001: /*
002: * Copyright (c) 2001 - 2005 ivata limited.
003: * All rights reserved.
004: * -----------------------------------------------------------------------------
005: * ivata groupware may be redistributed under the GNU General Public
006: * License as published by the Free Software Foundation;
007: * version 2 of the License.
008: *
009: * These programs are free software; you can redistribute them and/or
010: * modify them under the terms of the GNU General Public License
011: * as published by the Free Software Foundation; version 2 of the License.
012: *
013: * These programs are distributed in the hope that they will be useful,
014: * but WITHOUT ANY WARRANTY; without even the implied warranty of
015: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
016: *
017: * See the GNU General Public License in the file LICENSE.txt for more
018: * details.
019: *
020: * If you would like a copy of the GNU General Public License write to
021: *
022: * Free Software Foundation, Inc.
023: * 59 Temple Place - Suite 330
024: * Boston, MA 02111-1307, USA.
025: *
026: *
027: * To arrange commercial support and licensing, contact ivata at
028: * http://www.ivata.com/contact.jsp
029: * -----------------------------------------------------------------------------
030: * $Log: LibraryRightsImpl.java,v $
031: * Revision 1.4 2005/04/29 02:48:16 colinmacleod
032: * Data bugfixes.
033: * Changed primary key back to Integer.
034: *
035: * Revision 1.3 2005/04/10 20:09:45 colinmacleod
036: * Added new themes.
037: * Changed id type to String.
038: * Changed i tag to em and b tag to strong.
039: * Improved PicoContainerFactory with NanoContainer scripts.
040: *
041: * Revision 1.2 2005/04/09 17:19:46 colinmacleod
042: * Changed copyright text to GPL v2 explicitly.
043: *
044: * Revision 1.1.1.1 2005/03/10 17:51:59 colinmacleod
045: * Restructured ivata op around Hibernate/PicoContainer.
046: * Renamed ivata groupware.
047: *
048: * Revision 1.4 2004/11/12 18:16:05 colinmacleod
049: * Ordered imports.
050: *
051: * Revision 1.3 2004/11/12 15:57:16 colinmacleod
052: * Removed dependencies on SSLEXT.
053: * Moved Persistence classes to ivata masks.
054: *
055: * Revision 1.2 2004/07/18 21:57:35 colinmacleod
056: * Removed unneccesary import.
057: *
058: * Revision 1.1 2004/07/13 19:47:29 colinmacleod
059: * Moved project to POJOs from EJBs.
060: * Applied PicoContainer to services layer (replacing session EJBs).
061: * Applied Hibernate to persistence layer (replacing entity EJBs).
062: *
063: * Revision 1.2 2004/02/01 22:07:31 colinmacleod
064: * Added full names to author tags
065: *
066: * Revision 1.1.1.1 2004/01/27 20:58:40 colinmacleod
067: * Moved open portal to sourceforge.
068: *
069: * Revision 1.5 2003/11/03 11:29:44 jano
070: * commiting library,
071: * tryinjg to fix deploying problem
072: *
073: * Revision 1.4 2003/10/28 13:16:14 jano
074: * commiting library,
075: * still fixing compile and building openGroupware project
076: *
077: * Revision 1.3 2003/10/15 14:21:00 jano
078: * converting to XDoclet
079: *
080: * Revision 1.2 2003/10/15 14:16:53 colin
081: * fixing for XDoclet
082: *
083: * Revision 1.4 2003/06/02 22:18:43 colin
084: * changes for new user rights interface
085: *
086: * Revision 1.3 2003/05/12 13:47:40 colin
087: * added new methods for finding rights
088: *
089: * Revision 1.2 2003/04/09 09:02:44 jano
090: * handling data of removing user
091: *
092: * Revision 1.1 2003/02/24 19:09:22 colin
093: * moved to business
094: *
095: * Revision 1.10 2003/02/04 17:43:50 colin
096: * copyright notice
097: *
098: * Revision 1.9 2003/01/09 10:50:11 jano
099: * I need only two method for finding right for TOPIC and ITEM
100: *
101: * Revision 1.8 2003/01/08 10:40:43 jano
102: * we changed interface of libraryBeans, we are using libraryRightBean for amending rights and for finding out
103: * and we are not storing rights in TopicDO
104: *
105: * Revision 1.7 2003/01/03 17:17:11 jano
106: * fixing findr problem in canUser
107: *
108: * Revision 1.6 2003/01/02 16:39:40 jano
109: * taking VIEW of
110: *
111: * Revision 1.5 2002/12/05 16:09:38 jano
112: * fixing bug
113: *
114: * Revision 1.4 2002/11/29 13:12:36 jano
115: * if finder didn't find anytnik he didn't throe exeption so we have to check if collection is empty
116: *
117: * Revision 1.3 2002/10/09 07:39:02 jano
118: * to many imports :-)
119: *
120: * Revision 1.2 2002/08/30 09:50:19 colin
121: * changed canUser... methods to just can...
