From 9ad34bc742056eb93453cdad213187f1bd1511d4 Mon Sep 17 00:00:00 2001
From: srosse <stephane.rosse@frentix.com>
Date: Thu, 20 Jun 2019 17:34:11 +0200
Subject: [PATCH] OO-4058: principal have only read-only views on curriculums

---
 .../curriculum/manager/CurriculumDAO.java     | 24 ++++++++++++--
 .../model/CurriculumSearchParameters.java     | 17 +++++++---
 .../ui/CurriculumListManagerController.java   | 32 ++++++++++++++++---
 3 files changed, 62 insertions(+), 11 deletions(-)

diff --git a/src/main/java/org/olat/modules/curriculum/manager/CurriculumDAO.java b/src/main/java/org/olat/modules/curriculum/manager/CurriculumDAO.java
index 18ee11229e3..75960f18f01 100644
--- a/src/main/java/org/olat/modules/curriculum/manager/CurriculumDAO.java
+++ b/src/main/java/org/olat/modules/curriculum/manager/CurriculumDAO.java
@@ -252,11 +252,14 @@ public class CurriculumDAO {
 			sb.append(")");	
 		}
 		
-		if(params.getElementOwner() != null || params.getCurriculumAdmin() != null) {
+		if(params.getElementOwner() != null || params.getCurriculumAdmin() != null || params.getCurriculumPrincipal() != null) {
 			sb.and()
 			  .append("(");
+			
+			boolean needOr = false;
 		
 			if(params.getElementOwner() != null) {
+				needOr = true;
 				sb.append("exists (select courseCurEl.key from curriculumelement as courseCurEl")
 				  .append(" inner join repoentrytogroup as curRelGroup on (courseCurEl.group.key=curRelGroup.group.key)")
 				  .append(" inner join repoentrytogroup as courseRelGroup on (courseRelGroup.entry.key=curRelGroup.entry.key)")
@@ -273,13 +276,25 @@ public class CurriculumDAO {
 			}
 			
 			if(params.getCurriculumAdmin() != null) {
-				if(params.getElementOwner() != null) {
+				if(needOr) {
 					sb.append(" or ");
 				}
+				needOr = true;
 				sb.append("exists (select membership.key from bgroupmember as membership")
 				  .append("  where membership.identity.key=:managerKey")
 				  .append("  and (membership.group.key=baseGroup.key or membership.group.key=organis.group.key)")
-				  .append("  and role ").in(CurriculumRoles.curriculumowner, CurriculumRoles.curriculummanager, OrganisationRoles.administrator, OrganisationRoles.principal)
+				  .append("  and role ").in(CurriculumRoles.curriculumowner, CurriculumRoles.curriculummanager, OrganisationRoles.administrator)
+				  .append(")");
+			}
+			
+			if(params.getCurriculumPrincipal() != null) {
+				if(needOr) {
+					sb.append(" or ");
+				}
+				sb.append("exists (select membership.key from bgroupmember as membership")
+				  .append("  where membership.identity.key=:principalKey")
+				  .append("  and (membership.group.key=baseGroup.key or membership.group.key=organis.group.key)")
+				  .append("  and role ").in(OrganisationRoles.principal)
 				  .append(")");
 			}
 			
@@ -305,6 +320,9 @@ public class CurriculumDAO {
 		if(params.getCurriculumAdmin() != null) {
 			query.setParameter("managerKey", params.getCurriculumAdmin().getKey());
 		}
+		if(params.getCurriculumPrincipal() != null) {
+			query.setParameter("principalKey", params.getCurriculumPrincipal().getKey());
+		}
 		if(params.getElementOwner() != null) {
 			query.setParameter("ownerKey", params.getElementOwner().getKey());
 		}
diff --git a/src/main/java/org/olat/modules/curriculum/model/CurriculumSearchParameters.java b/src/main/java/org/olat/modules/curriculum/model/CurriculumSearchParameters.java
index fc44967fc02..fe5cb89aacf 100644
--- a/src/main/java/org/olat/modules/curriculum/model/CurriculumSearchParameters.java
+++ b/src/main/java/org/olat/modules/curriculum/model/CurriculumSearchParameters.java
@@ -36,6 +36,7 @@ public class CurriculumSearchParameters {
 	private String searchString;
 	private Identity elementOwner;
 	private Identity managerIdentity;
+	private Identity principalIdentity;
 	private List<? extends OrganisationRef> organisations;
 
 	public List<? extends OrganisationRef> getOrganisations() {
@@ -66,8 +67,16 @@ public class CurriculumSearchParameters {
 	 * 
 	 * @param managerIdentity
 	 */
-	public void setCurriculumAdmin(Identity managerIdentity) {
-		this.managerIdentity = managerIdentity;
+	public void setCurriculumAdmin(Identity identity) {
+		managerIdentity = identity;
+	}
+	
+	public Identity getCurriculumPrincipal() {
+		return principalIdentity;
+	}
+	
+	public void setCurriculumPrincipal(Identity identity) {
+		principalIdentity = identity;
 	}
 
