use of org.obiba.mica.security.service.SubjectAclService in project mica2 by obiba.
the class SessionInterceptor method populateUserEntries.
public static void populateUserEntries(ModelAndView modelAndView, UserProfileService userProfileService, VariableSetService variableSetService, StudySetService studySetService, NetworkSetService networkSetService, SubjectAclService subjectAclService) {
Subject subject = SecurityUtils.getSubject();
if (subject.isAuthenticated()) {
String username = subject.getPrincipal().toString();
try {
Map<String, Object> params = userProfileService.getProfileMap(username, true);
List<String> roles = Lists.newArrayList(Roles.MICA_ADMIN, Roles.MICA_REVIEWER, Roles.MICA_EDITOR, Roles.MICA_DAO, Roles.MICA_USER);
boolean[] result = subject.hasRoles(roles);
for (int i = result.length - 1; i >= 0; i--) {
if (!result[i])
roles.remove(i);
}
params.put("roles", roles);
params.put("hasPermissionOnAnyDraftDocument", subjectAclService.findBySubject(subject.getPrincipal().toString(), SubjectAcl.Type.USER).stream().anyMatch(acl -> Arrays.stream(ALL_DRAFT_RESOURCES).anyMatch(res -> res.equals(acl.getResource()))));
params.put("variablesCart", new Cart(variableSetService.getCartCurrentUser()));
params.put("variablesLists", variableSetService.getAllCurrentUser().stream().filter(DocumentSet::hasName).collect(Collectors.toList()));
params.put("studiesCart", new Cart(studySetService.getCartCurrentUser()));
params.put("networksCart", new Cart(networkSetService.getCartCurrentUser()));
modelAndView.getModel().put("user", params);
} catch (Exception e) {
log.warn("Cannot retrieve profile of user {}", username, e);
}
}
}
use of org.obiba.mica.security.service.SubjectAclService in project mica2 by obiba.
the class DraftCollectedDatasetsResource method list.
/**
* Get all {@link org.obiba.mica.dataset.domain.StudyDataset}, optionally filtered by study.
*
* @param studyId can be null, in which case all datasets are returned
* @return
*/
@GET
@Path("/collected-datasets")
@Timed
public List<Mica.DatasetDto> list(@QueryParam("study") String studyId, @QueryParam("query") String query, @QueryParam("from") @DefaultValue("0") Integer from, @QueryParam("limit") Integer limit, @QueryParam("sort") @DefaultValue("id") String sort, @QueryParam("order") @DefaultValue("asc") String order, @QueryParam("filter") @DefaultValue("ALL") String filter, @Context HttpServletResponse response) {
long totalCount;
EntityStateFilter entityStateFilter = EntityStateFilter.valueOf(filter);
List<String> filteredIds = datasetService.getIdsByStateFilter(entityStateFilter);
Searcher.IdFilter accessibleIdFilter = AccessibleIdFilterBuilder.newBuilder().aclService(subjectAclService).resources(Lists.newArrayList("/draft/collected-dataset")).ids(filteredIds).build();
if (limit == null)
limit = MAX_LIMIT;
if (limit < 0)
throw new IllegalArgumentException("limit cannot be negative");
DocumentService.Documents<StudyDataset> datasets = draftCollectedDatasetService.find(from, limit, sort, order, studyId, query, null, null, accessibleIdFilter);
totalCount = datasets.getTotal();
response.addHeader("X-Total-Count", Long.toString(totalCount));
return datasets.getList().stream().map(dataset -> dtos.asDto(dataset, true)).collect(toList());
}
use of org.obiba.mica.security.service.SubjectAclService in project mica2 by obiba.
the class StudyStatesResource method listCollectionStudyStates.
@GET
@Path("/study-states")
@Timed
public List<Mica.StudySummaryDto> listCollectionStudyStates(@QueryParam("query") String query, @QueryParam("from") @DefaultValue("0") Integer from, @QueryParam("limit") Integer limit, @QueryParam("sort") @DefaultValue("id") String sort, @QueryParam("order") @DefaultValue("asc") String order, @QueryParam("type") String type, @QueryParam("exclude") List<String> excludes, @QueryParam("filter") @DefaultValue("ALL") String filter, @Context HttpServletResponse response) {
Stream<? extends EntityState> result;
long totalCount;
EntityStateFilter entityStateFilter = EntityStateFilter.valueOf(filter);
List<String> filteredIds = Strings.isNullOrEmpty(type) ? studyService.getIdsByStateFilter(entityStateFilter) : getStudyServiceByType(type).getIdsByStateFilter(entityStateFilter);
Searcher.IdFilter accessibleIdFilter = AccessibleIdFilterBuilder.newBuilder().aclService(subjectAclService).resources(getPermissionResources(type)).ids(filteredIds).build();
String ids = excludes.stream().map(s -> "id:" + s).collect(Collectors.joining(" "));
if (!Strings.isNullOrEmpty(ids)) {
if (Strings.isNullOrEmpty(query))
query = String.format("NOT(%s)", ids);
else
query += String.format(" AND NOT(%s)", ids);
}
if (limit == null)
limit = MAX_LIMIT;
if (limit < 0)
throw new IllegalArgumentException("limit cannot be negative");
DocumentService.Documents<Study> studyDocuments = draftStudyService.find(from, limit, sort, order, null, query, null, null, accessibleIdFilter);
totalCount = studyDocuments.getTotal();
response.addHeader("X-Total-Count", Long.toString(totalCount));
return studyDocuments.getList().stream().map(study -> dtos.asDto(study, studyService.getEntityState(study.getId()))).collect(toList());
}
use of org.obiba.mica.security.service.SubjectAclService in project mica2 by obiba.
the class DraftProjectsResource method list.
@GET
@Path("/projects")
@Timed
public Mica.ProjectsDto list(@QueryParam("query") String query, @QueryParam("from") @DefaultValue("0") Integer from, @QueryParam("limit") Integer limit, @QueryParam("sort") @DefaultValue("id") String sort, @QueryParam("order") @DefaultValue("asc") String order, @QueryParam("filter") @DefaultValue("ALL") String filter, @Context HttpServletResponse response) {
EntityStateFilter entityStateFilter = EntityStateFilter.valueOf(filter);
List<String> filteredIds = projectService.getIdsByStateFilter(entityStateFilter);
Searcher.IdFilter accessibleIdFilter = AccessibleIdFilterBuilder.newBuilder().aclService(subjectAclService).resources(Lists.newArrayList("/draft/project")).ids(filteredIds).build();
if (limit == null)
limit = MAX_LIMIT;
if (limit < 0)
throw new IllegalArgumentException("limit cannot be negative");
DocumentService.Documents<Project> projectDocuments = draftProjectService.find(from, limit, sort, order, null, query, null, null, accessibleIdFilter);
long totalCount = projectDocuments.getTotal();
List<Mica.ProjectDto> result = projectDocuments.getList().stream().map(n -> dtos.asDto(n, true)).collect(toList());
Mica.ProjectsDto.Builder builder = Mica.ProjectsDto.newBuilder();
builder.setFrom(from).setLimit(limit).setTotal(Long.valueOf(totalCount).intValue());
builder.addAllProjects(result);
if (subjectAclService.isPermitted("/draft/project", "ADD")) {
builder.addActions("ADD");
}
return builder.build();
}
use of org.obiba.mica.security.service.SubjectAclService in project mica2 by obiba.
the class DraftHarmonizedDatasetsResource method list.
/**
* Get all {@link HarmonizationDataset}, optionally filtered by study.
*
* @param studyId can be null, in which case all datasets are returned
* @return
*/
@GET
@Path("/harmonized-datasets")
@Timed
public List<Mica.DatasetDto> list(@QueryParam("study") String studyId, @QueryParam("query") String query, @QueryParam("from") @DefaultValue("0") Integer from, @QueryParam("limit") Integer limit, @QueryParam("sort") @DefaultValue("id") String sort, @QueryParam("order") @DefaultValue("asc") String order, @QueryParam("filter") @DefaultValue("ALL") String filter, @Context HttpServletResponse response) {
long totalCount;
EntityStateFilter entityStateFilter = EntityStateFilter.valueOf(filter);
List<String> filteredIds = datasetService.getIdsByStateFilter(entityStateFilter);
Searcher.IdFilter accessibleIdFilter = AccessibleIdFilterBuilder.newBuilder().aclService(subjectAclService).resources(Lists.newArrayList("/draft/harmonized-dataset")).ids(filteredIds).build();
if (limit == null)
limit = MAX_LIMIT;
if (limit < 0)
throw new IllegalArgumentException("limit cannot be negative");
DocumentService.Documents<HarmonizationDataset> datasets = draftDatasetService.find(from, limit, sort, order, studyId, query, null, null, accessibleIdFilter);
totalCount = datasets.getTotal();
response.addHeader("X-Total-Count", Long.toString(totalCount));
return datasets.getList().stream().map(dataset -> dtos.asDto(dataset, true)).collect(toList());
}
Aggregations