org.muse.mneme.tool.AssessmentAccessView.java Source code

Java tutorial

Introduction

Here is the source code for org.muse.mneme.tool.AssessmentAccessView.java

Source

/**********************************************************************************
 * $URL$
 * $Id$
 ***********************************************************************************
 *
 * Copyright (c) 2007 The Regents of the University of Michigan & Foothill College, ETUDES Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 **********************************************************************************/

package org.muse.mneme.tool;

import java.io.IOException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.muse.ambrosia.api.Context;
import org.muse.ambrosia.util.ControllerImpl;
import org.muse.mneme.api.Assessment;
import org.muse.mneme.api.AssessmentAccess;
import org.muse.mneme.api.AssessmentPermissionException;
import org.muse.mneme.api.AssessmentPolicyException;
import org.muse.mneme.api.AssessmentService;
import org.sakaiproject.util.StringUtil;
import org.sakaiproject.util.Web;

/**
 * The /assessment_access view for the mneme tool.
 */
public class AssessmentAccessView extends ControllerImpl {
    /** Our log. */
    private static Log M_log = LogFactory.getLog(AssessmentAccessView.class);

    /** Assessment service. */
    protected AssessmentService assessmentService = null;

    /**
     * Shutdown.
     */
    public void destroy() {
        M_log.info("destroy()");
    }

    /**
     * {@inheritDoc}
     */
    public void get(HttpServletRequest req, HttpServletResponse res, Context context, String[] params)
            throws IOException {
        // we need 3 parameters: sort, aid, access id - all else is a return url
        if (params.length < 5) {
            throw new IllegalArgumentException();
        }
        String sort = params[2];
        String assessmentId = params[3];
        String accessId = params[4];

        // get the assessment
        Assessment assessment = assessmentService.getAssessment(assessmentId);
        if (assessment == null) {
            // redirect to error
            res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.invalid)));
            return;
        }

        // security check
        if (!assessmentService.allowEditAssessment(assessment)) {
            // redirect to error
            res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.unauthorized)));
            return;
        }

        // if access id is actually a user id, find the access that is for this user (only)
        AssessmentAccess access = null;
        if (accessId.startsWith("USER:")) {
            String[] parts = StringUtil.splitFirst(accessId, ":");
            access = assessment.getSpecialAccess().assureUserAccess(parts[1]);

            // this may have altered the assessment - save
            try {
                this.assessmentService.saveAssessment(assessment);
            } catch (AssessmentPermissionException e) {
                // redirect to error
                res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.unauthorized)));
                return;
            } catch (AssessmentPolicyException e) {
                // redirect to error
                res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.policy)));
                return;
            }

            // don't let the user be changed
            context.put("fixed_user", parts[1]);
        } else {
            access = assessment.getSpecialAccess().getAccess(accessId);
        }

        if (access == null) {
            // redirect to error
            res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.invalid)));
            return;
        }

        // setup the model
        context.put("assessment", assessment);
        context.put("access", access);
        context.put("sort", sort);

        // return
        String destination = null;
        if (params.length > 5) {
            destination = "/" + StringUtil.unsplit(params, 5, params.length - 5, "/");
        } else {
            destination = "/assessment_special/" + sort + "/" + assessment.getId();
        }
        context.put("return", destination);

        // render
        uiService.render(ui, context);
    }

    /**
     * Final initialization, once all dependencies are set.
     */
    public void init() {
        super.init();
        M_log.info("init()");
    }

    /**
     * {@inheritDoc}
     */
    public void post(HttpServletRequest req, HttpServletResponse res, Context context, String[] params)
            throws IOException {
        // we need 3 parameters: sort, aid, access id
        if (params.length < 5) {
            throw new IllegalArgumentException();
        }
        String sort = params[2];
        String assessmentId = params[3];
        String accessId = params[4];

        // get the assessment
        Assessment assessment = assessmentService.getAssessment(assessmentId);
        if (assessment == null) {
            // redirect to error
            res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.invalid)));
            return;
        }

        // security check
        if (!assessmentService.allowEditAssessment(assessment)) {
            // redirect to error
            res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.unauthorized)));
            return;
        }

        // if access id is actually a user id, find the access that is for this user (only),
        AssessmentAccess access = null;
        if (accessId.startsWith("USER:")) {
            String[] parts = StringUtil.splitFirst(accessId, ":");
            access = assessment.getSpecialAccess().assureUserAccess(parts[1]);
        } else {
            access = assessment.getSpecialAccess().getAccess(accessId);
        }
        if (access == null) {
            // redirect to error
            res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.invalid)));
            return;
        }

        // setup the model
        context.put("access", access);

        // read the form
        String destination = uiService.decode(req, context);

        // save
        try {
            this.assessmentService.saveAssessment(assessment);
        } catch (AssessmentPermissionException e) {
            // redirect to error
            res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.unauthorized)));
            return;
        } catch (AssessmentPolicyException e) {
            // redirect to error
            res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, "/error/" + Errors.policy)));
            return;
        }

        // redirect to the next destination
        res.sendRedirect(res.encodeRedirectURL(Web.returnUrl(req, destination)));
    }

    /**
     * Set the AssessmentService.
     * 
     * @param service
     *        The AssessmentService.
     */
    public void setAssessmentService(AssessmentService service) {
        this.assessmentService = service;
    }
}