Author: bleny Date: 2014-08-06 13:44:53 +0200 (Wed, 06 Aug 2014) New Revision: 2197 Url: http://forge.codelutin.com/projects/wao/repository/revisions/2197 Log: add some logs ; fixes #5397 (prevent exception while json serialization) ; refs #5603 review security of contact edition Modified: branches/wao-4.0.x/wao-persistence/src/main/java/fr/ifremer/wao/ContactsFilter.java branches/wao-4.0.x/wao-services/src/main/java/fr/ifremer/wao/services/service/ContactsService.java branches/wao-4.0.x/wao-services/src/main/java/fr/ifremer/wao/services/service/SynthesisService.java branches/wao-4.0.x/wao-services/src/main/java/fr/ifremer/wao/services/service/UpdateContactCommand.java branches/wao-4.0.x/wao-web/src/main/java/fr/ifremer/wao/web/action/EditContactAction.java branches/wao-4.0.x/wao-web/src/main/java/fr/ifremer/wao/web/action/ValidateContactJsonAction.java Modified: branches/wao-4.0.x/wao-persistence/src/main/java/fr/ifremer/wao/ContactsFilter.java =================================================================== --- branches/wao-4.0.x/wao-persistence/src/main/java/fr/ifremer/wao/ContactsFilter.java 2014-08-06 10:03:23 UTC (rev 2196) +++ branches/wao-4.0.x/wao-persistence/src/main/java/fr/ifremer/wao/ContactsFilter.java 2014-08-06 11:44:53 UTC (rev 2197) @@ -385,22 +385,25 @@ } } - public boolean isRealVsEstimated() { - boolean realVsEstimated; + /** + * will return null for contacts filter (this field is only for synthesis) + */ + public Boolean getRealVsEstimated() { + Boolean realVsEstimated; if (WaoUtils.isEqualCollection(PROGRAM_ACCEPTATIONS_FOR_REAL_AND_ESTIMATED, getProgramAcceptations())) { if (WaoUtils.isEqualCollection(COMPANY_ACCEPTATIONS_FOR_REAL, getCompanyAcceptations())) { realVsEstimated = true; } else if (WaoUtils.isEqualCollection(COMPANY_ACCEPTATIONS_FOR_ESTIMATED, getCompanyAcceptations())) { realVsEstimated = false; } else { - throw new IllegalStateException(); + realVsEstimated = null; } } else { if (CollectionUtils.isEmpty(getCompanyAcceptations()) && CollectionUtils.isEmpty(getCompanyAcceptations())) { // return default value realVsEstimated = false; } else { - throw new IllegalArgumentException(); + realVsEstimated = null; } } return realVsEstimated; Modified: branches/wao-4.0.x/wao-services/src/main/java/fr/ifremer/wao/services/service/ContactsService.java =================================================================== --- branches/wao-4.0.x/wao-services/src/main/java/fr/ifremer/wao/services/service/ContactsService.java 2014-08-06 10:03:23 UTC (rev 2196) +++ branches/wao-4.0.x/wao-services/src/main/java/fr/ifremer/wao/services/service/ContactsService.java 2014-08-06 11:44:53 UTC (rev 2197) @@ -357,23 +357,23 @@ Contact contactToUpdate = updateContactCommand.getContact(); - // TODO brendan 20/06/14 create to binders - Binder<Contact, Contact> binder = BinderFactory.newBinder(Contact.class); - binder.copyExcluding(contact, contactToUpdate, TopiaEntity.PROPERTY_TOPIA_ID, TopiaEntity.PROPERTY_TOPIA_VERSION, - TopiaEntity.PROPERTY_TOPIA_CREATE_DATE, Contact.PROPERTY_SAMPLE_ROW); - // Prevent that someone who is not admin change data that only admin // must be able to modify if ( ! authenticatedWaoUser.isAdmin()) { - contactToUpdate.setCommentAdmin(contact.getCommentAdmin()); - contactToUpdate.setValidationProgram(contact.getValidationProgram()); - contactToUpdate.setDataReliability(contact.getDataReliability()); + contact.setCommentAdmin(contactToUpdate.getCommentAdmin()); + contact.setValidationProgram(contactToUpdate.getValidationProgram()); + contact.setDataReliability(contactToUpdate.getDataReliability()); } + // TODO brendan 20/06/14 create to binders + Binder<Contact, Contact> binder = BinderFactory.newBinder(Contact.class); + binder.copyExcluding(contact, contactToUpdate, TopiaEntity.PROPERTY_TOPIA_ID, TopiaEntity.PROPERTY_TOPIA_VERSION, + TopiaEntity.PROPERTY_TOPIA_CREATE_DATE, Contact.PROPERTY_SAMPLE_ROW); + } try { - validate(authenticatedWaoUser, updateContactCommand, false); + validate(authenticatedWaoUser, updateContactCommand); } catch (ContactNotUpdatableException e) { String message = l(l, "wao.import.contact.failure.not.updatable", lineNumber); throw new ImportErrorException(message); @@ -504,8 +504,7 @@ } public void validate(AuthenticatedWaoUser authenticatedWaoUser, - UpdateContactCommand updateContactCommand, - boolean needUpdate) throws + UpdateContactCommand updateContactCommand) throws ContactNotUpdatableException, MissingContactMainObserverException, MismatchContactMainObserverCompanyException, @@ -531,247 +530,232 @@ MissingContactDataReliabilityException, MissingContactCommentAdminException, MissingContactTerrestrialLocationException, IllegalAcceptationException { - if (needUpdate) { - Preconditions.checkState(!updateContactCommand.isCreation()); - } - - //FIXME Do some security checks about authenticatedWaoUser - // Check if contact can be updated - boolean canUpdateContact = updateContactCommand.canUpdateContact(authenticatedWaoUser); - if (!canUpdateContact) { + boolean canUpdateContact = authenticatedWaoUser.isAuthorizedToEditContact(updateContactCommand.getContact()) + || authenticatedWaoUser.isAuthorizedToChangeContactValidation(); + + if ( ! canUpdateContact) { throw new ContactNotUpdatableException(); } - // Check if a validation controls are required - boolean mustValidateContact = updateContactCommand.mustValidateContact(); + // Pass validation controls + Contact contact = updateContactCommand.getContact(); - if (mustValidateContact) { + Company company = contact.getSampleRow().getCompany(); - // Pass validation controls - Contact contact = updateContactCommand.getContact(); + WaoUser mainObserver = contact.getMainObserver(); - Company company = contact.getSampleRow().getCompany(); + { + //--- + // mainObserver + //--- - WaoUser mainObserver = contact.getMainObserver(); + if (mainObserver == null) { + throw new MissingContactMainObserverException(contact); + } - { - //--- - // mainObserver - //--- + boolean observerWorksForCompanyInSampleRow = mainObserver.getCompany().equals(company); + if (!observerWorksForCompanyInSampleRow) { + throw new MismatchContactMainObserverCompanyException(contact, mainObserver, company); + } + } - if (mainObserver == null) { - throw new MissingContactMainObserverException(contact); - } + if (contact.isSecondaryObserversNotEmpty()) { - boolean observerWorksForCompanyInSampleRow = mainObserver.getCompany().equals(company); + //--- + // secondaryObservers + //--- + + if (contact.getSecondaryObservers().contains(mainObserver)) { + throw new DuplicatedContactMainObserverInSecondaryObserversException(contact); + } + + for (WaoUser observer : contact.getSecondaryObservers()) { + boolean observerWorksForCompanyInSampleRow = observer.getCompany().equals(company); if (!observerWorksForCompanyInSampleRow) { - throw new MismatchContactMainObserverCompanyException(contact, mainObserver, company); + throw new MismatchContactSecondaryObserverCompanyException(contact, observer, company); } } + } - if (contact.isSecondaryObserversNotEmpty()) { + Date observationBeginDate = contact.getObservationBeginDate(); + Date observationEndDate = contact.getObservationEndDate(); + Date dataInputDate = contact.getDataInputDate(); - //--- - // secondaryObservers - //--- + SampleRow sampleRow = contact.getSampleRow(); - if (contact.getSecondaryObservers().contains(mainObserver)) { - throw new DuplicatedContactMainObserverInSecondaryObserversException(contact); - } + if (observationBeginDate != null) { - for (WaoUser observer : contact.getSecondaryObservers()) { - boolean observerWorksForCompanyInSampleRow = observer.getCompany().equals(company); - if (!observerWorksForCompanyInSampleRow) { - throw new MismatchContactSecondaryObserverCompanyException(contact, observer, company); - } - } - } + //--- + // observationBeginDate + //--- - Date observationBeginDate = contact.getObservationBeginDate(); - Date observationEndDate = contact.getObservationEndDate(); - Date dataInputDate = contact.getDataInputDate(); + SampleMonth month = sampleRow.getSampleMonth(observationBeginDate); + boolean operationBeginDateIsValid = month != null; - SampleRow sampleRow = contact.getSampleRow(); + if (!operationBeginDateIsValid) { + throw new InvalidContactObservationBeginDateException(contact); + } + } - if (observationBeginDate != null) { + Date currentDate = serviceContext.getNow(); - //--- - // observationBeginDate - //--- + if (observationEndDate != null) { - SampleMonth month = sampleRow.getSampleMonth(observationBeginDate); - boolean operationBeginDateIsValid = month != null; + //--- + // observationEndDate + //--- - if (!operationBeginDateIsValid) { - throw new InvalidContactObservationBeginDateException(contact); - } + if (observationBeginDate != null + && observationEndDate.before(observationBeginDate)) { + throw new ContactObservationEndDateBeforeBeginDateException(contact); } - Date currentDate = serviceContext.getNow(); + if (observationEndDate.after(currentDate)) { + throw new ContactObservationEndDateAfterTodayException(contact, currentDate); + } + } + + if (dataInputDate != null) { + + //--- + // dataInputDate + //--- + if (observationEndDate != null) { - //--- - // observationEndDate - //--- + // Here, we check that the date input date is after the end of the + // observation. Since the first is a day (at 00:00) and the second + // is date-time, there may be a bug if the data input day is the same + // as the end of observation + boolean dataInputDateAfterObservationEndDate = + observationEndDate.after(DateUtil.setMaxTimeOfDay(dataInputDate)); - if (observationBeginDate != null - && observationEndDate.before(observationBeginDate)) { - throw new ContactObservationEndDateBeforeBeginDateException(contact); + if (dataInputDateAfterObservationEndDate) { + throw new ContactDataInputDateBeforeObservationEndDateException(contact); } + } - if (observationEndDate.after(currentDate)) { - throw new ContactObservationEndDateAfterTodayException(contact, currentDate); - } - + if (dataInputDate.after(currentDate)) { + throw new ContactDataInputDateAfterTodayException(contact, currentDate); } + } - if (dataInputDate != null) { + //--- + // contactState + //--- - //--- - // dataInputDate - //--- + ContactState contactState = contact.getContactState(); - if (observationEndDate != null) { + boolean contactMustHaveAMotif = false; + switch (contactState) { + case OBSERVATION_CANCELLED: - // Here, we check that the date input date is after the end of the - // observation. Since the first is a day (at 00:00) and the second - // is date-time, there may be a bug if the data input day is the same - // as the end of observation - boolean dataInputDateAfterObservationEndDate = - observationEndDate.after(DateUtil.setMaxTimeOfDay(dataInputDate)); + // Non abouti - if (dataInputDateAfterObservationEndDate) { - throw new ContactDataInputDateBeforeObservationEndDateException(contact); - } + if (StringUtils.isBlank(contact.getComment())) { + throw new MissingContactCommentException(contact); } + break; + case OBSERVATION_DONE: - if (dataInputDate.after(currentDate)) { - throw new ContactDataInputDateAfterTodayException(contact, currentDate); + // Observation réalisée + + if (observationBeginDate == null) { + throw new MissingContactObservationBeginDateException(contact); } - } + if (observationEndDate == null) { + throw new MissingContactObservationEndDateException(contact); + } + if (contact.getNbObservants() == 0) { + throw new MissingContactNbObservantsException(contact); + } + if (contact.getObsProgram().isObsVente() && contact.getTerrestrialLocation() == null) { + throw new MissingContactTerrestrialLocationException(contact); + } + break; - //--- - // contactState - //--- + case CONTACT_REFUSED: + contactMustHaveAMotif = true; + break; + case CONTACT_DEFINITELY_REFUSED: + contactMustHaveAMotif = true; + break; - ContactState contactState = contact.getContactState(); + } - boolean