Merge pull request #3498 from IQSS/3133-missing-perms

fixed issue with missing perms; added command, added DataverseEntity …
IQSS · Dec 2, 2016 · 75a4146 · 75a4146
2 parents ddd76da + 7c20cfa
commit 75a4146
Show file tree

Hide file tree

Showing 7 changed files with 115 additions and 54 deletions.
diff --git a/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java
@@ -267,6 +267,7 @@ public DataFile findCheapAndEasy(Long id) {
         Integer file_id = (Integer) result[0];
 
         dataFile = new DataFile();
+        dataFile.setMergeable(false);
 
         dataFile.setId(file_id.longValue());
 
@@ -482,6 +483,7 @@ public void findFileMetadataOptimizedExperimental(Dataset owner, DatasetVersion
             Integer file_id = (Integer) result[0];
 
             DataFile dataFile = new DataFile();
+            dataFile.setMergeable(false);
 
             dataFile.setId(file_id.longValue());
 
@@ -756,9 +758,12 @@ public List<DataFile> findAll() {
     }
 
     public DataFile save(DataFile dataFile) {
-
-        DataFile savedDataFile = em.merge(dataFile);
-        return savedDataFile;
+        if (dataFile.isMergeable()) {   
+            DataFile savedDataFile = em.merge(dataFile);
+            return savedDataFile;
+        } else {
+            throw new IllegalArgumentException("This DataFile object has been set to NOT MERGEABLE; please ensure a MERGEABLE object is passed to the save method.");
+        } 
     }
 
     public Boolean isPreviouslyPublished(Long fileId){

diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetPage.java b/src/main/java/edu/harvard/iq/dataverse/DatasetPage.java
@@ -3,16 +3,12 @@
 import edu.harvard.iq.dataverse.authorization.AuthenticationServiceBean;
 import edu.harvard.iq.dataverse.authorization.Permission;
 import edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinUserServiceBean;
-import edu.harvard.iq.dataverse.authorization.users.ApiToken;
-import edu.harvard.iq.dataverse.authorization.users.User;
 import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
 import edu.harvard.iq.dataverse.authorization.users.PrivateUrlUser;
-import edu.harvard.iq.dataverse.authorization.users.GuestUser;
 import edu.harvard.iq.dataverse.datavariable.VariableServiceBean;
 import edu.harvard.iq.dataverse.engine.command.Command;
 import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
 import edu.harvard.iq.dataverse.engine.command.impl.CreateDatasetCommand;
-import edu.harvard.iq.dataverse.engine.command.impl.CreateGuestbookResponseCommand;
 import edu.harvard.iq.dataverse.engine.command.impl.CreatePrivateUrlCommand;
 import edu.harvard.iq.dataverse.engine.command.impl.DeaccessionDatasetVersionCommand;
 import edu.harvard.iq.dataverse.engine.command.impl.DeleteDatasetVersionCommand;
@@ -69,24 +65,18 @@
 import javax.inject.Named;
 import org.primefaces.event.FileUploadEvent;
 import org.primefaces.model.UploadedFile;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.HttpServletResponse;
 import javax.validation.ConstraintViolation;
 import org.apache.commons.httpclient.HttpClient;
 import org.primefaces.context.RequestContext;
-import java.text.DateFormat;
 import java.util.Arrays;
 import java.util.HashSet;
 import javax.faces.model.SelectItem;
 import java.util.logging.Level;
 import edu.harvard.iq.dataverse.datasetutility.TwoRavensHelper;
 import edu.harvard.iq.dataverse.datasetutility.WorldMapPermissionHelper;
-import javax.faces.component.UIComponent;
-import javax.faces.component.UIInput;
 
 import javax.faces.event.AjaxBehaviorEvent;
 
-import javax.faces.context.ExternalContext;
 import org.apache.commons.lang.StringEscapeUtils;
 
 import org.primefaces.component.tabview.TabView;
@@ -3323,7 +3313,7 @@ public boolean isDownloadPopupRequired() {
         return fileDownloadService.isDownloadPopupRequired(workingVersion);
     }
 