122: *
123: * Revision 1.1 2002/07/12 09:31:39 colin
124: * split library bean into library and library rights
125: * -----------------------------------------------------------------------------
126: */
127: package com.ivata.groupware.business.library.right;
128:
129: import java.io.Serializable;
130: import java.util.Collection;
131: import java.util.Iterator;
132: import java.util.List;
133: import java.util.Vector;
134:
135: import javax.mail.MethodNotSupportedException;
136:
137: import com.ivata.groupware.admin.security.server.SecuritySession;
138: import com.ivata.groupware.business.addressbook.person.group.GroupDO;
139: import com.ivata.groupware.business.addressbook.person.group.right.RightConstants;
140: import com.ivata.groupware.business.addressbook.person.group.right.RightDO;
141: import com.ivata.groupware.business.library.comment.CommentDO;
142: import com.ivata.groupware.business.library.topic.TopicDO;
143: import com.ivata.groupware.container.persistence.QueryPersistenceManager;
144: import com.ivata.mask.persistence.PersistenceSession;
145: import com.ivata.mask.util.SystemException;
146:
147: /**
148: * <p>
149: * Facade to the intranet library access rights. This POJO can be
150: * used both locally and remotely to establish what users are entitled to
151: * within the library subsystem.
152: * </p>
153: *
154: * @since 2002-07-10
155: * @author Colin MacLeod
156: * <a href='mailto:colin.macleod@ivata.com'>colin.macleod@ivata.com</a>
157: * @version $Revision: 1.4 $
158: */
159: public class LibraryRightsImpl implements LibraryRights, Serializable {
160: /**
161: * Persistence manger used to store/retrieve data objects.
162: */
163: private QueryPersistenceManager persistenceManager;
164:
165: /**
166: * Construct a new library rights instance.
167: *
168: * @param persistenceManager used to store objects in db.
169: */
170: public LibraryRightsImpl(QueryPersistenceManager persistenceManager) {
171: this .persistenceManager = persistenceManager;
172: }
173:
174: /**
175: * <p>
176: * This method changes ADD rights. Users in the specified groups will be
177: * able to add ITEMS with this TOPIC.
178: * </p>
179: *
180: * <p>
181: * It's works only with those groups which can be seen by the user.
182: * if I am adding ADD right for a group and the user has not VIEW right
183: * -> also create a VIEW right for that group.
184: * </p>
185: *
186: * @param id of TOPIC
187: * @param userName user vhich is goin to change rights
188: * @param rights collection of groups for which we will set up ADD right
189: */
190: public void amendAddRightsForItem(
191: final SecuritySession securitySession, final Integer id,
192: final Collection rights) throws SystemException {
193: throw new SystemException(
194: new MethodNotSupportedException(
195: "ERROR: LibraryRightsImpl.amendAddRightsForItem is not implemented yet!"));
196: }
197:
198: /**
199: * <p>This method changing AMEND rights. Users in those groups will be able to amend ITEMS with this TOPIC.
200: * It's working only with those groups which can be see by user.
201: * if I am adding AMEND right for group and there is not VIEW right -> so create VIEW right for that group.</p>
202: *
203: * @param id of TOPIC
204: * @param userName user vhich is goin to change rights
205: * @param rights collection of groups for which we will set up AMEND right
206: */
207: public void amendAmendRightsForItem(
208: final SecuritySession securitySession, final Integer id,
209: final Collection rights) throws SystemException {
210: throw new SystemException(
211: new MethodNotSupportedException(
212: "ERROR: LibraryRightsImpl.amendAmendRightsForItem is not implemented yet!"));
213: }
214:
215: /**
216: * <p>This method changing AMEND rights of TOPIC. It's working only with those groups which can be see by user.
