SORMAS-Foundation#3136 add user right for sormas 2 sormas share

Author: lgal

sormas-api/src/main/java/de/symeda/sormas/api/i18n/Strings.java

@@ -172,6 +172,7 @@ public interface Strings {
 	String errorSormasToSormasDecrypt = "errorSormasToSormasDecrypt";
 	String errorSormasToSormasEncrypt = "errorSormasToSormasEncrypt";
 	String errorSormasToSormasInfrastructure = "errorSormasToSormasInfrastructure";
+	String errorSormasToSormasNotEditable = "errorSormasToSormasNotEditable";
 	String errorSormasToSormasResult = "errorSormasToSormasResult";
 	String errorSormasToSormasSend = "errorSormasToSormasSend";
 	String errorSormasToSormasServerAccess = "errorSormasToSormasServerAccess";

sormas-api/src/main/java/de/symeda/sormas/api/user/UserRight.java

@@ -1084,6 +1084,23 @@ public enum UserRight {
 			CONTACT_SUPERVISOR,
 			POE_SUPERVISOR,
 			LAB_USER
+	),
+	SORMAS_TO_SORMAS_SHARE(	
+			ADMIN,
+			NATIONAL_USER,
+			SURVEILLANCE_SUPERVISOR,
+			SURVEILLANCE_OFFICER,
+			CASE_SUPERVISOR,
+			CASE_OFFICER,
+			CONTACT_SUPERVISOR,
+			CONTACT_OFFICER,
+			EVENT_OFFICER,
+			NATIONAL_OBSERVER,
+			STATE_OBSERVER,
+			DISTRICT_OBSERVER,
+			NATIONAL_CLINICIAN,
+			POE_SUPERVISOR,
+			POE_NATIONAL_USER
 	);
 	//@formatter:on
 

sormas-api/src/main/resources/strings.properties

@@ -221,7 +221,7 @@ errorWasReported = The error was automatically reported to the support.
 errorInvalidValue = Invalid value
 errorCaseDuplicateDeletion = The duplicate case could not be deleted due to an internal error.
 errorCaseMerging = The cases could not be merged due to an internal error.
-errorSormasToSormasShare = The shared data could not be saved due to some errors.
+errorSormasToSormasShare = The data could not be shared due to some errors.
 errorSormasToSormasServerAccess = The selected health department is not configured. Please contact an admin and tell them about this issue.
 errorSormasToSormasSend = Unexpected error occurred while sharing. Please contact an admin and tell them about this issue.
 errorSormasToSormasConnection = Connection refused by the target health department.
@@ -230,6 +230,7 @@ errorSormasToSormasInfrastructure = Infrastructure data does not match. Unmatche
 errorSormasToSormasCertNotGenerated = Sormas to sormas certificate is not yet generated. Please contact an admin and tell them about this issue.
 errorSormasToSormasEncrypt = Could not encrypt the data. Please contact an admin and tell them about this issue.
 errorSormasToSormasDecrypt = Could not decrypt the shared data. Please contact an admin and tell them about this issue.
+errorSormasToSormasNotEditable = Readonly data can not be shared.
 
 # headings
 headingAccessDenied = Access denied

sormas-backend/src/main/java/de/symeda/sormas/backend/caze/CaseFacadeEjb.java

@@ -230,7 +230,6 @@
 import de.symeda.sormas.backend.sormastosormas.SormasToSormasFacadeEjb;
 import de.symeda.sormas.backend.sormastosormas.SormasToSormasFacadeEjb.SormasToSormasFacadeEjbLocal;
 import de.symeda.sormas.backend.sormastosormas.SormasToSormasShareInfo;
-import de.symeda.sormas.backend.sormastosormas.SormasToSormasShareInfoService;
 import de.symeda.sormas.backend.symptoms.Symptoms;
 import de.symeda.sormas.backend.symptoms.SymptomsFacadeEjb;
 import de.symeda.sormas.backend.symptoms.SymptomsFacadeEjb.SymptomsFacadeEjbLocal;
@@ -363,8 +362,6 @@ public class CaseFacadeEjb implements CaseFacade {
 	private CaseJurisdictionChecker caseJurisdictionChecker;
 	@EJB
 	private SormasToSormasFacadeEjbLocal sormasToSormasFacade;
-	@EJB
-	private SormasToSormasShareInfoService sormasToSormasShareInfoService;
 
