Commit f20ff8dc authored by Bruno Nocera Zanette's avatar Bruno Nocera Zanette

Added restricion to dropdown menu options

Added a permission's control to dropdown menus based on person's authority.
This change restricts the options shown on dropdown menus, and shows only
those registers that the person may access.
Signed-off-by: Bruno Nocera Zanette's avatarBruno Nocera Zanette <brunonzanette@gmail.com>
parent ed0320e8
......@@ -61,6 +61,10 @@ public class Professor extends Person {
return entityManager().createQuery("select count(o) from Professor o", Long.class).getSingleResult();
}
public static List<Professor> findProfessor() {
return entityManager().createQuery("select o from Professor o order by name", Professor.class).getResultList();
}
public static List<Professor> findAllProfessors() {
return entityManager().createQuery("select o from Professor o order by name", Professor.class).getResultList();
}
......
......@@ -151,24 +151,62 @@ public class Registration {
private String advisorHistory;
public static List<Registration> findAllRegistrations() {
return entityManager().createNativeQuery("select * from registration a, person b where a.student = b.id order by name", Registration.class).getResultList();
public static Collection<Registration> findAllRegistrations() {
return entityManager().createNativeQuery(
"SELECT * from registration a, person b"+
" WHERE a.student = b.id order by name",
Registration.class).getResultList();
}
public static Collection<Registration> findStudentRegistration() {
// String studentId = PermissionProvider.getIdFromLoggedInStudent();
String studentId="7559";
return entityManager().createNativeQuery(
"SELECT * FROM registration r" +
" WHERE r.student = " + "'" + studentId + "'",
Registration.class).getResultList();
}
public static Object findStudentsPerCourseYear(String courseKind, Integer year, String regStatus) {
return entityManager().createNativeQuery(
"SELECT * FROM registration where extract ( year from start_date) = " + year +
"SELECT * FROM registration"+
" WHERE extract ( year from start_date) = " + year +
" and reg_status = "+"'" + regStatus + "'"+
" and reg_kind =" + "'" + courseKind + "'",
Registration.class).getResultList();
}
public static Object findStudentsPerCourseYear(String advisor, String courseKind, Integer year, String regStatus) {
return entityManager().createNativeQuery(
"SELECT * FROM registration"+
" WHERE extract ( year from start_date) = " + year +
" and reg_status = "+"'" + regStatus + "'"+
" and reg_kind =" + "'" + courseKind + "'", Registration.class).getResultList();
" and reg_kind =" + "'" + courseKind + "'"+
" and advisor = " + "'" + advisor + "'",
Registration.class).getResultList();
}
public static Collection<Registration> findRegistrationsPerAdvisorUsername(String advisorUsername) {
return entityManager().createNativeQuery(
"SELECT * FROM registration r, person prof"+
" WHERE r.advisor=prof.id"+
" and prof.user_name="+"'"+advisorUsername+"'",
Registration.class).getResultList();
}
public static Object findRegistrationsPerAdvisor() {
// String professorId = PermissionProvider.getIdFromLoggedInProfessor();
String professorId="160";
return entityManager().createNativeQuery(
"SELECT * FROM registration r where "+
" advisor = "+"'"+professorId+"'" , Registration.class).getResultList();
}
public static Object findRegistrationsPerAdvisor(String advisor, String regStatus) {
return entityManager().createNativeQuery(
"SELECT * FROM registration r where "+
" reg_status = "+"'" + regStatus + "'"+
" and advisor = "+advisor , Registration.class).getResultList();
" reg_status = "+"'"+regStatus+"'"+
" and advisor = "+"'"+advisor+"'", Registration.class).getResultList();
}
public static Object findRegistrationsPerAdvisorAndKind(String advisor, String regKind, String regStatus) {
......@@ -219,6 +257,21 @@ public class Registration {
"r.student = p.id ORDER BY p.name" , Registration.class).getResultList();
}
public static Object findRegistrations(String advisor, String year, String kind, String status) {
String sql = "";
if (!year.isEmpty())
sql = sql + "extract (year from start_date)="+year+" and ";
if (!kind.isEmpty())
sql = sql + "reg_kind='"+kind+"' and ";
if (!status.isEmpty())
sql = sql + "reg_status='"+status+"' and ";
return entityManager().createNativeQuery(
"SELECT * FROM registration r, person p WHERE "+sql+
" r.student = p.id"+
" and r.advisor = "+"'"+advisor+"'"+
" ORDER BY p.name" , Registration.class).getResultList();
}
public static Collection<Registration> findThesisWritingInProgress() {
return entityManager().createNativeQuery(
"SELECT * FROM registration r, person p where "+
......
......@@ -54,6 +54,18 @@ public class StudentGrant {
" and a.grant_kind = b.id "+
" and b.id = "+grant , StudentGrant.class).getResultList();
}
public static Object findGrantsPerKindAndPerAdvisor(String grant) {
// String professorId = PermissionProvider.getIdFromLoggedInProfessor();
String professorId="160";
return entityManager().createNativeQuery(
"SELECT * FROM student_grant a, grant_kind b, registration r"+
" WHERE a.end_date is null"+
" and a.grant_kind = b.id "+
" and a.registration = r.id"+
" and r.advisor = "+professorId+
" and b.id = "+grant , StudentGrant.class).getResultList();
}
public static List<StudentGrant> findAllStudentGrants() {
return entityManager().createNativeQuery("select * from student_grant a, registration b, person c where a.registration = b.id and b.student=c.id " +
......