 	public Identity getElementOwner() {
@@ -79,7 +88,7 @@ public class CurriculumSearchParameters {
 	 * 
 	 * @param elementOwner
 	 */
-	public void setElementOwner(Identity elementOwner) {
-		this.elementOwner = elementOwner;
+	public void setElementOwner(Identity identity) {
+		elementOwner = identity;
 	}
 }
diff --git a/src/main/java/org/olat/modules/curriculum/ui/CurriculumListManagerController.java b/src/main/java/org/olat/modules/curriculum/ui/CurriculumListManagerController.java
index 4e2279dabdd..db23654fe26 100644
--- a/src/main/java/org/olat/modules/curriculum/ui/CurriculumListManagerController.java
+++ b/src/main/java/org/olat/modules/curriculum/ui/CurriculumListManagerController.java
@@ -20,7 +20,9 @@
 package org.olat.modules.curriculum.ui;
 
 import java.util.ArrayList;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 import java.util.stream.Collectors;
 
 import org.olat.core.gui.UserRequest;
@@ -52,6 +54,7 @@ import org.olat.core.gui.control.controller.BasicController;
 import org.olat.core.gui.control.generic.closablewrapper.CloseableCalloutWindowController;
 import org.olat.core.gui.control.generic.closablewrapper.CloseableModalController;
 import org.olat.core.gui.control.generic.dtabs.Activateable2;
+import org.olat.core.id.Roles;
 import org.olat.core.id.context.ContextEntry;
 import org.olat.core.id.context.StateEntry;
 import org.olat.core.util.resource.OresHelper;
@@ -89,6 +92,7 @@ public class CurriculumListManagerController extends FormBasicController impleme
 	private CloseableCalloutWindowController toolsCalloutCtrl;
 	
 	private int counter = 0;
+	private final Roles roles;
 	private final CurriculumSecurityCallback secCallback;
 
 	@Autowired
@@ -99,6 +103,7 @@ public class CurriculumListManagerController extends FormBasicController impleme
 		super(ureq, wControl, "manage_curriculum");
 		this.toolbarPanel = toolbarPanel;
 		this.secCallback = secCallback;
+		roles = ureq.getUserSession().getRoles();
 		toolbarPanel.addListener(this);
 
 		initForm(ureq);
@@ -143,12 +148,29 @@ public class CurriculumListManagerController extends FormBasicController impleme
 	}
 	
 	private void loadModel(String searchString, boolean reset) {
+		
+		// curriculum owners, curriculum manages and administrators can edit curriculums
+		// principals can only view them
 		CurriculumSearchParameters managerParams = new CurriculumSearchParameters();
 		managerParams.setSearchString(searchString);
 		managerParams.setCurriculumAdmin(getIdentity());
 		List<CurriculumInfos> managerCurriculums = curriculumService.getCurriculumsWithInfos(managerParams);
 		List<CurriculumRow> rows = managerCurriculums.stream()
-				.map(this::forgeManagedRow).collect(Collectors.toList());
+				.map(cur -> forgeManagedRow(cur, true)).collect(Collectors.toList());
+		Set<CurriculumRow> deduplicateRows = new HashSet<>(rows);
+		
+		if(roles.isPrincipal()) {
+			CurriculumSearchParameters principalParams = new CurriculumSearchParameters();
+			principalParams.setSearchString(searchString);
+			principalParams.setCurriculumPrincipal(getIdentity());
+			List<CurriculumInfos> principalsCurriculums = curriculumService.getCurriculumsWithInfos(principalParams);
+			List<CurriculumRow> principalsRows = principalsCurriculums.stream()
+					.map(cur -> forgeManagedRow(cur, false))
+					.filter(row -> !deduplicateRows.contains(row))
+					.collect(Collectors.toList());
+			rows.addAll(principalsRows);
+			deduplicateRows.addAll(principalsRows);
+		}
 		
 		CurriculumSearchParameters ownerParams = new CurriculumSearchParameters();
 		ownerParams.setSearchString(searchString);
@@ -156,7 +178,9 @@ public class CurriculumListManagerController extends FormBasicController impleme
 		List<CurriculumInfos> reOwnersCurriculums = curriculumService.getCurriculumsWithInfos(ownerParams);
 		List<CurriculumRow> reOwnerRows = reOwnersCurriculums.stream()
 				.filter(c -> !managerCurriculums.contains(c))
-				.map(CurriculumRow::new).collect(Collectors.toList());
+				.map(CurriculumRow::new)
+				.filter(row -> !deduplicateRows.contains(row))
+				.collect(Collectors.toList());
 		
 		rows.addAll(reOwnerRows);
 		
@@ -170,10 +194,10 @@ public class CurriculumListManagerController extends FormBasicController impleme
 	 * @param curriculum The curriculum informations
 	 * @return A curriculum row
 	 */
-	private CurriculumRow forgeManagedRow(CurriculumInfos curriculum) {
+	private CurriculumRow forgeManagedRow(CurriculumInfos curriculum, boolean canManage) {
 		FormLink toolsLink = uifactory.addFormLink("tools_" + (++counter), "tools", "", null, null, Link.NONTRANSLATED);
 		toolsLink.setIconLeftCSS("o_icon o_icon_actions o_icon-lg");
-		CurriculumRow row = new CurriculumRow(curriculum, toolsLink, true);
+		CurriculumRow row = new CurriculumRow(curriculum, toolsLink, canManage);
 		toolsLink.setUserObject(row);
 		return row;
 	}
-- 
GitLab