Merge branch '4.1.18'

Author: hplahar

pom.xml

@@ -4,7 +4,7 @@
     <groupId>org.jbei</groupId>
     <artifactId>ice</artifactId>
     <packaging>war</packaging>
-    <version>4.1.17</version>
+    <version>4.1.18</version>
     <name>ice</name>
     <description>Inventory of Composable Elements (ICE) for Synthetic Biology</description>
     <repositories>

src/main/java/org/jbei/ice/lib/dao/hibernate/PermissionDAO.java

@@ -347,6 +347,35 @@ public List<Long> getCanReadEntries(Account account, Set<Group> groups, List<Lon
                 .list();
     }
 
+    /**
+     * Determines if the specified account has write privileges on the entries passed on the parameter
+     *
+     * @param account user account
+     * @param groups  groups that the account belongs to
+     * @param entries list of entry Ids to check
+     * @return true if the user has write privileges on <b>all</b> the entries specified in the parameter
+     */
+    public boolean canWrite(Account account, Set<Group> groups, List<Long> entries) {
+        Criteria criteria = currentSession().createCriteria(Permission.class);
+        Disjunction disjunction = Restrictions.disjunction();
+        disjunction.add(Restrictions.and(Restrictions.eq("account", account), Restrictions.eq("canWrite", true)));
+        disjunction.add(Restrictions.eq("entry.ownerEmail", account.getEmail()));
+
+        if (!groups.isEmpty()) {
+            disjunction.add(Restrictions.and(Restrictions.in("group", groups), Restrictions.eq("canWrite", true)));
+        }
+
+        criteria.createAlias("entry", "entry", JoinType.LEFT_OUTER_JOIN)
+                .add(Restrictions.in("entry.id", entries))
+                .add(Restrictions.eq("entry.visibility", Visibility.OK.getValue()));
+
+        criteria.add(disjunction);
+        criteria.setProjection(Projections.distinct(Projections.property("entry.id")));
+
+        Number number = (Number) criteria.setProjection(Projections.rowCount()).uniqueResult();
+        return number.intValue() == entries.size();
+    }
+
     @Override
     public Permission get(long id) {
         return super.get(Permission.class, id);

src/main/java/org/jbei/ice/lib/entry/Entries.java

@@ -0,0 +1,45 @@
+package org.jbei.ice.lib.entry;
+
+import org.jbei.ice.lib.account.AccountController;
+import org.jbei.ice.lib.account.model.Account;
+import org.jbei.ice.lib.dao.DAOFactory;
+import org.jbei.ice.lib.dao.hibernate.EntryDAO;
+import org.jbei.ice.lib.dao.hibernate.PermissionDAO;
+import org.jbei.ice.lib.dto.entry.Visibility;
+import org.jbei.ice.lib.entry.model.Entry;
+import org.jbei.ice.lib.group.Group;
+import org.jbei.ice.lib.group.GroupController;
+
+import java.util.List;
+import java.util.Set;
+
+/**
+ * @author Hector Plahar
+ */
+public class Entries {
+
+    private final EntryDAO dao;
+
+    public Entries() {
+        this.dao = DAOFactory.getEntryDAO();
+    }
+
+    public boolean updateVisibility(String userId, List<Long> entryIds, Visibility visibility) {
+        Account account = DAOFactory.getAccountDAO().getByEmail(userId);
+        Set<Group> accountGroups = new GroupController().getAllGroups(account);
+        PermissionDAO permissionDAO = DAOFactory.getPermissionDAO();
+        if (!new AccountController().isAdministrator(userId) && !permissionDAO.canWrite(account, accountGroups, entryIds))
+            return false;
+
+        for (long entryId : entryIds) {
+            Entry entry = dao.get(entryId);
+            if (entry.getVisibility() == visibility.getValue())
+                continue;
+
+            entry.setVisibility(visibility.getValue());
+            dao.update(entry);
+        }
+
+        return true;
+    }
+}

src/main/java/org/jbei/ice/lib/entry/EntryController.java

@@ -173,6 +173,50 @@ public long getNumberOfOwnerEntries(String requesterUserEmail, String ownerEmail
         return dao.ownerEntryCount(account, ownerEmail, accountGroups);
     }
 
