Mercurial > hg > LGDataverses

comparison src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java @ 10:a50cf11e5178

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Rewrite LGDataverse completely upgrading to dataverse4.0
author Zoe Hong <zhong@mpiwg-berlin.mpg.de>
date Tue, 08 Sep 2015 17:00:21 +0200
parents
children
comparison
equal deleted inserted replaced
9:5926d6419569 10:a50cf11e5178
1 /*
2 * To change this license header, choose License Headers in Project Properties.
3 * To change this template file, choose Tools | Templates
4 * and open the template in the editor.
5 */
6 package edu.harvard.iq.dataverse;
7
8 import edu.harvard.iq.dataverse.authorization.AuthenticationServiceBean;
9 import edu.harvard.iq.dataverse.authorization.DataverseRole;
10 import edu.harvard.iq.dataverse.authorization.Permission;
11 import edu.harvard.iq.dataverse.authorization.RoleAssignee;
12 import edu.harvard.iq.dataverse.authorization.RoleAssigneeDisplayInfo;
13 import edu.harvard.iq.dataverse.authorization.groups.Group;
14 import edu.harvard.iq.dataverse.authorization.groups.GroupServiceBean;
15 import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
16 import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
17 import edu.harvard.iq.dataverse.engine.command.exception.PermissionException;
18 import edu.harvard.iq.dataverse.engine.command.impl.AssignRoleCommand;
19 import edu.harvard.iq.dataverse.engine.command.impl.RevokeRoleCommand;
20 import edu.harvard.iq.dataverse.util.JsfHelper;
21 import static edu.harvard.iq.dataverse.util.JsfHelper.JH;
22 import java.sql.Timestamp;
23 import java.util.ArrayList;
24 import java.util.Date;
25 import java.util.HashMap;
26 import java.util.List;
27 import java.util.Map;
28 import java.util.logging.Level;
29 import java.util.logging.Logger;
30 import javax.ejb.EJB;
31 import javax.faces.application.FacesMessage;
32 import javax.faces.event.ActionEvent;
33 import javax.faces.view.ViewScoped;
34 import javax.inject.Inject;
35 import javax.inject.Named;
36 import javax.persistence.EntityManager;
37 import javax.persistence.PersistenceContext;
38 import org.apache.commons.lang.StringUtils;
39
40 /**
41 *
42 * @author gdurand
43 */
44 @ViewScoped
45 @Named
46 public class ManageFilePermissionsPage implements java.io.Serializable {
47
48 private static final Logger logger = Logger.getLogger(ManageFilePermissionsPage.class.getCanonicalName());
49
50 @EJB
51 DatasetServiceBean datasetService;
52 @EJB
53 DataFileServiceBean datafileService;
54 @EJB
55 DataverseRoleServiceBean roleService;
56 @EJB
57 RoleAssigneeServiceBean roleAssigneeService;
58 @EJB
59 PermissionServiceBean permissionService;
60 @EJB
61 AuthenticationServiceBean authenticationService;
62 @EJB
63 GroupServiceBean groupService;
64 @EJB
65 UserNotificationServiceBean userNotificationService;
66 @EJB
67 EjbDataverseEngine commandEngine;
68
69 @PersistenceContext(unitName = "VDCNet-ejbPU")
70 EntityManager em;
71
72 @Inject
73 DataverseSession session;
74
75 Dataset dataset = new Dataset();
76 private Map<RoleAssignee,List<RoleAssignmentRow>> roleAssigneeMap = new HashMap();
77 private Map<DataFile,List<RoleAssignmentRow>> fileMap = new HashMap();
78 private Map<AuthenticatedUser,List<DataFile>> fileAccessRequestMap = new HashMap();
79
80 public Dataset getDataset() {
81 return dataset;
82 }
83
84 public void setDataset(Dataset dataset) {
85 this.dataset = dataset;
86 }
87
88 public Map<RoleAssignee, List<RoleAssignmentRow>> getRoleAssigneeMap() {
89 return roleAssigneeMap;
90 }
91
92 public Map<DataFile, List<RoleAssignmentRow>> getFileMap() {
93 return fileMap;
94 }
95
96 public Map<AuthenticatedUser, List<DataFile>> getFileAccessRequestMap() {
97 return fileAccessRequestMap;
98 }
99
100
101 public String init() {
102 if (dataset.getId() != null) {
103 dataset = datasetService.find(dataset.getId());
104 }
105
106 // check if dvObject exists and user has permission
107 if (dataset == null) {
108 return "/404.xhtml";
109 }
110
111 if (!permissionService.on(dataset).has(Permission.ManageDatasetPermissions)) {
