermissionsController in project ice by JBEI.

the class SequenceController method retrievePartSequence.

public FeaturedDNASequence retrievePartSequence(String userId, String recordId) {
    Entry entry = getEntry(recordId);
    if (entry == null)
        throw new IllegalArgumentException("The part " + recordId + " could not be located");
    if (entry.getVisibility() == Visibility.REMOTE.getValue()) {
        WebEntries webEntries = new WebEntries();
        return webEntries.getSequence(recordId);
    }
    if (!new PermissionsController().isPubliclyVisible(entry))
        authorization.expectRead(userId, entry);
    boolean canEdit = authorization.canWrite(userId, entry);
    return getFeaturedSequence(entry, canEdit);
}

Example 5 with PermissionsController

use of org.jbei.ice.lib.access.PermissionsController in project ice by JBEI.

the class FolderPermissions method createPermission.

/**
     * Creates a new access permission record to enable read or write privileges for a folder.
     * User initiating request must have write privileges for the folder
     *
     * @param accessPermission details about access permissions to create
     * @return access permission data transfer object with unique record identifier
     * @throws IllegalArgumentException if the <code>accessPermission</code> object is null
     * @throws PermissionException      if specified user does not have write privileges
     *                                  on specified folder.
     */
public AccessPermission createPermission(AccessPermission accessPermission) {
    if (accessPermission == null)
        throw new IllegalArgumentException("Cannot add null permission");
    // check if permission for remote folder is being created
    if (accessPermission.getArticle() == AccessPermission.Article.REMOTE) {
        return createRemotePermission(accessPermission);
    }
    // verify write authorization
    authorization.expectWrite(userId, folder);
    // permission object
    Permission permission = new Permission();
    permission.setFolder(folder);
    if (accessPermission.getArticle() == AccessPermission.Article.GROUP) {
        Group group = DAOFactory.getGroupDAO().get(accessPermission.getArticleId());
        if (group == null) {
            String errorMessage = "Could not assign group with id " + accessPermission.getArticleId() + " to folder";
            Logger.error(errorMessage);
            throw new IllegalArgumentException(errorMessage);
        }
        permission.setGroup(group);
    } else {
        Account account = accountDAO.get(accessPermission.getArticleId());
        if (account == null) {
            String errorMessage = "Could not assign account with id " + accessPermission.getArticleId() + " to folder";
            Logger.error(errorMessage);
            throw new IllegalArgumentException(errorMessage);
        }
        permission.setAccount(account);
    }
    permission.setCanRead(accessPermission.isCanRead());
    permission.setCanWrite(accessPermission.isCanWrite());
    AccessPermission created = permissionDAO.create(permission).toDataTransferObject();
    // todo : on remote folder as well
    if (folder.getType() == FolderType.PRIVATE) {
        folder.setType(FolderType.SHARED);
        folder.setModificationTime(new Date());
        dao.update(folder);
    }
    PermissionsController permissionsController = new PermissionsController();
    // propagate permission
    if (folder.isPropagatePermissions()) {
        permissionsController.propagateFolderPermissions(userId, folder, true);
    }
    return created;
}