use of org.olat.repository.model.RepositoryEntrySecurity in project OpenOLAT by OpenOLAT.
the class MergedCourseContainer method init.
protected void init(PersistingCourseImpl persistingCourse) {
super.init();
RepositoryEntry courseRe = persistingCourse.getCourseEnvironment().getCourseGroupManager().getCourseEntry();
courseReadOnly = !overrideReadOnly && (courseRe.getRepositoryEntryStatus().isClosed() || courseRe.getRepositoryEntryStatus().isUnpublished());
if (courseReadOnly) {
setLocalSecurityCallback(new ReadOnlyCallback());
}
if (identityEnv == null || identityEnv.getRoles().isOLATAdmin()) {
VFSContainer courseContainer = persistingCourse.getIsolatedCourseFolder();
if (courseReadOnly) {
courseContainer.setLocalSecurityCallback(new ReadOnlyCallback());
}
addContainersChildren(courseContainer, true);
} else {
RepositoryEntry re = persistingCourse.getCourseEnvironment().getCourseGroupManager().getCourseEntry();
RepositoryEntrySecurity reSecurity = RepositoryManager.getInstance().isAllowed(identityEnv.getIdentity(), identityEnv.getRoles(), re);
if (reSecurity.isEntryAdmin()) {
VFSContainer courseContainer = persistingCourse.getIsolatedCourseFolder();
if (courseReadOnly) {
courseContainer.setLocalSecurityCallback(new ReadOnlyCallback());
}
addContainersChildren(courseContainer, true);
}
}
initSharedFolder(persistingCourse);
// add all course building blocks of type BC to a virtual folder
MergeSource nodesContainer = new MergeSource(null, "_courseelementdata");
if (identityEnv == null) {
CourseNode rootNode = persistingCourse.getRunStructure().getRootNode();
addFoldersForAdmin(persistingCourse, nodesContainer, rootNode);
} else {
TreeEvaluation treeEval = new TreeEvaluation();
GenericTreeModel treeModel = new GenericTreeModel();
UserCourseEnvironment userCourseEnv = new UserCourseEnvironmentImpl(identityEnv, persistingCourse.getCourseEnvironment());
CourseNode rootCn = userCourseEnv.getCourseEnvironment().getRunStructure().getRootNode();
NodeEvaluation rootNodeEval = rootCn.eval(userCourseEnv.getConditionInterpreter(), treeEval, new VisibleTreeFilter());
TreeNode treeRoot = rootNodeEval.getTreeNode();
treeModel.setRootNode(treeRoot);
addFolders(persistingCourse, nodesContainer, treeRoot);
}
if (nodesContainer.getItems().size() > 0) {
addContainer(nodesContainer);
}
}
use of org.olat.repository.model.RepositoryEntrySecurity in project OpenOLAT by OpenOLAT.
the class CertificatesManagerImpl method getCertificatesForNotifications.