112 return "/loginpage.xhtml" + DataverseHeaderFragment.getRedirectPage();
113 }
114
115 initMaps();
116
117 return "";
118 }
119
120 private void initMaps() {
121 // initialize files and usergroup list
122 roleAssigneeMap.clear();
123 fileMap.clear();
124 fileAccessRequestMap.clear();
125
126 for (DataFile file : dataset.getFiles()) {
127 // only include if the file is restricted (or it's draft version is restricted)
128 if (file.isRestricted() || file.getFileMetadata().isRestricted()) {
129 // we get the direct role assignments assigned to the file
130 List<RoleAssignment> ras = roleService.directRoleAssignments(file);
131 List raList = new ArrayList<>(ras.size());
132 for (RoleAssignment ra : ras) {
133 // for files, only show role assignments which can download
134 if (ra.getRole().permissions().contains(Permission.DownloadFile)) {
135 raList.add(new RoleAssignmentRow(ra, roleAssigneeService.getRoleAssignee(ra.getAssigneeIdentifier()).getDisplayInfo()));
136 addFileToRoleAssignee(ra);
137 }
138 }
139
140 fileMap.put(file, raList);
141
142 // populate the file access requests map
143 for (AuthenticatedUser au : file.getFileAccessRequesters()) {
144 List<DataFile> requestedFiles = fileAccessRequestMap.get(au);
145 if (requestedFiles == null) {
146 requestedFiles = new ArrayList();
147 fileAccessRequestMap.put(au, requestedFiles);
148 }
149
150 requestedFiles.add(file);
151
152 }
153 }
154 }
155
156 }
157
158 private void addFileToRoleAssignee(RoleAssignment assignment) {
159 RoleAssignee ra = roleAssigneeService.getRoleAssignee(assignment.getAssigneeIdentifier());
160 List<RoleAssignmentRow> assignments = roleAssigneeMap.get(ra);
161 if (assignments == null) {
162 assignments = new ArrayList();
163 roleAssigneeMap.put(ra, assignments);
164 }
165
166 assignments.add(new RoleAssignmentRow(assignment, ra.getDisplayInfo()));
167 }
168
169 /*
170 main page
171 */
172
173 public void removeRoleAssignments(List<RoleAssignmentRow> raRows) {
174 for (RoleAssignmentRow raRow : raRows) {
175 revokeRole(raRow.getId());
176 }
177
178 initMaps();
179 showUserGroupMessages();
180 }
181
182
183 /*
184 view / remove roles dialog
185 */
186 private DataFile selectedFile;
187 private RoleAssignee selectedRoleAssignee;
188 private List<RoleAssignmentRow> roleAssignments;
189 private List<RoleAssignmentRow> selectedRoleAssignmentRows;
190
191 public DataFile getSelectedFile() {
192 return selectedFile;
193 }
194
195 public void setSelectedFile(DataFile selectedFile) {
196 this.selectedFile = selectedFile;
197 }
198
199 public RoleAssignee getSelectedRoleAssignee() {
200 return selectedRoleAssignee;
201 }
202
203 public void setSelectedRoleAssignee(RoleAssignee selectedRoleAssignee) {
204 this.selectedRoleAssignee = selectedRoleAssignee;
205 }
206
207 public List<RoleAssignmentRow> getRoleAssignments() {
208 return roleAssignments;
209 }
210
211 public void setRoleAssignments(List<RoleAssignmentRow> roleAssignments) {
212 this.roleAssignments = roleAssignments;
213 }
214
215 public List<RoleAssignmentRow> getSelectedRoleAssignmentRows() {
216 return selectedRoleAssignmentRows;
217 }
218
219 public void setSelectedRoleAssignmentRows(List<RoleAssignmentRow> selectedRoleAssignmentRows) {
220 this.selectedRoleAssignmentRows = selectedRoleAssignmentRows;
221 }
222
223 public void initViewRemoveDialogByFile(DataFile file, List<RoleAssignmentRow> raRows) {
224 this.selectedFile = file;
225 this.selectedRoleAssignee = null;
226 this.roleAssignments = raRows;
227 showFileMessages();
228 }
229
230 public void initViewRemoveDialogByRoleAssignee(RoleAssignee ra, List<RoleAssignmentRow> raRows) {
231 this.selectedFile = null;
232 this.selectedRoleAssignee = ra;
233 this.roleAssignments = raRows;
234 showUserGroupMessages();
235 }
236
237 public void removeRoleAssignments() {
238 for (RoleAssignmentRow raRow : selectedRoleAssignmentRows) {
239 revokeRole(raRow.getId());
240 }
241
242 initMaps();
243 }
244
245 // internal method used by removeRoleAssignments
246 private void revokeRole(Long roleAssignmentId) {
247 try {
248 RoleAssignment ra = em.find(RoleAssignment.class, roleAssignmentId);
249 commandEngine.submit(new RevokeRoleCommand(ra, session.getUser()));
250 JsfHelper.addSuccessMessage(ra.getRole().getName() + " role for " + roleAssigneeService.getRoleAssignee(ra.getAssigneeIdentifier()).getDisplayInfo().getTitle() + " was removed.");
251 } catch (PermissionException ex) {
252 JH.addMessage(FacesMessage.SEVERITY_ERROR, "The role assignment was not able to be removed.", "Permissions " + ex.getRequiredPermissions().toString() + " missing.");
253 } catch (CommandException ex) {
254 JH.addMessage(FacesMessage.SEVERITY_FATAL, "The role assignment could not be removed.");
255 logger.log(Level.SEVERE, "Error removing role assignment: " + ex.getMessage(), ex);
256 }
257 }
258
259
260 /*
261 grant access dialog
262 */
263 private List<RoleAssignee> selectedRoleAssignees;
264 private List<DataFile> selectedFiles = new ArrayList();
265 private List<RoleAssignee> roleAssigneeList = new ArrayList();
266 private AuthenticatedUser fileRequester;
267
268 public List<RoleAssignee> getSelectedRoleAssignees() {
269 return selectedRoleAssignees;
270 }
271
272 public void setSelectedRoleAssignees(List<RoleAssignee> selectedRoleAssignees) {
273 this.selectedRoleAssignees = selectedRoleAssignees;
274 }
275
276 public List<DataFile> getSelectedFiles() {
277 return selectedFiles;
278 }
279
280 public void setSelectedFiles(List<DataFile> selectedFiles) {
281 this.selectedFiles = selectedFiles;
282 }
283
284 public AuthenticatedUser getFileRequester() {
285 return fileRequester;
286 }
287
288
289 public void initAssignDialog(ActionEvent ae) {
290 fileRequester = null;
291 selectedRoleAssignees = null;
292 selectedFiles.clear();
293 showUserGroupMessages();
294 }
295
296 public void initAssignDialogByFile(DataFile file) {
297 fileRequester = null;
298 selectedRoleAssignees = null;
299 selectedFiles.clear();
300 selectedFiles.add(file);
301 showFileMessages();
302 }
303 public void initAssignDialogForFileRequester(AuthenticatedUser au) {
304 fileRequester = au;
305 selectedRoleAssignees = null;
306 selectedFiles.clear();
307 selectedFiles.addAll(fileAccessRequestMap.get(au));
308 showUserGroupMessages();
309 }
310
311
312 public List<RoleAssignee> completeRoleAssignee(String query) {
313 if (roleAssigneeList.isEmpty()) {
314 for (AuthenticatedUser au : authenticationService.findAllAuthenticatedUsers()) {
315 roleAssigneeList.add(au);
316 }
317 for ( Group g : groupService.findGlobalGroups() ) {
318 roleAssigneeList.add( g );
319 }
320 }
321 List<RoleAssignee> returnList = new ArrayList();
322 for (RoleAssignee ra : roleAssigneeList) {
323 // @todo unsure if containsIgnore case will work for all locales
324 if (StringUtils.containsIgnoreCase(ra.getDisplayInfo().getTitle(), query) && (selectedRoleAssignees == null || !selectedRoleAssignees.contains(ra))) {
325 returnList.add(ra);
326 }
327 }
328 return returnList;
329 }
330
331 public void grantAccess(ActionEvent evt) {
332 // Find the built in file downloader role (currently by alias)
333 DataverseRole fileDownloaderRole = roleService.findBuiltinRoleByAlias(DataverseRole.FILE_DOWNLOADER);
334 for (RoleAssignee roleAssignee : selectedRoleAssignees) {
335 boolean sendNotification = false;
336 for (DataFile file : selectedFiles) {
337 if (assignRole(roleAssignee, file, fileDownloaderRole)) {
338 if (file.isReleased()) {
339 sendNotification = true;
340 }
341 // remove request, if it exist
342 if (file.getFileAccessRequesters().remove(roleAssignee)) {
343 datafileService.save(file);
344 }
345 }
346
347 }
348
349 if (sendNotification) {
350 for (AuthenticatedUser au : roleAssigneeService.getExplicitUsers(roleAssignee)) {
351 userNotificationService.sendNotification(au, new Timestamp(new Date().getTime()), UserNotification.Type.GRANTFILEACCESS, dataset.getId());
352 }
353 }
354 }
355
356 initMaps();
357 }
358
359 public void grantAccessToRequests(AuthenticatedUser au) {
360 grantAccessToRequests(au, selectedFiles);
