Search in sources :

Example 1 with RepositoryEntrySecurity

use of org.olat.repository.model.RepositoryEntrySecurity in project OpenOLAT by OpenOLAT.

the class MergedCourseContainer method init.

protected void init(PersistingCourseImpl persistingCourse) {
    super.init();
    RepositoryEntry courseRe = persistingCourse.getCourseEnvironment().getCourseGroupManager().getCourseEntry();
    courseReadOnly = !overrideReadOnly && (courseRe.getRepositoryEntryStatus().isClosed() || courseRe.getRepositoryEntryStatus().isUnpublished());
    if (courseReadOnly) {
        setLocalSecurityCallback(new ReadOnlyCallback());
    }
    if (identityEnv == null || identityEnv.getRoles().isOLATAdmin()) {
        VFSContainer courseContainer = persistingCourse.getIsolatedCourseFolder();
        if (courseReadOnly) {
            courseContainer.setLocalSecurityCallback(new ReadOnlyCallback());
        }
        addContainersChildren(courseContainer, true);
    } else {
        RepositoryEntry re = persistingCourse.getCourseEnvironment().getCourseGroupManager().getCourseEntry();
        RepositoryEntrySecurity reSecurity = RepositoryManager.getInstance().isAllowed(identityEnv.getIdentity(), identityEnv.getRoles(), re);
        if (reSecurity.isEntryAdmin()) {
            VFSContainer courseContainer = persistingCourse.getIsolatedCourseFolder();
            if (courseReadOnly) {
                courseContainer.setLocalSecurityCallback(new ReadOnlyCallback());
            }
            addContainersChildren(courseContainer, true);
        }
    }
    initSharedFolder(persistingCourse);
    // add all course building blocks of type BC to a virtual folder
    MergeSource nodesContainer = new MergeSource(null, "_courseelementdata");
    if (identityEnv == null) {
        CourseNode rootNode = persistingCourse.getRunStructure().getRootNode();
        addFoldersForAdmin(persistingCourse, nodesContainer, rootNode);
    } else {
        TreeEvaluation treeEval = new TreeEvaluation();
        GenericTreeModel treeModel = new GenericTreeModel();
        UserCourseEnvironment userCourseEnv = new UserCourseEnvironmentImpl(identityEnv, persistingCourse.getCourseEnvironment());
        CourseNode rootCn = userCourseEnv.getCourseEnvironment().getRunStructure().getRootNode();
        NodeEvaluation rootNodeEval = rootCn.eval(userCourseEnv.getConditionInterpreter(), treeEval, new VisibleTreeFilter());
        TreeNode treeRoot = rootNodeEval.getTreeNode();
        treeModel.setRootNode(treeRoot);
        addFolders(persistingCourse, nodesContainer, treeRoot);
    }
    if (nodesContainer.getItems().size() > 0) {
        addContainer(nodesContainer);
    }
}
Also used : ReadOnlyCallback(org.olat.core.util.vfs.callbacks.ReadOnlyCallback) UserCourseEnvironment(org.olat.course.run.userview.UserCourseEnvironment) VisibleTreeFilter(org.olat.course.run.userview.VisibleTreeFilter) VFSContainer(org.olat.core.util.vfs.VFSContainer) RepositoryEntry(org.olat.repository.RepositoryEntry) MergeSource(org.olat.core.util.vfs.MergeSource) UserCourseEnvironmentImpl(org.olat.course.run.userview.UserCourseEnvironmentImpl) RepositoryEntrySecurity(org.olat.repository.model.RepositoryEntrySecurity) TreeNode(org.olat.core.gui.components.tree.TreeNode) TreeEvaluation(org.olat.course.run.userview.TreeEvaluation) GenericTreeModel(org.olat.core.gui.components.tree.GenericTreeModel) PFCourseNode(org.olat.course.nodes.PFCourseNode) CourseNode(org.olat.course.nodes.CourseNode) BCCourseNode(org.olat.course.nodes.BCCourseNode) NodeEvaluation(org.olat.course.run.userview.NodeEvaluation)

Example 2 with RepositoryEntrySecurity

use of org.olat.repository.model.RepositoryEntrySecurity in project OpenOLAT by OpenOLAT.

the class CertificatesManagerImpl method getCertificatesForNotifications.

