Changeset 2161


Ignore:
Timestamp:
Dec 9, 2013, 10:06:03 AM (7 years ago)
Author:
Nicklas Nordborg
Message:

References #528: Restrict access to some registation wizards

Added permission checks in the POST method of servlets to make sure that users can't circomvent the client-side permission checked (which is not too difficult).

Location:
extensions/net.sf.basedb.reggie/trunk/src/net/sf/basedb/reggie
Files:
15 edited

Legend:

Unmodified
Added
Removed
  • extensions/net.sf.basedb.reggie/trunk/src/net/sf/basedb/reggie/dao/ReggieRole.java

    r2157 r2161  
    1414import net.sf.basedb.core.ItemQuery;
    1515import net.sf.basedb.core.Nameable;
     16import net.sf.basedb.core.Permission;
     17import net.sf.basedb.core.PermissionDeniedException;
    1618import net.sf.basedb.core.Role;
     19import net.sf.basedb.core.SystemItems;
    1720import net.sf.basedb.core.Type;
     21import net.sf.basedb.core.User;
    1822import net.sf.basedb.core.query.Expressions;
    1923import net.sf.basedb.core.query.Hql;
     
    9094  }
    9195 
     96  /**
     97    Check if the current user is a member of at least one of the given roles.
     98    If {@link ReggieRole#ADMINISTRATOR} is in the list, the method also check
     99    if the user is the ROOT user or not. If the user is not member of any
     100    of the roles a PermissionDeniedException is thrown.
     101   
     102    @param dc An active DbControl
     103    @param message A message that is used if the user is not a member:
     104      Permission denied: Not allowed to use <message>
     105    @param roles A list with the roles to check
     106   
     107  */
     108  public static void checkPermission(DbControl dc, String message, ReggieRole... roles)
     109  {
     110    for (ReggieRole role : roles)
     111    {
     112      if (role.isMember(dc)) return;
     113      if (role == ReggieRole.ADMINISTRATOR)
     114      {
     115        boolean isRoot = dc.getSessionControl().getLoggedInUserId() == SystemItems.getId(User.ROOT);
     116        if (isRoot) return;
     117      }
     118    }
     119    throw new PermissionDeniedException(Permission.USE, message);
     120  }
     121   
    92122  private final String name;
    93123  private final Item actualType;
  • extensions/net.sf.basedb.reggie/trunk/src/net/sf/basedb/reggie/servlet/BloodFollowUpRegistrationServlet.java

    r2082 r2161  
    3737import net.sf.basedb.reggie.dao.Consent;
    3838import net.sf.basedb.reggie.dao.Patient;
     39import net.sf.basedb.reggie.dao.ReggieRole;
    3940import net.sf.basedb.reggie.dao.Subtype;
    4041import net.sf.basedb.util.Values;
     
    538539      if ("CreateBlood".equals(cmd))
    539540      {
     541        dc = sc.newDbControl();
     542
     543        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.PATIENT_CURATOR, ReggieRole.ADMINISTRATOR);
     544
    540545        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());
    541546        JSONObject jsonPat = (JSONObject)jsonReq.get("patientInfo");
    542547        JSONObject jsonBlood = (JSONObject)jsonReq.get("bloodInfo");
    543548       
    544         dc = sc.newDbControl();
    545549        BioSource patient = getOrCreatePatient(dc, jsonPat, jsonMessages);
    546550                 
     
    592596      else if ("UpdateBlood".equals(cmd))
    593597      {
     598        dc = sc.newDbControl();
     599
     600        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.PATIENT_CURATOR, ReggieRole.ADMINISTRATOR);
     601
    594602        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());
    595603        JSONObject jsonBlood = (JSONObject)jsonReq.get("bloodInfo");
    596         dc = sc.newDbControl();
    597604       
    598605        Number bloodId = (Number)jsonBlood.get("id");
  • extensions/net.sf.basedb.reggie/trunk/src/net/sf/basedb/reggie/servlet/BloodRegistrationServlet.java

    r1788 r2161  
    2828import net.sf.basedb.reggie.dao.Consent;
    2929import net.sf.basedb.reggie.dao.Patient;
     30import net.sf.basedb.reggie.dao.ReggieRole;
    3031import net.sf.basedb.reggie.dao.Subtype;
    3132import net.sf.basedb.util.Values;
     
