Index: lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/service/IMonitoringService.java =================================================================== diff -u -r8b271e1b06efcbe0b323b7071cdecf693e322c60 -rca668f79995a896bc1f79a2e89af255a8fe7ef76 --- lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/service/IMonitoringService.java (.../IMonitoringService.java) (revision 8b271e1b06efcbe0b323b7071cdecf693e322c60) +++ lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/service/IMonitoringService.java (.../IMonitoringService.java) (revision ca668f79995a896bc1f79a2e89af255a8fe7ef76) @@ -165,12 +165,13 @@ * activity will be complete as well. * * @param learnerId + * @param requesterId the user id of the person requesting the force complete. For security check * @param lessonId * @param activityId force complete to this activity(this activity will be force complete as well). * If null value, force will complete all activities in this lesson. * @return success message. */ - public String forceCompleteLessonByUser(Integer learnerId,long lessonId,Long activityId); + public String forceCompleteLessonByUser(Integer learnerId, Integer requesterId, long lessonId,Long activityId); /** * Archive the specified lesson. When archived, the data is retained @@ -243,21 +244,23 @@ * Returns a list of learners participating in the given Lesson * * @param lessonID The lesson_id of the Lesson + * @param userID The user id of the user requesting the lesson learners * @return String The requested list in wddx format * * @throws IOException */ - public String getLessonLearners(Long lessonID)throws IOException; + public String getLessonLearners(Long lessonID, Integer userID)throws IOException; /** * Returns a list of staff participating in the given Lesson * * @param lessonID The lesson_id of the Lesson + * @param userID The user id of the user requesting the lesson staff members * @return String The requested list in wddx format * * @throws IOException */ - public String getLessonStaff(Long lessonID)throws IOException; + public String getLessonStaff(Long lessonID, Integer userID)throws IOException; /** @@ -274,10 +277,11 @@ * in a given Lesson. * * @param lessonID The lesson_id of the Lesson whose progress information is required + * @param userID The user id of the user requesting the progress details * @return String The requested information in wddx format * @throws IOException */ - public String getAllLearnersProgress(Long lessonID)throws IOException; + public String getAllLearnersProgress(Long lessonID, Integer userID)throws IOException; /** * This method is called when the user clicks the 'Contribute' tab in the @@ -305,34 +309,37 @@ * @param lessonID The lesson_id of the Lesson for which the information has * to be fetched. * @param activityID The activity_id of the activity for which the URL is required - * @param userID The user_id of the Learner for whom the URL is being fetched + * @param learnerID The user_id of the Learner for whom the URL is being fetched + * @param requesterID The user_id of the user who is requesting the url * @return String The required information in WDDX format * @throws IOException * @throws LamsToolServiceException */ - public String getLearnerActivityURL(Long lessonID, Long activityID,Integer userID)throws IOException,LamsToolServiceException; + public String getLearnerActivityURL(Long lessonID, Long activityID,Integer learnerUserID, Integer requestingUserId)throws IOException,LamsToolServiceException; /** * This method returns the define later url for the given activity. * * @param lessonID The lesson_id of the Lesson for which the information has * to be fetched. * @param activityID The activity_id of the Activity whose URL will be returned + * @param userID The user id of the user requesting the url. * @return String the url * @throws IOException */ - public String getActivityDefineLaterURL(Long lessonID, Long activityID)throws IOException, LamsToolServiceException; + public String getActivityDefineLaterURL(Long lessonID, Long activityID, Integer userID)throws IOException, LamsToolServiceException; /** * This method returns the monitor url for the given activity * * @param lessonID The lesson_id of the Lesson for which the information has * to be fetched. * @param activityID The activity_id of the Activity whose URL will be returned + * @param userID The user id of the user requesting the url. * @return String The required information in WDDX format * @throws IOException */ - public String getActivityMonitorURL(Long lessonID, Long activityID, String contentFolderID)throws IOException, LamsToolServiceException; + public