Index: lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/dao/DAO.java =================================================================== diff -u -rae5ca71cff855dcaa48d5b4f2989e5411fcaac04 -rb8cffb90895b237f8974633720e6c491699117f4 --- lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/dao/DAO.java (.../DAO.java) (revision ae5ca71cff855dcaa48d5b4f2989e5411fcaac04) +++ lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/dao/DAO.java (.../DAO.java) (revision b8cffb90895b237f8974633720e6c491699117f4) @@ -24,15 +24,16 @@ package org.lamsfoundation.lams.tool.dokumaran.dao; import java.io.Serializable; -import java.util.List; +import org.lamsfoundation.lams.dao.IBaseDAO; + /** * Data Access Object (DAO) interface. This is an interface * used to tag our DAO classes and to provide common methods to all DAOs. * * @author Dapeng.Ni */ -public interface DAO { +public interface DAO extends IBaseDAO { /** * Generic method to get an object based on class and identifier. An @@ -49,15 +50,15 @@ /** * Generic method to save an object - handles both update and insert. - * + * * @param o * the object to save */ public void saveObject(Object o); /** * Generic method to delete an object based on class and id - * + * * @param clazz * model class to lookup * @param id Index: lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/service/DokumaranService.java =================================================================== diff -u -r20aa6cbca9fc96d341080e6ad39f82593443f792 -rb8cffb90895b237f8974633720e6c491699117f4 --- lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/service/DokumaranService.java (.../DokumaranService.java) (revision 20aa6cbca9fc96d341080e6ad39f82593443f792) +++ lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/service/DokumaranService.java (.../DokumaranService.java) (revision b8cffb90895b237f8974633720e6c491699117f4) @@ -337,7 +337,15 @@ return dokumaranUserDao.getUserByUserIDAndContentID(userId, contentId); } + @SuppressWarnings("unchecked") @Override + public DokumaranUser getUserByLoginAndContent(String login, long contentId) { + List user = dokumaranUserDao.findByProperty(User.class, "login", login); + return user.isEmpty() ? null + : dokumaranUserDao.getUserByUserIDAndContentID(user.get(0).getUserId().longValue(), contentId); + } + + @Override public DokumaranUser getUserByIDAndSession(Long userId, Long sessionId) { return dokumaranUserDao.getUserByUserIDAndSessionID(userId, sessionId); } @@ -546,7 +554,7 @@ public void auditLogStartEditingActivityInMonitor(long toolContentID) { toolService.auditLogStartEditingActivityInMonitor(toolContentID); } - + @Override public boolean isLastActivity(Long toolSessionId) { return toolService.isLastActivity(toolSessionId); @@ -1041,7 +1049,7 @@ public List getConfidenceLevels(Long toolSessionId) { return null; } - + @Override public boolean isUserGroupLeader(Long userId, Long toolSessionId) { DokumaranSession session = getDokumaranSessionBySessionId(toolSessionId); Index: lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/service/IDokumaranService.java =================================================================== diff -u -r3bb7e0141ae1cc15ccd737c95d90b5762a34ad61 -rb8cffb90895b237f8974633720e6c491699117f4 --- lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/service/IDokumaranService.java (.../IDokumaranService.java) (revision 3bb7e0141ae1cc15ccd737c95d90b5762a34ad61) +++ lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/service/IDokumaranService.java (.../IDokumaranService.java) (revision b8cffb90895b237f8974633720e6c491699117f4) @@ -29,7 +29,6 @@ import javax.servlet.http.Cookie; - import org.lamsfoundation.lams.notebook.model.NotebookEntry; import org.lamsfoundation.lams.tool.dokumaran.dto.ReflectDTO; import org.lamsfoundation.lams.tool.dokumaran.dto.SessionDTO; @@ -66,7 +65,7 @@ * @throws DokumaranApplicationException */ Dokumaran getDefaultContent(Long contentId) throws DokumaranApplicationException; - + /** * Set specified user as a leader. Also the previous leader (if any) is marked as non-leader. * @@ -76,50 +75,52 @@ * whether user is accessing this doKumaran tool for the first time. If it's true - it will try to update * leaders list from the Leader Selection activity */ - List checkLeaderSelectToolForSessionLeader(DokumaranUser user, Long toolSessionId, boolean isFirstTimeAccess); - + List checkLeaderSelectToolForSessionLeader(DokumaranUser user, Long toolSessionId, + boolean isFirstTimeAccess); + /** * Is user is as a leader. It works OK in all cases regardless whether isAllowMultipleLeaders option is ON or OFF * (as all leaders are kept in leaders list anyway). - * + * * @param leaders * @param userId * @return */ boolean isUserLeader(List leaders, Long userId); - + /** - * Checks whether at least one of the leaders has finished activity and thus all non-leaders can proceed with finishing it as well. - * + * Checks whether at least one of the leaders has finished activity and thus all non-leaders can proceed with + * finishing it as well. + * * @param leaders * @return */ boolean isLeaderResponseFinalized(List leaders); - + /** * Checks whether at least one of the leaders has finished