@Override public boolean familyExists(String familyId) { return this.familyRepository.getFamilyById(familyId) != null; }
@Override public boolean currentUserHasAccessRight(String familyId, Right right) { Family family = this.familyRepository.getFamilyById(familyId); if (family == null) { return false; } return this.currentUserHasAccessRight(family, right); }
@Override public Family getFamilyById(String familyId) { Family family = this.familyRepository.getFamilyById(familyId); if (family == null) { return null; } if (!currentUserHasAccessRight(family, Right.VIEW)) { return null; } // Note: it is safe to return Family object even if the user has no edit rights for the family return family; }
@Override public Response deleteFamily(String id, Boolean deleteMembers) { this.logger.warn("Deleting family record [{}] via REST, deleteAllMembers = [{}]", id, deleteMembers); Family family = this.repository.getFamilyById(id); if (family == null) { this.logger.warn(NO_SUCH_FAMILY_ERROR_MESSAGE, id); return Response.status(Status.NOT_FOUND).build(); } if (this.familyTools.currentUserCanDeleteFamily(id, deleteMembers)) { this.logger.error("Delete access denied to user [{}] for family record [{}] with deleteMemebers=[{}]", this.users.getCurrentUser(), id, deleteMembers); return Response.status(Status.FORBIDDEN).build(); } if (!this.familyTools.deleteFamily(id, deleteMembers)) { return Response.status(Status.INTERNAL_SERVER_ERROR).build(); } this.logger.warn("Deleted family record [{}]", id); return Response.noContent().build(); } }
@Override public boolean currentUserCanDeleteFamily(String familyId, boolean deleteAllMembers) { Family family = this.familyRepository.getFamilyById(familyId); if (family == null) { return false; } return this.familyRepository.canDeleteFamily( family, this.userManager.getCurrentUser(), deleteAllMembers, false); }
@Override public boolean deleteFamily(String familyId, boolean deleteAllMembers) { Family family = this.familyRepository.getFamilyById(familyId); if (family == null) { return false; } // the access rights checks are done in familyRepository.deleteFamily() return this.familyRepository.deleteFamily(family, this.userManager.getCurrentUser(), deleteAllMembers); }
@Override public Response getFamily(String id) { this.logger.warn("Retrieving family record [{}] via REST", id); Family family = this.repository.getFamilyById(id); if (family == null) { this.logger.warn(NO_SUCH_FAMILY_ERROR_MESSAGE, id); return Response.status(Status.NOT_FOUND).build(); } User currentUser = this.users.getCurrentUser(); if (!this.access.hasAccess(Right.VIEW, currentUser == null ? null : currentUser.getProfileDocument(), family.getDocumentReference())) { this.logger.error("View access denied to user [{}] on family record [{}]", currentUser, id); return Response.status(Status.FORBIDDEN).build(); } JSONObject json = family.toJSON(); json.put("links", this.autolinker.get().forResource(getClass(), this.uriInfo).build()); return Response.ok(json, MediaType.APPLICATION_JSON_TYPE).build(); }
private void queryFamilies(String input, String requiredPermissions, int resultsLimit, Set<FamilySearchResult> results) { StringBuilder querySb = new StringBuilder(); querySb.append("select doc.name "); querySb.append(" from Document doc, "); querySb.append(" doc.object(PhenoTips.FamilyClass) as family "); querySb.append(" where lower(doc.name) like :").append(PhenotipsFamilyExport.INPUT_PARAMETER); querySb.append(" or lower(family.external_id) like :").append(PhenotipsFamilyExport.INPUT_PARAMETER); List<String> queryResults = runQuery(querySb.toString(), input, resultsLimit); // Process family query results for (String queryResult : queryResults) { Family family = this.familyRepository.getFamilyById(queryResult); if (family == null) { continue; } Right right = Right.toRight(requiredPermissions); if (!this.authorizationService.hasAccess( this.userManager.getCurrentUser(), right, family.getDocumentReference())) { continue; } results.add(new FamilySearchResult(family, requiredPermissions)); } }
Family family = this.familyRepository.getFamilyById(documentId); if (family == null) { return null;
@Override public DocumentLock getLock(DocumentReference doc) { XWikiContext context = this.provider.get(); XWikiDocument xdoc; try { xdoc = context.getWiki().getDocument(doc, context); if (xdoc == null) { return null; } String documentId = xdoc.getDocumentReference().getName(); Family family = this.familyRepository.getFamilyById(documentId); if (family == null) { return null; } XWikiLock xlock = xdoc.getLock(context); User user = this.userManager.getUser(xlock.getUserName()); if (xlock != null && !user.getId().equals(this.userManager.getCurrentUser().getId())) { Set<String> actions = Collections.singleton("edit"); return new DocumentLock(user, xlock.getDate(), this.tm.translate("family.locks.familyInUse", user.getName()), actions, false); } } catch (XWikiException e) { this.logger.error("Failed to access the document lock: {}", e.getMessage(), e); } return null; } }