@Override public String toString() { return "Access rules for " + (this.patient != null ? this.patient.getDocumentReference() : "<unknown patient>"); } }
@Override public DocumentReference getDocumentReference() { return this.patient.getDocumentReference(); }
/** * {@inheritDoc} * * @deprecated use {@link #getDocumentReference()} instead */ @Deprecated @Override public DocumentReference getDocument() { return this.patient.getDocumentReference(); }
private void findNextPatient() { this.nextPatient = null; if (this.patientIterator == null) { return; } while (this.patientIterator.hasNext() && this.nextPatient == null) { Patient potentialNextPatient = this.patientIterator.next(); if (this.access.hasAccess(this.currentUser, Right.VIEW, potentialNextPatient.getDocumentReference())) { this.nextPatient = potentialNextPatient; } } }
@Override public boolean matches(Object otherEvent) { if (otherEvent instanceof PatientEvent) { PatientEvent otherPatientEvent = (PatientEvent) otherEvent; if (!StringUtils.equals(otherPatientEvent.getEventType(), this.eventType)) { return false; } return this.patient == null || this.patient.getDocumentReference() == null || (otherPatientEvent.getPatient() != null && this.patient.getDocumentReference().equals( otherPatientEvent.getPatient().getDocumentReference())); } return false; }
private String getURL(Patient patient) { XWikiContext context = this.provider.get(); return context.getWiki().getURL(patient.getDocumentReference(), "view", context); }
private void appentPatientXML(Patient patient, StringBuilder xmlResult) { String url = XMLUtils.escapeAttributeValue(getURL(patient)); String escapedReference = XMLUtils.escapeAttributeValue(patient.getDocumentReference().toString()); String escapedDescription = XMLUtils.escapeElementContent(getDescription(patient)); xmlResult.append("<rs id=\"").append(url).append("\" "); xmlResult.append("info=\"").append(escapedReference).append("\">"); xmlResult.append(escapedDescription); xmlResult.append("</rs>"); }
/** * Locks the patient record. * * @param patient The patient to be locked * @return A {@link HttpStatus} indicating the status of the request. */ public int lockPatient(Patient patient) { if (patient == null) { return HttpStatus.SC_BAD_REQUEST; } return this.lockManager.lockPatientRecord(this.pr.get(patient.getDocumentReference())) ? HttpStatus.SC_OK : HttpStatus.SC_BAD_REQUEST; }
/** * Checks if a patient is currently locked. * * @param patient The patient to be checked. * @return {@code true} if locked */ public boolean isLocked(Patient patient) { if (patient == null) { return false; } return this.lockManager.isLocked(this.pr.get(patient.getDocumentReference())); } }
/** * Unlocks the patient record. * * @param patient The patient to be unlocked * @return A {@link HttpStatus} indicating the status of the request. */ public int unlockPatient(Patient patient) { if (patient == null) { return HttpStatus.SC_BAD_REQUEST; } return this.lockManager.unlockPatientRecord(this.pr.get(patient.getDocumentReference())) ? HttpStatus.SC_OK : HttpStatus.SC_BAD_REQUEST; }
@Override public void delete(Patient patient) { try { this.server.deleteByQuery("document:" + ClientUtils.escapeQueryChars(this.referenceSerializer.serialize(patient.getDocumentReference()))); this.server.commit(); } catch (SolrServerException ex) { this.logger.warn("Failed to delete from Solr: {}", ex.getMessage()); } catch (IOException ex) { this.logger.warn("Error occurred while deleting Solr documents: {}", ex.getMessage()); } }
private Security securityCheck(String patientId, Right right) { Patient patient = this.repository.get(patientId); if (patient == null) { this.logger.debug("No such patient record: [{}]", patientId); Response response = Response.status(PATIENT_NOT_FOUND).build(); return new Security(patient, response, false); } User currentUser = this.users.getCurrentUser(); if (!this.access.hasAccess(currentUser, right, patient.getDocumentReference())) { this.logger.debug("View access denied to user [{}] on patient record [{}]", currentUser, patientId); Response response = Response.status(ACCESS_DENIED).build(); return new Security(patient, response, false); } return new Security(patient, null, true); }
private Patient getPatientByID(String patientID, String accessLevelName) { Patient patient = this.patientRepository.get(patientID); if (patient == null) { return null; } if (accessLevelName.equals("push")) { accessLevelName = "view"; } // FIXME: Access rights should be checked in the script service, not here if (!this.access.hasAccess(this.users.getCurrentUser(), Right.toRight(accessLevelName), patient.getDocumentReference())) { this.logger.warn("Can't access patient [{}] at level [{}]: access level violation", patientID, accessLevelName); return null; } return patient; }
