Index: lams_build/lib/lams/lams-central.jar =================================================================== RCS file: /usr/local/cvsroot/lams_build/lib/lams/lams-central.jar,v diff -u -r1.39 -r1.40 Binary files differ Index: lams_central/src/java/org/lamsfoundation/lams/authoring/IObjectExtractor.java =================================================================== RCS file: /usr/local/cvsroot/lams_central/src/java/org/lamsfoundation/lams/authoring/IObjectExtractor.java,v diff -u -r1.5 -r1.6 --- lams_central/src/java/org/lamsfoundation/lams/authoring/IObjectExtractor.java 17 Sep 2006 06:12:05 -0000 1.5 +++ lams_central/src/java/org/lamsfoundation/lams/authoring/IObjectExtractor.java 3 Jan 2008 01:31:50 -0000 1.6 @@ -27,13 +27,15 @@ import java.util.Hashtable; import org.lamsfoundation.lams.learningdesign.LearningDesign; +import org.lamsfoundation.lams.usermanagement.User; +import org.lamsfoundation.lams.usermanagement.WorkspaceFolder; import org.lamsfoundation.lams.util.wddx.WDDXProcessorConversionException; public interface IObjectExtractor { public static final String OBJECT_EXTRACTOR_SPRING_BEANNAME = "ObjectExtractor"; - public abstract LearningDesign extractSaveLearningDesign(Hashtable table) + public abstract LearningDesign extractSaveLearningDesign(Hashtable table, WorkspaceFolder workspaceFolder, User user) throws WDDXProcessorConversionException, ObjectExtractorException; public void setMode(Integer mode); Index: lams_central/src/java/org/lamsfoundation/lams/authoring/ObjectExtractor.java =================================================================== RCS file: /usr/local/cvsroot/lams_central/src/java/org/lamsfoundation/lams/authoring/ObjectExtractor.java,v diff -u -r1.62 -r1.63 --- lams_central/src/java/org/lamsfoundation/lams/authoring/ObjectExtractor.java 10 Dec 2007 07:41:02 -0000 1.62 +++ lams_central/src/java/org/lamsfoundation/lams/authoring/ObjectExtractor.java 3 Jan 2008 01:31:50 -0000 1.63 @@ -68,7 +68,6 @@ import org.lamsfoundation.lams.learningdesign.dao.ILearningLibraryDAO; import org.lamsfoundation.lams.learningdesign.dao.ILicenseDAO; import org.lamsfoundation.lams.learningdesign.dao.ITransitionDAO; -import org.lamsfoundation.lams.learningdesign.dto.BranchConditionDTO; import org.lamsfoundation.lams.lesson.LessonClass; import org.lamsfoundation.lams.tool.SystemTool; import org.lamsfoundation.lams.tool.Tool; @@ -294,7 +293,7 @@ /* (non-Javadoc) * @see org.lamsfoundation.lams.authoring.IObjectExtractor#extractSaveLearningDesign(java.util.Hashtable) */ - public LearningDesign extractSaveLearningDesign(Hashtable table) throws WDDXProcessorConversionException, ObjectExtractorException { + public LearningDesign extractSaveLearningDesign(Hashtable table, WorkspaceFolder workspaceFolder, User user) throws WDDXProcessorConversionException, ObjectExtractorException { learningDesign = null; @@ -316,6 +315,10 @@ } learningDesign.setCopyTypeID(copyTypeID); + learningDesign.setWorkspaceFolder(workspaceFolder); + learningDesign.setUser(user); + + // Pull out all the existing groups. there isn't an easy way to pull them out of the db requires an outer join across // three objects (learning design -> grouping activity -> grouping) so put both the existing ones and the new ones // here for reference later. @@ -372,17 +375,6 @@ learningDesign.setCreateDateTime(modificationDate); learningDesign.setLastModifiedDateTime(modificationDate); - Integer userId = getUserId(); - - if( userId != null ) { - User user = (User)baseDAO.find(User.class,userId); - if(user!=null) { - learningDesign.setUser(user); - } else { - throw new ObjectExtractorException("userID missing"); - } - } - if (keyExists(table, WDDXTAGS.LICENCE_ID)) { Long licenseID = WDDXProcessor.convertToLong(table,WDDXTAGS.LICENCE_ID); @@ -396,19 +388,6 @@ if (keyExists(table, WDDXTAGS.LICENSE_TEXT)) learningDesign.setLicenseText(WDDXProcessor.convertToString(table,WDDXTAGS.LICENSE_TEXT)); - if (keyExists(table, WDDXTAGS.WORKSPACE_FOLDER_ID)) - { - Integer workspaceFolderID = WDDXProcessor.convertToInteger(table, WDDXTAGS.WORKSPACE_FOLDER_ID); - if( workspaceFolderID!