 	@Override
 	public List<CaseDataDto> getAllActiveCasesAfter(Date date) {
@@ -3093,10 +3090,6 @@ public static class CaseFacadeEjbLocal extends CaseFacadeEjb {
 	public Boolean isCaseEditAllowed(String caseUuid) {
 		Case caze = caseService.getByUuid(caseUuid);
 
-		if (caze.getSormasToSormasOriginInfo() != null) {
-			return caze.getSormasToSormasOriginInfo().isOwnershipHandedOver();
-		}
-
-		return caseJurisdictionChecker.isInJurisdictionOrOwned(caze) && !sormasToSormasShareInfoService.isCaseOwnershipHandedOver(caze);
+		return caseService.isCaseEditAllowed(caze);
 	}
 }

sormas-backend/src/main/java/de/symeda/sormas/backend/caze/CaseService.java

@@ -100,6 +100,7 @@
 import de.symeda.sormas.backend.sample.Sample;
 import de.symeda.sormas.backend.sample.SampleJoins;
 import de.symeda.sormas.backend.sample.SampleService;
+import de.symeda.sormas.backend.sormastosormas.SormasToSormasShareInfoService;
 import de.symeda.sormas.backend.symptoms.Symptoms;
 import de.symeda.sormas.backend.task.Task;
 import de.symeda.sormas.backend.task.TaskService;
@@ -146,6 +147,11 @@ public class CaseService extends AbstractCoreAdoService<Case> {
 	@EJB
 	private DiseaseConfigurationFacadeEjb.DiseaseConfigurationFacadeEjbLocal diseaseConfigurationFacade;
 
+	@EJB
+	private CaseJurisdictionChecker caseJurisdictionChecker;
+	@EJB
+	private SormasToSormasShareInfoService sormasToSormasShareInfoService;
+
 	public CaseService() {
 		super(Case.class);
 	}
@@ -1135,4 +1141,12 @@ public void updateArchived(List<String> caseUuids, boolean archived) {
 
 		em.createQuery(cu).executeUpdate();
 	}
+
+	public boolean isCaseEditAllowed(Case caze) {
+		if (caze.getSormasToSormasOriginInfo() != null) {
+			return caze.getSormasToSormasOriginInfo().isOwnershipHandedOver();
+		}
+
+		return caseJurisdictionChecker.isInJurisdictionOrOwned(caze) && !sormasToSormasShareInfoService.isCaseOwnershipHandedOver(caze);
+	}
 }

sormas-backend/src/main/java/de/symeda/sormas/backend/contact/ContactFacadeEjb.java

@@ -141,7 +141,6 @@
 import de.symeda.sormas.backend.sormastosormas.SormasToSormasFacadeEjb;
 import de.symeda.sormas.backend.sormastosormas.SormasToSormasFacadeEjb.SormasToSormasFacadeEjbLocal;
 import de.symeda.sormas.backend.sormastosormas.SormasToSormasShareInfo;
-import de.symeda.sormas.backend.sormastosormas.SormasToSormasShareInfoService;
 import de.symeda.sormas.backend.symptoms.Symptoms;
 import de.symeda.sormas.backend.symptoms.SymptomsFacadeEjb;
 import de.symeda.sormas.backend.task.Task;
@@ -205,8 +204,6 @@ public class ContactFacadeEjb implements ContactFacade {
 	@EJB
 	private SormasToSormasFacadeEjbLocal sormasToSormasFacade;
 	@EJB
-	private SormasToSormasShareInfoService sormasToSormasShareInfoService;
-	@EJB
 	private FeatureConfigurationFacadeEjbLocal featureConfigurationFacade;
 
 	@Override
@@ -1444,10 +1441,6 @@ public static class ContactFacadeEjbLocal extends ContactFacadeEjb {
 	public boolean isContactEditAllowed(String contactUuid) {
 		Contact contact = contactService.getByUuid(contactUuid);
 