@Override
public List<Certificate> getCertificatesForNotifications(Identity identity, RepositoryEntry entry, Date lastNews) {
    Roles roles = securityManager.getRoles(identity);
    RepositoryEntrySecurity security = repositoryManager.isAllowed(identity, roles, entry);
    if (!security.isEntryAdmin() && !security.isCourseCoach() && !security.isGroupCoach() && !security.isCourseParticipant() && !security.isGroupParticipant()) {
        return Collections.emptyList();
    }
    StringBuilder sb = new StringBuilder();
    sb.append("select cer from certificate cer").append(" inner join fetch cer.identity ident").append(" where cer.olatResource.key=:resourceKey and cer.last=true ");
    // must be some kind of restrictions
    boolean securityCheck = false;
    List<Long> baseGroupKeys = null;
    if (!security.isEntryAdmin()) {
        sb.append(" and (");
        boolean or = false;
        if (security.isCourseCoach()) {
            or = or(sb, or);
            sb.append(" exists (select membership.identity.key from repoentrytogroup as rel, bgroup as reBaseGroup, bgroupmember membership ").append("   where ident.key=membership.identity.key and rel.entry.key=:repoKey and rel.group=reBaseGroup and membership.group=reBaseGroup and membership.role='").append(GroupRole.participant).append("'").append(" )");
            securityCheck = true;
        }
        if (security.isGroupCoach()) {
            SearchBusinessGroupParams params = new SearchBusinessGroupParams(identity, true, false);
            List<BusinessGroup> groups = businessGroupService.findBusinessGroups(params, entry, 0, -1);
            if (groups.size() > 0) {
                or = or(sb, or);
                sb.append(" exists (select membership.identity.key from bgroupmember membership ").append("   where ident.key=membership.identity.key and membership.group.key in (:groups) and membership.role='").append(GroupRole.participant).append("'").append(" )");
                baseGroupKeys = new ArrayList<>(groups.size());
                for (BusinessGroup group : groups) {
                    baseGroupKeys.add(group.getBaseGroup().getKey());
                }
                securityCheck = true;
            }
        }
        if (security.isCourseParticipant() || security.isGroupParticipant()) {
            or = or(sb, or);
            sb.append(" ident.key=:identityKey");
            securityCheck = true;
        }
        sb.append(")");
    } else {
        securityCheck = true;
    }
    if (!securityCheck) {
        return Collections.emptyList();
    }
    sb.append(" order by cer.creationDate");
    TypedQuery<Certificate> certificates = dbInstance.getCurrentEntityManager().createQuery(sb.toString(), Certificate.class).setParameter("resourceKey", entry.getOlatResource().getKey());
    if (!security.isEntryAdmin()) {
        if (security.isCourseCoach()) {
            certificates.setParameter("repoKey", entry.getKey());
        }
        if (security.isCourseParticipant() || security.isGroupParticipant()) {
            certificates.setParameter("identityKey", identity.getKey());
        }
    }
    if (baseGroupKeys != null && !baseGroupKeys.isEmpty()) {
        certificates.setParameter("groups", baseGroupKeys);
    }
    return certificates.getResultList();
}
Also used : BusinessGroup(org.olat.group.BusinessGroup) RepositoryEntrySecurity(org.olat.repository.model.RepositoryEntrySecurity) Roles(org.olat.core.id.Roles) SearchBusinessGroupParams(org.olat.group.model.SearchBusinessGroupParams) Certificate(org.olat.course.certificate.Certificate)

Example 3 with RepositoryEntrySecurity

use of org.olat.repository.model.RepositoryEntrySecurity in project OpenOLAT by OpenOLAT.

the class CourseSite method createController.

@Override
protected MainLayoutController createController(UserRequest ureq, WindowControl wControl, SiteConfiguration config) {
    RepositoryManager rm = RepositoryManager.getInstance();
    RepositoryService rs = CoreSpringFactory.getImpl(RepositoryService.class);
    RepositoryEntry entry = rm.lookupRepositoryEntryBySoftkey(repositorySoftKey, false);
    if (entry == null) {
        return getAlternativeController(ureq, wControl, config);
    }
    MainLayoutController c;
    ICourse course = CourseFactory.loadCourse(entry);
    UserSession usess = ureq.getUserSession();
    // course-launch-state depending course-settings
    RepositoryEntrySecurity reSecurity = rm.isAllowed(ureq, entry);
    boolean isAllowedToLaunch = reSecurity.canLaunch();
    boolean hasAccess = false;
    if (isAllowedToLaunch) {
        // either check with securityCallback or use access-settings from course-nodes
        if (siteSecCallback != null) {
            hasAccess = siteSecCallback.isAllowedToLaunchSite(ureq);
        } else if (usess.isInAssessmentModeProcess() && !usess.matchLockResource(course)) {
            hasAccess = false;
        } else {
            // check within course: accessibility of course root node
            CourseNode rootNode = course.getRunStructure().getRootNode();
            UserCourseEnvironmentImpl uce = new UserCourseEnvironmentImpl(ureq.getUserSession().getIdentityEnvironment(), course.getCourseEnvironment());
            NodeEvaluation nodeEval = rootNode.eval(uce.getConditionInterpreter(), new TreeEvaluation(), new VisibleTreeFilter());
            boolean mayAccessWholeTreeUp = NavigationHandler.mayAccessWholeTreeUp(nodeEval);
            hasAccess = mayAccessWholeTreeUp && nodeEval.isVisible();
        }
    }
    // load course (admins always see content) or alternative controller if course is not launchable
    if (hasAccess || usess.getRoles().isOLATAdmin()) {
        rs.incrementLaunchCounter(entry);
        // build up the context path for linked course
        WindowControl bwControl = BusinessControlFactory.getInstance().createBusinessWindowControl(ureq, entry, new StateSite(this), wControl, true);
        CourseRuntimeController runCtr = new CourseRuntimeController(ureq, bwControl, entry, reSecurity, new RuntimeControllerCreator() {