    184185      if ("CreateBlood".equals(cmd))
    185186      {
     187        dc = sc.newDbControl();
     188
     189        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.PATIENT_CURATOR, ReggieRole.ADMINISTRATOR);
     190
    186191        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());
    187192        JSONObject jsonPat = (JSONObject)jsonReq.get("patientInfo");
    188193        JSONObject jsonBlood = (JSONObject)jsonReq.get("bloodInfo");
    189194       
    190         dc = sc.newDbControl();
    191195        BioSource patient = getOrCreatePatient(dc, jsonPat, jsonMessages);
    192196                 
     
    236240      else if ("UpdateBlood".equals(cmd))
    237241      {
     242        dc = sc.newDbControl();
     243
     244        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.PATIENT_CURATOR, ReggieRole.ADMINISTRATOR);
     245
    238246        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());
    239247        JSONObject jsonBlood = (JSONObject)jsonReq.get("bloodInfo");
    240         dc = sc.newDbControl();
    241248       
    242249        Number bloodId = (Number)jsonBlood.get("id");
  • extensions/net.sf.basedb.reggie/trunk/src/net/sf/basedb/reggie/servlet/ConsentFormServlet.java

    r1623 r2161  
    2727import net.sf.basedb.reggie.dao.Consent;
    2828import net.sf.basedb.reggie.dao.Patient;
     29import net.sf.basedb.reggie.dao.ReggieRole;
    2930import net.sf.basedb.reggie.dao.SpecimenTube;
    3031import net.sf.basedb.reggie.dao.Subtype;
     
    200201      if ("RegisterConsent".equals(cmd))
    201202      {
     203        dc = sc.newDbControl();
     204
     205        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.PATIENT_CURATOR, ReggieRole.ADMINISTRATOR);
     206
    202207        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());
    203208        JSONObject jsonConsent = (JSONObject)jsonReq.get("consentInfo");
    204209       
    205         dc = sc.newDbControl();
    206 
    207210        String caseName = (String)jsonConsent.get("caseName");
    208211        String consent = Values.getStringOrNull((String)jsonConsent.get("consent"));
  • extensions/net.sf.basedb.reggie/trunk/src/net/sf/basedb/reggie/servlet/ExportServlet.java

    r1958 r2161  
    3232import net.sf.basedb.reggie.Site;
    3333import net.sf.basedb.reggie.dao.Annotationtype;
     34import net.sf.basedb.reggie.dao.ReggieRole;
    3435import net.sf.basedb.reggie.dao.Subtype;
    3536import net.sf.basedb.util.EqualsHelper;
     
    6263      if ("ExportMonthlyOpList".equals(cmd) || "ExportINCA".equals(cmd))
    6364      {
     65        dc = sc.newDbControl();
     66
     67        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.PATIENT_CURATOR, ReggieRole.ADMINISTRATOR);
     68
    6469        boolean exportSubtype = Values.getBoolean(req.getParameter("exportSubtype"));
    6570        boolean exportPatientId = Values.getBoolean(req.getParameter("exportPatientId"));
     
    9196        Date end = time.getTime();
    9297       
    93         dc = sc.newDbControl();
    94 
    9598        // Load sample items...
    9699        ItemQuery<Sample> specimenQuery = Sample.getQuery();
  • extensions/net.sf.basedb.reggie/trunk/src/net/sf/basedb/reggie/servlet/ExtractionServlet.java

    r2095 r2161  
    3131import net.sf.basedb.reggie.dao.Annotationtype;
    3232import net.sf.basedb.reggie.dao.Lysate;
     33import net.sf.basedb.reggie.dao.ReggieRole;
    3334import net.sf.basedb.reggie.dao.StoragePlate;
    3435import net.sf.basedb.reggie.dao.Subtype;
     