-		if (contact.getSormasToSormasOriginInfo() != null) {
-			return contact.getSormasToSormasOriginInfo().isOwnershipHandedOver();
-		}
-
-		return contactJurisdictionChecker.isInJurisdictionOrOwned(contact) && !sormasToSormasShareInfoService.isContactOwnershipHandedOver(contact);
+		return contactService.isContactEditAllowed(contact);
 	}
 }

sormas-backend/src/main/java/de/symeda/sormas/backend/contact/ContactService.java

@@ -81,6 +81,7 @@
 import de.symeda.sormas.backend.region.District;
 import de.symeda.sormas.backend.region.Region;
 import de.symeda.sormas.backend.sample.SampleService;
+import de.symeda.sormas.backend.sormastosormas.SormasToSormasShareInfoService;
 import de.symeda.sormas.backend.symptoms.Symptoms;
 import de.symeda.sormas.backend.task.Task;
 import de.symeda.sormas.backend.task.TaskService;
@@ -109,6 +110,11 @@ public class ContactService extends AbstractCoreAdoService<Contact> {
 	@EJB
 	private HealthConditionsService healthConditionsService;
 
+	@EJB
+	private SormasToSormasShareInfoService sormasToSormasShareInfoService;
+	@EJB
+	private ContactJurisdictionChecker contactJurisdictionChecker;
+
 	public ContactService() {
 		super(Contact.class);
 	}
@@ -1204,4 +1210,12 @@ public Predicate isInJurisdictionOrOwned(CriteriaBuilder cb, CriteriaQuery<Long>
 		}
 		return cb.or(reportedByCurrentUser, contactCaseInJurisdiction, jurisdictionPredicate);
 	}
+
+	public boolean isContactEditAllowed(Contact contact) {
+		if (contact.getSormasToSormasOriginInfo() != null) {
+			return contact.getSormasToSormasOriginInfo().isOwnershipHandedOver();
+		}
+
+		return contactJurisdictionChecker.isInJurisdictionOrOwned(contact) && !sormasToSormasShareInfoService.isContactOwnershipHandedOver(contact);
+	}
 }

sormas-backend/src/main/java/de/symeda/sormas/backend/sormastosormas/SormasToSormasFacadeEjb.java

@@ -62,6 +62,7 @@
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 
+import de.symeda.sormas.api.HasUuid;
 import de.symeda.sormas.api.caze.CaseDataDto;
 import de.symeda.sormas.api.caze.maternalhistory.MaternalHistoryDto;
 import de.symeda.sormas.api.clinicalcourse.HealthConditionsDto;
@@ -93,6 +94,7 @@
 import de.symeda.sormas.api.sormastosormas.SormasToSormasShareInfoDto;
 import de.symeda.sormas.api.sormastosormas.SormasToSormasValidationException;
 import de.symeda.sormas.api.user.UserReferenceDto;
+import de.symeda.sormas.api.user.UserRight;
 import de.symeda.sormas.api.utils.DataHelper;
 import de.symeda.sormas.api.utils.ValidationRuntimeException;
 import de.symeda.sormas.api.utils.fieldaccess.checkers.PersonalDataFieldAccessChecker;
@@ -290,17 +292,18 @@ public void saveSharedContacts(SormasToSormasEncryptedDataDto sharedData) throws
 	public void shareCases(List<String> caseUuids, SormasToSormasOptionsDto options) throws SormasToSormasException {
 		User currentUser = userService.getCurrentUser();
 
-		List<Case> casesToSend = new ArrayList<>(caseUuids.size());
+		List<Case> casesToSend = caseService.getByUuids(caseUuids);
+		validateCasesBeforeSend(casesToSend);
+
 		List<Contact> contactsToSend = new ArrayList<>();
 		List<SormasToSormasCaseDto> entitiesToSend = new ArrayList<>();
 
-		for (String uuid : caseUuids) {
-			Case caze = caseService.getByUuid(uuid);
-
+		for (Case caze : casesToSend) {
 			Pseudonymizer pseudonymizer = createPseudonymizer(options);
 