            @Override
            public Controller create(UserRequest uureq, WindowControl wwControl, TooledStackedPanel toolbarPanel, RepositoryEntry re, RepositoryEntrySecurity security, AssessmentMode assessmentMode) {
                return new RunMainController(uureq, wwControl, toolbarPanel, CourseFactory.loadCourse(re), re, security, assessmentMode);
            }
        }, false, true);
        // Configure run controller
        // a: don't show close link, is opened as site not tab
        runCtr.setCourseCloseEnabled(false);
        // b: don't show toolbar
        if (!showToolController) {
            runCtr.setToolControllerEnabled(false);
        }
        c = runCtr;
    } else {
        // access restricted (not in group / author) -> show controller
        // defined in olat_extensions (type autoCreator)
        c = getAlternativeController(ureq, wControl, config);
    }
    return c;
}
Also used : TooledStackedPanel(org.olat.core.gui.components.stack.TooledStackedPanel) AssessmentMode(org.olat.course.assessment.AssessmentMode) StateSite(org.olat.core.id.context.StateSite) VisibleTreeFilter(org.olat.course.run.userview.VisibleTreeFilter) RunMainController(org.olat.course.run.RunMainController) ICourse(org.olat.course.ICourse) RepositoryEntry(org.olat.repository.RepositoryEntry) WindowControl(org.olat.core.gui.control.WindowControl) MainLayoutController(org.olat.core.gui.control.generic.layout.MainLayoutController) RunMainController(org.olat.course.run.RunMainController) CourseRuntimeController(org.olat.course.run.CourseRuntimeController) Controller(org.olat.core.gui.control.Controller) RuntimeControllerCreator(org.olat.repository.ui.RepositoryEntryRuntimeController.RuntimeControllerCreator) UserCourseEnvironmentImpl(org.olat.course.run.userview.UserCourseEnvironmentImpl) RepositoryEntrySecurity(org.olat.repository.model.RepositoryEntrySecurity) CourseRuntimeController(org.olat.course.run.CourseRuntimeController) UserSession(org.olat.core.util.UserSession) TreeEvaluation(org.olat.course.run.userview.TreeEvaluation) MainLayoutController(org.olat.core.gui.control.generic.layout.MainLayoutController) RepositoryManager(org.olat.repository.RepositoryManager) CourseNode(org.olat.course.nodes.CourseNode) NodeEvaluation(org.olat.course.run.userview.NodeEvaluation) UserRequest(org.olat.core.gui.UserRequest) RepositoryService(org.olat.repository.RepositoryService)

Example 4 with RepositoryEntrySecurity

use of org.olat.repository.model.RepositoryEntrySecurity in project OpenOLAT by OpenOLAT.

the class CourseSiteContextEntryControllerCreator method createLaunchController.

