Skip to content
This repository has been archived by the owner on May 4, 2022. It is now read-only.

Commit

Permalink
PT-1548: Fixes to family-studies to pass style-checks and use existin…
Browse files Browse the repository at this point in the history 
…g authorization API
  • Loading branch information
@allasm
allasm committed Dec 21, 2015
1 parent c9d970d commit 4383556
Show file tree
Hide file tree
Showing 4 changed files with 59 additions and 27 deletions.
4 changes: 2 additions & 2 deletions ...mily-studies/api/src/main/java/org/phenotips/studies/family/internal/JsonAdapterImpl.java
View file
Expand Up @@ -166,7 +166,7 @@ private static JSONObject exchangePhenotypes(JSONObject ex, JSONObject inter, Vo
for (Object termIdObj : externalTerms) {
VocabularyTerm term = hpoService.getTerm(termIdObj.toString());
if (term != null) {
JSONObject termJson = JSONObject.fromObject(term.toJson());
JSONObject termJson = JSONObject.fromObject(term.toJSON());
termJson.put("observed", "yes");
termJson.put("type", "phenotype");
internalTerms.add(termJson);
Expand All @@ -189,7 +189,7 @@ private static JSONObject exchangeDisorders(JSONObject ex, JSONObject inter, Voc
for (Object termIdObj : externalTerms) {
VocabularyTerm term = omimService.getTerm(termIdObj.toString());
if (term != null) {
internalTerms.add(term.toJson());
internalTerms.add(term.toJSON());
}
}
}
Expand Down
11 changes: 9 additions & 2 deletions ...family-studies/api/src/main/java/org/phenotips/studies/family/internal/PedigreeUtils.java
View file
Expand Up @@ -29,6 +29,7 @@

import org.xwiki.component.annotation.Component;
import org.xwiki.security.authorization.Right;
import org.xwiki.users.UserManager;

import java.util.LinkedList;
import java.util.List;
Expand Down Expand Up @@ -57,6 +58,9 @@ public class PedigreeUtils
@Inject
private AuthorizationService authorizationService;

@Inject
private UserManager userManager;

@Inject
private JsonAdapter jsonAdapter;

Expand Down Expand Up @@ -85,7 +89,9 @@ public JSONResponse processPedigree(String documentId, JSONObject json, String i
if (proband != null) {
family = this.familyRepository.getFamilyForPatient(proband);
if (family == null) {
if (!this.authorizationService.hasAccess(Right.EDIT, proband.getDocument())) {
if (!this.authorizationService.hasAccess(
this.userManager.getCurrentUser(), Right.EDIT, proband.getDocument()))
{
return new JSONResponse(StatusResponse.INSUFFICIENT_PERMISSIONS_ON_PATIENT).setMessage(documentId);
}
family = this.familyRepository.createFamily();
Expand Down Expand Up @@ -154,7 +160,8 @@ private JSONResponse checkValidity(Family family, List<String> newMembers)
JSONResponse jsonResponse = new JSONResponse();

// Checks that current user has edit permissions on family
if (!this.authorizationService.hasAccess(Right.EDIT, family.getDocumentReference()))
if (!this.authorizationService.hasAccess(
this.userManager.getCurrentUser(), Right.EDIT, family.getDocumentReference()))
{
return jsonResponse.setStatusResponse(StatusResponse.INSUFFICIENT_PERMISSIONS_ON_FAMILY);
}
Expand Down
23 changes: 16 additions & 7 deletions ...ies/api/src/main/java/org/phenotips/studies/family/internal/export/XWikiFamilyExport.java
View file
Expand Up @@ -30,6 +30,8 @@
import org.xwiki.query.QueryException;
import org.xwiki.query.QueryManager;
import org.xwiki.security.authorization.Right;
import org.xwiki.users.User;
import org.xwiki.users.UserManager;
import org.xwiki.xml.XMLUtils;

import java.util.Collections;
Expand All @@ -48,7 +50,6 @@

import com.xpn.xwiki.XWikiContext;

import net.sf.json.JSON;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;

Expand Down Expand Up @@ -97,6 +98,9 @@ public class XWikiFamilyExport
@Inject
private AuthorizationService authorizationService;

@Inject
private UserManager userManager;

@Inject
private RecordConfigurationManager configuration;

Expand Down Expand Up @@ -127,7 +131,7 @@ public String searchFamilies(String input, int resultsLimit, String requiredPerm
* @param family family
* @return JSON object with family information
*/
public JSON toJSON(Family family)
public JSONObject toJSON(Family family)
{
JSONObject familyJSON = new JSONObject();
familyJSON.put("familyPage", family.getId());
Expand Down Expand Up @@ -165,9 +169,12 @@ private JSONObject getPatientInformationAsJSON(Patient patient)
patientJSON.put(URL, url);