    228229      {
    229230        dc = sc.newDbControl();
     231       
     232        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.SAMPLE_PREP, ReggieRole.ADMINISTRATOR);
    230233       
    231234        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());
  • extensions/net.sf.basedb.reggie/trunk/src/net/sf/basedb/reggie/servlet/FlowCellServlet.java

    r2112 r2161  
    4545import net.sf.basedb.reggie.dao.PooledLibrary;
    4646import net.sf.basedb.reggie.dao.ReactionPlate;
     47import net.sf.basedb.reggie.dao.ReggieRole;
    4748import net.sf.basedb.reggie.dao.SequencingRun;
    4849import net.sf.basedb.reggie.dao.Subtype;
     
    260261      if ("CreateFlowCells".equals(cmd))
    261262      {
     263        dc = sc.newDbControl();
     264
     265        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.LIBRARY_PREP, ReggieRole.ADMINISTRATOR);
     266
    262267        // Create FlowCells and add pools to them
    263268        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());
     
    269274        // Sequence string is concatenated: read1-index-read2
    270275        String sequencingCycles = read1 + "-" + indexRead + "-" + read2;
    271            
    272         dc = sc.newDbControl();
     276       
    273277        ItemSubtype flowCellType = Subtype.FLOW_CELL.load(dc);
    274278        ItemSubtype poolAliquotType = Subtype.POOLED_LIBRARY_ALIQUOT.load(dc);
     
    357361      else if ("RegisterFlowCells".equals(cmd))
    358362      {
     363        dc = sc.newDbControl();
     364
     365        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.LIBRARY_PREP, ReggieRole.ADMINISTRATOR);
     366
    359367        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());
    360         dc = sc.newDbControl();
    361 
    362368        JSONArray jsonFlowCells = (JSONArray)jsonReq.get("flowCells");
    363369        boolean failed = Boolean.TRUE.equals(jsonReq.get("failed"));
  • extensions/net.sf.basedb.reggie/trunk/src/net/sf/basedb/reggie/servlet/HistologyServlet.java

    r2134 r2161  
    4848import net.sf.basedb.reggie.dao.Histology;
    4949import net.sf.basedb.reggie.dao.ReactionPlate;
     50import net.sf.basedb.reggie.dao.ReggieRole;
    5051import net.sf.basedb.reggie.dao.Subtype;
    5152import net.sf.basedb.util.NameableComparator;
     
    481482      if ("CreateWorkList".equals(cmd))
    482483      {
     484        dc = sc.newDbControl();
     485
     486        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.HISTOLOGY, ReggieRole.ADMINISTRATOR);
     487
    483488        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());
    484489        JSONArray jsonHistology = (JSONArray)jsonReq.get("histology");
    485        
    486         dc = sc.newDbControl();
    487        
     490               
    488491        BioMaterialList workList = BioMaterialList.getNew(dc, Item.SAMPLE);
    489492        workList.setExternalId(Histology.WORK_LIST_ID_PREFIX);
     
    529532      else if ("MoveHistologySamplesToParaffinBlocks".equals(cmd))
    530533      {
     534        dc = sc.newDbControl();
     535
     536        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.HISTOLOGY, ReggieRole.ADMINISTRATOR);
     537
    531538        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());
    532539        JSONArray jsonBlocks = (JSONArray)jsonReq.get("blocks");
     
    536543        Number protocolId = (Number)jsonReq.get("protocolId");
    537544        String storageBox = null;
    538        
    539         dc = sc.newDbControl();
    540545       
    541546        BioMaterialList workList = BioMaterialList.getById(dc, workListId.intValue());
     
    635640      else if ("RegisterHEGlass".equals(cmd))
    636641      {
     642        dc = sc.newDbControl();
     643
     644        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.HISTOLOGY, ReggieRole.ADMINISTRATOR);
    637645        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());
    638646        JSONObject jsonPlate = (JSONObject)jsonReq.get("paraffinBlock");
    639647        JSONArray jsonWells = (JSONArray)jsonPlate.get("bioWells");
    640648        JSONArray jsonHeGlass = (JSONArray)jsonPlate.get("heGlass");
    641         dc = sc.newDbControl();
    642649
    643650        Number plateId = (Number)jsonPlate.get("id");
     