private void updatePatientsFromJson(Pedigree pedigree, User updatingUser) { String idKey = "id"; try { List<JSONObject> patientsJson = this.pedigreeConverter.convert(pedigree); for (JSONObject singlePatient : patientsJson) { if (singlePatient.has(idKey)) { Patient patient = this.patientRepository.get(singlePatient.getString(idKey)); if (!this.authorizationService.hasAccess( updatingUser, Right.EDIT, patient.getDocumentReference())) { // skip patients the current user does not have edit rights for continue; } patient.updateFromJSON(singlePatient); } } } catch (Exception ex) { throw new PTInternalErrorException(); } }
private boolean userCanAccessPatient(String userName, Patient patient) { try { String owner = this.permissionManager.getEntityAccess(patient).getOwner().getUsername(); if (owner.equals(userName)) { return true; } boolean hasEditRights = this.authService.hasAccess(this.userManager.getUser(userName), Right.EDIT, patient.getDocumentReference()); if (hasEditRights) { return true; } } catch (Exception ex) { } return false; }
@Override public Family getFamilyForPatient(String patientId) { Patient patient = this.patientRepository.get(patientId); if (patient == null) { return null; } if (!this.authorizationService.hasAccess( this.userManager.getCurrentUser(), Right.VIEW, patient.getDocumentReference())) { return null; } Family family = this.familyRepository.getFamilyForPatient(patient); if (family == null) { return null; } if (!currentUserHasAccessRight(family, Right.VIEW)) { return null; } return family; }
private void checkIfPatientCanBeRemovedFromFamily(Family family, Patient patient, User updatingUser) throws PTException { // check rights if (!this.authorizationService.hasAccess(updatingUser, Right.EDIT, family.getDocumentReference())) { throw new PTNotEnoughPermissionsOnFamilyException(Right.EDIT, family.getId()); } if (!this.authorizationService.hasAccess(updatingUser, Right.EDIT, patient.getDocumentReference())) { throw new PTNotEnoughPermissionsOnPatientException(Right.EDIT, patient.getId()); } }
@Override public boolean addMember(String patientId, String familyId) { User currentUser = this.userManager.getCurrentUser(); Patient patient = this.patientRepository.get(patientId); if (patient == null) { return false; } if (!this.authorizationService.hasAccess(currentUser, Right.EDIT, patient.getDocumentReference())) { return false; } Family family = this.familyRepository.get(familyId); if (family == null || !currentUserHasAccessRight(family, Right.EDIT)) { return false; } try { this.familyRepository.addMember(family, patient, currentUser); } catch (PTException ex) { return false; } return true; }
private boolean setPedigreeObject(Family family, Pedigree pedigree, XWikiContext context) { if (pedigree == null) { this.logger.error("Can not set NULL pedigree for family [{}]", family.getId()); return false; } BaseObject pedigreeObject = family.getXDocument().getXObject(Pedigree.CLASS_REFERENCE); pedigreeObject.set(Pedigree.IMAGE, ((pedigree == null) ? "" : pedigree.getImage(null)), context); pedigreeObject.set(Pedigree.DATA, ((pedigree == null) ? "" : pedigree.getData().toString()), context); // update proband ID every time pedigree is changed BaseObject familyClassObject = family.getXDocument().getXObject(Family.CLASS_REFERENCE); if (familyClassObject != null) { String probandId = pedigree.getProbandId(); if (!StringUtils.isEmpty(probandId)) { Patient patient = this.patientRepository.get(probandId); familyClassObject.setStringValue("proband_id", (patient == null) ? "" : patient.getDocumentReference().toString()); } else { familyClassObject.setStringValue("proband_id", ""); } } return true; }
private void checkIfPatientCanBeAddedToFamily(Family family, Patient patient, User updatingUser) throws PTException { // check rights if (!this.authorizationService.hasAccess(updatingUser, Right.EDIT, family.getDocumentReference())) { throw new PTNotEnoughPermissionsOnFamilyException(Right.EDIT, family.getId()); } if (!this.authorizationService.hasAccess(updatingUser, Right.EDIT, patient.getDocumentReference())) { throw new PTNotEnoughPermissionsOnPatientException(Right.EDIT, patient.getId()); } // check for logical problems: patient in another family Family familyForLinkedPatient = this.getFamilyForPatient(patient); if (familyForLinkedPatient != null && !familyForLinkedPatient.getId().equals(family.getId())) { throw new PTPatientAlreadyInAnotherFamilyException(patient.getId(), familyForLinkedPatient.getId()); } }