217: * if I am adding AMEND right for group and there is not VIEW right -> so create VIEW right for that group.</p>
218: *
219: * @param id of TOPIC
220: * @param userName user which is chaning
221: * @param rights collection of groups for which we will set up AMEND right
222: */
223: public void amendAmendRightsForTopic(
224: final SecuritySession securitySession, final Integer id,
225: final Collection rights) throws SystemException {
226: throw new SystemException(
227: new MethodNotSupportedException(
228: "ERROR: LibraryRightsImpl.amendAmendRightsForTopic is not implemented yet!"));
229: }
230:
231: /**
232: * <p>This method changing REMOVE rights. Users in those groups will be able to remove ITEMS with this TOPIC.
233: * It's working only with those groups which can be see by user.
234: * if I am adding REMOVE right for group and there is not VIEW right -> so create VIEW right for that group.</p>
235: *
236: * @param id of TOPIC
237: * @param userName user vhich is goin to change rights
238: * @param rights collection of groups for which we will set up REMOVE right
239: */
240: public void amendRemoveRightsForItem(
241: final SecuritySession securitySession, final Integer id,
242: final Collection rights) throws SystemException {
243: throw new SystemException(
244: new MethodNotSupportedException(
245: "ERROR: LibraryRightsImpl.amendRemoveRightsForItem is not implemented yet!"));
246: }
247:
248: /**
249: * <p>This method changing REMOVE rights of TOPIC. It's working only with those groups which can be see by user.
250: * if I am adding REMOVE right for group and there is not VIEW right -> so create VIEW right for that group.</p>
251: *
252: * @param id of TOPIC
253: * @param userName user vhich is going to change
254: * @param rights collection of groups for which we will set up REMOVE right
255: */
256: public void amendRemoveRightsForTopic(
257: final SecuritySession securitySession, final Integer id,
258: final Collection rights) throws SystemException {
259: throw new SystemException(
260: new MethodNotSupportedException(
261: "ERROR: LibraryRightsImpl.amendRemoveRightsForTopic is not implemented yet!"));
262: }
263:
264: /**
265: * <p>This method changing VIEW rights of ITEMS. Users in those groups will be albe to see ITEMS with this TOPIC.
266: * It's working only with those groups which can be see by user.</p>
267: *
268: * @param id of TOPIC
269: * @param userName user vhich is goin to change rights
270: * @param rights collection of groups for which we will set up VIEW right
271: */
272: public void amendViewRightsForItem(
273: final SecuritySession securitySession, final Integer id,
274: final Collection rights) throws SystemException {
275: throw new SystemException(
276: new MethodNotSupportedException(
277: "ERROR: LibraryRightsImpl.amendViewRightsForItem is not implemented yet!"));
278: }
279:
280: /**
281: * <p>This method changing VIEW rights of TOPIC. It's working only with those groups which can be see by user.</p>
282: *
283: * @param id of TOPIC
284: * @param userName user which is changing
285: * @param rights collection of groupIds for which we will set up VIEW right
286: */
287: public void amendViewRightsForTopic(
288: final SecuritySession securitySession, final Integer id,
289: final Collection rights) throws SystemException {
290: throw new SystemException(
291: new MethodNotSupportedException(
292: "ERROR: LibraryRightsImpl.amendViewRightsForTopic is not implemented yet!"));
293: }
294:
295: /**
296: * <p>Find out if a user is allowed to add a new comment.</p>
297: *
298: * @param userName the name of the user to check the user rights for.
299: * @param comment the comment check.
300: * @return <code>true</code> if the user is entitled to add this comment,
301: * otherwise <code>false</code>.
302: */
303: public boolean canAddComment(final SecuritySession securitySession,
304: final CommentDO comment) throws SystemException {
305: // user rights for adding comments are simple: if the user can view the
306: // item this comment refers to, she can also add comments to it
307: return canViewInTopic(securitySession, comment.getItem()
308: .getTopic().getId());
309: }
310:
311: /**
312: * <p>Find out if a user is allowed to add a new topic.</p>
313: *
314: * @param userName the name of the user to check the user rights for.
315: * @param topicId the unique identifier of the topic to check.
316: * @return <code>true</code> if the user is entitled to add new topics,
317: * otherwise <code>false</code>.
318: */
319: public boolean canAddTopic(final SecuritySession securitySession)
320: throws SystemException {
321: return canUser(securitySession, (Integer) null,
322: RightConstants.DETAIL_LIBRARY_TOPIC,
323: RightConstants.ACCESS_ADD);
324: }
325:
326: /**
327: * <p>Find out if a user is allowed to add items to a given topic.</p>
328: *
329: * @param userName the name of the user to check the user rights for.
