Commit 0d07f328 authored by Bruno Nocera Zanette's avatar Bruno Nocera Zanette

Restricted menu options based on user auth

Restricted menu options based on user authority.
Now it is only shown the options that user may access.
Signed-off-by: Bruno Nocera Zanette's avatarBruno Nocera Zanette <brunonzanette@gmail.com>
parent d7af318c
...@@ -23,6 +23,7 @@ import br.ufpr.c3sl.sapos.models.scholar.Committee; ...@@ -23,6 +23,7 @@ import br.ufpr.c3sl.sapos.models.scholar.Committee;
import br.ufpr.c3sl.sapos.models.scholar.Registration; import br.ufpr.c3sl.sapos.models.scholar.Registration;
import br.ufpr.c3sl.sapos.models.scholar.SectionPos; import br.ufpr.c3sl.sapos.models.scholar.SectionPos;
import br.ufpr.c3sl.sapos.models.scholar.enums.RegistrationKind; import br.ufpr.c3sl.sapos.models.scholar.enums.RegistrationKind;
import br.ufpr.c3sl.sapos.models.util.KerberosAuthProvider;
import br.ufpr.c3sl.sapos.models.util.ReportUtil; import br.ufpr.c3sl.sapos.models.util.ReportUtil;
import com.itextpdf.text.Chunk; import com.itextpdf.text.Chunk;
...@@ -69,6 +70,14 @@ public class Professor extends Person { ...@@ -69,6 +70,14 @@ public class Professor extends Person {
return entityManager().createQuery("select o from Professor o order by name", Professor.class).getResultList(); return entityManager().createQuery("select o from Professor o order by name", Professor.class).getResultList();
} }
public static List<Professor> findLoggedInProfessor() {
String professorId = KerberosAuthProvider.getIdFromLoggedInUser();
return entityManager().createQuery(
"SELECT o FROM Professor o"+
" WHERE o.id = "+"'"+professorId+"'"+
" ORDER BY name", Professor.class).getResultList();
}
public static Object findProfessorCommittees(String id) { public static Object findProfessorCommittees(String id) {
return entityManager().createNativeQuery("select * from committee c, committee_participants cp "+ return entityManager().createNativeQuery("select * from committee c, committee_participants cp "+
"where cp.participants ="+ id + "where cp.participants ="+ id +
......
...@@ -100,6 +100,28 @@ public class StudentGrant { ...@@ -100,6 +100,28 @@ public class StudentGrant {
"where sg.end_date IS NULL and sg.registration = r.id and r.student = p.id order by p.name", StudentGrant.class).getResultList(); "where sg.end_date IS NULL and sg.registration = r.id and r.student = p.id order by p.name", StudentGrant.class).getResultList();
} }
public static List<StudentGrant> findActiveStudentGrantFromLoggedInStudent() {
String studentId = KerberosAuthProvider.getIdFromLoggedInUser();
return entityManager().createNativeQuery(
"SELECT * FROM student_grant sg, registration r, person p" +
" WHERE sg.end_date IS NULL"+
" and sg.registration = r.id"+
" and r.student = p.id"+
" and r.student = "+"'" + studentId + "'"+
" ORDER BY p.name", StudentGrant.class).getResultList();
}
public static List<StudentGrant> findActiveStudentGrantPerLoggedInProfessor() {
String professorId = KerberosAuthProvider.getIdFromLoggedInUser();
return entityManager().createNativeQuery(
"SELECT * FROM student_grant sg, registration r, person p " +
" WHERE sg.end_date IS NULL"+
" and sg.registration = r.id"+
" and r.student = p.id"+
" and r.advisor = "+"'"+professorId+"'"+
" ORDER BY p.name", StudentGrant.class).getResultList();
}
public static Object findGrantsPerType(String type) { public static Object findGrantsPerType(String type) {
String sql = null; String sql = null;
if (type.isEmpty()) if (type.isEmpty())
......