+    /**
+     * Determines if the two entries can be linked
+     *
+     * @param entry parent in link hierarchy
+     * @param link  child in link hierarchy
+     * @return true if the two entries can be linked in the hierarchy specified
+     */
+    private boolean canLink(Entry entry, Entry link) {
+        if (entry == null || link == null || entry.getId() == link.getId())
+            return false;
+
+        if (link.getLinkedEntries().contains(entry))
+            return false;
+
+        EntryType linkedType = EntryType.nameToType(link.getRecordType());
+        EntryType type = EntryType.nameToType(entry.getRecordType());
+        if (type == null || linkedType == null)
+            return false;
+
+        switch (type) {
+            case PLASMID:
+                if (linkedType != type && linkedType != EntryType.PART)
+                    return false;
+                break;
+
+            case PART:
+                if (linkedType != type)
+                    return false;
+                break;
+
+            case STRAIN:
+                if (linkedType != type && linkedType != EntryType.PLASMID && linkedType != EntryType.PART)
+                    return false;
+                break;
+
+            case ARABIDOPSIS:
+                if (linkedType != type && linkedType != EntryType.PART)
+                    return false;
+                break;
+        }
+
+        return true;
+    }
+
     public long updatePart(String userId, long partId, PartData part) {
         Entry existing = dao.get(partId);
         authorization.expectWrite(userId, existing);
@@ -182,13 +226,15 @@ public long updatePart(String userId, long partId, PartData part) {
         if (part.getLinkedParts() != null && part.getLinkedParts().size() > 0) {
             for (PartData data : part.getLinkedParts()) {
                 Entry linked = dao.getByPartNumber(data.getPartId());
-                if (linked == null)
-                    continue;
 
+                // check permissions on link
                 if (!authorization.canRead(userId, linked)) {
                     continue;
                 }
 
+                if (!canLink(entry, linked))
+                    continue;
+
                 entry.getLinkedEntries().add(linked);
             }
         }

src/main/java/org/jbei/ice/services/rest/ArrayDataJSONHandler.java

@@ -1,15 +1,9 @@
 package org.jbei.ice.services.rest;
 
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.OutputStream;
-import java.io.OutputStreamWriter;
-import java.io.Reader;
-import java.io.Writer;
-import java.lang.annotation.Annotation;
-import java.lang.reflect.Type;
-import java.util.ArrayList;
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import org.jbei.ice.lib.dao.IDataTransferModel;
+
 import javax.ws.rs.Consumes;
 import javax.ws.rs.Produces;
 import javax.ws.rs.WebApplicationException;
@@ -18,13 +12,10 @@
 import javax.ws.rs.ext.MessageBodyReader;
 import javax.ws.rs.ext.MessageBodyWriter;
 import javax.ws.rs.ext.Provider;
-
-import org.jbei.ice.lib.dao.IDataTransferModel;
-
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
-import com.google.gson.JsonElement;
-import com.google.gson.reflect.TypeToken;
+import java.io.*;
+import java.lang.annotation.Annotation;
+import java.lang.reflect.Type;
+import java.util.ArrayList;
 
 /**
  * @author Hector Plahar

src/main/java/org/jbei/ice/services/rest/PartDataJSONHandler.java

@@ -1,14 +1,9 @@
 package org.jbei.ice.services.rest;
 
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.OutputStream;
-import java.io.OutputStreamWriter;
-import java.io.Reader;
-import java.io.Writer;
-import java.lang.annotation.Annotation;
-import java.lang.reflect.Type;
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import org.jbei.ice.lib.dao.IDataTransferModel;
+
 import javax.ws.rs.Consumes;
 import javax.ws.rs.Produces;
 import javax.ws.rs.WebApplicationException;
@@ -17,11 +12,9 @@
 import javax.ws.rs.ext.MessageBodyReader;
 import javax.ws.rs.ext.MessageBodyWriter;
 import javax.ws.rs.ext.Provider;
-
-import org.jbei.ice.lib.dao.IDataTransferModel;
-
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
+import java.io.*;
+import java.lang.annotation.Annotation;
+import java.lang.reflect.Type;
 
 /**
  * Custom Writer and Reader for classes that extend {@link IDataTransferModel} using GSON for JSON conversion
@@ -36,8 +29,6 @@ public class PartDataJSONHandler
 
     @Override
     public boolean isWriteable(Class<?> type, Type genericType, Annotation[] annotations, MediaType mediaType) {
-//        return type == PartData.class || type == PlasmidData.class || type == StrainData.class || type ==
-//                ArabidopsisSeedData.class;
         return true;
     }
 
@@ -59,8 +50,6 @@ public void writeTo(IDataTransferModel data, Class<?> type, Type genericType, An
 
     @Override
     public boolean isReadable(Class<?> type, Type genericType, Annotation[] annotations, MediaType mediaType) {
-//        return type == PartData.class || type == PlasmidData.class || type == StrainData.class || type ==
-//                ArabidopsisSeedData.class;
         return true;
     }