// add permissions information
User currentUser = this.userManager.getCurrentUser();
JSONObject permissionJSON = new JSONObject();
permissionJSON.put("hasEdit", this.authorizationService.hasAccess(Right.EDIT, patient.getDocument()));
permissionJSON.put("hasView", this.authorizationService.hasAccess(Right.VIEW, patient.getDocument()));
permissionJSON.put("hasEdit",
this.authorizationService.hasAccess(currentUser, Right.EDIT, patient.getDocument()));
permissionJSON.put("hasView",
this.authorizationService.hasAccess(currentUser, Right.VIEW, patient.getDocument()));
patientJSON.put(PERMISSIONS, permissionJSON);

return patientJSON;
Expand All @@ -193,7 +200,9 @@ private void queryFamilies(String input, String requiredPermissions, int results
}

Right right = Right.toRight(requiredPermissions);
if (!this.authorizationService.hasAccess(right, family.getDocumentReference())) {
if (!this.authorizationService.hasAccess(
this.userManager.getCurrentUser(), right, family.getDocumentReference()))
{
continue;
}

Expand Down Expand Up @@ -228,7 +237,7 @@ private void queryPatients(String input, String requiredPermissions, int results
}

Right right = Right.toRight(requiredPermissions);
if (!this.authorizationService.hasAccess(right, patient.getDocument())) {
if (!this.authorizationService.hasAccess(this.userManager.getCurrentUser(), right, patient.getDocument())) {
continue;
}

Expand Down Expand Up @@ -315,7 +324,7 @@ public Map<String, String> getMedicalReports(Patient patient)
PatientData<String> links = patient.getData("medicalreports");
Map<String, String> mapOfLinks = new HashMap<>();

if (this.authorizationService.hasAccess(Right.VIEW, patient.getDocument())) {
if (this.authorizationService.hasAccess(this.userManager.getCurrentUser(), Right.VIEW, patient.getDocument())) {
if (links != null) {
Iterator<Map.Entry<String, String>> iterator = links.dictionaryIterator();
while (iterator.hasNext()) {
Expand Down
48 changes: 32 additions & 16 deletions ...ly-studies/api/src/main/java/org/phenotips/studies/family/script/FamilyScriptService.java
View file
Expand Up @@ -32,6 +32,8 @@
import org.xwiki.model.reference.DocumentReference;
import org.xwiki.script.service.ScriptService;
import org.xwiki.security.authorization.Right;
import org.xwiki.users.User;
import org.xwiki.users.UserManager;

import javax.inject.Inject;
import javax.inject.Named;
Expand Down Expand Up @@ -73,6 +75,9 @@ public class FamilyScriptService implements ScriptService
@Inject
private AuthorizationService authorizationService;

@Inject
private UserManager userManager;

/**
* Either creates a new family, or gets the existing one if a patient belongs to a family.
*
Expand All @@ -87,18 +92,20 @@ public DocumentReference getOrCreateFamily(String patientId)
return null;
}

User currentUser = this.userManager.getCurrentUser();

Family xwikiFamily = this.familyRepository.getFamilyForPatient(patient);
if (xwikiFamily == null) {
if (!this.authorizationService.hasAccess(Right.EDIT, patient.getDocument())) {
if (!this.authorizationService.hasAccess(currentUser, Right.EDIT, patient.getDocument())) {
return null;
}

this.logger.debug("No family for patient [{}]. Creating new.", patientId);
xwikiFamily = this.familyRepository.createFamily();
xwikiFamily.addMember(patient);
} else {
if (!this.authorizationService.hasAccess(Right.VIEW, xwikiFamily.getDocumentReference())
|| !this.authorizationService.hasAccess(Right.VIEW, patient.getDocument())) {
if (!this.authorizationService.hasAccess(currentUser, Right.VIEW, xwikiFamily.getDocumentReference())
|| !this.authorizationService.hasAccess(currentUser, Right.VIEW, patient.getDocument())) {
return null;
}
}
Expand Down Expand Up @@ -130,8 +137,9 @@ public DocumentReference getFamilyForPatient(String patientId)
if (family == null) {
return null;
}
if (!this.authorizationService.hasAccess(Right.VIEW, family.getDocumentReference())
|| !this.authorizationService.hasAccess(Right.VIEW, patient.getDocument())) {
User currentUser = this.userManager.getCurrentUser();
if (!this.authorizationService.hasAccess(currentUser, Right.VIEW, family.getDocumentReference())
|| !this.authorizationService.hasAccess(currentUser, Right.VIEW, patient.getDocument())) {
return null;
}
return family.getDocumentReference();
Expand All @@ -148,9 +156,11 @@ public JSON getFamilyInfo(String id)
{
Family family = null;

User currentUser = this.userManager.getCurrentUser();

Patient patient = this.patientRepository.getPatientById(id);
if (patient != null) {
if (!this.authorizationService.hasAccess(Right.VIEW, patient.getDocument())) {
if (!this.authorizationService.hasAccess(currentUser, Right.VIEW, patient.getDocument())) {
return null;
}
// id belonged to a patient. Get patient's family
Expand All @@ -164,7 +174,7 @@ public JSON getFamilyInfo(String id)
this.logger.debug("Can't get family info for [{}].", id);
return new JSONObject(true);
}
if (!this.authorizationService.hasAccess(Right.VIEW, family.getDocumentReference())) {
if (!this.authorizationService.hasAccess(currentUser, Right.VIEW, family.getDocumentReference())) {
return null;
}