contactMustHaveAMotif = false; - switch (contactState) { - case OBSERVATION_CANCELLED: + //--- + // contactStateMotif + //--- - // Non abouti + if (contactMustHaveAMotif && contact.getContactStateMotif() == null) { + throw new MissingContactStateMotifException(contact); + } - if (StringUtils.isBlank(contact.getComment())) { - throw new MissingContactCommentException(contact); - } - break; - case OBSERVATION_DONE: + if (!contactMustHaveAMotif && contact.getContactStateMotif() != null) { + throw new UnwantedContactContactStateMotifException(contact); + } - // Observation réalisée + if (contact.isMammalsCapture() && StringUtils.isBlank(contact.getMammalsInfo())) { + throw new MissingContactMammalsInfoException(contact); + } - if (observationBeginDate == null) { - throw new MissingContactObservationBeginDateException(contact); - } - if (observationEndDate == null) { - throw new MissingContactObservationEndDateException(contact); - } - if (contact.getNbObservants() == 0) { - throw new MissingContactNbObservantsException(contact); - } - if (contact.getObsProgram().isObsVente() && contact.getTerrestrialLocation() == null) { - throw new MissingContactTerrestrialLocationException(contact); - } - break; + if (BooleanUtils.isTrue(contact.getValidationCompany())) { - case CONTACT_REFUSED: - contactMustHaveAMotif = true; - break; - case CONTACT_DEFINITELY_REFUSED: - contactMustHaveAMotif = true; - break; - - } - //--- - // contactStateMotif + // validationCompany //--- - if (contactMustHaveAMotif && contact.getContactStateMotif() == null) { - throw new MissingContactStateMotifException(contact); + if (ContactState.OBSERVATION_DONE == contactState) { + if (contact.getObsProgram().isObsMer() && contact.getObservedDataControl() == null) { + throw new MissingContactObservedDataControlException(contact); + } else if (ObservedDataControl.CORRECTION_ASKED.equals(contact.getObservedDataControl())) { + throw new ContactWithObservedDataControlToCorrectionAskedException(contact); + } } - if (!contactMustHaveAMotif && contact.getContactStateMotif() != null) { - throw new UnwantedContactContactStateMotifException(contact); + // Pour valider un contact société, il faut que le contact aie une date de transmission + Date restitution = contact.getRestitution(); + if (ObservedDataControl.ACCEPTED.equals(contact.getObservedDataControl()) && restitution == null) { + throw new MissingContactRestitutionException(contact); } - - if (contact.isMammalsCapture() && StringUtils.isBlank(contact.getMammalsInfo())) { - throw new MissingContactMammalsInfoException(contact); + if (dataInputDate == null && restitution != null) { + throw new MissingContactDataInputDateException(contact); } - - if (BooleanUtils.isTrue(contact.getValidationCompany())) { - - //--- - // validationCompany - //--- - - if (ContactState.OBSERVATION_DONE == contactState) { - if (contact.getObsProgram().isObsMer() && contact.getObservedDataControl() == null) { - throw new MissingContactObservedDataControlException(contact); - } else if (ObservedDataControl.CORRECTION_ASKED.equals(contact.getObservedDataControl())) { - throw new ContactWithObservedDataControlToCorrectionAskedException(contact); - } - } - - // Pour valider un contact société, il faut que le contact aie une date de transmission - Date restitution = contact.getRestitution(); - if (ObservedDataControl.ACCEPTED.equals(contact.getObservedDataControl()) && restitution == null) { - throw new MissingContactRestitutionException(contact); - } - if (dataInputDate == null && restitution != null) { - throw new MissingContactDataInputDateException(contact); - } - if (dataInputDate != null && restitution != null && restitution.before(dataInputDate)) { - throw new ContactRestitutionDateBeforeDataInputDateException(contact); - } + if (dataInputDate != null && restitution != null && restitution.before(dataInputDate)) { + throw new ContactRestitutionDateBeforeDataInputDateException(contact); } + } - if (contact.getValidationProgram() != null && contact.getValidationCompany() == null) { + if (contact.getValidationProgram() != null && contact.getValidationCompany() == null) { - throw new IllegalAcceptationException(contact); - } + throw new IllegalAcceptationException(contact); + } - DataReliability dataReliability = contact.getDataReliability(); + DataReliability dataReliability = contact.getDataReliability(); - if (dataReliability != null && dataReliability.isCommentRequired() && StringUtils.isBlank(contact.getCommentAdmin())) { - throw new MissingContactCommentAdminException(contact); - } + if (dataReliability != null && dataReliability.isCommentRequired() && StringUtils.isBlank(contact.getCommentAdmin())) { + throw new MissingContactCommentAdminException(contact); + } - if (BooleanUtils.isTrue(contact.getValidationProgram())) { + if (BooleanUtils.isTrue(contact.getValidationProgram())) { - //--- - // validationProgram - //--- - if (contact.getObsProgram().isObsMer()) { + //--- + // validationProgram + //--- + if (contact.getObsProgram().isObsMer()) { - // it's an admin validation, data-reliability field must be filled - if (dataReliability == null || DataReliability.UNKNOWN == dataReliability) { - throw new MissingContactDataReliabilityException(contact); - } + // it's an admin validation, data-reliability field must be filled + if (dataReliability == null || DataReliability.UNKNOWN == dataReliability) { + throw new MissingContactDataReliabilityException(contact); } } } } - public void save(UpdateContactCommand updateContactCommand, - boolean needUpdate) throws ContactNotUpdatableException { + public void save(UpdateContactCommand updateContactCommand) throws ContactNotUpdatableException { - if (needUpdate) { - Preconditions.checkState(!updateContactCommand.isCreation()); - } - save0(updateContactCommand); commit(); Modified: branches/wao-4.0.x/wao-services/src/main/java/fr/ifremer/wao/services/service/SynthesisService.java =================================================================== --- branches/wao-4.0.x/wao-services/src/main/java/fr/ifremer/wao/services/service/SynthesisService.java 2014-08-06 10:03:23 UTC (rev 2196) +++ branches/wao-4.0.x/wao-services/src/main/java/fr/ifremer/wao/services/service/SynthesisService.java 2014-08-06 11:44:53 UTC (rev 2197) @@ -235,7 +235,7 @@ dataset.setValue(expected, I18n.l(locale, "wao.synthesis.planned"), WaoUtils.formatMonth(locale, month)); } String rowKey; - if (filter.isRealVsEstimated()) { + if (filter.getRealVsEstimated()) { rowKey = I18n.l(locale, "wao.ui.samplingPlan.Actual"); } else { rowKey = I18n.l(locale, "wao.synthesis.estimated"); Modified: branches/wao-4.0.x/wao-services/src/main/java/fr/ifremer/wao/services/service/UpdateContactCommand.java =================================================================== --- branches/wao-4.0.x/wao-services/src/main/java/fr/ifremer/wao/services/service/UpdateContactCommand.java 2014-08-06 10:03:23 UTC (rev 2196) +++ branches/wao-4.0.x/wao-services/src/main/java/fr/ifremer/wao/services/service/UpdateContactCommand.java 2014-08-06 11:44:53 UTC (rev 2197) @@ -24,7 +24,6 @@ import com.google.common.base.Preconditions; import fr.ifremer.wao.entity.Contact; import fr.ifremer.wao.entity.DataReliability; -import fr.ifremer.wao.services.AuthenticatedWaoUser; import org.apache.commons.lang3.ObjectUtils; import java.io.Serializable; @@ -120,32 +119,6 @@ } /** - * Check if the contact can be updated by the given connected user. - * - * @param authenticatedWaoUser the user who want to update the contact - * @return {@code true} if contact can be updated - */ - public boolean canUpdateContact(AuthenticatedWaoUser authenticatedWaoUser) { - boolean contactCanBeUpdated = true; - if (!isCreation() && authenticatedWaoUser.isCoordinatorOrObserver()) { - contactCanBeUpdated = oldValidationProgram == null; - } - return contactCanBeUpdated; - } - - /** - * Check if the contact need to pass validation controls. - * - * @return {@code true} if the