Commit 5f68f0ef authored by Bruno Nocera Zanette's avatar Bruno Nocera Zanette

Added permission's control to modify transcripts

Added permission's control to modify transcripts, based on period and year of
the requested transcript and on the "transcript.modification.open" global
configuration. If transcript's period/year are equal to the current period/year
and transcript's modification period is open the professor may modify the transcript.

Also, this controller doesn't check if the transcript belongs or not to
the logged-in professor. To do this is used "hasPermissionToView" function.
Signed-off-by: Bruno Nocera Zanette's avatarBruno Nocera Zanette <brunonzanette@gmail.com>
parent d22889d1
......@@ -103,6 +103,12 @@ public class SectionPos {
whereClause += " and professor = "+professor.intValue();
return entityManager().createNativeQuery("select * from Section_Pos a, course b where a.course = b.id "+whereClause+" order by b.code, name", SectionPos.class).getResultList();
}
public static SectionPos findSectioPosOfTranscriptId(String transcriptId){
return (SectionPos) entityManager().createNativeQuery(
"SELECT sp.* FROM section_Pos sp, transcript t "+
" WHERE sp.id=t.transcript_section"+
" and t.id = "+"'"+transcriptId+"'", SectionPos.class).getSingleResult();
}
}
......@@ -9,7 +9,10 @@ import java.math.BigInteger;
import org.springframework.security.core.GrantedAuthority;
import br.ufpr.c3sl.sapos.models.util.KerberosAuthProvider;
import br.ufpr.c3sl.sapos.models.customization.Configuration;
import br.ufpr.c3sl.sapos.models.scholar.Registration;
import br.ufpr.c3sl.sapos.models.scholar.SectionPos;
import br.ufpr.c3sl.sapos.models.scholar.Transcript;
public class PermissionProvider {
......@@ -37,6 +40,9 @@ public class PermissionProvider {
}
// ------------------------------------------------------------------------------------------ //
// ------------------------------------------------------------------------------------------ //
// Support functions
// Convert ID from String to BigInteger to match Database's format
private static BigInteger castToBigInt(String s){
return BigInteger.valueOf(Long.valueOf(s));
......@@ -55,6 +61,10 @@ public class PermissionProvider {
}
return null;
}
// ------------------------------------------------------------------------------------------ //
// ------------------------------------------------------------------------------------------ //
// Support Queries:
@SuppressWarnings("unchecked")
private static List<Object> getRegistrationsIdFromLoggedInStudent(){
......@@ -115,7 +125,8 @@ public class PermissionProvider {
" WHERE s.registration = r.id"+
" and r.advisor="+"'"+idFromLoggedInUser()+"'").getResultList();
}
// ------------------------------------------------------------------------------------------ //
private static List<Object> getRequestedIDListFromStudent(String requestType){
if (requestType.equals("registration"))
return getRegistrationsIdFromLoggedInStudent();
......@@ -195,4 +206,29 @@ public class PermissionProvider {
return false;
}
// ------------------------------------------------------------------------------------------ //
// ------------------------------------------------------------------------------------------ //
// Check permission to modify requested transcript
public boolean isModificationPeriod(String idPrefix, String url, String requestType){
System.out.println("Executando isModificationPeriod(2): '"+requestType+"', com o parametro:"+idPrefix+"+"+url);
return isModificationPeriod(getIdElement(idPrefix, url), requestType);
}
public boolean isModificationPeriod(String id, String requestType){
System.out.println("Executando isModificationPeriod(1): '"+requestType+"', com o parametro: "+id);
String currentYear=Configuration.findConfigValueByName("current.year");
String currentPeriod=Configuration.findConfigValueByName("current.period");
String modificationPeriodIsOpen=Configuration.findConfigValueByName("transcript.modification.open");
SectionPos sp = SectionPos.findSectioPosOfTranscriptId(id);
if ( modificationPeriodIsOpen.equals("true")
& sp.getPeriod().equals(currentPeriod)
& sp.getSectionYear().equals(currentYear)
) return true;
return false;
}
// ------------------------------------------------------------------------------------------ //
}
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment