001: /**********************************************************************************
002: * $URL$
003: * $Id$
004: ***********************************************************************************
005: *
006: * Copyright (c) 2004, 2005, 2006 The Sakai Foundation.
007: *
008: * Licensed under the Educational Community License, Version 1.0 (the"License");
009: * you may not use this file except in compliance with the License.
010: * You may obtain a copy of the License at
011: *
012: * http://www.opensource.org/licenses/ecl1.php
013: *
014: * Unless required by applicable law or agreed to in writing, software
015: * distributed under the License is distributed on an "AS IS" BASIS,
016: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017: * See the License for the specific language governing permissions and
018: * limitations under the License.
019: *
020: **********************************************************************************/package org.sakaiproject.tool.assessment.facade.authz.integrated;
021:
022: import java.sql.SQLException;
023: import java.util.ArrayList;
024: import java.util.Calendar;
025: import java.util.Date;
026: import java.util.HashMap;
027: import java.util.List;
028: import java.util.ResourceBundle;
029:
030: import org.springframework.orm.hibernate3.HibernateCallback;
031: import org.springframework.orm.hibernate3.support.HibernateDaoSupport;
032: import org.hibernate.Hibernate;
033: import org.hibernate.HibernateException;
034: import org.hibernate.Query;
035: import org.hibernate.Session;
036:
037: import org.sakaiproject.tool.cover.ToolManager;
038: import org.sakaiproject.authz.api.AuthzGroup;
039: import org.sakaiproject.authz.cover.AuthzGroupService;
040: import org.sakaiproject.authz.cover.SecurityService;
041: import org.sakaiproject.user.cover.UserDirectoryService;
042: import org.sakaiproject.tool.assessment.data.dao.assessment.AssessmentBaseData;
043: import org.sakaiproject.tool.assessment.data.dao.authz.AuthorizationData;
044: import org.sakaiproject.tool.assessment.facade.AgentFacade;
045: import org.sakaiproject.tool.assessment.facade.AuthzQueriesFacadeAPI;
046:
047: /**
048: * <p>Description: Facade for AuthZ queries, standalone version.
049: * <p>Sakai Project Copyright (c) 2005</p>
050: * <p>@todo use resources in AuthzResource.</p>
051: * @author cwen
052: * @author Rachel Gollub <rgollub@stanford.edu>
053: * @author Ed Smiley <esmiley@stanford.edu> split integrated, standlaone.
054: */
055: public class AuthzQueriesFacade extends HibernateDaoSupport implements
056: AuthzQueriesFacadeAPI {
057: private final static org.apache.log4j.Logger LOG = org.apache.log4j.Logger
058: .getLogger(AuthzQueriesFacade.class);
059:
060: // stores sql strings
061: private static ResourceBundle res = ResourceBundle
062: .getBundle("org.sakaiproject.tool.assessment.facade.authz.resource.AuthzResource");
063: // can convert these to use the resource bundle....
064: private final static String HQL_QUERY_CHECK_AUTHZ = "select from "
065: + "org.sakaiproject.tool.assessment.data.dao.authz.AuthorizationData as data"
066: + " where data.agentIdString = :agentId and data.functionId = :functionId"
067: + " and data.qualifierId = :qualifierId";
068: private final static String HQL_QUERY_BY_AGENT_FUNC = "select from org.sakaiproject.tool.assessment.data.dao.authz.AuthorizationData "
069: + "as item where item.agentIdString = :agentId and item.functionId = :functionId";
070: private final static String HQL_QUERY_ASSESS_BY_AGENT_FUNC = "select asset from "
071: + "org.sakaiproject.tool.assessment.data.dao.assessment.AssessmentBaseData as asset, "
072: + "org.sakaiproject.tool.assessment.data.dao.authz.AuthorizationData as authz "
073: + "where asset.assessmentBaseId=authz.qualifierId and "
074: + "authz.agentIdString = :agentId and authz.functionId = :functionId";
075:
076: public boolean hasPrivilege(String functionName) {
077: String context = ToolManager.getCurrentPlacement().getContext();
078: return SecurityService.unlock(functionName, "/site/" + context);