contact must be validated - */ - public boolean mustValidateContact() { - boolean needValidation = isCreation() || // new contact - oldValidationProgram == null || // want to validate a contact - getValidationProgram() != null; // want to validate a contact - return needValidation; - } - - /** * Check if mammals informations has changed. * * @return {@code true} if mammal informations changed Modified: branches/wao-4.0.x/wao-web/src/main/java/fr/ifremer/wao/web/action/EditContactAction.java =================================================================== --- branches/wao-4.0.x/wao-web/src/main/java/fr/ifremer/wao/web/action/EditContactAction.java 2014-08-06 10:03:23 UTC (rev 2196) +++ branches/wao-4.0.x/wao-web/src/main/java/fr/ifremer/wao/web/action/EditContactAction.java 2014-08-06 11:44:53 UTC (rev 2197) @@ -260,7 +260,7 @@ AuthenticatedWaoUser authenticatedWaoUser = session.getAuthenticatedWaoUser(); try { - service.validate(authenticatedWaoUser, updateContactCommand, true); + service.validate(authenticatedWaoUser, updateContactCommand); } catch (ContactNotUpdatableException e) { session.addErrorMessages(t("wao.ui.contacts.validation.failure.not.updatable")); @@ -352,7 +352,7 @@ @Override public String execute() throws Exception { - service.save(updateContactCommand, false); + service.save(updateContactCommand); session.addMessage(t("wao.ui.form.updateContactCommand.success")); Modified: branches/wao-4.0.x/wao-web/src/main/java/fr/ifremer/wao/web/action/ValidateContactJsonAction.java =================================================================== --- branches/wao-4.0.x/wao-web/src/main/java/fr/ifremer/wao/web/action/ValidateContactJsonAction.java 2014-08-06 10:03:23 UTC (rev 2196) +++ branches/wao-4.0.x/wao-web/src/main/java/fr/ifremer/wao/web/action/ValidateContactJsonAction.java 2014-08-06 11:44:53 UTC (rev 2197) @@ -135,8 +135,6 @@ Preconditions.checkState(StringUtils.isNotEmpty(contactId)); - AuthenticatedWaoUser authenticatedWaoUser = session.getAuthenticatedWaoUser(); - try { updateContactCommand = service.newUpdateContactCommand( session.getAuthenticatedWaoUser(), @@ -144,21 +142,31 @@ } catch (UnknownContactIdException e) { addActionError(t("wao.ui.error.unknownContactId")); } + } + @Override + public String execute() { + + AuthenticatedWaoUser authenticatedWaoUser = session.getAuthenticatedWaoUser(); + + if (log.isInfoEnabled()) { + log.info("user " + authenticatedWaoUser + " wants to change validation for contact " + contactId); + } + if (authenticatedWaoUser.isAdmin()) { updateContactCommand.setValidationProgram(validationState); + if (log.isInfoEnabled()) { + log.info("setting contact validation program to " + validationState); + } } else { updateContactCommand.setValidationCompany(validationState); + if (log.isInfoEnabled()) { + log.info("setting contact validation company to " + validationState); + } } - } - @Override - public String execute() { - - AuthenticatedWaoUser authenticatedWaoUser = session.getAuthenticatedWaoUser(); - try { - service.validate(authenticatedWaoUser, updateContactCommand, true); + service.validate(authenticatedWaoUser, updateContactCommand); } catch (ContactNotUpdatableException e) { session.addErrorMessages(t("wao.ui.contacts.validation.failure.not.updatable")); @@ -251,10 +259,15 @@ if (isSuccessful()) { try { - service.save(updateContactCommand, true); + service.save(updateContactCommand); } catch (ContactNotUpdatableException e) { throw new WaoTechnicalException("should never occur", e); } + + if (log.isInfoEnabled()) { + log.info("changing validation state successful"); + } + if (validationState == null) { successMessage = t("wao.ui.contacts.validation.to.unvalidate.state.success"); } else if (validationState) { @@ -262,6 +275,11 @@ } else { successMessage = t("wao.ui.contacts.validation.to.reject.state.success"); } + + } else { + if (log.isInfoEnabled()) { + log.info("changing validation state failed for reason " + errorMessage); + } } return SUCCESS;