    776783      else if ("SaveHeScore".equals(cmd))
    777784      {
     785        dc = sc.newDbControl();
     786
     787        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.HISTOLOGY, ReggieRole.ADMINISTRATOR);
     788
    778789        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());
    779790        JSONArray jsonSamples = (JSONArray)jsonReq.get("samples");
    780791        JSONArray jsonHeGlass = (JSONArray)jsonReq.get("heGlass");
    781         dc = sc.newDbControl();
    782792
    783793        // Update scores on samples
  • extensions/net.sf.basedb.reggie/trunk/src/net/sf/basedb/reggie/servlet/LibPrepServlet.java

    r2002 r2161  
    33import java.io.IOException;
    44import java.io.Writer;
    5 
    65import java.text.SimpleDateFormat;
    76import java.util.Date;
     
    1918import org.json.simple.JSONObject;
    2019import org.json.simple.parser.JSONParser;
     20
    2121
    2222
     
    6161import net.sf.basedb.reggie.dao.Library;
    6262import net.sf.basedb.reggie.dao.ReactionPlate;
     63import net.sf.basedb.reggie.dao.ReggieRole;
    6364import net.sf.basedb.reggie.dao.Rna;
    6465import net.sf.basedb.reggie.dao.Subtype;
     
    397398      if ("CreateBarcodedLibraries".equals(cmd))
    398399      {
     400        dc = sc.newDbControl();
     401
     402        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.LIBRARY_PREP, ReggieRole.ADMINISTRATOR);
     403
    399404        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());
    400405        JSONObject jsonPlate = (JSONObject)jsonReq.get("bioplate");
    401406        JSONArray jsonWells = (JSONArray)jsonPlate.get("wells");
    402        
    403         dc = sc.newDbControl();
    404407       
    405408        // Load the CDNA bioplate and store comments and annotations
     
    486489      else if ("ImportLibPrepQcResults".equals(cmd))
    487490      {
     491        dc = sc.newDbControl();
     492
     493        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.LIBRARY_PREP, ReggieRole.ADMINISTRATOR);
     494
    488495        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());
    489496        Number bioPlateId = (Number)jsonReq.get("bioplate");
    490497        Number pdfId = (Number)jsonReq.get("qcPdf");
    491498        Date qcDate = Reggie.CONVERTER_STRING_TO_DATE.convert((String)jsonReq.get("qcDate"));
    492        
    493         dc = sc.newDbControl();
    494        
     499               
    495500        BioPlate libPlate = BioPlate.getById(dc, bioPlateId.intValue());
    496501
     
    514519      else if ("ImportLibPrepResults".equals(cmd))
    515520      {
     521        dc = sc.newDbControl();
     522
     523        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.LIBRARY_PREP, ReggieRole.ADMINISTRATOR);
     524
    516525        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());
    517526        Number bioPlateId = (Number)jsonReq.get("bioplate");
     
    524533        Number pdfId = (Number)jsonReq.get("caliperPdf");
    525534       
    526         dc = sc.newDbControl();
    527535        BioPlate libPlate = BioPlate.getById(dc, bioPlateId.intValue());
    528536
  • extensions/net.sf.basedb.reggie/trunk/src/net/sf/basedb/reggie/servlet/MRnaServlet.java

    r2143 r2161  
    5252import net.sf.basedb.reggie.dao.MRna;
    5353import net.sf.basedb.reggie.dao.ReactionPlate;
     54import net.sf.basedb.reggie.dao.ReggieRole;
    5455import net.sf.basedb.reggie.dao.Rna;
    5556import net.sf.basedb.reggie.dao.Subtype;
     
    452453      else if ("CreateMRnaPlate".equals(cmd))
    453454      {
     455        dc = sc.newDbControl();
     456
     457        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.LIBRARY_PLATE_DESIGNER, ReggieRole.ADMINISTRATOR);
     458
    454459        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());
    455460        JSONObject jsonPlate = (JSONObject)jsonReq.get("bioplate");
     
    458463        String plateName = (String)jsonPlate.get("name");
    459464        JSONArray jsonWells = (JSONArray)jsonPlate.get("wells");
    460        
    461         dc = sc.newDbControl();
    462        
     465               
    463466        PlateGeometry geometry = BioplateType.MRNA.getPlateGeometry(dc);
    464467        BioPlateType plateType = BioplateType.MRNA.load(dc);
     