361 }
362
363 public void grantAccessToAllRequests(AuthenticatedUser au) {
364 grantAccessToRequests(au, fileAccessRequestMap.get(au));
365 }
366
367 private void grantAccessToRequests(AuthenticatedUser au, List<DataFile> files) {
368 boolean actionPerformed = false;
369 // Find the built in file downloader role (currently by alias)
370 DataverseRole fileDownloaderRole = roleService.findBuiltinRoleByAlias(DataverseRole.FILE_DOWNLOADER);
371 for (DataFile file : files) {
372 if (assignRole(au, file, fileDownloaderRole)) {
373 file.getFileAccessRequesters().remove(au);
374 datafileService.save(file);
375 actionPerformed = true;
376 }
377 }
378 if (actionPerformed) {
379 JsfHelper.addSuccessMessage("File Access request by " + au.getDisplayInfo().getTitle() + " was granted.");
380 userNotificationService.sendNotification(au, new Timestamp(new Date().getTime()), UserNotification.Type.GRANTFILEACCESS, dataset.getId());
381 initMaps();
382 }
383
384 }
385
386 public void rejectAccessToRequests(AuthenticatedUser au) {
387 rejectAccessToRequests(au, selectedFiles);
388 }
389
390 public void rejectAccessToAllRequests(AuthenticatedUser au) {
391 rejectAccessToRequests(au, fileAccessRequestMap.get(au));
392 }
393
394 private void rejectAccessToRequests(AuthenticatedUser au, List<DataFile> files) {
395 boolean actionPerformed = false;
396 for (DataFile file : files) {
397 file.getFileAccessRequesters().remove(au);
398 datafileService.save(file);
399 actionPerformed = true;
400 }
401
402
403 if (actionPerformed) {
404 JsfHelper.addSuccessMessage("File Access request by " + au.getDisplayInfo().getTitle() + " was rejected.");
405 userNotificationService.sendNotification(au, new Timestamp(new Date().getTime()), UserNotification.Type.REJECTFILEACCESS, dataset.getId());
406 initMaps();
407 }
408 }
409
410 private boolean assignRole(RoleAssignee ra, DataFile file, DataverseRole r) {
411 try {
412 commandEngine.submit(new AssignRoleCommand(ra, r, file, session.getUser()));
413 JsfHelper.addSuccessMessage(r.getName() + " role assigned to " + ra.getDisplayInfo().getTitle() + " for " + file.getDisplayName() + ".");
414 } catch (PermissionException ex) {
415 JH.addMessage(FacesMessage.SEVERITY_ERROR, "The role was not able to be assigned.", "Permissions " + ex.getRequiredPermissions().toString() + " missing.");
416 return false;
417 } catch (CommandException ex) {
418 JH.addMessage(FacesMessage.SEVERITY_FATAL, "The role was not able to be assigned.");
419 logger.log(Level.SEVERE, "Error assiging role: " + ex.getMessage(), ex);
420 return false;
421 }
422
423 return true;
424 }
425
426
427 boolean renderUserGroupMessages = false;
428 boolean renderFileMessages = false;
429
430 public void showUserGroupMessages() {
431 renderUserGroupMessages = true;
432 renderFileMessages = false;
433 }
434
435 private void showFileMessages() {
436 renderUserGroupMessages = false;
437 renderFileMessages = true;
438 }
439
440 public boolean isRenderUserGroupMessages() {
441 return renderUserGroupMessages;
442 }
443
444 public void setRenderUserGroupMessages(boolean renderUserGroupMessages) {
445 this.renderUserGroupMessages = renderUserGroupMessages;
446 }
447
448 public boolean isRenderFileMessages() {
449 return renderFileMessages;
450 }
451
452 public void setRenderFileMessages(boolean renderFileMessages) {
453 this.renderFileMessages = renderFileMessages;
454 }
455
456
457
458
459
460 // inner class used fordisplay of role assignments
461 public static class RoleAssignmentRow {
462
463 private final RoleAssigneeDisplayInfo assigneeDisplayInfo;
464 private final RoleAssignment ra;
465
466 public RoleAssignmentRow(RoleAssignment anRa, RoleAssigneeDisplayInfo disInf) {
467 this.ra = anRa;
468 this.assigneeDisplayInfo = disInf;
469 }
470
471
472 public RoleAssigneeDisplayInfo getAssigneeDisplayInfo() {
473 return assigneeDisplayInfo;
474 }
475
476 public DvObject getDefinitionPoint() {
477 return ra.getDefinitionPoint();
478 }
479
480
481 public Long getId() {
482 return ra.getId();
483 }
484
485 }
486 }