=null ){ - WorkspaceFolder workspaceFolder = (WorkspaceFolder)baseDAO.find(WorkspaceFolder.class,workspaceFolderID); - learningDesign.setWorkspaceFolder(workspaceFolder); - } - else - { - learningDesign.setWorkspaceFolder(null); - } - } - if (keyExists(table, WDDXTAGS.ORIGINAL_DESIGN_ID)) { Long parentLearningDesignID = WDDXProcessor.convertToLong(table,WDDXTAGS.ORIGINAL_DESIGN_ID); @@ -1219,18 +1198,6 @@ } /** - * Helper method to retrieve the user data. Gets the id from the user details - * in the shared session - * @return the user id - */ - public static Integer getUserId() - { - HttpSession ss = SessionManager.getSession(); - UserDTO learner = (UserDTO) ss.getAttribute(AttributeNames.USER); - return learner != null ? learner.getUserID() : null; - } - - /** * Parses the mappings used for branching. They map groups to the sequence activities * that form a branch within a branching activity. * Index: lams_central/src/java/org/lamsfoundation/lams/authoring/authoringApplicationContext.xml =================================================================== RCS file: /usr/local/cvsroot/lams_central/src/java/org/lamsfoundation/lams/authoring/authoringApplicationContext.xml,v diff -u -r1.15 -r1.16 --- lams_central/src/java/org/lamsfoundation/lams/authoring/authoringApplicationContext.xml 29 Aug 2007 03:58:23 -0000 1.15 +++ lams_central/src/java/org/lamsfoundation/lams/authoring/authoringApplicationContext.xml 3 Jan 2008 01:31:50 -0000 1.16 @@ -53,6 +53,7 @@ + Index: lams_central/src/java/org/lamsfoundation/lams/authoring/service/AuthoringService.java =================================================================== RCS file: /usr/local/cvsroot/lams_central/src/java/org/lamsfoundation/lams/authoring/service/AuthoringService.java,v diff -u -r1.56 -r1.57 --- lams_central/src/java/org/lamsfoundation/lams/authoring/service/AuthoringService.java 9 Dec 2007 09:54:00 -0000 1.56 +++ lams_central/src/java/org/lamsfoundation/lams/authoring/service/AuthoringService.java 3 Jan 2008 01:31:51 -0000 1.57 @@ -39,13 +39,16 @@ import java.util.Vector; import java.util.Date; +import javax.servlet.http.HttpSession; + import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; import org.hibernate.Hibernate; import org.hibernate.id.Configurable; import org.hibernate.id.IdentifierGenerator; import org.hibernate.id.UUIDHexGenerator; import org.lamsfoundation.lams.authoring.IObjectExtractor; +import org.lamsfoundation.lams.authoring.ObjectExtractorException; import org.lamsfoundation.lams.authoring.service.EditOnFlyProcessor; import org.lamsfoundation.lams.dao.hibernate.BaseDAO; import org.lamsfoundation.lams.learningdesign.Activity; @@ -92,6 +95,8 @@ import org.lamsfoundation.lams.tool.service.ILamsCoreToolService; import org.lamsfoundation.lams.usermanagement.User; import org.lamsfoundation.lams.usermanagement.WorkspaceFolder; +import org.lamsfoundation.lams.usermanagement.dto.UserDTO; +import org.lamsfoundation.lams.usermanagement.exception.UserAccessDeniedException; import org.lamsfoundation.lams.usermanagement.exception.UserException; import org.lamsfoundation.lams.usermanagement.exception.WorkspaceFolderException; import org.lamsfoundation.lams.util.Configuration; @@ -100,6 +105,10 @@ import org.lamsfoundation.lams.util.MessageService; import org.lamsfoundation.lams.util.wddx.FlashMessage; import org.lamsfoundation.lams.util.wddx.WDDXProcessor; +import org.lamsfoundation.lams.util.wddx.WDDXTAGS; +import org.lamsfoundation.lams.web.session.SessionManager; +import org.lamsfoundation.lams.web.util.AttributeNames; +import org.lamsfoundation.lams.workspace.service.IWorkspaceManagementService; import org.springframework.beans.factory.BeanFactory; import org.springframework.beans.factory.BeanFactoryAware; @@ -126,6 +135,7 @@ protected MessageService messageService; protected ILessonService lessonService; protected IMonitoringService monitoringService; + protected