Fixed project access requests. Fixed bug where unverified users were unable to...

Fixed project access requests. Fixed bug where unverified users were unable to log in even though require verification was set to false.

Fixed project access requests. Fixed bug where unverified users were unable to...
f9d60b53 · Mike McKay · 727c0b6c · f9d60b53 · f9d60b53
Commit f9d60b53 authored 8 years ago by Mike McKay
--- a/src/main/java/org/nrg/xnat/restlet/resources/PARList.java
+++ b/src/main/java/org/nrg/xnat/restlet/resources/PARList.java
@@ -10,15 +10,15 @@
 */
 package org.nrg.xnat.restlet.resources;

-import org.nrg.xdat.security.helpers.Roles;
 import org.nrg.xft.XFTTable;
 import org.restlet.Context;
-import org.restlet.data.MediaType;
 import org.restlet.data.Request;
 import org.restlet.data.Response;
 import org.restlet.data.Status;
 import org.restlet.resource.Representation;
 import org.restlet.resource.Variant;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;

 import java.util.Hashtable;

@@ -30,31 +30,27 @@ public class PARList extends SecureResource {
 	public PARList(Context context, Request request, Response response) {
 		super(context, request, response);
 		getVariants().addAll(STANDARD_VARIANTS);
-        if (!Roles.isSiteAdmin(user)) {
-            response.setStatus(Status.CLIENT_ERROR_FORBIDDEN, "Only administrators can access the list of project access requests.");
-        }
 	}

 	@Override
 	public Representation represent(Variant variant) {
-		XFTTable table = new XFTTable();
-		Hashtable<String, Object> params = new Hashtable<String, Object>();
+		Hashtable<String, Object> params = new Hashtable<>();
 		try {
-			table = XFTTable
-					.Execute(
-							"SELECT par.par_id,par.proj_id,par.level,par.create_date,u.login, u.firstname, u.lastname,p.secondary_id,p.name,p.id,SUBSTRING(p.description,0,300) as description,pi.firstname || ' ' || pi.lastname FROM xs_par_table par LEFT JOIN xnat_projectData p ON par.proj_id=p.id LEFT JOIN xnat_investigatordata pi ON p.pi_xnat_investigatordata_id=pi.xnat_investigatordata_id LEFT JOIN xdat_user u ON par.approver_id=u.xdat_user_id WHERE LOWER(par.email)='"
-									+ user.getEmail().toLowerCase()
-									+ "' AND approval_date IS NULL", user
-									.getDBName(), user.getLogin());
+			final XFTTable table = XFTTable.Execute(String.format(PAR_QUERY, user.getEmail().toLowerCase()), user.getDBName(), user.getLogin());
+
+			if (table != null) {
+				params.put("totalRecords", table.size());
+			}
+
+			return representTable(table, overrideVariant(variant), params);

 		} catch (Exception e) {
-			e.printStackTrace();
+			getResponse().setStatus(Status.SERVER_ERROR_INTERNAL, "An error occurred attempting to access the project invitations.");
+			_log.error("An error occurred attempting to access the project invitations for user " + user.getLogin(), e);
 		}

-		MediaType mt = overrideVariant(variant);
-
-		if (table != null)
-			params.put("totalRecords", table.size());
-		return representTable(table, mt, params);
+		return null;
 	}
-}
+	private static final Logger _log = LoggerFactory.getLogger(PARList.class);
+	private static final String PAR_QUERY = "SELECT par.par_id,par.proj_id,par.level,par.create_date,u.login, u.firstname, u.lastname,p.secondary_id,p.name,p.id,SUBSTRING(p.description,0,300) as description,pi.firstname || ' ' || pi.lastname FROM xs_par_table par LEFT JOIN xnat_projectData p ON par.proj_id=p.id LEFT JOIN xnat_investigatordata pi ON p.pi_xnat_investigatordata_id=pi.xnat_investigatordata_id LEFT JOIN xdat_user u ON par.approver_id=u.xdat_user_id WHERE LOWER(par.email)='%s' AND approval_date IS NULL";
+}
\ No newline at end of file
--- a/src/main/java/org/nrg/xnat/security/provider/XnatDatabaseAuthenticationProvider.java
+++ b/src/main/java/org/nrg/xnat/security/provider/XnatDatabaseAuthenticationProvider.java
@@ -10,6 +10,7 @@
 */
 package org.nrg.xnat.security.provider;

+import org.nrg.xdat.XDAT;
 import org.nrg.xdat.services.XdatUserAuthService;
 import org.nrg.xft.db.PoolDBUtils;
 import org.nrg.xft.security.UserI;
@@ -79,7 +80,7 @@ public class XnatDatabaseAuthenticationProvider extends DaoAuthenticationProvide
            throw new AuthenticationServiceException("User details class is not of a type I know how to handle: " + userDetails.getClass());
        }
        final UserI xdatUserDetails = (UserI) userDetails;
-        if ((_requireEmailVerification && !xdatUserDetails.isVerified() && xdatUserDetails.isEnabled()) || !xdatUserDetails.isAccountNonLocked()) {
+        if ((XDAT.verificationOn() && !xdatUserDetails.isVerified() && xdatUserDetails.isEnabled()) || !xdatUserDetails.isAccountNonLocked()) {
            throw new CredentialsExpiredException("Attempted login to unverified or locked account: " + xdatUserDetails.getUsername());
        }
        super.additionalAuthenticationChecks(userDetails, authentication);