[Treebase-guts] SF.net SVN: treebase:[499] trunk/treebase-web/src/main/java/org/cipres/ treebase/web/controllers/AbstractDownloadController.java

[<rv...@us...>]

Revision: 499
          http://treebase.svn.sourceforge.net/treebase/?rev=499&view=rev
Author:   rvos
Date:     2010-02-15 13:30:56 +0000 (Mon, 15 Feb 2010)

Log Message:
-----------
Added isSubmitter() method, which checks whether the current user has access to the download by virtue of being a submitter (as opposed to a reviewer), this is needed to address issue 2949853

Modified Paths:
--------------
    trunk/treebase-web/src/main/java/org/cipres/treebase/web/controllers/AbstractDownloadController.java

Modified: trunk/treebase-web/src/main/java/org/cipres/treebase/web/controllers/AbstractDownloadController.java
===================================================================
--- trunk/treebase-web/src/main/java/org/cipres/treebase/web/controllers/AbstractDownloadController.java	2010-02-15 13:28:43 UTC (rev 498)
+++ trunk/treebase-web/src/main/java/org/cipres/treebase/web/controllers/AbstractDownloadController.java	2010-02-15 13:30:56 UTC (rev 499)
@@ -8,9 +8,12 @@
 import javax.servlet.http.HttpServletResponse;
 
 import org.cipres.treebase.TreebaseUtil;
+import org.cipres.treebase.domain.admin.UserRole.TBPermission;
 import org.cipres.treebase.domain.nexus.NexusService;
 import org.cipres.treebase.domain.study.Study;
 import org.cipres.treebase.domain.study.StudyService;
+import org.cipres.treebase.domain.study.Submission;
+import org.cipres.treebase.domain.study.SubmissionService;
 import org.cipres.treebase.web.util.ControllerUtil;
 import org.cipres.treebase.web.util.WebUtil;
 import org.springframework.web.servlet.mvc.Controller;
@@ -22,6 +25,7 @@
 	protected static final int FORMAT_RDF = 3;
 	private NexusService mNexmlService;	
 	private NexusService mRdfaService;	
+	private SubmissionService mSubmissionService;
 	private static String mNexmlContentType = "application/xml";
 	private static String mRdfContentType = "application/rdf+xml";
 
@@ -122,7 +126,7 @@
 	 * @param downloadDirName
 	 */
 	protected void generateAFileDynamically(HttpServletRequest request, HttpServletResponse response, long objectId) {
-        if ( ! ControllerUtil.isReviewerAccessGranted(request) && ! getStudy(objectId,request).isPublished() ) {
+        if ( ! isSubmitter(objectId,request) && ! ControllerUtil.isReviewerAccessGranted(request) && ! getStudy(objectId,request).isPublished() ) {
         	response.setStatus(HttpServletResponse.SC_SEE_OTHER);        
         	response.setHeader("Location", "/treebase-web/accessviolation.html");
         }
@@ -152,6 +156,18 @@
 			}
         }
 	}
+	
+	private boolean isSubmitter (long objectId,HttpServletRequest request) {
+		Study study = getStudy(objectId,request);
+		Submission submission = study.getSubmission();
+		TBPermission tbp = getSubmissionService().getPermission(request.getRemoteUser(), submission.getId());
+		if (tbp == TBPermission.WRITE || tbp == TBPermission.READ_ONLY || tbp == TBPermission.SUBMITTED_WRITE) {
+			return true;
+		} 
+		else {
+			return false;
+		}
+	}
 
 	/**
 	 * 
@@ -176,5 +192,13 @@
 	public void setRdfaService(NexusService rdfaService) {
 		mRdfaService = rdfaService;
 	}
+	
+	public void setSubmissionService(SubmissionService submissionService) {
+		mSubmissionService = submissionService;
+	}
+	
+	public SubmissionService getSubmissionService() {
+		return mSubmissionService;
+	}
 
 }


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.