IWorkspaceManagementService workspaceManagementService; protected ToolContentIDGenerator contentIDGenerator; @@ -241,7 +251,11 @@ } - /** + public void setWorkspaceManagementService(IWorkspaceManagementService workspaceManagementService) { + this.workspaceManagementService = workspaceManagementService; + } + + /** * @param contentIDGenerator The contentIDGenerator to set. */ public void setContentIDGenerator(ToolContentIDGenerator contentIDGenerator) @@ -288,6 +302,19 @@ * Utility/Service Methods * *******************************************/ + /** + * Helper method to retrieve the user data. Gets the id from the user details + * in the shared session + * @return the user id + */ + public static Integer getUserId() + { + HttpSession ss = SessionManager.getSession(); + UserDTO learner = (UserDTO) ss.getAttribute(AttributeNames.USER); + return learner != null ? learner.getUserID() : null; + } + + /** * @see org.lamsfoundation.lams.authoring.service.IAuthoringService#getToolOutputDefinitions(java.lang.Long) */ @@ -707,6 +734,11 @@ if(workspaceFolder==null) throw new WorkspaceFolderException(messageService.getMessage("no.such.workspace.exist",new Object[]{workspaceFolderID})); + if ( ! workspaceManagementService.isUserAuthorizedToModifyFolderContents(workspaceFolder.getWorkspaceFolderId(), user.getUserId()) ) { + throw new UserAccessDeniedException("User with user_id of " + user.getUserId() + +" is not authorized to copy a learning design into the workspace folder "+workspaceFolder.getWorkspaceFolderId()); + } + return copyLearningDesign(originalDesign,copyType,user,workspaceFolder, setOriginalDesign,null); } @@ -715,7 +747,7 @@ */ public LearningDesign copyLearningDesign(LearningDesign originalLearningDesign,Integer copyType,User user, WorkspaceFolder workspaceFolder, boolean setOriginalDesign, String newDesignName) - throws LearningDesignException + { String newTitle = newDesignName; if ( newTitle == null ) { @@ -757,10 +789,19 @@ WorkspaceFolder workspaceFolder = (WorkspaceFolder)baseDAO.find(WorkspaceFolder.class,workspaceFolderID); if(workspaceFolder==null) throw new WorkspaceFolderException(messageService.getMessage("no.such.workspace.exist",new Object[]{workspaceFolderID})); + if ( ! workspaceManagementService.isUserAuthorizedToModifyFolderContents(workspaceFolder.getWorkspaceFolderId(), user.getUserId()) ) { + throw new UserAccessDeniedException("User with user_id of " + user.getUserId() + +" is not authorized to store a copy a learning design into the workspace folder "+workspaceFolder.getWorkspaceFolderId()); + } mainDesign = copyLearningDesign(mainDesign, LearningDesign.COPY_TYPE_NONE, user, workspaceFolder, false, newDesignName ); + } else { + // updating the existing design so check the rights to the folder containing the design. + if ( ! workspaceManagementService.isUserAuthorizedToModifyFolderContents(mainDesign.getWorkspaceFolder().getWorkspaceFolderId(), user.getUserId()) ) { + throw new UserAccessDeniedException("User with user_id of " + user.getUserId() + +" is not authorized to store a learning design into the workspace folder "+mainDesign.getWorkspaceFolder().getWorkspaceFolderId()); + } } - LearningDesign designToImport = learningDesignDAO.getLearningDesignById(designToImportID); if(designToImport==null) @@ -1054,8 +1095,27 @@ public Long storeLearningDesignDetails(String wddxPacket) throws Exception { Hashtable table = (Hashtable)WDDXProcessor.deserialize(wddxPacket); + Integer workspaceFolderID = WDDXProcessor.convertToInteger(table, WDDXTAGS.WORKSPACE_FOLDER_ID); + + User user = null; + Integer userID = getUserId(); + if( userID != null ) { + user = (User)baseDAO.find(User.class,userID); + } + if ( user == null ) { + throw new UserException("UserID missing or user not found."); + } + + WorkspaceFolder workspaceFolder = null; + if (workspaceFolderID != null ) { + if ( ! workspaceManagementService.isUserAuthorizedToModifyFolderContents(workspaceFolderID, userID) ) { + throw new UserException("User with user_id