activity and thus all non-leaders can proceed with * finishing it as well. It differs from the above method that is should be used when leaders list is not * constructed yet. - * + * * @param session * @return */ boolean isLeaderResponseFinalized(Long toolSessionId); - + /** * Stores date when user has started activity with time limit. - * + * * @param toolContentId - * @throws IOException - * @throws JSONException + * @throws IOException + * @throws JSONException */ void launchTimeLimit(Long toolContentId) throws IOException; - + void addOneMinute(Long toolContentId) throws IOException; /** - * Calculates how many seconds left till the time limit will expire. - * + * Calculates how many seconds left till the time limit will expire. + * * @param assessment * @return */ @@ -130,26 +131,28 @@ * @return whether the time limit is exceeded already */ boolean checkTimeLimitExceeded(Dokumaran dokumaran); - - Cookie createEtherpadCookieForLearner(DokumaranUser user, DokumaranSession session) throws DokumaranConfigurationException, URISyntaxException, DokumaranApplicationException; - - Cookie createEtherpadCookieForMonitor(UserDTO user, Long contentId) throws DokumaranConfigurationException, URISyntaxException; - + + Cookie createEtherpadCookieForLearner(DokumaranUser user, DokumaranSession session) + throws DokumaranConfigurationException, URISyntaxException, DokumaranApplicationException; + + Cookie createEtherpadCookieForMonitor(UserDTO user, Long contentId) + throws DokumaranConfigurationException, URISyntaxException; + /** * Creates EPLiteClient that will make calls to Etherpad server. Throws DokumaranConfigurationException tf the tool * is not configured appropriately (either etherpadServerUrl or etherpadApiKey is missing). - * + * * @return * @throws DokumaranConfigurationException */ EPLiteClient initializeEPLiteClient() throws DokumaranConfigurationException; - + /** * Creates pad on Etherpad server side. - * + * * @param dokumaran * @param session - * @throws DokumaranConfigurationException + * @throws DokumaranConfigurationException */ void createPad(Dokumaran dokumaran, DokumaranSession session) throws DokumaranConfigurationException; @@ -167,6 +170,8 @@ */ DokumaranUser getUserByIDAndContent(Long userID, Long contentId); + DokumaranUser getUserByLoginAndContent(String login, long contentId); + /** * Get user by sessionID and UserID * @@ -175,15 +180,15 @@ * @return */ DokumaranUser getUserByIDAndSession(Long long1, Long sessionId); - + /** * Get users by the given toolSessionId. * * @param toolSessionId * @return */ List getUsersBySession(Long toolSessionId); - + DokumaranConfigItem getConfigItem(String key); void saveOrUpdateDokumaranConfigItem(DokumaranConfigItem item); Index: lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/web/controller/LearningWebsocketServer.java =================================================================== diff -u -r18a207719c2aa30f683987fd0bb9176521b704de -rb8cffb90895b237f8974633720e6c491699117f4 --- lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/web/controller/LearningWebsocketServer.java (.../LearningWebsocketServer.java) (revision 18a207719c2aa30f683987fd0bb9176521b704de) +++ lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/web/controller/LearningWebsocketServer.java (.../LearningWebsocketServer.java) (revision b8cffb90895b237f8974633720e6c491699117f4) @@ -17,6 +17,7 @@ import org.apache.log4j.Logger; import org.lamsfoundation.lams.tool.dokumaran.DokumaranConstants; import org.lamsfoundation.lams.tool.dokumaran.model.Dokumaran; +import org.lamsfoundation.lams.tool.dokumaran.model.DokumaranUser; import org.lamsfoundation.lams.tool.dokumaran.service.IDokumaranService; import org.lamsfoundation.lams.util.hibernate.HibernateSessionManager; import org.lamsfoundation.lams.web.session.SessionManager; @@ -50,7 +51,7 @@ try { // websocket communication bypasses standard HTTP filters, so Hibernate session needs to be initialised manually HibernateSessionManager.openSession(); - + Iterator>> entryIterator = LearningWebsocketServer.websockets.entrySet() .iterator(); // go through activities and update registered learners with reports and vote count @@ -117,6 +118,14 @@ public void registerUser(Session websocket) throws IOException { Long toolContentID = Long .valueOf(websocket.getRequestParameterMap().get(AttributeNames.PARAM_TOOL_CONTENT_ID).get(0)); + String login = websocket.getUserPrincipal().getName(); + DokumaranUser user = LearningWebsocketServer.getDokumaranService().getUserByLoginAndContent(login, + toolContentID); + if (user == null) { + throw new SecurityException("User \"" + login + + "\" is not a participant in Dokumaran activity with tool content ID " + toolContentID); + } + Set toolContentWebsockets = websockets.get(toolContentID); if (toolContentWebsockets == null) { toolContentWebsockets = ConcurrentHashMap.newKeySet(); @@ -125,8 +134,7 @@ toolContentWebsockets.add(websocket); if (log.isDebugEnabled()) { - log.debug("User " + websocket.getUserPrincipal().getName() + " entered Dokumaran with toolContentId: " - + toolContentID); + log.debug("User " + login + " entered Dokumaran with toolContentId: " + toolContentID); } }