package br.ufpr.c3sl.sapos.web; package br.ufpr.c3sl.sapos.web;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collection;
import java.util.List; import java.util.List;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
...@@ -29,11 +30,22 @@ import br.ufpr.c3sl.sapos.models.scholar.Registration; ...@@ -29,11 +30,22 @@ import br.ufpr.c3sl.sapos.models.scholar.Registration;
import br.ufpr.c3sl.sapos.models.scholar.SectionPos; import br.ufpr.c3sl.sapos.models.scholar.SectionPos;
import br.ufpr.c3sl.sapos.models.scholar.enums.RegistrationKind; import br.ufpr.c3sl.sapos.models.scholar.enums.RegistrationKind;
import br.ufpr.c3sl.sapos.models.scholar.enums.RegistrationStatus; import br.ufpr.c3sl.sapos.models.scholar.enums.RegistrationStatus;
import br.ufpr.c3sl.sapos.models.util.KerberosAuthProvider;
@RooWebScaffold(path = "professors", formBackingObject = Professor.class) @RooWebScaffold(path = "professors", formBackingObject = Professor.class)
@RequestMapping("/professors") @RequestMapping("/professors")
@Controller @Controller
public class ProfessorController { public class ProfessorController {
@ModelAttribute("activeprofessors")
public java.util.Collection<Professor> populateActiveProfessors() {
if (KerberosAuthProvider.getPersonAuth().equals(KerberosAuthProvider.authProfessor))
return (Collection<Professor>) Professor.findLoggedInProfessor();
return Professor.findAllProfessors();
}
@RequestMapping(method = RequestMethod.POST) @RequestMapping(method = RequestMethod.POST)
public String create(@Valid Professor professor, BindingResult bindingResult, Model uiModel, HttpServletRequest httpServletRequest) { public String create(@Valid Professor professor, BindingResult bindingResult, Model uiModel, HttpServletRequest httpServletRequest) {
if (professor.getUserName() != null && professor.getUserName().length() > 0 ) { if (professor.getUserName() != null && professor.getUserName().length() > 0 ) {
......
...@@ -12,6 +12,7 @@ import org.springframework.web.bind.annotation.RequestParam; ...@@ -12,6 +12,7 @@ import org.springframework.web.bind.annotation.RequestParam;
import br.ufpr.c3sl.sapos.models.people.Professor; import br.ufpr.c3sl.sapos.models.people.Professor;
import br.ufpr.c3sl.sapos.models.scholar.SectionPos; import br.ufpr.c3sl.sapos.models.scholar.SectionPos;
import br.ufpr.c3sl.sapos.models.util.KerberosAuthProvider;
@RooWebScaffold(path = "sectionposes", formBackingObject = SectionPos.class) @RooWebScaffold(path = "sectionposes", formBackingObject = SectionPos.class)
@RequestMapping("/sectionposes") @RequestMapping("/sectionposes")
...@@ -19,6 +20,10 @@ import br.ufpr.c3sl.sapos.models.scholar.SectionPos; ...@@ -19,6 +20,10 @@ import br.ufpr.c3sl.sapos.models.scholar.SectionPos;
public class SectionPosController { public class SectionPosController {
@ModelAttribute("professors") @ModelAttribute("professors")
public Collection<Professor> populateProfessors() { public Collection<Professor> populateProfessors() {
if (KerberosAuthProvider.getPersonAuth().equals(KerberosAuthProvider.authProfessor))
return (Collection<Professor>) Professor.findLoggedInProfessor();
return Professor.findAllProfessors(); return Professor.findAllProfessors();
} }
......
