ca.usask.gmcte.currimap.action.PermissionsManager.java Source code

Java tutorial

Introduction

Here is the source code for ca.usask.gmcte.currimap.action.PermissionsManager.java

Source

/*****************************************************************************
 * Copyright 2012, 2013 University of Saskatchewan
 *
 * This file is part of the Curriculum Alignment Tool (CAT).
 *
 * CAT is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 *(at your option) any later version.
 *
 * CAT is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public License
 * along with CAT.  If not, see <http://www.gnu.org/licenses/>.
 *
 ****************************************************************************/

package ca.usask.gmcte.currimap.action;

import java.util.Calendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.ResourceBundle;
import java.util.Set;
import java.util.TreeMap;

import org.apache.log4j.Logger;
import org.hibernate.Session;

import ca.usask.gmcte.currimap.model.Course;
import ca.usask.gmcte.currimap.model.CourseOffering;
import ca.usask.gmcte.currimap.model.Instructor;
import ca.usask.gmcte.currimap.model.LinkCourseOfferingInstructor;
import ca.usask.gmcte.currimap.model.Organization;
import ca.usask.gmcte.currimap.model.OrganizationAdmin;
import ca.usask.gmcte.currimap.model.SystemAdmin;
import ca.usask.gmcte.util.HibernateUtil;
import ca.usask.ocd.ldap.LdapConnection;

public class PermissionsManager {
    private static PermissionsManager instance;
    private static Logger logger = Logger.getLogger(PermissionsManager.class);

    public static boolean ldapEnabled = setLdap();
    private static String ldapBoolean;

    public static boolean setLdap() {
        if (ldapBoolean != null)
            return ldapBoolean.equals("Y");
        ResourceBundle bundle = ResourceBundle.getBundle("currimap");
        ldapBoolean = bundle.getString("ldap.enabled");
        return ldapBoolean.equals("Y");
    }

    public boolean saveOrganizationPermission(int organizationId, String type, String name, String first,
            String last) {
        Session session = HibernateUtil.getSessionFactory().getCurrentSession();
        session.beginTransaction();
        try {

            OrganizationAdmin p = getOrganizationAdminByNameAndType(name, type, organizationId, session);
            boolean existed = true;
            if (p == null) {
                p = new OrganizationAdmin();
                Organization Organization = (Organization) session.get(Organization.class, organizationId);
                p.setOrganization(Organization);
                p.setName(name);
                p.setType(type);
                existed = false;
                if (type.equals("Userid"))
                    p.setTypeDisplay("Persons");
                else
                    p.setTypeDisplay("Organizations");

            }
            p.setLastName(last);
            p.setFirstName(first);
            if (existed)
                session.merge(p);
            else
                session.save(p);
            session.getTransaction().commit();
            return true;
        } catch (Exception e) {
            HibernateUtil.logException(logger, e);
            try {
                session.getTransaction().rollback();
            } catch (Exception e2) {
                logger.error("Unable to roll back!", e2);
            }
            return false;
        }
    }

    public boolean saveSystemPermission(String type, String name, String createdUserid, String first, String last) {
        Session session = HibernateUtil.getSessionFactory().getCurrentSession();
        session.beginTransaction();
        try {

            SystemAdmin p = getSystemAdminByNameAndType(name, type, session);
            boolean existed = true;
            if (p == null) {
                p = new SystemAdmin();
                p.setName(name);
                p.setType(type);
                if (type.equals("Userid"))
                    p.setTypeDisplay("Persons");
                else
                    p.setTypeDisplay("Organizations");
                p.setCreatedUserid(createdUserid);
                p.setCreatedOn(Calendar.getInstance().getTime());

                existed = false;
            }
            p.setLastName(last);
            p.setFirstName(first);
            if (existed)
                session.merge(p);
            else
                session.save(p);

            session.getTransaction().commit();
            return true;
        } catch (Exception e) {
            HibernateUtil.logException(logger, e);
            try {
                session.getTransaction().rollback();
            } catch (Exception e2) {
                logger.error("Unable to roll back!", e2);
            }
            return false;
        }
    }

    public boolean saveInstructor(int id, String userid, String first, String last) {
        Session session = HibernateUtil.getSessionFactory().getCurrentSession();
        session.beginTransaction();
        try {
            boolean createNew = true;
            Instructor i = new Instructor();
            if (id > -1) {
                i = (Instructor) session.get(Instructor.class, id);
                createNew = false;
            } else {
                i = (Instructor) session.createQuery("FROM Instructor where lower(userid) = :userid")
                        .setParameter("userid", userid.toLowerCase()).uniqueResult();
                if (i == null)
                    i = new Instructor();
            }
            i.setUserid(userid);
            i.setFirstName(first);
            i.setLastName(last);
            if (createNew)
                session.save(i);
            else
                session.merge(i);

            session.getTransaction().commit();
            return true;
        } catch (Exception e) {
            HibernateUtil.logException(logger, e);
            try {
                session.getTransaction().rollback();
            } catch (Exception e2) {
                logger.error("Unable to roll back!", e2);
            }
            return false;
        }

    }

    public Instructor getInstructorById(int id) {
        Session session = HibernateUtil.getSessionFactory().getCurrentSession();
        session.beginTransaction();
        Instructor toReturn = null;
        try {
            toReturn = (Instructor) session.get(Instructor.class, id);
            session.getTransaction().commit();

        } catch (Exception e) {
            HibernateUtil.logException(logger, e);
        }
        return toReturn;
    }

    public Instructor getInstructorByUserid(Session session, String id) {
        return (Instructor) session.createQuery("FROM Instructor where lower(userid) = :userid")
                .setParameter("userid", id.toLowerCase()).uniqueResult();
    }

    @SuppressWarnings("unchecked")
    public List<Instructor> getAllInstructors() {
        Session session = HibernateUtil.getSessionFactory().getCurrentSession();
        session.beginTransaction();
        List<Instructor> toReturn = null;
        try {
            toReturn = (List<Instructor>) session
                    .createQuery("FROM Instructor ORDER by lower(lastName), lower(firstName),lower(userid)").list();
            session.getTransaction().commit();

        } catch (Exception e) {
            HibernateUtil.logException(logger, e);
        }
        return toReturn;
    }

    public boolean saveInstructor(String userid, String first, String last) {
        Session session = HibernateUtil.getSessionFactory().getCurrentSession();
        session.beginTransaction();
        try {
            Instructor i = (Instructor) session.createQuery("FROM Instructor where userid=:userid")
                    .setParameter("userid", userid).uniqueResult();
            boolean existed = true;
            if (i == null) {
                i = new Instructor();
                i.setUserid(userid);
                existed = false;
            }
            i.setLastName(last);
            i.setFirstName(first);

            if (existed)
                session.merge(i);
            else
                session.save(i);

            session.getTransaction().commit();
            return true;
        } catch (Exception e) {
            HibernateUtil.logException(logger, e);
            try {
                session.getTransaction().rollback();
            } catch (Exception e2) {
                logger.error("Unable to roll back!", e2);
            }
            return false;
        }
    }

    private SystemAdmin getSystemAdminByNameAndType(String name, String type, Session session) {
        return (SystemAdmin) session.createQuery("FROM SystemAdmin WHERE type=:type AND lower(name)=:name")
                .setParameter("type", type).setParameter("name", name.toLowerCase().trim()).uniqueResult();
    }

    private OrganizationAdmin getOrganizationAdminByNameAndType(String name, String type, int organizationId,
            Session session) {
        return (OrganizationAdmin) session.createQuery(
                "FROM OrganizationAdmin WHERE organization.id=:organizationId AND type=:type AND lower(name)=:name")
                .setParameter("type", type).setParameter("organizationId", organizationId)
                .setParameter("name", name.toLowerCase().trim()).uniqueResult();
    }

    public boolean removeSystemPermission(String id) {
        Session session = HibernateUtil.getSessionFactory().getCurrentSession();
        session.beginTransaction();
        try {

            SystemAdmin p = (SystemAdmin) session.get(SystemAdmin.class, Integer.parseInt(id));
            session.delete(p);
            session.getTransaction().commit();
            return true;
        } catch (Exception e) {
            HibernateUtil.logException(logger, e);
            try {
                session.getTransaction().rollback();
            } catch (Exception e2) {
                logger.error("Unable to roll back!", e2);
            }
            return false;
        }
    }

    public boolean removeOrganizationPermission(String id) {
        Session session = HibernateUtil.getSessionFactory().getCurrentSession();
        session.beginTransaction();
        try {

            OrganizationAdmin p = (OrganizationAdmin) session.get(OrganizationAdmin.class, Integer.parseInt(id));
            session.delete(p);
            session.getTransaction().commit();
            return true;
        } catch (Exception e) {
            HibernateUtil.logException(logger, e);
            try {
                session.getTransaction().rollback();
            } catch (Exception e2) {
                logger.error("Unable to roll back!", e2);
            }
            return false;
        }
    }

    public String getDisplayName(OrganizationAdmin p) throws Exception {
        if (p.getLastName() == null && PermissionsManager.ldapEnabled) {
            try {
                TreeMap<String, String> data = LdapConnection.instance().getUserData(p.getName());
                if (data != null) {

                    String first = data.get("givenName");
                    String last = data.get("sn");
                    if (this.saveOrganizationPermission(p.getOrganization().getId(), p.getType(), p.getName(),
                            first, last)) {
                        p.setFirstName(first);
                        p.setLastName(last);
                    }
                }
            } catch (Exception e) {
                //fail silently
            }
        }
        String display = null;

        if (p.getFirstName() != null)
            display = p.getFirstName();
        if (p.getLastName() != null) {
            if (display == null)
                display = p.getLastName();
            else
                display += " " + p.getLastName();
        }
        return display == null ? p.getName() : display;
    }

    public String getDisplayName(SystemAdmin p) throws Exception {

        if (p.getLastName() == null && PermissionsManager.ldapEnabled) {
            try {
                TreeMap<String, String> data = LdapConnection.instance().getUserData(p.getName());
                String first = data.get("givenName");
                String last = data.get("sn");
                if (saveSystemPermission(p.getType(), p.getName(), p.getCreatedUserid(), first, last)) {
                    p.setFirstName(first);
                    p.setLastName(last);
                }
            } catch (Exception e) {//fail silently
            }

        }
        String display = null;

        if (p.getFirstName() != null)
            display = p.getFirstName();
        if (p.getLastName() != null) {
            if (display == null)
                display = p.getLastName();
            else
                display += " " + p.getLastName();
        }
        return display == null ? p.getName() : display;
    }

    @SuppressWarnings("unchecked")
    public List<OrganizationAdmin> getAdminsForOrganization(String id) {
        Session session = HibernateUtil.getSessionFactory().getCurrentSession();
        session.beginTransaction();
        List<OrganizationAdmin> toReturn = null;

        try {
            toReturn = session
                    .createQuery(
                            "FROM OrganizationAdmin WHERE organization.id = :organizationId ORDER BY type,name")
                    .setParameter("organizationId", Integer.parseInt(id)).list();
            session.getTransaction().commit();
        } catch (Exception e) {
            HibernateUtil.logException(logger, e);
        }
        return toReturn;
    }