330: * @param topicId the unique identifier of the topic to check.
331: * @return <code>true</code> if the user is entitled to add items to the
332: * topic, otherwise <code>false</code>.
333: */
334: public boolean canAddToTopic(final SecuritySession securitySession,
335: final Integer topicId) throws SystemException {
336: return canUser(securitySession, topicId,
337: RightConstants.DETAIL_LIBRARY_ITEM_TOPIC,
338: RightConstants.ACCESS_ADD);
339: }
340:
341: /**
342: * <p>Find out if a user is allowed to change an existing comment.</p>
343: *
344: * @param userName the name of the user to check the user rights for.
345: * @param commentParam the comment check.
346: * @return <code>true</code> if the user is entitled to change this comment,
347: * otherwise <code>false</code>.
348: */
349: public boolean canAmendComment(
350: final SecuritySession securitySession,
351: final CommentDO commentParam) throws SystemException {
352: // prerequisite: nobody can amend a comment with a null id
353: if (commentParam.getId() == null) {
354: return false;
355: }
356: // in order to amend a comment, the user must have sufficient rights
357: // at topic level, or be the original author of the topic
358: PersistenceSession persistenceSession = persistenceManager
359: .openSession(securitySession);
360: CommentDO comment;
361: try {
362: // re-get the comment from the data store
363: comment = (CommentDO) persistenceManager.findByPrimaryKey(
364: persistenceSession, CommentDO.class, commentParam
365: .getId());
366: } catch (Exception e) {
367: persistenceSession.cancel();
368: throw new SystemException(e);
369: } finally {
370: persistenceSession.close();
371: }
372: // so is this the original author?
373: if (comment.getCreatedBy().equals(securitySession.getUser())) {
374: return true;
375: }
376: // if that didn't work, check the rights at topic level
377: return canUser(securitySession, comment.getItem().getTopic()
378: .getId(), RightConstants.DETAIL_LIBRARY_COMMENT_TOPIC,
379: RightConstants.ACCESS_AMEND);
380: }
381:
382: /**
383: * <p>Find out if a user is allowed to amend items in a given topic.</p>
384: *
385: * @param userName the name of the user to check the user rights for.
386: * @param topicId the unique identifier of the topic to check.
387: * @return <code>true</code> if the user is entitled to amend items in the
388: * topic, otherwise <code>false</code>.
389: */
390: public boolean canAmendInTopic(
391: final SecuritySession securitySession, final Integer topicId)
392: throws SystemException {
393: return canUser(securitySession, topicId,
394: RightConstants.DETAIL_LIBRARY_ITEM_TOPIC,
395: RightConstants.ACCESS_AMEND);
396: }
397:
398: /**
399: * <p>Find out if a user is allowed to amend an existing new topic.</p>
400: *
401: * @param userName the name of the user to check the user rights for.
402: * @param topicId the unique identifier of the topic to check.
403: * @return <code>true</code> if the user is entitled to amend the
404: * topic, otherwise <code>false</code>.
405: */
406: public boolean canAmendTopic(final SecuritySession securitySession,
407: final Integer id) throws SystemException {
408: return canUser(securitySession, id,
409: RightConstants.DETAIL_LIBRARY_TOPIC,
410: RightConstants.ACCESS_AMEND);
411: }
412:
413: /**
414: * <p>Find out if a user is allowed to remove an existing comment.</p>
415: *
416: * @param userName the name of the user to check the user rights for.
417: * @param commentParam the comment check.
418: * @return <code>true</code> if the user is entitled to remove this comment,
419: * otherwise <code>false</code>.
420: */
421: public boolean canRemoveComment(
422: final SecuritySession securitySession,
423: final CommentDO commentParam) throws SystemException {
424: // prerequisite: nobody can remove a comment with a null id
425: if (commentParam.getId() == null) {
426: return false;
427: }
428: // in order to remove a comment, the user must have sufficient rights
429: // at topic level, or be the original author of the topic
430: PersistenceSession persistenceSession = persistenceManager
431: .openSession(securitySession);
432: CommentDO comment;
433: try {
434: // re-get the comment from the data store
435: comment = (CommentDO) persistenceManager.findByPrimaryKey(
436: persistenceSession, CommentDO.class, commentParam
437: .getId());
438: } catch (Exception e) {
439: persistenceSession.cancel();
440: throw new SystemException(e);
441: } finally {
442: persistenceSession.close();
443: }
444: // so is this the original author?