@Override
public List<Certificate> getCertificatesForNotifications(Identity identity, RepositoryEntry entry, Date lastNews) {
Roles roles = securityManager.getRoles(identity);
RepositoryEntrySecurity security = repositoryManager.isAllowed(identity, roles, entry);
if (!security.isEntryAdmin() && !security.isCourseCoach() && !security.isGroupCoach() && !security.isCourseParticipant() && !security.isGroupParticipant()) {
return Collections.emptyList();
}
StringBuilder sb = new StringBuilder();
sb.append("select cer from certificate cer").append(" inner join fetch cer.identity ident").append(" where cer.olatResource.key=:resourceKey and cer.last=true ");
// must be some kind of restrictions
boolean securityCheck = false;
List<Long> baseGroupKeys = null;
if (!security.isEntryAdmin()) {
sb.append(" and (");
boolean or = false;
if (security.isCourseCoach()) {
or = or(sb, or);
sb.append(" exists (select membership.identity.key from repoentrytogroup as rel, bgroup as reBaseGroup, bgroupmember membership ").append(" where ident.key=membership.identity.key and rel.entry.key=:repoKey and rel.group=reBaseGroup and membership.group=reBaseGroup and membership.role='").append(GroupRole.participant).append("'").append(" )");
securityCheck = true;
}
if (security.isGroupCoach()) {
SearchBusinessGroupParams params = new SearchBusinessGroupParams(identity, true, false);
List<BusinessGroup> groups = businessGroupService.findBusinessGroups(params, entry, 0, -1);
if (groups.size() > 0) {
or = or(sb, or);
sb.append(" exists (select membership.identity.key from bgroupmember membership ").append(" where ident.key=membership.identity.key and membership.group.key in (:groups) and membership.role='").append(GroupRole.participant).append("'").append(" )");
baseGroupKeys = new ArrayList<>(groups.size());
for (BusinessGroup group : groups) {
baseGroupKeys.add(group.getBaseGroup().getKey());
}
securityCheck = true;
}
}
if (security.isCourseParticipant() || security.isGroupParticipant()) {
or = or(sb, or);
sb.append(" ident.key=:identityKey");
securityCheck = true;
}
sb.append(")");
} else {
securityCheck = true;
}
if (!securityCheck) {
return Collections.emptyList();
}
sb.append(" order by cer.creationDate");
TypedQuery<Certificate> certificates = dbInstance.getCurrentEntityManager().createQuery(sb.toString(), Certificate.class).setParameter("resourceKey", entry.getOlatResource().getKey());
if (!security.isEntryAdmin()) {
if (security.isCourseCoach()) {
certificates.setParameter("repoKey", entry.getKey());
}
if (security.isCourseParticipant() || security.isGroupParticipant()) {
certificates.setParameter("identityKey", identity.getKey());
}
}
if (baseGroupKeys != null && !baseGroupKeys.isEmpty()) {
certificates.setParameter("groups", baseGroupKeys);
}
return certificates.getResultList();
}
use of org.olat.repository.model.RepositoryEntrySecurity in project OpenOLAT by OpenOLAT.
the class CourseSite method createController.
@Override
protected MainLayoutController createController(UserRequest ureq, WindowControl wControl, SiteConfiguration config) {
RepositoryManager rm = RepositoryManager.getInstance();
RepositoryService rs = CoreSpringFactory.getImpl(RepositoryService.class);
RepositoryEntry entry = rm.lookupRepositoryEntryBySoftkey(repositorySoftKey, false);
if (entry == null) {
return getAlternativeController(ureq, wControl, config);
}
MainLayoutController c;
ICourse course = CourseFactory.loadCourse(entry);
UserSession usess = ureq.getUserSession();
// course-launch-state depending course-settings
RepositoryEntrySecurity reSecurity = rm.isAllowed(ureq, entry);
boolean isAllowedToLaunch = reSecurity.canLaunch();
boolean hasAccess = false;
if (isAllowedToLaunch) {
// either check with securityCallback or use access-settings from course-nodes
if (siteSecCallback != null) {
hasAccess = siteSecCallback.isAllowedToLaunchSite(ureq);
} else if (usess.isInAssessmentModeProcess() && !usess.matchLockResource(course)) {
hasAccess = false;
} else {
// check within course: accessibility of course root node
CourseNode rootNode = course.getRunStructure().getRootNode();
UserCourseEnvironmentImpl uce = new UserCourseEnvironmentImpl(ureq.getUserSession().getIdentityEnvironment(), course.getCourseEnvironment());
NodeEvaluation nodeEval = rootNode.eval(uce.getConditionInterpreter(), new TreeEvaluation(), new VisibleTreeFilter());
boolean mayAccessWholeTreeUp = NavigationHandler.mayAccessWholeTreeUp(nodeEval);
hasAccess = mayAccessWholeTreeUp && nodeEval.isVisible();
}
}
// load course (admins always see content) or alternative controller if course is not launchable
if (hasAccess || usess.getRoles().isOLATAdmin()) {
rs.incrementLaunchCounter(entry);
// build up the context path for linked course
WindowControl bwControl = BusinessControlFactory.getInstance().createBusinessWindowControl(ureq, entry, new StateSite(this), wControl, true);
CourseRuntimeController runCtr = new CourseRuntimeController(ureq, bwControl, entry, reSecurity, new RuntimeControllerCreator() {
@Override
public Controller create(UserRequest uureq, WindowControl wwControl, TooledStackedPanel toolbarPanel, RepositoryEntry re, RepositoryEntrySecurity security, AssessmentMode assessmentMode) {
return new RunMainController(uureq, wwControl, toolbarPanel, CourseFactory.loadCourse(re), re, security, assessmentMode);
}
}, false, true);
// Configure run controller
// a: don't show close link, is opened as site not tab
runCtr.setCourseCloseEnabled(false);
// b: don't show toolbar
if (!showToolController) {
runCtr.setToolControllerEnabled(false);
}
c = runCtr;
} else {
// access restricted (not in group / author) -> show controller
// defined in olat_extensions (type autoCreator)
c = getAlternativeController(ureq, wControl, config);
}
return c;
}
use of org.olat.repository.model.RepositoryEntrySecurity in project OpenOLAT by OpenOLAT.
the class CourseSiteContextEntryControllerCreator method createLaunchController.
/**
* Create a launch controller used to launch the given repo entry.
* @param re
* @param initialViewIdentifier if null the default view will be started, otherwise a controllerfactory type dependant view will be activated (subscription subtype)
* @param ureq
* @param wControl
* @return null if no entry was found, a no access message controller if not allowed to launch or the launch
* controller if successful.
*/
private Controller createLaunchController(RepositoryEntry re, UserRequest ureq, WindowControl wControl) {
if (re == null) {
return messageController(ureq, wControl, "repositoryentry.not.existing");
}
UserSession usess = ureq.getUserSession();
if (re.getAccess() == RepositoryEntry.DELETED) {
Roles roles = usess.getRoles();
if (!roles.isInstitutionalResourceManager() && !roles.isOLATAdmin()) {
return messageController(ureq, wControl, "repositoryentry.deleted");
}
}
if (usess.isInAssessmentModeProcess() && !usess.matchLockResource(re.getOlatResource())) {
return null;
}
RepositoryManager rm = RepositoryManager.getInstance();
RepositoryEntrySecurity reSecurity = rm.isAllowed(ureq, re);
if (!reSecurity.canLaunch()) {
return messageController(ureq, wControl, "launch.noaccess");
}
RepositoryService rs = CoreSpringFactory.getImpl(RepositoryService.class);
rs.incrementLaunchCounter(re);
RepositoryHandler handler = RepositoryHandlerFactory.getInstance().getRepositoryHandler(re);
WindowControl bwControl;
OLATResourceable businessOres = re;
ContextEntry ce = BusinessControlFactory.getInstance().createContextEntry(businessOres);
if (ce.equals(wControl.getBusinessControl().getCurrentContextEntry())) {
bwControl = wControl;
} else {
bwControl = BusinessControlFactory.getInstance().createBusinessWindowControl(ce, wControl);
}
MainLayoutController ctrl = handler.createLaunchController(re, reSecurity, ureq, bwControl);
if (ctrl == null) {
throw new AssertException("could not create controller for repositoryEntry " + re);
}
return ctrl;
}
use of org.olat.repository.model.RepositoryEntrySecurity in project OpenOLAT by OpenOLAT.
the class CourseOptionsController method doSelectSharedFolder.
private void doSelectSharedFolder(UserRequest ureq, RepositoryEntry repoEntry) {
folderNameEl.setValue(StringHelper.escapeHtml(repoEntry.getDisplayname()));
folderNameEl.setUserObject(repoEntry);
removeFolderCommand.setVisible(true);
RepositoryEntrySecurity reSecurity = repositoryService.isAllowed(ureq, repoEntry);
folderReadOnlyEl.setVisible(true);
folderReadOnlyEl.setEnabled(reSecurity.isEntryAdmin());
folderReadOnlyEl.select(onKeys[0], true);
sharedFolderCont.setDirty(true);
}
Aggregations