    @SuppressWarnings("unchecked")
    public List<SystemAdmin> getSystemAdmins() {
        Session session = HibernateUtil.getSessionFactory().getCurrentSession();
        session.beginTransaction();
        List<SystemAdmin> toReturn = null;
        try {
            toReturn = session.createQuery("FROM SystemAdmin  ORDER BY type,name").list();
            session.getTransaction().commit();
        } catch (Exception e) {
            HibernateUtil.logException(logger, e);
        }
        return toReturn;
    }

    public HashMap<String, Organization> getOrganizationsForUser(String userid) {
        HashMap<String, Organization> toReturn = new HashMap<String, Organization>();
        Session session = HibernateUtil.getSessionFactory().getCurrentSession();
        session.beginTransaction();
        try {

            StringBuilder sql = new StringBuilder();
            sql.append("   select {o.*} ");
            sql.append("  from organization o");
            sql.append("      ,organization_admin oa ");
            sql.append(" where oa.organization_id = o.id");
            sql.append("   and oa.name =:userid and type='Userid' ");
            @SuppressWarnings("unchecked")
            List<Organization> organizations = (List<Organization>) session.createSQLQuery(sql.toString())
                    .addEntity("o", Organization.class).setParameter("userid", userid).list();

            for (Organization o : organizations) {
                @SuppressWarnings("unchecked")
                List<Organization> children = session
                        .createQuery("FROM Organization WHERE parentOrganization.id =:orgId")
                        .setParameter("orgId", o.getId()).list();
                for (Organization o2 : children) {
                    toReturn.put("" + o2.getId(), o2);
                }
                toReturn.put("" + o.getId(), o);
            }

            session.getTransaction().commit();
        } catch (Exception e) {
            HibernateUtil.logException(logger, e);
        }
        return toReturn;
    }

    public HashMap<String, CourseOffering> getOfferingsForUser(String userid,
            HashMap<String, Organization> userHasAccessToOrganizations) {
        HashMap<String, CourseOffering> toReturn = new HashMap<String, CourseOffering>();
        Session session = HibernateUtil.getSessionFactory().getCurrentSession();
        session.beginTransaction();
        try {

            StringBuilder sql = new StringBuilder();
            sql.append(" select {co.*} ");
            sql.append("  from  program p ");
            sql.append("      ,link_course_program lcp ");
            sql.append("      ,course_offering co");
            sql.append(" where lcp.program_id = p.id");
            sql.append("   and lcp.course_id = co.course_id");
            sql.append("   and p.organization_id in (");
            sql.append(buildIn(userHasAccessToOrganizations.keySet()));
            sql.append(")");
            sql.append("  UNION");
            sql.append("  select {co.*} ");
            sql.append("  from course_offering co");
            sql.append("     , link_course_offering_instructor coi");
            sql.append("     , instructor instruc");
            sql.append(" where instruc.userid = :userid ");
            sql.append("   and coi.instructor_id = instruc.id");
            sql.append("   and coi.course_offering_id");
            sql.append("   and coi.course_offering_id = co.id");
            logger.error(sql);
            @SuppressWarnings("unchecked")
            List<CourseOffering> offerings = (List<CourseOffering>) session.createSQLQuery(sql.toString())
                    .addEntity("co", CourseOffering.class).setParameter("userid", userid).list();

            for (CourseOffering o : offerings) {
                toReturn.put("" + o.getId(), o);
            }

            session.getTransaction().commit();
        } catch (Exception e) {
            HibernateUtil.logException(logger, e);
        }
        return toReturn;
    }

    public boolean isSysadmin(String userid) {
        Session session = HibernateUtil.getSessionFactory().getCurrentSession();
        session.beginTransaction();
        boolean toReturn = false;
        try {
            toReturn = !session.createQuery("FROM SystemAdmin  WHERE type='Userid' AND name=:userid")
                    .setParameter("userid", userid).list().isEmpty();
            session.getTransaction().commit();
        } catch (Exception e) {
            HibernateUtil.logException(logger, e);
        }
        return toReturn;
    }