079: }
080:
081: // this method is added by daisyf on 02/22/05
082: public boolean isAuthorized(final String agentId,
083: final String functionId, final String qualifierId) {
084: final String query = "select a from AuthorizationData a where a.functionId=? and a.qualifierId=?";
085:
086: final HibernateCallback hcb = new HibernateCallback() {
087: public Object doInHibernate(Session session)
088: throws HibernateException, SQLException {
089: Query q = session.createQuery(query);
090: q.setString(0, functionId);
091: q.setString(1, qualifierId);
092: return q.list();
093: };
094: };
095: List authorizationList = getHibernateTemplate()
096: .executeFind(hcb);
097:
098: // List authorizationList = getHibernateTemplate().find(query,
099: // new Object[] { functionId, qualifierId },
100: // new org.hibernate.type.Type[] { Hibernate.STRING, Hibernate.STRING });
101:
102: String currentSiteId = null;
103: if (ToolManager.getCurrentPlacement() != null)
104: currentSiteId = ToolManager.getCurrentPlacement()
105: .getContext();
106: if (currentSiteId == null)
107: return false; // user don't login via any site if they are using published url
108:
109: //System.out.println("**** currentSiteId"+currentSiteId);
110: String currentAgentId = UserDirectoryService.getCurrentUser()
111: .getId();
112: for (int i = 0; i < authorizationList.size(); i++) {
113: AuthorizationData a = (AuthorizationData) authorizationList
114: .get(i);
115: String siteId = a.getAgentIdString();
116: if (("AUTHENTICATED_USERS").equals(siteId)
117: && (currentAgentId != null)) {
118: return true;
119: } else if (("ANONYMOUS_USERS").equals(siteId)) {
120: return true;
121: } else if (currentSiteId.equals(siteId)) {
122: return true;
123: }
124: }
125: return false;
126: }
127:
128: // this appears to be unused, it is also dangerous, as it is not in the API
129: public boolean checkAuthorization(final String agentId,
130: final String functionId, final String qualifierId) {
131: /* if (agentId == null || functionId == null || qualifierId == null)
132: {
133: throw new IllegalArgumentException("Null Argument");
134: }*/
135: if (functionId == null || qualifierId == null) {
136: throw new IllegalArgumentException("Null Argument");
137: }
138: final String queryAgentId = ToolManager.getCurrentPlacement()
139: .getContext();
140:
141: HibernateCallback hcb = new HibernateCallback() {
142: public Object doInHibernate(Session session)
143: throws HibernateException, SQLException {
144: Query query = session
145: .createQuery(HQL_QUERY_CHECK_AUTHZ);
146: //query.setString("agentId", agentId);
147: if (agentId == null)
148: query.setString("agentId", queryAgentId);
149: else
150: query.setString("agentId", agentId);
151: query.setString("functionId", functionId);
152: query.setString("qualifierId", qualifierId);
153: return query.uniqueResult();
154: //return query.list();
155: }
156: };
157: Object result = (AuthorizationData) getHibernateTemplate()
158: .execute(hcb);
159:
160: if (result != null)
161: return true;
162: else
163: return false;
164: }
165:
166: public AuthorizationData createAuthorization(String agentId,
167: String functionId, String qualifierId) {
168: if (agentId == null || functionId == null
169: || qualifierId == null) {
170: throw new IllegalArgumentException("Null Argument");
171: } else {
172: AuthorizationData ad = new AuthorizationData();
173:
174: Calendar cal = Calendar.getInstance();
175: Date lastModifiedDate = cal.getTime();
176:
177: ad.setAgentIdString(agentId);
178: ad.setFunctionId(functionId);
179: ad.setQualifierId(qualifierId);
180: ad.setLastModifiedBy(UserDirectoryService.getCurrentUser()
181: .getId());
182: ad.setLastModifiedDate(lastModifiedDate);
183: getHibernateTemplate().save(ad);
184: return ad;
185: }
186: }
187:
188: // this appears to be unused, it is also dangerous, as it is not in the API
189: public ArrayList getAssessments(final String agentId,
190: final String functionId) {
191: ArrayList returnList = new ArrayList();