package br.ufpr.c3sl.sapos.web; package br.ufpr.c3sl.sapos.web;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collection;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
...@@ -22,6 +23,12 @@ import br.ufpr.c3sl.sapos.models.util.KerberosAuthProvider; ...@@ -22,6 +23,12 @@ import br.ufpr.c3sl.sapos.models.util.KerberosAuthProvider;
public class StudentGrantController { public class StudentGrantController {
@ModelAttribute("activegrants") @ModelAttribute("activegrants")
public java.util.Collection<StudentGrant> populateActiveGrants() { public java.util.Collection<StudentGrant> populateActiveGrants() {
if (KerberosAuthProvider.getPersonAuth().equals(KerberosAuthProvider.authAluno))
return (Collection<StudentGrant>) StudentGrant.findActiveStudentGrantFromLoggedInStudent();
if (KerberosAuthProvider.getPersonAuth().equals(KerberosAuthProvider.authProfessor))
return (Collection<StudentGrant>) StudentGrant.findActiveStudentGrantPerLoggedInProfessor();
return StudentGrant.findActiveStudentGrants(); return StudentGrant.findActiveStudentGrants();
} }
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
<form name="adviseesstatement" action="statementadviseeslist" method="get"> <form name="adviseesstatement" action="statementadviseeslist" method="get">
<field:select disableFormBinding="true" field="professor" id="c_br_ufpr_c3sl_sapos_models_people_Professor" <field:select disableFormBinding="true" field="professor" id="c_br_ufpr_c3sl_sapos_models_people_Professor"
itemValue="id" items="${professors}" path="/professors" z="user-managed" /> itemValue="id" items="${activeprofessors}" path="/professors" z="user-managed" />
<field:select disableFormBinding="true" field="regKind" id="c_br_ufpr_c3sl_sapos_models_scholar_Registration_regKind" items="${registrationkinds}" <field:select disableFormBinding="true" field="regKind" id="c_br_ufpr_c3sl_sapos_models_scholar_Registration_regKind" items="${registrationkinds}"
path="registrationkinds" z="QHL6MLE5411WNUa/F8UyTxE9H6w="/> path="registrationkinds" z="QHL6MLE5411WNUa/F8UyTxE9H6w="/>
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
<form name="adviseesstatementconcluded" action="statementadviseesconcludedlist" method="get"> <form name="adviseesstatementconcluded" action="statementadviseesconcludedlist" method="get">
<field:select disableFormBinding="true" field="professor" id="c_br_ufpr_c3sl_sapos_models_people_Professor" <field:select disableFormBinding="true" field="professor" id="c_br_ufpr_c3sl_sapos_models_people_Professor"
itemValue="id" items="${professors}" path="/professors" z="user-managed" /> itemValue="id" items="${activeprofessors}" path="/professors" z="user-managed" />
<field:select disableFormBinding="true" field="regKind" id="c_br_ufpr_c3sl_sapos_models_scholar_Registration_regKind" items="${registrationkinds}" <field:select disableFormBinding="true" field="regKind" id="c_br_ufpr_c3sl_sapos_models_scholar_Registration_regKind" items="${registrationkinds}"
path="registrationkinds" z="QHL6MLE5411WNUa/F8UyTxE9H6w="/> path="registrationkinds" z="QHL6MLE5411WNUa/F8UyTxE9H6w="/>
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
<form name="committeesstatement" action="statementcommitteeslist" method="get"> <form name="committeesstatement" action="statementcommitteeslist" method="get">
<field:select disableFormBinding="true" field="professor" id="c_br_ufpr_c3sl_sapos_models_people_Professor" <field:select disableFormBinding="true" field="professor" id="c_br_ufpr_c3sl_sapos_models_people_Professor"
itemValue="id" items="${professors}" path="/professors" z="user-managed" /> itemValue="id" items="${activeprofessors}" path="/professors" z="user-managed" />
<input type="submit" value="Próximo"/> <input type="submit" value="Próximo"/>
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
<form name="coursesstatement" action="statementcourseslist" method="get"> <form name="coursesstatement" action="statementcourseslist" method="get">
<field:select disableFormBinding="true" field="professor" id="c_br_ufpr_c3sl_sapos_models_people_Professor" <field:select disableFormBinding="true" field="professor" id="c_br_ufpr_c3sl_sapos_models_people_Professor"
itemValue="id" items="${professors}" path="/professors" z="user-managed" /> itemValue="id" items="${activeprofessors}" path="/professors" z="user-managed" />
<field:input field="sectionYear" id="c_br_ufpr_c3sl_sapos_models_schoolar_SectionPos_sectionYear" disableFormBinding="true" <field:input field="sectionYear" id="c_br_ufpr_c3sl_sapos_models_schoolar_SectionPos_sectionYear" disableFormBinding="true"
z="user_managed" required="true"/> z="user_managed" required="true"/>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment