use of org.jbei.ice.storage.model.Account in project ice by JBEI.
the class Groups method addGroup.
/**
* Adds group to the list of groups for current user
*
* @param userGroup information about group to be added, including members (local and remote)
* @return added group
*/
public UserGroup addGroup(UserGroup userGroup) {
if (userGroup.getType() == null)
userGroup.setType(GroupType.PRIVATE);
if (userGroup.getType() == GroupType.PUBLIC && !accountController.isAdministrator(userId)) {
String errMsg = "Non admin '" + userId + "' attempting to create public group";
Logger.error(errMsg);
throw new PermissionException(errMsg);
}
Account account = accountDAO.getByEmail(userId);
Group group = new Group();
group.setUuid(Utils.generateUUID());
group.setLabel(userGroup.getLabel());
group.setDescription(userGroup.getDescription() == null ? "" : userGroup.getDescription());
group.setType(userGroup.getType());
group.setOwner(account);
group.setAutoJoin(userGroup.isAutoJoin());
group.setCreationTime(new Date());
group = dao.create(group);
// add local members
if (userGroup.getMembers() != null && !userGroup.getMembers().isEmpty()) {
for (AccountTransfer accountTransfer : userGroup.getMembers()) {
Account memberAccount = accountDAO.getByEmail(accountTransfer.getEmail());
if (memberAccount == null)
continue;
group.getMembers().add(memberAccount);
memberAccount.getGroups().add(group);
accountDAO.update(memberAccount);
}
}
// add remote members
for (RemoteUser remoteUser : userGroup.getRemoteMembers()) {
RegistryPartner partner = remoteUser.getPartner();
if (partner == null)
continue;
RemotePartner remotePartner = remotePartnerDAO.get(partner.getId());
if (remotePartner == null)
continue;
AccountTransfer accountTransfer = remoteUser.getUser();
if (accountTransfer == null || StringUtils.isEmpty(accountTransfer.getEmail()))
continue;
String email = accountTransfer.getEmail();
RemoteClientModel remoteClientModel = remoteClientModelDAO.getModel(email, remotePartner);
if (remoteClientModel == null) {
remoteClientModel = new RemoteClientModel();
remoteClientModel.setEmail(email);
remoteClientModel.setRemotePartner(remotePartner);
remoteClientModel = remoteClientModelDAO.create(remoteClientModel);
}
remoteClientModel.getGroups().add(group);
remoteClientModelDAO.update(remoteClientModel);
}
return group.toDataTransferObject();
}
use of org.jbei.ice.storage.model.Account in project ice by JBEI.
the class AccountDAO method getAccounts.
/**
* Retrieves list of pageable accounts, matching the parameter values
*
* @param offset offset to start retrieving matching accounts
* @param limit maximum number of accounts to retrieve
* @param sort sort order for retrieval
* @param asc whether to sort in ascending or descending order
* @param filter optional filter to for matching text against firstName, lastName or email fields of accounts
* @return list of matching accounts
* @throws DAOException on {@link HibernateException} retrieving accounts
*/
public List<Account> getAccounts(int offset, int limit, String sort, boolean asc, String filter) {
try {
CriteriaQuery<Account> query = getBuilder().createQuery(Account.class);
Root<Account> from = query.from(Account.class);
if (filter != null && !filter.isEmpty()) {
filter = filter.toLowerCase();
query.where(getBuilder().or(getBuilder().like(getBuilder().lower(from.get("firstName")), "%" + filter + "%"), getBuilder().like(getBuilder().lower(from.get("lastName")), "%" + filter + "%"), getBuilder().like(getBuilder().lower(from.get("email")), "%" + filter + "%")));
}
query.distinct(true).orderBy(asc ? getBuilder().asc(from.get(sort)) : getBuilder().desc(from.get(sort)));
return currentSession().createQuery(query).setMaxResults(limit).setFirstResult(offset).list();
} catch (HibernateException he) {
Logger.error(he);
throw new DAOException(he);
}
}
use of org.jbei.ice.storage.model.Account in project ice by JBEI.
the class AccountDAO method getAccountsCount.
