XNAT-4215 Fixed bug with nonadmins not being able to add experiments for some projects.

5dd0ac04 · Mike McKay · a9c4624b · 5dd0ac04
Commit 5dd0ac04 authored 8 years ago by Mike McKay
--- a/src/main/java/org/nrg/xnat/restlet/projectResource/extensions/ProjectPermissionsFilter.java
+++ b/src/main/java/org/nrg/xnat/restlet/projectResource/extensions/ProjectPermissionsFilter.java
 package org.nrg.xnat.restlet.projectResource.extensions;
-import java.util.Hashtable;
 import org.nrg.xdat.security.helpers.Groups;
 import org.nrg.xft.XFTTable;
 import org.nrg.xnat.restlet.resources.ProjectResource;
@@ -10,6 +8,8 @@ import org.nrg.xnat.restlet.resources.SecureResource.FilteredResourceHandlerI;
 import org.restlet.resource.Representation;
 import org.restlet.resource.Variant;
+import java.util.Hashtable;
 @SuppressWarnings("unused")
 public class ProjectPermissionsFilter implements FilteredResourceHandlerI{
@@ -23,9 +23,9 @@ public class ProjectPermissionsFilter implements FilteredResourceHandlerI{
 		ProjectResource projResource=(ProjectResource)resource;
 		StringBuilder builder=new StringBuilder();
        if(Groups.isMember(resource.user,"ALL_DATA_ADMIN")){
-        	 builder.append(String.format("SELECT DISTINCT element_name FROM xdat_element_access xea JOIN xdat_field_mapping_set xfms ON xea.xdat_element_access_id=xfms.permissions_allow_set_xdat_elem_xdat_element_access_id JOIN xdat_field_mapping xfm ON xfms.xdat_field_mapping_set_id=xfm.xdat_field_mapping_set_xdat_field_mapping_set_id WHERE create_element=1 AND field_value='%1s' and field !=''", projResource.getProjectId()));
+        	 builder.append(String.format("SELECT DISTINCT element_name FROM xdat_element_access xea JOIN xdat_field_mapping_set xfms ON xea.xdat_element_access_id=xfms.permissions_allow_set_xdat_elem_xdat_element_access_id JOIN xdat_field_mapping xfm ON xfms.xdat_field_mapping_set_id=xfm.xdat_field_mapping_set_xdat_field_mapping_set_id WHERE create_element=1 AND field_value='%1$s' and field !=''", projResource.getProjectId()));
        }else{
-        	 builder.append(String.format("SELECT DISTINCT element_name FROM xdat_user_groupID map JOIN xdat_userGroup gp ON map.groupid=gp.id JOIN xdat_element_access xea ON gp.xdat_usergroup_id=xea.xdat_usergroup_xdat_usergroup_id JOIN xdat_field_mapping_set xfms ON xea.xdat_element_access_id=xfms.permissions_allow_set_xdat_elem_xdat_element_access_id JOIN xdat_field_mapping xfm ON xfms.xdat_field_mapping_set_id=xfm.xdat_field_mapping_set_xdat_field_mapping_set_id WHERE map.groups_groupid_xdat_user_xdat_user_id=%1s  AND create_element=1 AND field_value='%2s' and field !=''",resource.user.getID(),projResource.getProjectId()));
+        	 builder.append(String.format("SELECT DISTINCT element_name FROM xdat_user_groupID map JOIN xdat_userGroup gp ON map.groupid=gp.id JOIN xdat_element_access xea ON gp.xdat_usergroup_id=xea.xdat_usergroup_xdat_usergroup_id JOIN xdat_field_mapping_set xfms ON xea.xdat_element_access_id=xfms.permissions_allow_set_xdat_elem_xdat_element_access_id JOIN xdat_field_mapping xfm ON xfms.xdat_field_mapping_set_id=xfm.xdat_field_mapping_set_xdat_field_mapping_set_id WHERE map.groups_groupid_xdat_user_xdat_user_id=%1$s  AND create_element=1 AND field_value='%2$s' and field !=''",resource.user.getID(),projResource.getProjectId()));
        }
        return resource.representTable(XFTTable.Execute(builder.toString(), resource.user.getDBName(), resource.userName), resource.overrideVariant(variant), new Hashtable<String,Object>()) ;