-   public String requestAccessMultipleFiles(String fileIdString) {
+       public String requestAccessMultipleFiles(String fileIdString) {
             if (fileIdString.isEmpty()) {
             RequestContext requestContext = RequestContext.getCurrentInstance();
             requestContext.execute("PF('selectFilesForRequestAccess').show()");
@@ -3342,37 +3332,18 @@ public String requestAccessMultipleFiles(String fileIdString) {
                     test = null;
                 }
                 if (test != null) {
-                    DataFile request = datafileService.find(test);
                     idForNotification = test;
-                    requestAccess(request, false);
+                    fileDownloadService.requestAccess(test);
                 }
             }
         }
         if (idForNotification.intValue() > 0) {
-            sendRequestFileAccessNotification(idForNotification);
+            fileDownloadService.sendRequestFileAccessNotification(dataset,idForNotification);
         }
         return returnToDatasetOnly();
     }
+
 
-    public void requestAccess(DataFile file, boolean sendNotification) {       
-        if (!file.getFileAccessRequesters().contains((AuthenticatedUser) session.getUser())) {
-            file.getFileAccessRequesters().add((AuthenticatedUser) session.getUser());
-            datafileService.save(file);
-
-            // create notifications
-            if (sendNotification) {
-                sendRequestFileAccessNotification(file.getId());
-
-            }
-        }
-    }
-
-    private void sendRequestFileAccessNotification(Long fileId) {
-        for (AuthenticatedUser au : permissionService.getUsersWithPermissionOn(Permission.ManageDatasetPermissions, dataset)) {
-            userNotificationService.sendNotification(au, new Timestamp(new Date().getTime()), UserNotification.Type.REQUESTFILEACCESS, fileId);
-        }
-
-    }
 
     public boolean isSortButtonEnabled() {
         /**

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseEntity.java b/src/main/java/edu/harvard/iq/dataverse/DataverseEntity.java
@@ -0,0 +1,27 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package edu.harvard.iq.dataverse;
+
+
+/**
+ * This is a non persistent superclass to be used by entities in Dataverse
+ * for any shared non persistent properties; for example "mergeable" which should
+ * be set to false, when an entity is manually loaded through native queries
+ */
+public abstract class DataverseEntity {
+
+    private boolean mergeable = true;
+
+    public boolean isMergeable() {
+        return mergeable;
+    }
+
+    public void setMergeable(boolean mergeable) {
+        this.mergeable = mergeable;
+    }
+
+
+}
diff --git a/src/main/java/edu/harvard/iq/dataverse/DvObject.java b/src/main/java/edu/harvard/iq/dataverse/DvObject.java
@@ -31,7 +31,7 @@
 		, @Index(columnList="owner_id")
 		, @Index(columnList="creator_id")
 		, @Index(columnList="releaseuser_id")})
-public abstract class DvObject implements java.io.Serializable {
+public abstract class DvObject extends DataverseEntity implements java.io.Serializable {
 
     public static final String DATAVERSE_DTYPE_STRING = "Dataverse";
     public static final String DATASET_DTYPE_STRING = "Dataset";
@@ -64,12 +64,12 @@ public String visit(Dataverse dv) {
 
         @Override
         public String visit(Dataset ds) {
-            return "[" + ds.getId() + " " + ds.getLatestVersion().getTitle() + "]";
+            return "[" + ds.getId() + (ds.getLatestVersion() != null ? " " + ds.getLatestVersion().getTitle() : "") + "]";
         }
 
         @Override
         public String visit(DataFile df) {
-            return "[" + df.getId() + " " + df.getFileMetadata().getLabel() + "]";
+            return "[" + df.getId() + (df.getFileMetadata() != null ? " " + df.getFileMetadata().getLabel() : "") + "]";
         }
     };
 

diff --git a/src/main/java/edu/harvard/iq/dataverse/FileDownloadServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/FileDownloadServiceBean.java
@@ -7,6 +7,7 @@
 import edu.harvard.iq.dataverse.engine.command.Command;
 import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
 import edu.harvard.iq.dataverse.engine.command.impl.CreateGuestbookResponseCommand;
+import edu.harvard.iq.dataverse.engine.command.impl.RequestAccessCommand;
 import java.io.IOException;
 import java.sql.Timestamp;
 import java.util.ArrayList;
@@ -397,25 +398,39 @@ public void downloadCitationBibtex(FileMetadata fileMetadata, Dataset dataset) {
     }
 