445: if (comment.getCreatedBy().equals(securitySession.getUser())) {
446: return true;
447: }
448: // if that didn't work, check the rights at topic level
449: return canUser(securitySession, comment.getItem().getTopic()
450: .getId(), RightConstants.DETAIL_LIBRARY_COMMENT_TOPIC,
451: RightConstants.ACCESS_REMOVE);
452: }
453:
454: /**
455: * <p>Find out if a user is allowed to remove items from a given topic.</p>
456: *
457: * @param userName the name of the user to check the user rights for.
458: * @param topicId the unique identifier of the topic to check.
459: * @return <code>true</code> if the user is entitled to remove items from
460: * the topic, otherwise <code>false</code>.
461: */
462: public boolean canRemoveFromTopic(
463: final SecuritySession securitySession, final Integer topicId)
464: throws SystemException {
465: return canUser(securitySession, topicId,
466: RightConstants.DETAIL_LIBRARY_ITEM_TOPIC,
467: RightConstants.ACCESS_REMOVE);
468: }
469:
470: /**
471: * <p>Find out if a user is allowed to remove a topic.</p>
472: *
473: * @param userName the name of the user to check the user rights for.
474: * @param topicId the unique identifier of the topic to check.
475: * @return <code>true</code> if the user is entitled to remove the
476: * topic, otherwise <code>false</code>.
477: */
478: public boolean canRemoveTopic(
479: final SecuritySession securitySession, final Integer id)
480: throws SystemException {
481: return canUser(securitySession, id,
482: RightConstants.DETAIL_LIBRARY_TOPIC,
483: RightConstants.ACCESS_REMOVE);
484: }
485:
486: /**
487: * <p>Internal helper method. Find out if a user is allowed to access
488: * entries in a given group.</p>
489: *
490: * @param securitySession Security session to check the rights for.
491: * @param integerParam Unique identifier of the topic to check.
492: * @param access The access level as defined in {@link
493: * com.ivata.groupware.business.addressbook.person.group.right.RightConstants
494: * RightConstants}.
495: * @return <code>true</code> if the user is entitled to access entries in the
496: * topic, otherwise <code>false</code>.
497: */
498: public boolean canUser(final SecuritySession securitySession,
499: Integer integerParam, final Integer detail,
500: final Integer access) throws SystemException {
501: /* TODO PersistenceSession persistenceSession = persistenceManager.openSession(securitySession);
502:
503: // see if we're allowed to
504: try {
505: Collection tmp = persistenceManager.find(persistenceSession,
506: "rightByUserNameAccessDetailTargetId",
507: new Object [] {
508: securitySession.getUser().getName(),
509: access,
510: detail,
511: topicId
512: });
513: if (tmp.size() == 0) {
514: return false;
515: }
516: } catch (FinderException e) {
517: // oops
518: return false;
519: }
520: // only return true if we get this far :- )
521: */
522:
523: return true;
524: }
525:
526: /**
527: * <p>Find out if a user is allowed to view items to a given topic.</p>
528: *
529: * @param userName the name of the user to check the user rights for.
530: * @param integerParam the unique identifier of the topic to check.
531: * @return <code>true</code> if the user is entitled to view items in the
532: * topic, otherwise <code>false</code>.
533: */
534: public boolean canViewInTopic(
535: final SecuritySession securitySession, Integer topicId)
536: throws SystemException {
537: return canUser(securitySession, topicId,
538: RightConstants.DETAIL_LIBRARY_ITEM_TOPIC,
539: RightConstants.ACCESS_VIEW);
540: }
541:
542: /**
543: * <p>Find groups which have <code>access</code> to items with topic.
544: * Return only those groups which can be see by that user.</p>
545: *
546: * @param id of TOPIC
547: * @param userName user which is trying to find rights
548: * @param access find rights with this access
549: * @return Collection of IDS of groups which have <code>access</code> to that items wuth that topic
550: */
551: public Collection findRightsForItemsInTopic(
552: final SecuritySession securitySession, final Integer id,
553: final Integer access) throws SystemException {
554: Vector rights = new Vector();
555: String userName = securitySession.getUser().getName();
556:
557: PersistenceSession persistenceSession = persistenceManager
558: .openSession(securitySession);
559: try {
560: // I will send only groupIds which user can view, no more.