    @SuppressWarnings("unchecked")
    public List<Organization> getOrganizationsForUser(String userid, boolean sysadmin, boolean activeOnly)
            throws Exception {
        List<Organization> organizations = null;
        if (userid == null) {
            return null;
        }
        Session session = HibernateUtil.getSessionFactory().getCurrentSession();
        session.beginTransaction();

        try {
            if (sysadmin) {
                String query = activeOnly ? "FROM Organization WHERE active='Y' ORDER BY lower(name)"
                        : "FROM Organization ORDER BY lower(name)";
                organizations = (List<Organization>) session.createQuery(query).list();
            } else {

                StringBuilder sql = new StringBuilder();
                sql.append("   select {o.*} ");
                sql.append("  from organization o");
                sql.append("      ,organization_admin oa ");
                sql.append(" where oa.organization_id = o.id");
                if (activeOnly) {
                    sql.append(" and o.active='Y' ");
                }
                sql.append("   and oa.name =:userid and type='Userid' ");
                organizations = (List<Organization>) session.createSQLQuery(sql.toString())
                        .addEntity("o", Organization.class).setParameter("userid", userid).list();

            }
            session.getTransaction().commit();

        } catch (Exception e) {
            HibernateUtil.logException(logger, e);
        }
        return organizations;
    }

    @SuppressWarnings("unchecked")
    public boolean hasAccessToCourseOffering(String userid, CourseOffering offering, boolean sysadmin)
            throws Exception {
        Set<LinkCourseOfferingInstructor> instructors = offering.getInstructors();
        LinkCourseOfferingInstructor temp = new LinkCourseOfferingInstructor();
        Instructor instructor = CourseManager.instance().getInstructorByUserid(userid);
        temp.setInstructor(instructor);
        if (instructors.contains(temp)) //user is instructor of the course offering
        {
            return true;
        }
        List<Organization> accessOrganizations = getOrganizationsForUser(userid, sysadmin, false);
        if (accessOrganizations == null || accessOrganizations.isEmpty()) { //user is NOT in any organizations
            return false;
        }

        StringBuilder in = new StringBuilder();
        for (Organization org : accessOrganizations) {

            in.append(org.getId());
            in.append(",");
        }
        Course course = offering.getCourse();
        StringBuilder sql = new StringBuilder();
        sql.append("SELECT {d.*} ");
        sql.append("  FROM organization d,");
        sql.append("       program_admin pa,");
        sql.append("       link_course_program lcp");
        sql.append(" WHERE d.id = pa.name");
        sql.append("   AND pa.type='orgId' ");
        sql.append("   AND pa.program_id = lcp.program_id");
        sql.append("   AND lcp.course_id = :courseId");
        sql.append("   AND d.id in (");
        sql.append(in.substring(0, in.length() - 1));
        sql.append(")");

        Session session = HibernateUtil.getSessionFactory().getCurrentSession();
        session.beginTransaction();
        List<Organization> organizationsWithAccessToCourseForUser = null;
        try {
            organizationsWithAccessToCourseForUser = (List<Organization>) session.createSQLQuery(sql.toString())
                    .addEntity("d", Organization.class).setParameter("courseId", course.getId()).list();

            session.getTransaction().commit();
        } catch (Exception e) {
            HibernateUtil.logException(logger, e);
        }
        return !organizationsWithAccessToCourseForUser.isEmpty();
    }

    public PermissionsManager() {
    }

    public static PermissionsManager instance() {
        if (instance == null) {
            instance = new PermissionsManager();
        }
        return instance;

    }

    public static String inString(List<Integer> in) {
        StringBuilder sb = new StringBuilder();
        for (int i : in) {
            sb.append(",");
            sb.append(i);

        }
        return sb.substring(1);
    }

    private static String buildIn(Set<String> values) {
        StringBuilder r = new StringBuilder();
        if (values == null || values.isEmpty()) {
            return "''";
        }
        r.append("'bogus'");
        Iterator<String> iter = values.iterator();
        while (iter.hasNext()) {
            String s = iter.next();
            r.append(",'");
            r.append(s);
            r.append("'");
        }
        return r.toString();
    }

}