Expand All @@ -181,9 +191,10 @@ public JSON getFamilyInfo(String id)
public Pedigree getPedigree(String id)
{
Family family = null;
User currentUser = this.userManager.getCurrentUser();
Patient patient = this.patientRepository.getPatientById(id);
if (patient != null) {
if (!this.authorizationService.hasAccess(Right.VIEW, patient.getDocument())) {
if (!this.authorizationService.hasAccess(currentUser, Right.VIEW, patient.getDocument())) {
return null;
}
family = this.familyRepository.getFamilyForPatient(patient);
Expand All @@ -192,7 +203,7 @@ public Pedigree getPedigree(String id)
}

if (family != null) {
if (!this.authorizationService.hasAccess(Right.VIEW, family.getDocumentReference())) {
if (!this.authorizationService.hasAccess(currentUser, Right.VIEW, family.getDocumentReference())) {
return null;
}
Pedigree pedigree = family.getPedigree();
Expand Down Expand Up @@ -223,9 +234,11 @@ public JSON canPatientBeLinked(String documentId, String patientToLinkId)
{
JSONResponse response = new JSONResponse(StatusResponse.OK);

User currentUser = this.userManager.getCurrentUser();

Patient patientToLink = this.patientRepository.getPatientById(patientToLinkId);
// Checking user has edit permissions on the patient to link to the family
if (!this.authorizationService.hasAccess(Right.EDIT, patientToLink.getDocument())) {
if (!this.authorizationService.hasAccess(currentUser, Right.EDIT, patientToLink.getDocument())) {
response.setStatusResponse(StatusResponse.INSUFFICIENT_PERMISSIONS_ON_PATIENT);
response.setMessage(patientToLinkId);
return response.asVerification();
Expand All @@ -234,7 +247,7 @@ public JSON canPatientBeLinked(String documentId, String patientToLinkId)
// When documentId is a family's id
Family family = this.familyRepository.getFamilyById(documentId);
if (family != null) {
if (!this.authorizationService.hasAccess(Right.EDIT, family.getDocumentReference())) {
if (!this.authorizationService.hasAccess(currentUser, Right.EDIT, family.getDocumentReference())) {
response.setStatusResponse(StatusResponse.INSUFFICIENT_PERMISSIONS_ON_FAMILY);
return response.asVerification();
}
Expand All @@ -254,7 +267,7 @@ public JSON canPatientBeLinked(String documentId, String patientToLinkId)
if (family == null) {
// If there's no family associated with patient, it is still possible to link patientToLink
// if user has permissions to create a family for patient whose id is documentId
if (!this.authorizationService.hasAccess(Right.EDIT, patient.getDocument())) {
if (!this.authorizationService.hasAccess(currentUser, Right.EDIT, patient.getDocument())) {
response.setStatusResponse(StatusResponse.INSUFFICIENT_PERMISSIONS_ON_PATIENT);
response.setMessage(patient.getId());
}
Expand Down Expand Up @@ -289,12 +302,14 @@ public JSON processPedigree(String documentId, String json, String image)
*/
public boolean removeMember(String patientId)
{
User currentUser = this.userManager.getCurrentUser();

Patient patient = this.patientRepository.getPatientById(patientId);
if (patient == null) {
this.logger.error(COULD_NOT_RETRIEVE_PATIENT_ERROR_MESSAGE, patientId);
return false;
}
if (!this.authorizationService.hasAccess(Right.EDIT, patient.getDocument())) {
if (!this.authorizationService.hasAccess(currentUser, Right.EDIT, patient.getDocument())) {
return false;
}

Expand All @@ -303,7 +318,7 @@ public boolean removeMember(String patientId)
this.logger.error("Could not retrieve family for patient [{}]. Cannot remove patient.", patientId);
return false;
}
if (!this.authorizationService.hasAccess(Right.EDIT, family.getDocumentReference())) {
if (!this.authorizationService.hasAccess(currentUser, Right.EDIT, family.getDocumentReference())) {
return false;
}

Expand Down Expand Up @@ -338,8 +353,9 @@ public boolean addPatientToFamily(String familyId, String patientId)
return false;
}

if (!this.authorizationService.hasAccess(Right.EDIT, family.getDocumentReference())
|| !this.authorizationService.hasAccess(Right.EDIT, patient.getDocument())) {
User currentUser = this.userManager.getCurrentUser();
if (!this.authorizationService.hasAccess(currentUser, Right.EDIT, family.getDocumentReference())
|| !this.authorizationService.hasAccess(currentUser, Right.EDIT, patient.getDocument())) {
return false;
}

Expand Down

0 comments on commit 4383556

Please sign in to comment.