use of org.obiba.mica.access.domain.DataAccessRequest in project mica2 by obiba.
the class CsvReportGenerator method writeEachDataAccessRequest.
private void writeEachDataAccessRequest(CSVWriter writer) {
writer.writeNext(toArray(extractTranslatedField(GENERIC_TANSLATION_PREFIX + ".detailedOverview")));
Set<String> tableKeys = csvSchema.read("table", Map.class).keySet();
writer.writeNext(tableKeys.stream().map(key -> extractTranslatedField("table.['" + key + "']")).toArray(String[]::new));
for (DataAccessRequest dataAccessRequestDto : dataAccessRequestDtos) {
DocumentContext dataAccessRequestContent = JsonPath.parse(dataAccessRequestDto.getContent());
addGenericVariablesInDocumentContext(dataAccessRequestDto, dataAccessRequestContent);
writer.writeNext(tableKeys.stream().map(key -> extractValueFromDataAccessRequest(dataAccessRequestContent, key)).toArray(String[]::new));
}
}
use of org.obiba.mica.access.domain.DataAccessRequest in project mica2 by obiba.
the class DataAccessRequestResource method submit.
//
// Private methods
//
private Response submit(String id) {
DataAccessRequest request = dataAccessRequestService.findById(id);
boolean fromOpened = request.getStatus() == DataAccessRequest.Status.OPENED;
boolean fromConditionallyApproved = request.getStatus() == DataAccessRequest.Status.CONDITIONALLY_APPROVED;
if (fromOpened && !subjectAclService.isCurrentUser(request.getApplicant())) {
// only applicant can submit an opened request
throw new ForbiddenException();
}
dataAccessRequestService.updateStatus(id, DataAccessRequest.Status.SUBMITTED);
if (fromOpened || fromConditionallyApproved) {
// applicant cannot edit, nor delete request anymore + status cannot be changed
subjectAclService.removePermission("/data-access-request", "EDIT,DELETE", id);
subjectAclService.removePermission("/data-access-request/" + id, "EDIT", "_status");
// data access officers can change the status of this request
subjectAclService.addGroupPermission(Roles.MICA_DAO, "/data-access-request/" + id, "EDIT", "_status");
}
return Response.noContent().build();
}
use of org.obiba.mica.access.domain.DataAccessRequest in project mica2 by obiba.
the class DataAccessRequestResource method getAttachment.
@GET
@Timed
@Path("/attachments/{attachmentId}/_download")
public Response getAttachment(@PathParam("id") String id, @PathParam("attachmentId") String attachmentId) throws IOException {
subjectAclService.checkPermission("/data-access-request", "VIEW", id);
DataAccessRequest request = dataAccessRequestService.findById(id);
Optional<Attachment> r = request.getAttachments().stream().filter(a -> a.getId().equals(attachmentId)).findFirst();
if (!r.isPresent())
throw NoSuchEntityException.withId(Attachment.class, attachmentId);
return Response.ok(fileStoreService.getFile(r.get().getFileReference())).header("Content-Disposition", "attachment; filename=\"" + r.get().getName() + "\"").build();
}
use of org.obiba.mica.access.domain.DataAccessRequest in project mica2 by obiba.
the class DataAccessRequestResource method open.
private Response open(@PathParam("id") String id) {
DataAccessRequest request = dataAccessRequestService.updateStatus(id, DataAccessRequest.Status.OPENED);
// restore applicant permissions
subjectAclService.addUserPermission(request.getApplicant(), "/data-access-request", "VIEW,EDIT,DELETE", id);
subjectAclService.addUserPermission(request.getApplicant(), "/data-access-request/" + id, "EDIT", "_status");
// data access officers cannot change the status of this request anymore
subjectAclService.removeGroupPermission(Roles.MICA_DAO, "/data-access-request/" + id, "EDIT", "_status");
return Response.noContent().build();
}
use of org.obiba.mica.access.domain.DataAccessRequest in project mica2 by obiba.
the class DataAccessRequestResource method conditionallyApprove.
private Response conditionallyApprove(@PathParam("id") String id) {
DataAccessRequest request = dataAccessRequestService.updateStatus(id, DataAccessRequest.Status.CONDITIONALLY_APPROVED);
// restore applicant permissions
subjectAclService.addUserPermission(request.getApplicant(), "/data-access-request", "VIEW,EDIT,DELETE", id);
subjectAclService.addUserPermission(request.getApplicant(), "/data-access-request/" + id, "EDIT", "_status");
// data access officers cannot change the status of this request anymore
subjectAclService.removeGroupPermission(Roles.MICA_DAO, "/data-access-request/" + id, "EDIT", "_status");
return updateStatus(id, DataAccessRequest.Status.CONDITIONALLY_APPROVED);
}
Aggregations