From 438355660b6408281f2a90ef0c79dec035ba3eec Mon Sep 17 00:00:00 2001 From: Andrew Misyura Date: Wed, 25 Nov 2015 11:34:40 -0500 Subject: [PATCH] PT-1548: Fixes to family-studies to pass style-checks and use existing authorization API --- .../family/internal/JsonAdapterImpl.java | 4 +- .../family/internal/PedigreeUtils.java | 11 ++++- .../internal/export/XWikiFamilyExport.java | 23 ++++++--- .../family/script/FamilyScriptService.java | 48 ++++++++++++------- 4 files changed, 59 insertions(+), 27 deletions(-) diff --git a/components/family-studies/api/src/main/java/org/phenotips/studies/family/internal/JsonAdapterImpl.java b/components/family-studies/api/src/main/java/org/phenotips/studies/family/internal/JsonAdapterImpl.java index 90da3d9c41..6630729152 100644 --- a/components/family-studies/api/src/main/java/org/phenotips/studies/family/internal/JsonAdapterImpl.java +++ b/components/family-studies/api/src/main/java/org/phenotips/studies/family/internal/JsonAdapterImpl.java @@ -166,7 +166,7 @@ private static JSONObject exchangePhenotypes(JSONObject ex, JSONObject inter, Vo for (Object termIdObj : externalTerms) { VocabularyTerm term = hpoService.getTerm(termIdObj.toString()); if (term != null) { - JSONObject termJson = JSONObject.fromObject(term.toJson()); + JSONObject termJson = JSONObject.fromObject(term.toJSON()); termJson.put("observed", "yes"); termJson.put("type", "phenotype"); internalTerms.add(termJson); @@ -189,7 +189,7 @@ private static JSONObject exchangeDisorders(JSONObject ex, JSONObject inter, Voc for (Object termIdObj : externalTerms) { VocabularyTerm term = omimService.getTerm(termIdObj.toString()); if (term != null) { - internalTerms.add(term.toJson()); + internalTerms.add(term.toJSON()); } } } diff --git a/components/family-studies/api/src/main/java/org/phenotips/studies/family/internal/PedigreeUtils.java b/components/family-studies/api/src/main/java/org/phenotips/studies/family/internal/PedigreeUtils.java index 93595ba661..e9de6ea255 100644 --- a/components/family-studies/api/src/main/java/org/phenotips/studies/family/internal/PedigreeUtils.java +++ b/components/family-studies/api/src/main/java/org/phenotips/studies/family/internal/PedigreeUtils.java @@ -29,6 +29,7 @@ import org.xwiki.component.annotation.Component; import org.xwiki.security.authorization.Right; +import org.xwiki.users.UserManager; import java.util.LinkedList; import java.util.List; @@ -57,6 +58,9 @@ public class PedigreeUtils @Inject private AuthorizationService authorizationService; + @Inject + private UserManager userManager; + @Inject private JsonAdapter jsonAdapter; @@ -85,7 +89,9 @@ public JSONResponse processPedigree(String documentId, JSONObject json, String i if (proband != null) { family = this.familyRepository.getFamilyForPatient(proband); if (family == null) { - if (!this.authorizationService.hasAccess(Right.EDIT, proband.getDocument())) { + if (!this.authorizationService.hasAccess( + this.userManager.getCurrentUser(), Right.EDIT, proband.getDocument())) + { return new JSONResponse(StatusResponse.INSUFFICIENT_PERMISSIONS_ON_PATIENT).setMessage(documentId); } family = this.familyRepository.createFamily(); @@ -154,7 +160,8 @@ private JSONResponse checkValidity(Family family, List newMembers) JSONResponse jsonResponse = new JSONResponse(); // Checks that current user has edit permissions on family - if (!this.authorizationService.hasAccess(Right.EDIT, family.getDocumentReference())) + if (!this.authorizationService.hasAccess( + this.userManager.getCurrentUser(), Right.EDIT, family.getDocumentReference())) { return jsonResponse.setStatusResponse(StatusResponse.INSUFFICIENT_PERMISSIONS_ON_FAMILY); } diff --git a/components/family-studies/api/src/main/java/org/phenotips/studies/family/internal/export/XWikiFamilyExport.java b/components/family-studies/api/src/main/java/org/phenotips/studies/family/internal/export/XWikiFamilyExport.java index a7754d0814..25dc2a998b 100644 --- a/components/family-studies/api/src/main/java/org/phenotips/studies/family/internal/export/XWikiFamilyExport.java +++ b/components/family-studies/api/src/main/java/org/phenotips/studies/family/internal/export/XWikiFamilyExport.java @@ -30,6 +30,8 @@ import org.xwiki.query.QueryException; import org.xwiki.query.QueryManager; import org.xwiki.security.authorization.Right; +import org.xwiki.users.User; +import org.xwiki.users.UserManager; import org.xwiki.xml.XMLUtils; import java.util.Collections; @@ -48,7 +50,6 @@ import com.xpn.xwiki.XWikiContext; -import net.sf.json.JSON; import net.sf.json.JSONArray; import net.sf.json.JSONObject; @@ -97,6 +98,9 @@ public class XWikiFamilyExport @Inject private AuthorizationService authorizationService; + @Inject + private UserManager userManager; + @Inject private RecordConfigurationManager configuration; @@ -127,7 +131,7 @@ public String searchFamilies(String input, int resultsLimit, String requiredPerm * @param family family * @return JSON object with family information */ - public JSON toJSON(Family family) + public JSONObject toJSON(Family family) { JSONObject familyJSON = new JSONObject(); familyJSON.put("familyPage", family.getId()); @@ -165,9 +169,12 @@ private JSONObject getPatientInformationAsJSON(Patient patient) patientJSON.put(URL, url); // add permissions information + User currentUser = this.userManager.getCurrentUser(); JSONObject permissionJSON = new JSONObject(); - permissionJSON.put("hasEdit", this.authorizationService.hasAccess(Right.EDIT, patient.getDocument())); - permissionJSON.put("hasView", this.authorizationService.hasAccess(Right.VIEW, patient.getDocument())); + permissionJSON.put("hasEdit", + this.authorizationService.hasAccess(currentUser, Right.EDIT, patient.getDocument())); + permissionJSON.put("hasView", + this.authorizationService.hasAccess(currentUser, Right.VIEW, patient.getDocument())); patientJSON.put(PERMISSIONS, permissionJSON); return patientJSON; @@ -193,7 +200,9 @@ private void queryFamilies(String input, String requiredPermissions, int results } Right right = Right.toRight(requiredPermissions); - if (!this.authorizationService.hasAccess(right, family.getDocumentReference())) { + if (!this.authorizationService.hasAccess( + this.userManager.getCurrentUser(), right, family.getDocumentReference())) + { continue; } @@ -228,7 +237,7 @@ private void queryPatients(String input, String requiredPermissions, int results } Right right = Right.toRight(requiredPermissions); - if (!this.authorizationService.hasAccess(right, patient.getDocument())) { + if (!this.authorizationService.hasAccess(this.userManager.getCurrentUser(), right, patient.getDocument())) { continue; } @@ -315,7 +324,7 @@ public Map getMedicalReports(Patient patient) PatientData links = patient.getData("medicalreports"); Map mapOfLinks = new HashMap<>(); - if (this.authorizationService.hasAccess(Right.VIEW, patient.getDocument())) { + if (this.authorizationService.hasAccess(this.userManager.getCurrentUser(), Right.VIEW, patient.getDocument())) { if (links != null) { Iterator> iterator = links.dictionaryIterator(); while (iterator.hasNext()) { diff --git a/components/family-studies/api/src/main/java/org/phenotips/studies/family/script/FamilyScriptService.java b/components/family-studies/api/src/main/java/org/phenotips/studies/family/script/FamilyScriptService.java index b75ce802e5..3059c743a5 100644 --- a/components/family-studies/api/src/main/java/org/phenotips/studies/family/script/FamilyScriptService.java +++ b/components/family-studies/api/src/main/java/org/phenotips/studies/family/script/FamilyScriptService.java @@ -32,6 +32,8 @@ import org.xwiki.model.reference.DocumentReference; import org.xwiki.script.service.ScriptService; import org.xwiki.security.authorization.Right; +import org.xwiki.users.User; +import org.xwiki.users.UserManager; import javax.inject.Inject; import javax.inject.Named; @@ -73,6 +75,9 @@ public class FamilyScriptService implements ScriptService @Inject private AuthorizationService authorizationService; + @Inject + private UserManager userManager; + /** * Either creates a new family, or gets the existing one if a patient belongs to a family. * @@ -87,9 +92,11 @@ public DocumentReference getOrCreateFamily(String patientId) return null; } + User currentUser = this.userManager.getCurrentUser(); + Family xwikiFamily = this.familyRepository.getFamilyForPatient(patient); if (xwikiFamily == null) { - if (!this.authorizationService.hasAccess(Right.EDIT, patient.getDocument())) { + if (!this.authorizationService.hasAccess(currentUser, Right.EDIT, patient.getDocument())) { return null; } @@ -97,8 +104,8 @@ public DocumentReference getOrCreateFamily(String patientId) xwikiFamily = this.familyRepository.createFamily(); xwikiFamily.addMember(patient); } else { - if (!this.authorizationService.hasAccess(Right.VIEW, xwikiFamily.getDocumentReference()) - || !this.authorizationService.hasAccess(Right.VIEW, patient.getDocument())) { + if (!this.authorizationService.hasAccess(currentUser, Right.VIEW, xwikiFamily.getDocumentReference()) + || !this.authorizationService.hasAccess(currentUser, Right.VIEW, patient.getDocument())) { return null; } } @@ -130,8 +137,9 @@ public DocumentReference getFamilyForPatient(String patientId) if (family == null) { return null; } - if (!this.authorizationService.hasAccess(Right.VIEW, family.getDocumentReference()) - || !this.authorizationService.hasAccess(Right.VIEW, patient.getDocument())) { + User currentUser = this.userManager.getCurrentUser(); + if (!this.authorizationService.hasAccess(currentUser, Right.VIEW, family.getDocumentReference()) + || !this.authorizationService.hasAccess(currentUser, Right.VIEW, patient.getDocument())) { return null; } return family.getDocumentReference(); @@ -148,9 +156,11 @@ public JSON getFamilyInfo(String id) { Family family = null; + User currentUser = this.userManager.getCurrentUser(); + Patient patient = this.patientRepository.getPatientById(id); if (patient != null) { - if (!this.authorizationService.hasAccess(Right.VIEW, patient.getDocument())) { + if (!this.authorizationService.hasAccess(currentUser, Right.VIEW, patient.getDocument())) { return null; } // id belonged to a patient. Get patient's family @@ -164,7 +174,7 @@ public JSON getFamilyInfo(String id) this.logger.debug("Can't get family info for [{}].", id); return new JSONObject(true); } - if (!this.authorizationService.hasAccess(Right.VIEW, family.getDocumentReference())) { + if (!this.authorizationService.hasAccess(currentUser, Right.VIEW, family.getDocumentReference())) { return null; } @@ -181,9 +191,10 @@ public JSON getFamilyInfo(String id) public Pedigree getPedigree(String id) { Family family = null; + User currentUser = this.userManager.getCurrentUser(); Patient patient = this.patientRepository.getPatientById(id); if (patient != null) { - if (!this.authorizationService.hasAccess(Right.VIEW, patient.getDocument())) { + if (!this.authorizationService.hasAccess(currentUser, Right.VIEW, patient.getDocument())) { return null; } family = this.familyRepository.getFamilyForPatient(patient); @@ -192,7 +203,7 @@ public Pedigree getPedigree(String id) } if (family != null) { - if (!this.authorizationService.hasAccess(Right.VIEW, family.getDocumentReference())) { + if (!this.authorizationService.hasAccess(currentUser, Right.VIEW, family.getDocumentReference())) { return null; } Pedigree pedigree = family.getPedigree(); @@ -223,9 +234,11 @@ public JSON canPatientBeLinked(String documentId, String patientToLinkId) { JSONResponse response = new JSONResponse(StatusResponse.OK); + User currentUser = this.userManager.getCurrentUser(); + Patient patientToLink = this.patientRepository.getPatientById(patientToLinkId); // Checking user has edit permissions on the patient to link to the family - if (!this.authorizationService.hasAccess(Right.EDIT, patientToLink.getDocument())) { + if (!this.authorizationService.hasAccess(currentUser, Right.EDIT, patientToLink.getDocument())) { response.setStatusResponse(StatusResponse.INSUFFICIENT_PERMISSIONS_ON_PATIENT); response.setMessage(patientToLinkId); return response.asVerification(); @@ -234,7 +247,7 @@ public JSON canPatientBeLinked(String documentId, String patientToLinkId) // When documentId is a family's id Family family = this.familyRepository.getFamilyById(documentId); if (family != null) { - if (!this.authorizationService.hasAccess(Right.EDIT, family.getDocumentReference())) { + if (!this.authorizationService.hasAccess(currentUser, Right.EDIT, family.getDocumentReference())) { response.setStatusResponse(StatusResponse.INSUFFICIENT_PERMISSIONS_ON_FAMILY); return response.asVerification(); } @@ -254,7 +267,7 @@ public JSON canPatientBeLinked(String documentId, String patientToLinkId) if (family == null) { // If there's no family associated with patient, it is still possible to link patientToLink // if user has permissions to create a family for patient whose id is documentId - if (!this.authorizationService.hasAccess(Right.EDIT, patient.getDocument())) { + if (!this.authorizationService.hasAccess(currentUser, Right.EDIT, patient.getDocument())) { response.setStatusResponse(StatusResponse.INSUFFICIENT_PERMISSIONS_ON_PATIENT); response.setMessage(patient.getId()); } @@ -289,12 +302,14 @@ public JSON processPedigree(String documentId, String json, String image) */ public boolean removeMember(String patientId) { + User currentUser = this.userManager.getCurrentUser(); + Patient patient = this.patientRepository.getPatientById(patientId); if (patient == null) { this.logger.error(COULD_NOT_RETRIEVE_PATIENT_ERROR_MESSAGE, patientId); return false; } - if (!this.authorizationService.hasAccess(Right.EDIT, patient.getDocument())) { + if (!this.authorizationService.hasAccess(currentUser, Right.EDIT, patient.getDocument())) { return false; } @@ -303,7 +318,7 @@ public boolean removeMember(String patientId) this.logger.error("Could not retrieve family for patient [{}]. Cannot remove patient.", patientId); return false; } - if (!this.authorizationService.hasAccess(Right.EDIT, family.getDocumentReference())) { + if (!this.authorizationService.hasAccess(currentUser, Right.EDIT, family.getDocumentReference())) { return false; } @@ -338,8 +353,9 @@ public boolean addPatientToFamily(String familyId, String patientId) return false; } - if (!this.authorizationService.hasAccess(Right.EDIT, family.getDocumentReference()) - || !this.authorizationService.hasAccess(Right.EDIT, patient.getDocument())) { + User currentUser = this.userManager.getCurrentUser(); + if (!this.authorizationService.hasAccess(currentUser, Right.EDIT, family.getDocumentReference()) + || !this.authorizationService.hasAccess(currentUser, Right.EDIT, patient.getDocument())) { return false; }