192: if (agentId == null || functionId == null) {
193: throw new IllegalArgumentException("Null Argument");
194: } else {
195: HibernateCallback hcb = new HibernateCallback() {
196: public Object doInHibernate(Session session)
197: throws HibernateException, SQLException {
198: Query query = session
199: .createQuery(HQL_QUERY_BY_AGENT_FUNC);
200: query.setString("agentId", agentId);
201: query.setString("functionId", functionId);
202: return query.list();
203: }
204: };
205: List result = (List) getHibernateTemplate().execute(hcb);
206: for (int i = 0; i < result.size(); i++) {
207: AuthorizationData ad = (AuthorizationData) result
208: .get(i);
209: returnList.add(ad);
210: }
211: }
212:
213: return returnList;
214: }
215:
216: // this appears to be unused, it is also dangerous, as it is not in the API
217: public ArrayList getAssessmentsByAgentAndFunction(
218: final String agentId, final String functionId) {
219: ArrayList returnList = new ArrayList();
220: if (agentId == null || functionId == null) {
221: throw new IllegalArgumentException("Null Argument");
222: } else {
223: HibernateCallback hcb = new HibernateCallback() {
224: public Object doInHibernate(Session session)
225: throws HibernateException, SQLException {
226: Query query = session
227: .createQuery(HQL_QUERY_ASSESS_BY_AGENT_FUNC);
228: query.setString("agentId", agentId);
229: query.setString("functionId", functionId);
230: return query.list();
231: }
232: };
233: List result = (List) getHibernateTemplate().execute(hcb);
234: for (int i = 0; i < result.size(); i++) {
235: AssessmentBaseData ad = (AssessmentBaseData) result
236: .get(i);
237: returnList.add(ad);
238: }
239: }
240:
241: return returnList;
242: }
243:
244: public void removeAuthorizationByQualifier(String qualifierId,
245: boolean isPublishedAssessment) {
246: String query = "select a from AuthorizationData a where a.qualifierId="
247: + qualifierId;
248: String clause = "";
249: if (isPublishedAssessment) {
250: clause = " and (a.functionId='OWN_PUBLISHED_ASSESSMENT'"
251: + " or a.functionId='TAKE_PUBLISHED_ASSESSMENT'"
252: + " or a.functionId='VIEW_PUBLISHED_ASSESSMENT_FEEDBACK'"
253: + " or a.functionId='GRADE_PUBLISHED_ASSESSMENT'"
254: + " or a.functionId='VIEW_PUBLISHED_ASSESSMENT')";
255: } else {
256: clause = " and a.functionId='EDIT_ASSESSMENT'";
257: }
258: List l = getHibernateTemplate().find(query + clause);
259: getHibernateTemplate().deleteAll(l);
260: }
261:
262: /** This returns a HashMap containing (String a.qualiferId, AuthorizationData a)
263: * agentId is a site for now but can be a user
264: */
265: public HashMap getAuthorizationToViewAssessments(String agentId) {
266: HashMap h = new HashMap();
267: List l = getAuthorizationByAgentAndFunction(agentId,
268: "VIEW_PUBLISHED_ASSESSMENT");
269: for (int i = 0; i < l.size(); i++) {
270: AuthorizationData a = (AuthorizationData) l.get(i);
271: h.put(a.getQualifierId(), a);
272: }
273: return h;
274: }
275:
276: public List getAuthorizationByAgentAndFunction(String agentId,
277: String functionId) {
278: String query = "select a from AuthorizationData a where a.agentIdString='"
279: + agentId + "' and a.functionId='" + functionId + "'";
280: //System.out.println("query="+query);
281: return getHibernateTemplate().find(query);
282: }
283:
284: public List getAuthorizationByFunctionAndQualifier(
285: String functionId, String qualifierId) {
286: return getHibernateTemplate().find(
287: "select a from AuthorizationData a where a.functionId='"
288: + functionId + "' and a.qualifierId='"
289: + qualifierId + "'");
290: }
291:
292: public boolean checkMembership(String siteId) {
293: boolean isMember = false;
294: try {
295: String realmName = "/site/" + siteId;
296: AuthzGroup siteAuthzGroup = AuthzGroupService
297: .getAuthzGroup(realmName);
298: if (siteAuthzGroup
299: .getUserRole(AgentFacade.getAgentString()) != null)
300: isMember = true;
301: } catch (Exception e) {
302: e.printStackTrace();
303: }
304: return isMember;
305: }
306:
307: }
|