@Override public boolean familyExists(String familyId) { return this.familyRepository.get(familyId) != null; }
@Override public boolean familyExists(String familyId) { return this.familyRepository.getFamilyById(familyId) != null; }
@Override public boolean canAddToFamily(Family family, Patient patient, boolean throwException) throws PTException { return this.familyRepository.canAddToFamily(family, patient, this.userManager.getCurrentUser(), throwException); } }
@Override public boolean deleteFamily(String familyId, boolean deleteAllMembers) { Family family = this.familyRepository.get(familyId); if (family == null) { return false; } // the access rights checks are done in familyRepository.deleteFamily() return this.familyRepository.delete(family, deleteAllMembers); }
@Override public boolean currentUserCanDeleteFamily(String familyId, boolean deleteAllMembers) { Family family = this.familyRepository.get(familyId); if (family == null) { return false; } return this.familyRepository.canDeleteFamily( family, this.userManager.getCurrentUser(), deleteAllMembers, false); }
@Override public boolean deleteFamily(String familyId, boolean deleteAllMembers) { Family family = this.familyRepository.getFamilyById(familyId); if (family == null) { return false; } // the access rights checks are done in familyRepository.deleteFamily() return this.familyRepository.deleteFamily(family, this.userManager.getCurrentUser(), deleteAllMembers); }
@Override public boolean addMember(String patientId, String familyId) { User currentUser = this.userManager.getCurrentUser(); Patient patient = this.patientRepository.get(patientId); if (patient == null) { return false; } if (!this.authorizationService.hasAccess(currentUser, Right.EDIT, patient.getDocumentReference())) { return false; } Family family = this.familyRepository.get(familyId); if (family == null || !currentUserHasAccessRight(family, Right.EDIT)) { return false; } try { this.familyRepository.addMember(family, patient, currentUser); } catch (PTException ex) { return false; } return true; }
@Override public boolean currentUserCanDeleteFamily(String familyId, boolean deleteAllMembers) { Family family = this.familyRepository.getFamilyById(familyId); if (family == null) { return false; } return this.familyRepository.canDeleteFamily( family, this.userManager.getCurrentUser(), deleteAllMembers, false); }
@Override public Family createFamily() { User creator = this.userManager.getCurrentUser(); if (this.access.hasAccess(creator, Right.EDIT, this.currentResolver.resolve(Family.DATA_SPACE, EntityType.SPACE))) { return this.familyRepository.create(); } throw new SecurityException("User not authorized to create new families"); }
@Override public Family createFamily() { User creator = this.userManager.getCurrentUser(); if (this.access.hasAccess(creator, Right.EDIT, this.currentResolver.resolve(Family.DATA_SPACE, EntityType.SPACE))) { return this.familyRepository.createFamily(creator); } throw new SecurityException("User not authorized to create new families"); }
@Override public boolean currentUserHasAccessRight(String familyId, Right right) { Family family = this.familyRepository.get(familyId); if (family == null) { return false; } return this.currentUserHasAccessRight(family, right); }
@Override public boolean currentUserHasAccessRight(String familyId, Right right) { Family family = this.familyRepository.getFamilyById(familyId); if (family == null) { return false; } return this.currentUserHasAccessRight(family, right); }
@Override public boolean canAddToFamily(Family family, Patient patient, boolean throwException) throws PTException { return this.familyRepository.canAddToFamily(family, patient, this.userManager.getCurrentUser(), throwException); } }
@Override public Family getFamilyById(String familyId) { Family family = this.familyRepository.get(familyId); if (family == null) { return null; } if (!currentUserHasAccessRight(family, Right.VIEW)) { return null; } // Note: it is safe to return Family object even if the user has no edit rights for the family return family; }
@Override public Family getFamilyById(String familyId) { Family family = this.familyRepository.getFamilyById(familyId); if (family == null) { return null; } if (!currentUserHasAccessRight(family, Right.VIEW)) { return null; } // Note: it is safe to return Family object even if the user has no edit rights for the family return family; }
@Override public Response deleteFamily(String id, Boolean deleteMembers) { this.logger.warn("Deleting family record [{}] via REST, deleteAllMembers = [{}]", id, deleteMembers); Family family = this.repository.get(id); if (family == null) { this.logger.warn(NO_SUCH_FAMILY_ERROR_MESSAGE, id); return Response.status(Status.NOT_FOUND).build(); } if (!this.familyTools.currentUserCanDeleteFamily(id, deleteMembers)) { this.logger.error("Delete access denied to user [{}] for family record [{}] with deleteMemebers=[{}]", this.users.getCurrentUser(), id, deleteMembers); return Response.status(Status.FORBIDDEN).build(); } if (!this.familyTools.deleteFamily(id, deleteMembers)) { return Response.status(Status.INTERNAL_SERVER_ERROR).build(); } this.logger.warn("Deleted family record [{}]", id); return Response.noContent().build(); } }
@Override public Response deleteFamily(String id, Boolean deleteMembers) { this.logger.warn("Deleting family record [{}] via REST, deleteAllMembers = [{}]", id, deleteMembers); Family family = this.repository.getFamilyById(id); if (family == null) { this.logger.warn(NO_SUCH_FAMILY_ERROR_MESSAGE, id); return Response.status(Status.NOT_FOUND).build(); } if (this.familyTools.currentUserCanDeleteFamily(id, deleteMembers)) { this.logger.error("Delete access denied to user [{}] for family record [{}] with deleteMemebers=[{}]", this.users.getCurrentUser(), id, deleteMembers); return Response.status(Status.FORBIDDEN).build(); } if (!this.familyTools.deleteFamily(id, deleteMembers)) { return Response.status(Status.INTERNAL_SERVER_ERROR).build(); } this.logger.warn("Deleted family record [{}]", id); return Response.noContent().build(); } }
@Override public Response getFamily(String id) { this.logger.warn("Retrieving family record [{}] via REST", id); Family family = this.repository.get(id); if (family == null) { this.logger.warn(NO_SUCH_FAMILY_ERROR_MESSAGE, id); return Response.status(Status.NOT_FOUND).build(); } User currentUser = this.users.getCurrentUser(); if (!this.access.hasAccess(currentUser, Right.VIEW, family.getDocumentReference())) { this.logger.error("View access denied to user [{}] on family record [{}]", currentUser, id); return Response.status(Status.FORBIDDEN).build(); } JSONObject json = family.toJSON(); json.put("links", this.autolinker.get().forResource(getClass(), this.uriInfo).build()); return Response.ok(json, MediaType.APPLICATION_JSON_TYPE).build(); }
@Override public Response getFamily(String id) { this.logger.warn("Retrieving family record [{}] via REST", id); Family family = this.repository.getFamilyById(id); if (family == null) { this.logger.warn(NO_SUCH_FAMILY_ERROR_MESSAGE, id); return Response.status(Status.NOT_FOUND).build(); } User currentUser = this.users.getCurrentUser(); if (!this.access.hasAccess(Right.VIEW, currentUser == null ? null : currentUser.getProfileDocument(), family.getDocumentReference())) { this.logger.error("View access denied to user [{}] on family record [{}]", currentUser, id); return Response.status(Status.FORBIDDEN).build(); } JSONObject json = family.toJSON(); json.put("links", this.autolinker.get().forResource(getClass(), this.uriInfo).build()); return Response.ok(json, MediaType.APPLICATION_JSON_TYPE).build(); }
Family family = this.familyRepository.get(queryResult); if (family == null) { continue;