package br.ufpr.c3sl.sapos.web;
import java.util.Collection;
import javax.servlet.http.HttpServletResponse;
import org.springframework.roo.addon.web.mvc.controller.scaffold.RooWebScaffold;
......@@ -10,19 +12,28 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import br.ufpr.c3sl.sapos.models.customization.Configuration;
import br.ufpr.c3sl.sapos.models.scholar.Committee;
import br.ufpr.c3sl.sapos.models.scholar.Registration;
import br.ufpr.c3sl.sapos.models.scholar.StudentGrant;
import br.ufpr.c3sl.sapos.models.scholar.Transcript;
import br.ufpr.c3sl.sapos.models.util.KerberosAuthProvider;
@RooWebScaffold(path = "registrations", formBackingObject = Registration.class)
@RequestMapping("/registrations")
@Controller
public class RegistrationController {
@ModelAttribute("activeregistrations")
public java.util.Collection<Registration> populateActiveRegistrations() {
return Registration.findAllActiveRegistrations();
if (KerberosAuthProvider.getPersonAuth().equals(KerberosAuthProvider.authAluno))
return (Collection<Registration>) Registration.findStudentRegistration();
if (KerberosAuthProvider.getPersonAuth().equals(KerberosAuthProvider.authProfessor))
return (Collection<Registration>) Registration.findRegistrationsPerAdvisor();
return Registration.findAllActiveRegistrations();
}
@RequestMapping(method = RequestMethod.GET)
......@@ -35,8 +46,14 @@ public class RegistrationController {
@RequestParam(value = "kind", required = false) String kind,
@RequestParam(value = "status", required = false) String status,
Model model) {
model.addAttribute("registrations", Registration.findRegistrations(year, kind, status));
return "registrations/list";
if (KerberosAuthProvider.getPersonAuth().equals(KerberosAuthProvider.authProfessor))
model.addAttribute("registrations", Registration.findRegistrations("160",year, kind, status));
// model.addAttribute("registrations", Registration.findRegistrations(PermissionProvider.getIdFromLoggedInProfessor(),year, kind, status));
else
model.addAttribute("registrations", Registration.findRegistrations(year, kind, status));
return "registrations/list";
}
@RequestMapping(value = "registrationspercourse", method = RequestMethod.GET)
......@@ -45,9 +62,20 @@ public class RegistrationController {
}
@RequestMapping(value="registrationspercourselist",method = RequestMethod.GET)
public String registrationsPerCourseList(@RequestParam(value = "regKind", required = true) String regKind,
@RequestParam(value = "startDate", required = false) Integer year, @RequestParam(value = "regStatus", required = false) String regStatus, Model model) {
model.addAttribute("registrations", Registration.findStudentsPerCourseYear(regKind, year,regStatus));
public String registrationsPerCourseList(
@RequestParam(value = "regKind", required = true) String regKind,
@RequestParam(value = "startDate", required = false) Integer year,
@RequestParam(value = "regStatus", required = false) String regStatus,
Model model) {
if (KerberosAuthProvider.getPersonAuth().equals(KerberosAuthProvider.authProfessor))
model.addAttribute("registrations",
Registration.findStudentsPerCourseYear("160", regKind, year,regStatus));
// Registration.findStudentsPerCourseYear(PermissionProvider.getIdFromLoggedInProfessor(), regKind, year,regStatus));
else
model.addAttribute("registrations",
Registration.findStudentsPerCourseYear(regKind, year,regStatus));
return "registrations/liststudentssimple";
}
......
......@@ -14,6 +14,7 @@ import org.springframework.web.bind.annotation.RequestParam;
import br.ufpr.c3sl.sapos.models.scholar.Registration;
import br.ufpr.c3sl.sapos.models.scholar.StudentGrant;
import br.ufpr.c3sl.sapos.models.util.KerberosAuthProvider;
@RooWebScaffold(path = "studentgrants", formBackingObject = StudentGrant.class)
@RequestMapping("/studentgrants")
......@@ -57,8 +58,12 @@ public class StudentGrantController {
@RequestMapping(value="grantsperkindlist",method = RequestMethod.GET)
public String registrationsPerGrant(@RequestParam(value = "grant", required = true) String id, Model model) {
if (KerberosAuthProvider.getPersonAuth().equals(KerberosAuthProvider.authProfessor))
model.addAttribute("studentgrants", StudentGrant.findGrantsPerKindAndPerAdvisor(id));
else
model.addAttribute("studentgrants", StudentGrant.findGrantsPerKind(id));
return "studentgrants/liststudentgrants";
return "studentgrants/liststudentgrants";
}
@RequestMapping(value = "statementgrantpdf", method = RequestMethod.GET)
......
......@@ -8,6 +8,7 @@ import javax.servlet.http.HttpServletResponse;
import javax.validation.Valid;
import org.springframework.roo.addon.web.mvc.controller.scaffold.RooWebScaffold;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.validation.BindingResult;
......@@ -22,6 +23,7 @@ import br.ufpr.c3sl.sapos.models.people.Professor;
import br.ufpr.c3sl.sapos.models.scholar.Registration;
import br.ufpr.c3sl.sapos.models.scholar.SectionPos;
import br.ufpr.c3sl.sapos.models.scholar.Transcript;
import br.ufpr.c3sl.sapos.models.util.KerberosAuthProvider;
@RooWebScaffold(path = "transcripts", formBackingObject = Transcript.class)
@RequestMapping("/transcripts")
......@@ -38,6 +40,15 @@ public class TranscriptController {
@ModelAttribute("registrations")
public Collection<Registration> populateRegistrations() {
Collection<? extends GrantedAuthority> personAuth = KerberosAuthProvider.getPersonAuth();
if (personAuth.equals(KerberosAuthProvider.authAluno))
return (Collection<Registration>) Registration.findStudentRegistration();
if (personAuth.equals(KerberosAuthProvider.authProfessor))
return (Collection<Registration>) Registration.findRegistrationsPerAdvisor();
return Registration.findAllRegistrations();
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment