root/trunk/grails-app/controllers/dbnp/studycapturing/StudyController.groovy @ 976

Revision 976, 8.6 KB (checked in by robert@…, 4 years ago)

Authentication and authorization for studies is added, according to ticket 118

  • Property svn:keywords set to Author Date Rev
Line 
1package dbnp.studycapturing
2
3import grails.converters.*
4import grails.plugins.springsecurity.Secured
5
6
7/**
8 * Controller class for studies
9 */
10class StudyController {
11    def AuthenticationService
12   
13    //static allowedMethods = [save: "POST", update: "POST", delete: "POST"]
14
15    def index = {
16        redirect(action: "list", params: params)
17    }
18
19    /**
20     * Shows all studies where the user has access to
21     */
22    def list = {
23
24        def user = AuthenticationService.getLoggedInUser()
25        def max = Math.min(params.max ? params.int('max') : 10, 100)
26
27        def c = Study.createCriteria()
28
29        def studies
30        if( user == null ) {
31            studies = c.list {
32                maxResults(max)
33                and {
34                    eq( "published", true )
35                    eq( "publicstudy", true )
36                }
37            }
38        } else {
39            studies = c.list {
40                maxResults(max)
41                or {
42                    eq( "owner", user )
43                    writers {
44                        eq( "id", user.id )
45                    }
46                    and {
47                        readers {
48                            eq( "id", user.id )
49                        }
50                        eq( "published", true )
51                    }
52                }
53            }
54        }
55       
56        [studyInstanceList: studies, studyInstanceTotal: studies.count()]
57    }
58
59    /**
60     * Shows studies for which the logged in user is the owner
61     */
62    @Secured(['IS_AUTHENTICATED_REMEMBERED'])
63    def myStudies = {
64        def user = AuthenticationService.getLoggedInUser()
65        def max = Math.min(params.max ? params.int('max') : 10, 100)
66
67        def studies = Study.findAllByOwner(user);
68        render( view: "list", model: [studyInstanceList: studies, studyInstanceTotal: studies.count()] )
69    }
70
71    /**
72     * Shows a comparison of multiple studies using the show view
73     *
74     */
75    def list_extended = {
76        def startTime = System.currentTimeMillis()
77        params.max = Math.min(params.max ? params.int('max') : 10, 100)
78       
79        def studyList = Study.list(params)
80        render(view:'show',model:[studyList: studyList, studyInstanceTotal: Study.count(), multipleStudies: ( studyList.size() > 1 ) ] )
81    }
82
83    /**
84     * Shows one or more studies
85     */
86    def show = {
87        def startTime = System.currentTimeMillis()
88
89        def studyInstance = Study.get( params.long( "id" ) )
90        if (!studyInstance) {
91            flash.message = "${message(code: 'default.not.found.message', args: [message(code: 'study.label', default: 'Study'), params.id])}"
92            redirect(action: "list")
93        }
94        else {
95            // Check whether the user may see this study
96            def loggedInUser = AuthenticationService.getLoggedInUser()
97            if( !studyInstance.canRead(loggedInUser) ) {
98                flash.message = "You have no access to this study"
99                redirect(action: "list")
100            }
101
102            // The study instance is packed into an array, to be able to
103            // use the same view for showing the study and comparing multiple
104            // studies
105            [studyList: [ studyInstance ], multipleStudies: false, loggedInUser: loggedInUser ]
106        }
107    }
108
109    def showByToken = {
110        def studyInstance = Study.findByCode(params.id)
111        if (!studyInstance) {
112            flash.message = "${message(code: 'default.not.found.message', args: [message(code: 'study.label', default: 'Study'), params.id])}"
113            redirect(action: "list")
114        }
115        else {
116            // Check whether the user may see this study
117            def loggedInUser = AuthenticationService.getLoggedInUser()
118            if( !studyInstance.canRead(loggedInUser) ) {
119                flash.message = "You have no access to this study"
120                redirect(action: "list")
121            }
122
123            redirect(action: "show", id: studyInstance.id)
124        }
125    }
126
127    /**
128     * Gives the events for one eventgroup in JSON format
129     *
130     */
131    def events = {
132        def eventGroupId = Integer.parseInt( params.id );
133        def studyId      = Integer.parseInt( params.study );
134        def eventGroup;
135
136        // eventGroupId == -1 means that the orphaned events should be given
137        if( eventGroupId == -1 ) {
138            def studyInstance = Study.get( studyId )
139           
140            if (studyInstance == null) {
141                flash.message = "${message(code: 'default.not.found.message', args: [message(code: 'study.label', default: 'Study'), studyId])}"
142                redirect(action: "list");
143                return;
144            }
145
146            events = studyInstance.getOrphanEvents();
147        } else {
148            eventGroup = EventGroup.get(params.id)
149
150            if (eventGroup == null) {
151                flash.message = "${message(code: 'default.not.found.message', args: [message(code: 'eventgroup.label', default: 'Eventgroup'), params.id])}"
152                redirect(action: "list");
153                return;
154            }
155            events = eventGroup?.events;
156        }
157
158        // This parameter should give the startdate of the study in milliseconds
159        // since 1-1-1970
160        long startDate  = Long.parseLong( params.startDate )
161
162        // Create JSON object
163        def json = [ 'dateTimeFormat': 'iso8601', events: [] ];
164
165        // Add all other events
166        for( event in events ) {
167            def parameters = []
168            for( templateField in event.giveTemplateFields() ) {
169                def value = event.getFieldValue( templateField.name );
170                if( value ) {
171                    parameters << templateField.name + " = " + value;
172                }
173            }
174
175             json.events << [
176                'start':    new Date( startDate + event.startTime * 1000 ),
177                'end':      new Date( startDate + event.endTime * 1000 ),
178                'durationEvent': !event.isSamplingEvent(),
179                'title': event.template.name + " (" + parameters.join( ', ' ) + ")",
180                'description': parameters
181            ]
182        }
183        render json as JSON
184    }
185
186    /*def edit = {
187        def studyInstance = Study.get(params.id)
188        if (!studyInstance) {
189            flash.message = "${message(code: 'default.not.found.message', args: [message(code: 'study.label', default: 'Study'), params.id])}"
190            redirect(action: "list")
191        }
192        else {
193            return [studyInstance: studyInstance]
194        }
195    }
196
197    def update = {
198        def studyInstance = Study.get(params.id)
199        if (studyInstance) {
200            if (params.version) {
201                def version = params.version.toLong()
202                if (studyInstance.version > version) {
203                   
204                    studyInstance.errors.rejectValue("version", "default.optimistic.locking.failure", [message(code: 'study.label', default: 'Study')] as Object[], "Another user has updated this Study while you were editing")
205                    render(view: "edit", model: [studyInstance: studyInstance])
206                    return
207                }
208            }
209            studyInstance.properties = params
210            if (!studyInstance.hasErrors() && studyInstance.save(flush: true)) {
211                flash.message = "${message(code: 'default.updated.message', args: [message(code: 'study.label', default: 'Study'), studyInstance.id])}"
212                redirect(action: "show", id: studyInstance.id)
213            }
214            else {
215                render(view: "edit", model: [studyInstance: studyInstance])
216            }
217        }
218        else {
219            flash.message = "${message(code: 'default.not.found.message', args: [message(code: 'study.label', default: 'Study'), params.id])}"
220            redirect(action: "list")
221        }
222    }
223
224    def delete = {
225        def studyInstance = Study.get(params.id)
226        if (studyInstance) {
227            try {
228                studyInstance.delete(flush: true)
229                flash.message = "${message(code: 'default.deleted.message', args: [message(code: 'study.label', default: 'Study'), params.id])}"
230                redirect(action: "list")
231            }
232            catch (org.springframework.dao.DataIntegrityViolationException e) {
233                flash.message = "${message(code: 'default.not.deleted.message', args: [message(code: 'study.label', default: 'Study'), params.id])}"
234                redirect(action: "show", id: params.id)
235            }
236        }
237        else {
238            flash.message = "${message(code: 'default.not.found.message', args: [message(code: 'study.label', default: 'Study'), params.id])}"
239            redirect(action: "list")
240        }
241    }*/
242}
Note: See TracBrowser for help on using the browser.