/**
 * Create a launch controller used to launch the given repo entry.
 * @param re
 * @param initialViewIdentifier if null the default view will be started, otherwise a controllerfactory type dependant view will be activated (subscription subtype)
 * @param ureq
 * @param wControl
 * @return null if no entry was found, a no access message controller if not allowed to launch or the launch
 * controller if successful.
 */
private Controller createLaunchController(RepositoryEntry re, UserRequest ureq, WindowControl wControl) {
    if (re == null) {
        return messageController(ureq, wControl, "repositoryentry.not.existing");
    }
    UserSession usess = ureq.getUserSession();
    if (re.getAccess() == RepositoryEntry.DELETED) {
        Roles roles = usess.getRoles();
        if (!roles.isInstitutionalResourceManager() && !roles.isOLATAdmin()) {
            return messageController(ureq, wControl, "repositoryentry.deleted");
        }
    }
    if (usess.isInAssessmentModeProcess() && !usess.matchLockResource(re.getOlatResource())) {
        return null;
    }
    RepositoryManager rm = RepositoryManager.getInstance();
    RepositoryEntrySecurity reSecurity = rm.isAllowed(ureq, re);
    if (!reSecurity.canLaunch()) {
        return messageController(ureq, wControl, "launch.noaccess");
    }
    RepositoryService rs = CoreSpringFactory.getImpl(RepositoryService.class);
    rs.incrementLaunchCounter(re);
    RepositoryHandler handler = RepositoryHandlerFactory.getInstance().getRepositoryHandler(re);
    WindowControl bwControl;
    OLATResourceable businessOres = re;
    ContextEntry ce = BusinessControlFactory.getInstance().createContextEntry(businessOres);
    if (ce.equals(wControl.getBusinessControl().getCurrentContextEntry())) {
        bwControl = wControl;
    } else {
        bwControl = BusinessControlFactory.getInstance().createBusinessWindowControl(ce, wControl);
    }
    MainLayoutController ctrl = handler.createLaunchController(re, reSecurity, ureq, bwControl);
    if (ctrl == null) {
        throw new AssertException("could not create controller for repositoryEntry " + re);
    }
    return ctrl;
}
Also used : AssertException(org.olat.core.logging.AssertException) OLATResourceable(org.olat.core.id.OLATResourceable) RepositoryEntrySecurity(org.olat.repository.model.RepositoryEntrySecurity) UserSession(org.olat.core.util.UserSession) MainLayoutController(org.olat.core.gui.control.generic.layout.MainLayoutController) Roles(org.olat.core.id.Roles) RepositoryManager(org.olat.repository.RepositoryManager) RepositoryHandler(org.olat.repository.handlers.RepositoryHandler) WindowControl(org.olat.core.gui.control.WindowControl) ContextEntry(org.olat.core.id.context.ContextEntry) RepositoryService(org.olat.repository.RepositoryService)

Example 5 with RepositoryEntrySecurity

use of org.olat.repository.model.RepositoryEntrySecurity in project OpenOLAT by OpenOLAT.

the class CourseOptionsController method doSelectSharedFolder.

private void doSelectSharedFolder(UserRequest ureq, RepositoryEntry repoEntry) {
    folderNameEl.setValue(StringHelper.escapeHtml(repoEntry.getDisplayname()));
    folderNameEl.setUserObject(repoEntry);
    removeFolderCommand.setVisible(true);
    RepositoryEntrySecurity reSecurity = repositoryService.isAllowed(ureq, repoEntry);
    folderReadOnlyEl.setVisible(true);
    folderReadOnlyEl.setEnabled(reSecurity.isEntryAdmin());
    folderReadOnlyEl.select(onKeys[0], true);
    sharedFolderCont.setDirty(true);
}
Also used : RepositoryEntrySecurity(org.olat.repository.model.RepositoryEntrySecurity)

Aggregations

RepositoryEntrySecurity (org.olat.repository.model.RepositoryEntrySecurity)22 RepositoryEntry (org.olat.repository.RepositoryEntry)16 WindowControl (org.olat.core.gui.control.WindowControl)14 MainLayoutController (org.olat.core.gui.control.generic.layout.MainLayoutController)12 UserRequest (org.olat.core.gui.UserRequest)10 TooledStackedPanel (org.olat.core.gui.components.stack.TooledStackedPanel)10 Controller (org.olat.core.gui.control.Controller)10 AssessmentMode (org.olat.course.assessment.AssessmentMode)10 RuntimeControllerCreator (org.olat.repository.ui.RepositoryEntryRuntimeController.RuntimeControllerCreator)10 StepsMainRunController (org.olat.core.gui.control.generic.wizard.StepsMainRunController)8 SubscriptionContext (org.olat.core.commons.services.notifications.SubscriptionContext)6 Roles (org.olat.core.id.Roles)6 ContextEntry (org.olat.core.id.context.ContextEntry)6 RepositoryManager (org.olat.repository.RepositoryManager)6 RepositoryService (org.olat.repository.RepositoryService)6 LayoutMain3ColsController (org.olat.core.commons.fullWebApp.LayoutMain3ColsController)4 OLATResourceable (org.olat.core.id.OLATResourceable)4 UserSession (org.olat.core.util.UserSession)4 VFSContainer (org.olat.core.util.vfs.VFSContainer)4 ReadOnlyCallback (org.olat.core.util.vfs.callbacks.ReadOnlyCallback)4