/**
* Retrieves maximum number of distinct accounts available and, if specified, whose firstName, lastName and email
* fields match the filter token. This is intended to be used for paging.
*
* @param filter optional token used to match against the firstName, lastName and email fields of accounts
* @return number of accounts that match the optional filter.
* @throws DAOException on {@link HibernateException} retrieving the number
*/
public long getAccountsCount(String filter) {
try {
CriteriaQuery<Long> query = getBuilder().createQuery(Long.class);
Root<Account> from = query.from(Account.class);
if (filter != null && !filter.isEmpty()) {
filter = filter.toLowerCase();
query.where(getBuilder().or(getBuilder().like(getBuilder().lower(from.get("firstName")), "%" + filter + "%"), getBuilder().like(getBuilder().lower(from.get("lastName")), "%" + filter + "%"), getBuilder().like(getBuilder().lower(from.get("email")), "%" + filter + "%")));
}
query.select(getBuilder().countDistinct(from.get("id")));
return currentSession().createQuery(query).uniqueResult();
} catch (HibernateException he) {
Logger.error(he);
throw new DAOException(he);
}
}
use of org.jbei.ice.storage.model.Account in project ice by JBEI.
the class EntryAuthorization method canRead.
@Override
public boolean canRead(String userId, Entry entry) {
// super checks for owner or admin
if (userId == null) {
return new PermissionsController().isPubliclyVisible(entry);
}
if (super.canRead(userId, entry) || super.canWrite(userId, entry))
return true;
Account account = getAccount(userId);
// get groups for account. if account is null, this will return everyone group
List<Group> accountGroups = groupController.getAllGroups(account);
// ie. belongs to group that has read privileges for entry (or a group whose parent group does)
if (permissionDAO.hasPermissionMulti(entry, null, null, accountGroups, true, false))
return true;
if (permissionDAO.hasPermissionMulti(entry, null, null, accountGroups, false, true))
return true;
// check explicit read permission
if (permissionDAO.hasPermissionMulti(entry, null, account, null, true, false))
return true;
Set<Folder> entryFolders = entry.getFolders();
// is in a public folder
for (Folder folder : entryFolders) {
if (folder.getType() == FolderType.PUBLIC)
return true;
}
// can any group that account belongs to read any folder that entry is contained in?
if (permissionDAO.hasPermissionMulti(null, entryFolders, null, accountGroups, true, false))
return true;
// can account read any folder that entry is contained in?
return permissionDAO.hasPermissionMulti(null, entryFolders, account, null, true, false) || canWrite(userId, entry);
}
use of org.jbei.ice.storage.model.Account in project ice by JBEI.
the class EntryAuthorization method canWrite.
/**
* Determine if the referenced userId has write permissions for the entry.
* <br> Checks if:
* <ol>
* <li>User has explicit write permissions for entry</li>
* <li>User belongs to a group that has write permissions for entry</li>
* <li>Entry is in a folder that account has write privileges on</li>
* <li>Entry is in a folder that a group that the account belongs to has write privileges on</li>
* </ol>
*
* @param userId unique user identifier
* @param entry entry being checked
* @return true if user has write privileges, false otherwise
*/
@Override
public boolean canWrite(String userId, Entry entry) {
if (userId == null)
return false;
// super checks for admin or owner
if (super.canWrite(userId, entry))
return true;
Account account = getAccount(userId);
// check write accounts for entry
if (permissionDAO.hasPermission(entry, null, null, account, null, false, true))
return true;
// get groups for account
List<Group> accountGroups = groupController.getAllGroups(account);
// check group permissions
if (permissionDAO.hasPermissionMulti(entry, null, null, accountGroups, false, true))
return true;
Set<Folder> entryFolders = entry.getFolders();
if (entryFolders == null || entryFolders.isEmpty())
return false;
// can any group that account belongs to read any folder that entry is contained in?
if (permissionDAO.hasPermissionMulti(null, entryFolders, null, accountGroups, false, true))
return true;
// can account read any folder that entry is contained in?
return permissionDAO.hasPermissionMulti(null, entryFolders, account, null, false, true);
}
Aggregations