    556559      else if ("ImportMRnaQCResults".equals(cmd))
    557560      {
     561        dc = sc.newDbControl();
     562
     563        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.LIBRARY_PREP, ReggieRole.ADMINISTRATOR);
     564
    558565        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());
    559566       
     
    563570        boolean failed = Boolean.TRUE.equals(jsonReq.get("failed"));
    564571
    565         dc = sc.newDbControl();
    566        
    567572        // Load mRNA plate and the creation event
    568573        ReactionPlate mrnaReactionPlate = ReactionPlate.getById(dc, bioPlateId.intValue(), BioplateType.MRNA);
     
    701706      else if ("ImportCDnaResults".equals(cmd))
    702707      {
     708        dc = sc.newDbControl();
     709
     710        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.LIBRARY_PREP, ReggieRole.ADMINISTRATOR);
     711
    703712        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());
    704713       
     
    707716        boolean failed = Boolean.TRUE.equals(jsonReq.get("failed"));
    708717
    709         dc = sc.newDbControl();
    710        
    711718        // Load cDNA plate and the creation event
    712719        ReactionPlate cdnaReactionPlate = ReactionPlate.getById(dc, bioPlateId.intValue(), BioplateType.CDNA);
  • extensions/net.sf.basedb.reggie/trunk/src/net/sf/basedb/reggie/servlet/PartitionRegistrationServlet.java

    r1983 r2161  
    2929import net.sf.basedb.reggie.converter.StringToDateConverter;
    3030import net.sf.basedb.reggie.dao.Annotationtype;
     31import net.sf.basedb.reggie.dao.ReggieRole;
    3132import net.sf.basedb.reggie.dao.SpecimenTube;
    3233import net.sf.basedb.reggie.dao.Subtype;
     
    166167      {
    167168        dc = sc.newDbControl();
     169
     170        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.SAMPLE_PREP, ReggieRole.ADMINISTRATOR);
     171
    168172        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());       
    169173        JSONObject jsonInfo = (JSONObject)jsonReq.get("tubeInfo");       
  • extensions/net.sf.basedb.reggie/trunk/src/net/sf/basedb/reggie/servlet/PersonalRegistrationServlet.java

    r2037 r2161  
    3838import net.sf.basedb.reggie.dao.NoSpecimen;
    3939import net.sf.basedb.reggie.dao.Patient;
     40import net.sf.basedb.reggie.dao.ReggieRole;
    4041import net.sf.basedb.reggie.dao.SpecimenTube;
    4142import net.sf.basedb.reggie.dao.Subtype;
     
    323324      if ("CreateCase".equals(cmd))
    324325      {
     326        dc = sc.newDbControl();
     327
     328        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.PATIENT_CURATOR, ReggieRole.ADMINISTRATOR);
     329
    325330        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());
    326331        JSONObject jsonPat = (JSONObject)jsonReq.get("patientInfo");
    327332        JSONObject jsonCase = (JSONObject)jsonReq.get("caseInfo");
    328333       
    329         dc = sc.newDbControl();
    330334        BioSource patient = getOrCreatePatient(dc, jsonPat, jsonMessages);
    331335       
     
    460464      else if ("UpdateCase".equals(cmd))
    461465      {
     466        dc = sc.newDbControl();
     467
     468        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.PATIENT_CURATOR, ReggieRole.ADMINISTRATOR);
     469
    462470        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());
    463471        JSONObject jsonCase = (JSONObject)jsonReq.get("caseInfo");
    464472        JSONObject jsonPat = (JSONObject)jsonReq.get("patientInfo");
    465         dc = sc.newDbControl();
    466473       
    467474        BioSource patient = getOrCreatePatient(dc, jsonPat, jsonMessages);
  • extensions/net.sf.basedb.reggie/trunk/src/net/sf/basedb/reggie/servlet/PoolServlet.java

    r2141 r2161  
    1414import org.json.simple.JSONObject;
    1515import org.json.simple.parser.JSONParser;
     16
    1617
    1718
     