of " + userID +" is not authorized to store a design in this workspace folder "+workspaceFolderID); + } + workspaceFolder = (WorkspaceFolder)baseDAO.find(WorkspaceFolder.class,workspaceFolderID); + } + IObjectExtractor extractor = (IObjectExtractor) beanFactory.getBean(IObjectExtractor.OBJECT_EXTRACTOR_SPRING_BEANNAME); - LearningDesign design = extractor.extractSaveLearningDesign(table); + LearningDesign design = extractor.extractSaveLearningDesign(table, workspaceFolder, user); if(extractor.getMode().intValue() == 1) copyLearningDesignToolContent(design, design, design.getCopyTypeID()); Index: lams_central/src/java/org/lamsfoundation/lams/authoring/service/IAuthoringService.java =================================================================== RCS file: /usr/local/cvsroot/lams_central/src/java/org/lamsfoundation/lams/authoring/service/IAuthoringService.java,v diff -u -r1.23 -r1.24 --- lams_central/src/java/org/lamsfoundation/lams/authoring/service/IAuthoringService.java 9 Dec 2007 09:54:00 -0000 1.23 +++ lams_central/src/java/org/lamsfoundation/lams/authoring/service/IAuthoringService.java 3 Jan 2008 01:31:51 -0000 1.24 @@ -35,6 +35,7 @@ import org.lamsfoundation.lams.learningdesign.exception.LearningDesignException; import org.lamsfoundation.lams.usermanagement.User; import org.lamsfoundation.lams.usermanagement.WorkspaceFolder; +import org.lamsfoundation.lams.usermanagement.exception.UserAccessDeniedException; import org.lamsfoundation.lams.usermanagement.exception.UserException; import org.lamsfoundation.lams.usermanagement.exception.WorkspaceFolderException; import org.lamsfoundation.lams.util.MessageService; @@ -75,7 +76,7 @@ * @return LearningDesign The new copy of learning design. */ public LearningDesign copyLearningDesign(LearningDesign originalLearningDesign,Integer copyType,User user, - WorkspaceFolder workspaceFolder, boolean setOriginalDesign, String newDesignName); + WorkspaceFolder workspaceFolder, boolean setOriginalDesign, String newDesignName) ; /** * Create a copy of learning design as per the requested learning design Index: lams_central/src/java/org/lamsfoundation/lams/workspace/service/IWorkspaceManagementService.java =================================================================== RCS file: /usr/local/cvsroot/lams_central/src/java/org/lamsfoundation/lams/workspace/service/IWorkspaceManagementService.java,v diff -u -r1.20 -r1.21 --- lams_central/src/java/org/lamsfoundation/lams/workspace/service/IWorkspaceManagementService.java 20 Sep 2006 02:33:35 -0000 1.20 +++ lams_central/src/java/org/lamsfoundation/lams/workspace/service/IWorkspaceManagementService.java 3 Jan 2008 01:31:51 -0000 1.21 @@ -349,4 +349,18 @@ */ public String getUserOrganisation(Integer userID, Integer organisationId) throws IOException; + + /** + * This method checks whether the user is authorized to create + * a new folder or learning design or modify the existing contents under the given WorkspaceFolder. + * + * @param folderID The workspace_folder_id of the WorkspaceFolder + * under which the User wants to create/copy folder, file, update learning design, etc + * @param userID The User being checked + * @return boolean A boolean value indicating whether or not the User is authorized + * @throws UserException + * @throws WorkspaceFolderException + */ + public boolean isUserAuthorizedToModifyFolderContents(Integer folderID, Integer userID)throws UserException, WorkspaceFolderException; + } Index: lams_central/src/java/org/lamsfoundation/lams/workspace/service/WorkspaceManagementService.java =================================================================== RCS file: /usr/local/cvsroot/lams_central/src/java/org/lamsfoundation/lams/workspace/service/WorkspaceManagementService.java,v diff -u -r1.46 -r1.47 --- lams_central/src/java/org/lamsfoundation/lams/workspace/service/WorkspaceManagementService.java 9 Dec 2007 09:54:01 -0000 1.46 +++ lams_central/src/java/org/lamsfoundation/lams/workspace/service/WorkspaceManagementService.java 3 Jan 