String getActivityMonitorURL(Long lessonID, Long activityID, String contentFolderID, Integer userID)throws IOException, LamsToolServiceException; /** * This method moves the learning design corresponding to the given Index: lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/service/MonitoringService.java =================================================================== diff -u -r1a175bfe9b4bc5309f3319accf2068eba3a9e902 -rca668f79995a896bc1f79a2e89af255a8fe7ef76 --- lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/service/MonitoringService.java (.../MonitoringService.java) (revision 1a175bfe9b4bc5309f3319accf2068eba3a9e902) +++ lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/service/MonitoringService.java (.../MonitoringService.java) (revision ca668f79995a896bc1f79a2e89af255a8fe7ef76) @@ -880,9 +880,11 @@ * @throws LamsToolServiceException * @see org.lamsfoundation.lams.monitoring.service.IMonitoringService#forceCompleteLessonByUser(Integer,long,long) */ - public String forceCompleteLessonByUser(Integer learnerId,long lessonId,Long activityId) + public String forceCompleteLessonByUser(Integer learnerId, Integer requesterId, long lessonId,Long activityId) { - + Lesson lesson = lessonDAO.getLesson(new Long(lessonId)); + checkOwnerOrStaffMember(requesterId, lesson, "force complete"); + User learner = (User)baseDAO.find(User.class,learnerId); LearnerProgress learnerProgress = learnerService.getProgress(learnerId, lessonId); @@ -1047,6 +1049,9 @@ * @see org.lamsfoundation.lams.monitoring.service.IMonitoringService#getLessonDetails(java.lang.Long) */ public String getLessonDetails(Long lessonID, Integer userID)throws IOException{ + Lesson lesson = lessonDAO.getLesson(new Long(lessonID)); + checkOwnerOrStaffMember(userID, lesson, "get lesson deatils"); + User user = (User)baseDAO.find(User.class,userID); LessonDetailsDTO dto = lessonService.getLessonDetails(lessonID); @@ -1073,9 +1078,11 @@ * (non-Javadoc) * @see org.lamsfoundation.lams.monitoring.service.IMonitoringService#getLessonLearners(java.lang.Long) */ - public String getLessonLearners(Long lessonID)throws IOException{ - Vector lessonLearners = new Vector(); + public String getLessonLearners(Long lessonID, Integer userID)throws IOException{ Lesson lesson = lessonDAO.getLesson(lessonID); + checkOwnerOrStaffMember(userID, lesson, "get lesson learners"); + + Vector lessonLearners = new Vector(); FlashMessage flashMessage; if(lesson!=null){ Iterator iterator = lesson.getLessonClass().getLearners().iterator(); @@ -1095,9 +1102,11 @@ * (non-Javadoc) * @see org.lamsfoundation.lams.monitoring.service.IMonitoringService#getLessonStaff(java.lang.Long) */ - public String getLessonStaff(Long lessonID)throws IOException{ - Vector lessonStaff = new Vector(); + public String getLessonStaff(Long lessonID, Integer userID)throws IOException{ Lesson lesson = lessonDAO.getLesson(lessonID); + checkOwnerOrStaffMember(userID, lesson, "get lesson staff"); + + Vector lessonStaff = new Vector(); FlashMessage flashMessage; if(lesson!=null){ Iterator iterator = lesson.getLessonClass().getStaffGroup().getUsers().iterator(); @@ -1125,9 +1134,11 @@ * (non-Javadoc) * @see org.lamsfoundation.lams.monitoring.service.IMonitoringService#getAllLearnersProgress(java.lang.Long) */ - public String getAllLearnersProgress(Long lessonID)throws IOException { - Vector progressData = new Vector(); + public String getAllLearnersProgress(Long lessonID, Integer userID)throws IOException { Lesson lesson = lessonDAO.getLesson(lessonID); + checkOwnerOrStaffMember(userID, lesson, "get all learners progress"); + + Vector progressData = new Vector(); FlashMessage flashMessage; if(lesson!=null){ Iterator iterator = lesson.getLearnerProgresses().iterator(); @@ -1194,24 +1205,29 @@ * (non-Javadoc) * @see org.lamsfoundation.lams.monitoring.service.IMonitoringService#getLearnerActivityURL(java.lang.Long, java.lang.Integer) */ - public String getLearnerActivityURL(Long lessonID, Long activityID,Integer userID)throws IOException, LamsToolServiceException{ + public String getLearnerActivityURL(Long lessonID, Long activityID,Integer learnerUserID, Integer requestingUserId)throws IOException, LamsToolServiceException{ + Lesson lesson = lessonDAO.getLesson(lessonID); + checkOwnerOrStaffMember(requestingUserId, lesson, "get monitoring learner progress url"); + Activity activity = activityDAO.getActivityByActivityId(activityID); - User user = (User)baseDAO.find(User.class,userID); + User learner = (User)baseDAO.find(User.class,learnerUserID); - if(activity==null || user==null){ - log.error("getLearnerActivityURL activity or user missing. Activity ID "+activityID+" activity " +activity+" userID "+userID+" user "+user); - + if(activity==null || learner==null){ + log.error("getLearnerActivityURL activity or user missing. Activity ID "+activityID+" activity " +activity+" userID "+learnerUserID+" user "+learner); } else if ( activity.isToolActivity() || activity.isSystemToolActivity() ){ - return lamsCoreToolService.getToolLearnerProgressURL(lessonID, activity,user); + return lamsCoreToolService.getToolLearnerProgressURL(lessonID, activity,learner); } return null; } /** * (non-Javadoc) * @see org.lamsfoundation.lams.monitoring.service.IMonitoringService#getActivityDefineLaterURL(java.lang.Long) */ - public String getActivityDefineLaterURL(Long lessonID, Long activityID)throws IOException, LamsToolServiceException{ - Activity activity = activityDAO.getActivityByActivityId(activityID); + public String getActivityDefineLaterURL(Long lessonID, Long activityID, Integer userID)throws IOException, LamsToolServiceException{ + Lesson lesson = lessonDAO.getLesson(lessonID); + checkOwnerOrStaffMember(userID, lesson, "get activity define later url"); + + Activity activity = activityDAO.getActivityByActivityId(activityID); if(activity==null){ log.error("getActivityMonitorURL activity missing. Activity ID "+activityID+" activity " +activity); @@ -1226,7 +1242,10 @@ * (non-Javadoc) * @see org.lamsfoundation.lams.monitoring.service.IMonitoringService#getActivityMonitorURL(java.lang.Long) */ - public String getActivityMonitorURL(Long lessonID, Long activityID, String contentFolderID)throws IOException, LamsToolServiceException{ + public String getActivityMonitorURL(Long lessonID, Long activityID, String contentFolderID, Integer userID)throws IOException, LamsToolServiceException{ + Lesson lesson = lessonDAO.getLesson(lessonID); + checkOwnerOrStaffMember(userID, lesson, "get activity define later url"); + Activity activity = activityDAO.getActivityByActivityId(activityID); if(activity==null){ Index: lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/web/MonitoringAction.java =================================================================== diff -u -r1598e600333d72b66e28f425f09ffa59c4b3fb31 -rca668f79995a896bc1f79a2e89af255a8fe7ef76 --- lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/web/MonitoringAction.java (.../MonitoringAction.java) (revision 1598e600333d72b66e28f425f09ffa59c4b3fb31) +++ lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/web/MonitoringAction.java (.../MonitoringAction.java) (revision ca668f79995a896bc1f79a2e89af255a8fe7ef76) @@ -31,8 +31,8 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpSession; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; import org.apache.struts.action.ActionForm; import org.apache.struts.action.ActionForward; @@ -42,15 +42,15 @@ import org.lamsfoundation.lams.monitoring.service.IMonitoringService; import org.lamsfoundation.lams.monitoring.service.MonitoringServiceProxy; import org.lamsfoundation.lams.tool.exception.LamsToolServiceException; +import org.lamsfoundation.lams.usermanagement.dto.UserDTO; import org.lamsfoundation.lams.usermanagement.exception.UserAccessDeniedException; import org.lamsfoundation.lams.util.DateUtil; import org.lamsfoundation.lams.util.WebUtil; import org.lamsfoundation.lams.util.audit.IAuditService; import org.lamsfoundation.lams.util.wddx.FlashMessage; import org.lamsfoundation.lams.web.action.LamsDispatchAction; -import org.lamsfoundation.lams.web.util.AttributeNames; import org.lamsfoundation.lams.web.session.SessionManager; -import org.lamsfoundation.lams.usermanagement.dto.UserDTO; +import org.lamsfoundation.lams.web.util.AttributeNames; import org.springframework.web.context.WebApplicationContext; import org.springframework.web.context.support.WebApplicationContextUtils; @@ -550,7 +550,8 @@ try { long lessonId = WebUtil.readLongParam(request,AttributeNames.PARAM_LESSON_ID); Integer learnerId = new Integer(WebUtil.readIntParam(request,MonitoringConstants.PARAM_LEARNER_ID)); - String message = monitoringService.forceCompleteLessonByUser(learnerId,lessonId,activityId); + Integer requesterId = getUserId(); + String message = monitoringService.forceCompleteLessonByUser(learnerId,requesterId,lessonId,activityId); if ( log.isDebugEnabled() ) { log.debug("Force complete for learner "+learnerId+" lesson "+lessonId+". "+message); } @@ -592,7 +593,7 @@ IMonitoringService monitoringService = MonitoringServiceProxy.getMonitoringService(getServlet().getServletContext()); try{ Long lessonID = new Long(WebUtil.readLongParam(request,"lessonID")); - wddxPacket = monitoringService.getLessonLearners(lessonID); + wddxPacket = monitoringService.getLessonLearners(lessonID, getUserId()); }catch (Exception e) { wddxPacket = handleException(e, "getLessonLearners", monitoringService).serializeMessage(); } @@ -609,7 +610,7 @@ IMonitoringService monitoringService = MonitoringServiceProxy.getMonitoringService(getServlet().getServletContext()); try{ Long lessonID = new Long(WebUtil.readLongParam(request,"lessonID")); - wddxPacket = monitoringService.getLessonStaff(lessonID); + wddxPacket = monitoringService.getLessonStaff(lessonID, getUserId()); }catch (Exception e) { wddxPacket = handleException(e, "getLessonStaff", monitoringService).serializeMessage(); } @@ -642,7 +643,7 @@ IMonitoringService monitoringService = MonitoringServiceProxy.getMonitoringService(getServlet().getServletContext()); try{ Long lessonID = new Long(WebUtil.readLongParam(request,"lessonID")); - wddxPacket = monitoringService.getAllLearnersProgress(lessonID); + wddxPacket = monitoringService.getAllLearnersProgress(lessonID, getUserId()); }catch (Exception e) { wddxPacket = handleException(e, "getAllLearnersProgress", monitoringService).serializeMessage(); } @@ -681,11 +682,11 @@ HttpServletResponse response)throws IOException,LamsToolServiceException{ IMonitoringService monitoringService = MonitoringServiceProxy.getMonitoringService(getServlet().getServletContext()); - Integer learnerUserID = new Integer(WebUtil.readIntParam(request,"userID")); + Integer learnerUserID = new Integer(WebUtil.readIntParam(request,"userID")); Long activityID = new Long(WebUtil.readLongParam(request,"activityID")); Long lessonID = new Long(WebUtil.readLongParam(request,AttributeNames.PARAM_LESSON_ID)); - String url = monitoringService.getLearnerActivityURL(lessonID,activityID,learnerUserID); + String url = monitoringService.getLearnerActivityURL(lessonID,activityID,learnerUserID,getUserId()); return redirectToURL(mapping, response, url); } /** Calls the server to bring up the activity's monitoring page. Assumes destination is a new window */ @@ -697,7 +698,7 @@ Long activityID = new Long(WebUtil.readLongParam(request,"activityID")); Long lessonID = new Long(WebUtil.readLongParam(request,AttributeNames.PARAM_LESSON_ID)); String contentFolderID = WebUtil.readStrParam(request, "contentFolderID"); - String url = monitoringService.getActivityMonitorURL(lessonID,activityID,contentFolderID); + String url = monitoringService.getActivityMonitorURL(lessonID,activityID,contentFolderID,getUserId()); return redirectToURL(mapping, response, url); } @@ -710,7 +711,7 @@ Long activityID = new Long(WebUtil.readLongParam(request,"activityID")); Long lessonID = new Long(WebUtil.readLongParam(request,AttributeNames.PARAM_LESSON_ID)); - String url = monitoringService.getActivityDefineLaterURL(lessonID,activityID); + String url = monitoringService.getActivityDefineLaterURL(lessonID,activityID,getUserId()); return redirectToURL(mapping, response, url); } Index: lams_monitoring/test/java/org/lamsfoundation/lams/monitoring/service/TestMonitoringService.java =================================================================== diff -u -r7ce50cd1c56b6ceb728898b8a51dd163cf5a6584 -rca668f79995a896bc1f79a2e89af255a8fe7ef76 --- lams_monitoring/test/java/org/lamsfoundation/lams/monitoring/service/TestMonitoringService.java (.../TestMonitoringService.java) (revision 7ce50cd1c56b6ceb728898b8a51dd163cf5a6584) +++ lams_monitoring/test/java/org/lamsfoundation/lams/monitoring/service/TestMonitoringService.java (.../TestMonitoringService.java) (revision ca668f79995a896bc1f79a2e89af255a8fe7ef76) @@ -246,19 +246,19 @@ System.out.print(packet); } public void testGetLessonLearners() throws IOException{ - String packet = monitoringService.getLessonLearners(TEST_LESSION_ID); + String packet = monitoringService.getLessonLearners(TEST_LESSION_ID,TEST_STAFF_ID); System.out.println(packet); } public void testGetLessonDesign()throws IOException{ String packet = monitoringService.getLearningDesignDetails(TEST_LESSION_ID); System.out.println(packet); } public void testGetAllLearnersProgress() throws IOException{ - String packet = monitoringService.getAllLearnersProgress(TEST_LESSION_ID); + String packet = monitoringService.getAllLearnersProgress(TEST_LESSION_ID,TEST_STAFF_ID); System.out.println(packet); } public void testGetLearnerActivityURL() throws Exception{ - String url = monitoringService.getLearnerActivityURL(TEST_LESSION_ID, new Long(29),TEST_LEARNER_ID); + String url = monitoringService.getLearnerActivityURL(TEST_LESSION_ID, new Long(29),TEST_LEARNER_ID,TEST_STAFF_ID); System.out.println(url); } public void testGellAllContributeActivities()throws IOException, LearningDesignProcessorException{