    4748import net.sf.basedb.reggie.dao.PooledLibrary;
    4849import net.sf.basedb.reggie.dao.ReactionPlate;
     50import net.sf.basedb.reggie.dao.ReggieRole;
    4951import net.sf.basedb.reggie.dao.Rna;
    5052import net.sf.basedb.reggie.dao.Subtype;
     
    374376      if ("CreatePools".equals(cmd))
    375377      {
     378        dc = sc.newDbControl();
     379
     380        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.LIBRARY_PREP, ReggieRole.ADMINISTRATOR);
     381
    376382        // Create PooledLibrary items from a Library bioplate
    377383        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());
     
    382388        String mixingStrategy = (String)jsonReq.get("mixingStrategy");
    383389       
    384         dc = sc.newDbControl();
    385390        ItemSubtype pooledLibraryType = Subtype.POOLED_LIBRARY.load(dc);
    386391        ItemSubtype libraryType = Subtype.LIBRARY.load(dc);
     
    559564      else if ("RegisterPooledLibraries".equals(cmd))
    560565      {
     566        dc = sc.newDbControl();
     567
     568        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.LIBRARY_PREP, ReggieRole.ADMINISTRATOR);
     569
    561570        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());
    562         dc = sc.newDbControl();
    563571       
    564572        Number poolProtocolId = (Number)jsonReq.get("poolProtocol");
  • extensions/net.sf.basedb.reggie/trunk/src/net/sf/basedb/reggie/servlet/RnaQcServlet.java

    r1983 r2161  
    4646import net.sf.basedb.reggie.dao.BioplateType;
    4747import net.sf.basedb.reggie.dao.ReactionPlate;
     48import net.sf.basedb.reggie.dao.ReggieRole;
    4849import net.sf.basedb.reggie.dao.Rna;
    4950import net.sf.basedb.reggie.dao.Subtype;
     
    324325      if ("PlaceRnaQcAliquots".equals(cmd))
    325326      {
     327        dc = sc.newDbControl();
     328
     329        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.SAMPLE_PREP, ReggieRole.ADMINISTRATOR);
     330
    326331        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());
    327332        JSONArray jsonRnaQcExtracts = (JSONArray)jsonReq.get("rnaQcExtracts");
    328333        JSONObject jsonPlate = (JSONObject)jsonReq.get("bioplate");
    329334        JSONObject jsonProtocol = (JSONObject)jsonReq.get("protocol");
    330        
    331         dc = sc.newDbControl();
    332        
     335           
    333336        AnnotationType qcHiSenseType = Annotationtype.QC_HISENSE.load(dc);
    334337       
     
    448451      else if ("ImportCaliperResults".equals(cmd))
    449452      {
     453        dc = sc.newDbControl();
     454
     455        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.SAMPLE_PREP, ReggieRole.ADMINISTRATOR);
     456
    450457        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());
    451458
     
    455462        Number pdfId = (Number)jsonReq.get("pdf");
    456463       
    457         dc = sc.newDbControl();
    458464        AnnotationType rqs = Annotationtype.CA_RQS.load(dc);
    459465       
  • extensions/net.sf.basedb.reggie/trunk/src/net/sf/basedb/reggie/servlet/SpecimenTubeServlet.java

    r2159 r2161  
    3030import net.sf.basedb.reggie.dao.Case;
    3131import net.sf.basedb.reggie.dao.NoSpecimen;
     32import net.sf.basedb.reggie.dao.ReggieRole;
    3233import net.sf.basedb.reggie.dao.SpecimenTube;
    3334import net.sf.basedb.reggie.dao.Subtype;
     
    259260    final SessionControl sc = Application.getSessionControl(ID, req.getRemoteAddr());
    260261    DbControl dc = null;
    261        
     262   
    262263    try
    263264    {
     
    265266      {
    266267        dc = sc.newDbControl();
     268       
     269        ReggieRole.checkPermission(dc, "'" + cmd + "' wizard", ReggieRole.SAMPLE_PREP, ReggieRole.ADMINISTRATOR);
     270       
    267271        JSONObject jsonReq = (JSONObject)new JSONParser().parse(req.getReader());       
    268272        JSONObject jsonCase = (JSONObject)jsonReq.get("caseInfo");
Note: See TracChangeset for help on using the changeset viewer.