2008 01:31:51 -0000 1.47 @@ -53,6 +53,7 @@ import org.lamsfoundation.lams.dao.IBaseDAO; import org.lamsfoundation.lams.learningdesign.LearningDesign; import org.lamsfoundation.lams.learningdesign.dao.ILearningDesignDAO; +import org.lamsfoundation.lams.learningdesign.exception.LearningDesignException; import org.lamsfoundation.lams.usermanagement.Organisation; import org.lamsfoundation.lams.usermanagement.OrganisationState; import org.lamsfoundation.lams.usermanagement.Role; @@ -484,7 +485,7 @@ public String copyFolder(Integer folderID,Integer targetFolderID,Integer userID)throws IOException{ FlashMessage flashMessage = null; try{ - if(isUserAuthorized(targetFolderID,userID)){ + if(isUserAuthorizedToModifyFolderContents(targetFolderID,userID)){ WorkspaceFolder workspaceFolder = (WorkspaceFolder)baseDAO.find(WorkspaceFolder.class,folderID); if(workspaceFolder!=null){ WorkspaceFolder newFolder = createFolder(targetFolderID,workspaceFolder.getName(),userID); @@ -539,7 +540,7 @@ /** * This method checks whether the user is authorized to create - * a new folder under the given WorkspaceFolder. + * a new folder or learning design under the given WorkspaceFolder. * * @param folderID The workspace_folder_id of the WorkspaceFolder * under which the User wants to create/copy folder @@ -548,7 +549,7 @@ * @throws UserException * @throws WorkspaceFolderException */ - private boolean isUserAuthorized(Integer folderID, Integer userID)throws UserException, WorkspaceFolderException{ + public boolean isUserAuthorizedToModifyFolderContents(Integer folderID, Integer userID)throws UserException, WorkspaceFolderException{ boolean authorized = false; User user = (User)baseDAO.find(User.class,userID); if(user!=null){ @@ -566,7 +567,8 @@ return authorized; } - public void copyRootContent(WorkspaceFolder workspaceFolder,WorkspaceFolder targetWorkspaceFolder, Integer userID)throws UserException{ + public void copyRootContent(WorkspaceFolder workspaceFolder,WorkspaceFolder targetWorkspaceFolder, Integer userID) + throws UserException, LearningDesignException, UserAccessDeniedException, WorkspaceFolderException{ User user = (User)baseDAO.find(User.class,userID); if(user==null) throw new UserException(messageService.getMessage("no.such.user",new Object[]{userID})); @@ -756,7 +758,7 @@ public String moveFolder(Integer currentFolderID,Integer targetFolderID,Integer userID)throws IOException{ FlashMessage flashMessage = null; try{ - if(isUserAuthorized(targetFolderID,userID)){ + if(isUserAuthorizedToModifyFolderContents(targetFolderID,userID)){ WorkspaceFolder currentFolder = (WorkspaceFolder)baseDAO.find(WorkspaceFolder.class,currentFolderID); if(currentFolder!=null){ WorkspaceFolder targetFolder = (WorkspaceFolder)baseDAO.find(WorkspaceFolder.class,targetFolderID); @@ -1233,7 +1235,7 @@ Integer userID) throws IOException { FlashMessage flashMessage = null; try{ - if(isUserAuthorized(targetWorkspaceFolderID,userID)){ + if(isUserAuthorizedToModifyFolderContents(targetWorkspaceFolderID,userID)){ LearningDesign learningDesign = learningDesignDAO.getLearningDesignById(learningDesignID); if (learningDesign != null) { WorkspaceFolder workspaceFolder = (WorkspaceFolder)baseDAO.find(WorkspaceFolder.class,targetWorkspaceFolderID); @@ -1298,7 +1300,7 @@ WorkspaceFolder folder = (WorkspaceFolder)baseDAO.find(WorkspaceFolder.class,workspaceFolderID); if(folder!=null){ WorkspaceFolder parent = folder.getParentWorkspaceFolder(); - if(parent!=null && isUserAuthorized(workspaceFolderID,userID)){ + if(parent!=null && isUserAuthorizedToModifyFolderContents(workspaceFolderID,userID)){ if(!ifNameExists(parent,newName)){ folder.setName(newName); baseDAO.update(folder); @@ -1340,7 +1342,7 @@ try{ if(design!=null){ folderID = design.getWorkspaceFolder().getWorkspaceFolderId(); - if(isUserAuthorized(folderID,userID)){ + if(isUserAuthorizedToModifyFolderContents(folderID,userID)){ design.setTitle(title); learningDesignDAO.update(design); flashMessage = new FlashMessage(MSG_KEY_RENAME,title);