561: List groupIdsCanViewByUser = persistenceManager
562: .find(
563: persistenceSession,
564: "rightTargetIdByUserNameAccessDetail",
565: new Object[] {
566: userName,
567: RightConstants.ACCESS_VIEW,
568: RightConstants.DETAIL_PERSON_GROUP_MEMBER });
569: // find rights for TOPIC
570: List tmp = persistenceManager.find(persistenceSession,
571: "rightByAccessDetailTargetId", new Object[] {
572: access,
573: RightConstants.DETAIL_LIBRARY_ITEM_TOPIC,
574: id });
575:
576: for (int i = 0; i < tmp.size(); i++) {
577: RightDO right = (RightDO) tmp.get(i);
578: Integer groupId = right.getGroup().getId();
579:
580: if (groupIdsCanViewByUser.contains(groupId)) {
581: rights.add(groupId);
582: }
583: }
584: } catch (Exception e) {
585: persistenceSession.cancel();
586: throw new SystemException(e);
587: } finally {
588: persistenceSession.close();
589: }
590: return rights;
591: }
592:
593: /**
594: * <p>Find groups which have <code>access</code> to topic.
595: * Return only those groups which can be see by that user.</p>
596: *
597: * @param id of TOPIC
598: * @param userName user which is trying to find rights
599: * @param access find rights with this access
600: * @return Collection of IDS of groups which have <code>access</code> to that topic
601: */
602: public Collection findRightsForTopic(
603: final SecuritySession securitySession, final Integer id,
604: final Integer access) throws SystemException {
605: Vector rights = new Vector();
606: String userName = securitySession.getUser().getName();
607:
608: PersistenceSession persistenceSession = persistenceManager
609: .openSession(securitySession);
610: try {
611: // I will send only groupIds which user can view, no more.
612: List groupIdsCanViewByUser = persistenceManager.find(
613: persistenceSession,
614: "rightTargetIdByUserNameAccessDetail",
615: new Object[] { userName,
616: RightConstants.ACCESS_VIEW,
617: RightConstants.DETAIL_LIBRARY_TOPIC });
618: // find rights for TOPIC
619: List tmp = persistenceManager.find(persistenceSession,
620: "rightByAccessDetailTargetId", new Object[] {
621: access,
622: RightConstants.DETAIL_LIBRARY_ITEM_TOPIC,
623: id });
624:
625: for (int i = 0; i < tmp.size(); i++) {
626: RightDO right = (RightDO) tmp.get(i);
627: Integer groupId = right.getGroup().getId();
628:
629: if (groupIdsCanViewByUser.contains(groupId)) {
630: rights.add(groupId);
631: }
632: }
633: } catch (Exception e) {
634: persistenceSession.cancel();
635: throw new SystemException(e);
636: } finally {
637: persistenceSession.close();
638: }
639: return rights;
640: }
641:
642: /**
643: * <p>Find the unique identifiers of all library topics for which the items
644: * can be accessed by the group specified, with the access level given.</p>
645: *
646: * @param groupId unique identifier of the group for which to search for
647: * library topics.
648: * @param access the access level as defined in {@link
649: * com.ivata.groupware.business.addressbook.person.group.right.RightConstants
650: * RightConstants}.
651: * @return a <code>Collection</code> of <code>Integer</code> instances,
652: * matching all topics which can be access with this level of access
653: * by the group specified.
654: */
655: public Collection findTopicsByGroupAccess(
656: final SecuritySession securitySession,
657: final Integer groupId, final Integer access)
658: throws SystemException {
659: Vector topics = new Vector();
660:
661: PersistenceSession persistenceSession = persistenceManager
662: .openSession(securitySession);
663: try {
664: // first find the group
665: GroupDO group = (GroupDO) persistenceManager
666: .findByPrimaryKey(persistenceSession,
667: GroupDO.class, groupId);
668:
669: // find all the ids
670: List topicIds = persistenceManager.find(persistenceSession,
671: "rightTargetIdByGroupIdAccessDetail", new Object[] {
672: group, access,
673: RightConstants.DETAIL_LIBRARY_ITEM_TOPIC });
674: for (Iterator i = topicIds.iterator(); i.hasNext();) {
675: String topicId = (String) i.next();
676: TopicDO topic = (TopicDO) persistenceManager
677: .findByPrimaryKey(persistenceSession,
678: TopicDO.class, topicId);
679: topics.add(topic);
680: }
681:
682: } catch (Exception e) {
683: persistenceSession.cancel();
684: throw new SystemException(e);
685: } finally {
686: persistenceSession.close();
687: }
688:
689: return topics;
690: }
691: }
|