 
-    public void requestAccess(DataFile file, boolean sendNotification) {
-        if (!file.getFileAccessRequesters().contains((AuthenticatedUser) session.getUser())) {
+
+    public void requestAccess(DataFile file) {
+        if (requestAccess(file.getId())) {
+            // update the local file object so that the page properly updates
             file.getFileAccessRequesters().add((AuthenticatedUser) session.getUser());
-            datafileService.save(file);
-
+
             // create notifications
-            if (sendNotification) {
-                sendRequestFileAccessNotification(file);
-
-            }
+            sendRequestFileAccessNotification(file.getOwner(), file.getId());           
         }
-    }
-
-    private void sendRequestFileAccessNotification(DataFile file) {
-        for (AuthenticatedUser au : permissionService.getUsersWithPermissionOn(Permission.ManageDatasetPermissions, file.getOwner())) {
-            userNotificationService.sendNotification(au, new Timestamp(new Date().getTime()), UserNotification.Type.REQUESTFILEACCESS, file.getId());
+
+    }    
+
+    public boolean requestAccess(Long fileId) {     
+        DataFile file = datafileService.find(fileId);
+        if (!file.getFileAccessRequesters().contains((AuthenticatedUser) session.getUser())) {            
+            try {
+                commandEngine.submit(new RequestAccessCommand(dvRequestService.getDataverseRequest(), file));                        
+                return true;
+            } catch (CommandException ex) {
+                logger.info("Unable to request access for file id " + fileId + ". Exception: " + ex);
+            }             
         }
+
+        return false;
+    }    
+
+    public void sendRequestFileAccessNotification(Dataset dataset, Long fileId) {
+        permissionService.getUsersWithPermissionOn(Permission.ManageDatasetPermissions, dataset).stream().forEach((au) -> {
+            userNotificationService.sendNotification(au, new Timestamp(new Date().getTime()), UserNotification.Type.REQUESTFILEACCESS, fileId);
+        });
+
+    }    
 
-    }
 
 
 }
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/RequestAccessCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/RequestAccessCommand.java
@@ -0,0 +1,43 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package edu.harvard.iq.dataverse.engine.command.impl;
+
+import edu.harvard.iq.dataverse.DataFile;
+import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
+import edu.harvard.iq.dataverse.engine.command.AbstractCommand;
+import edu.harvard.iq.dataverse.engine.command.CommandContext;
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
+import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
+import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+
+/**
+ *
+ * @author gdurand
+ */
+@RequiredPermissions({})
+public class RequestAccessCommand extends AbstractCommand<DataFile> {
+
+    private final DataFile file;
+    private final AuthenticatedUser requester;
+
+
+    public RequestAccessCommand(DataverseRequest dvRequest, DataFile file) {
+        // for data file check permission on owning dataset
+        super(dvRequest, file);        
+        this.file = file;        
+        this.requester = (AuthenticatedUser) dvRequest.getUser();
+    }
+
+    @Override
+    public DataFile execute(CommandContext ctxt) throws CommandException {       
+        file.getFileAccessRequesters().add(requester);
+        return ctxt.files().save(file);
+    }
+
+
+
+}
+
diff --git a/src/main/webapp/file-download-button-fragment.xhtml b/src/main/webapp/file-download-button-fragment.xhtml
@@ -245,7 +245,7 @@
         <p:commandLink type="button" styleClass="btn btn-default" rendered="#{fileDownloadHelper.session.user.authenticated 
                                                                               and !fileMetadata.datasetVersion.deaccessioned
                                                                               and fileMetadata.dataFile.owner.fileAccessRequest and !(fileDownloadHelper.canDownloadFile(fileMetadata))}"
-                       actionListener="#{fileDownloadService.requestAccess(fileMetadata.dataFile, true)}"
+                       actionListener="#{fileDownloadService.requestAccess(fileMetadata.dataFile)}"
                        update="@this"
                        disabled="#{fileMetadata.dataFile.fileAccessRequesters.contains(dataverseSession.user)}">
             <!-- Request Access -->