 			PersonDto personDto = getPersonDto(caze.getPerson(), pseudonymizer, options);
 			CaseDataDto cazeDto = getCazeDto(caze, pseudonymizer);
+
 			SormasToSormasOriginInfoDto originInfo = createSormasToSormasOriginInfo(currentUser, options);
 
 			SormasToSormasCaseDto entity = new SormasToSormasCaseDto(personDto, cazeDto, originInfo);
@@ -324,13 +327,13 @@ public void shareCases(List<String> caseUuids, SormasToSormasOptionsDto options)
 	@Override
 	public void shareContacts(List<String> contactUuids, SormasToSormasOptionsDto options) throws SormasToSormasException {
 		User currentUser = userService.getCurrentUser();
+		List<Contact> contactsToSend = contactService.getByUuids(contactUuids);
 
-		List<Contact> contactsToSend = new ArrayList<>();
-		List<SormasToSormasContactDto> entitiesToSend = new ArrayList<>();
+		validateContactsBeforeSend(contactsToSend);
 
-		for (String uuid : contactUuids) {
-			Contact contact = contactService.getByUuid(uuid);
+		List<SormasToSormasContactDto> entitiesToSend = new ArrayList<>();
 
+		for (Contact contact : contactsToSend) {
 			Pseudonymizer pseudonymizer = createPseudonymizer(options);
 
 			PersonDto personDto = getPersonDto(contact.getPerson(), pseudonymizer, options);
@@ -374,14 +377,50 @@ public List<SormasToSormasShareInfoDto> getShareInfoIndexList(SormasToSormasShar
 
 	@Override
 	public boolean isFeatureEnabled() {
-		return !serverAccessDataService.getOrganizationList().isEmpty();
+		return userService.hasRight(UserRight.SORMAS_TO_SORMAS_SHARE) && !serverAccessDataService.getOrganizationList().isEmpty();
 	}
 
 	@Override
 	public ServerAccessDataReferenceDto getOrganizationRef(String id) {
 		return getOrganizationServerAccessData(id).map(OrganizationServerAccessData::toReference).orElseGet(null);
 	}
 
+	private void validateCasesBeforeSend(List<Case> cases) throws SormasToSormasException {
+		Map<String, Map<String, List<String>>> validationErrors = new HashMap<>();
+		for (Case caze : cases) {
+			if (!caseService.isCaseEditAllowed(caze)) {
+				Map<String, List<String>> error = new HashMap<>(1);
+				error.put(
+					I18nProperties.getCaption(Captions.CaseData),
+					Collections.singletonList(I18nProperties.getString(Strings.errorSormasToSormasNotEditable)));
+
+				validationErrors.put(buildCaseValidationGroupName(caze), error);
+			}
+		}
+
+		if (validationErrors.size() > 0) {
+			throw new SormasToSormasException(I18nProperties.getString(Strings.errorSormasToSormasShare), validationErrors);
+		}
+	}
+
+	private void validateContactsBeforeSend(List<Contact> contacts) throws SormasToSormasException {
+		Map<String, Map<String, List<String>>> validationErrors = new HashMap<>();
+		for (Contact contact : contacts) {
+			if (!contactService.isContactEditAllowed(contact)) {
+				Map<String, List<String>> error = new HashMap<>(1);
+				error.put(
+					I18nProperties.getCaption(Captions.Contact),
+					Collections.singletonList(I18nProperties.getString(Strings.errorSormasToSormasNotEditable)));
+
+				validationErrors.put(buildCaseValidationGroupName(contact), error);
+			}
+		}
+
+		if (validationErrors.size() > 0) {
+			throw new SormasToSormasException(I18nProperties.getString(Strings.errorSormasToSormasShare), validationErrors);
+		}
+	}
+
 	private PersonDto getPersonDto(Person person, Pseudonymizer pseudonymizer, SormasToSormasOptionsDto options) {
 		PersonDto personDto = personFacade.convertToDto(person, pseudonymizer, true);
 
@@ -727,8 +766,8 @@ private <T> T handleValidationError(Supplier<T> saveOperation, String validation
 		}
 	}
 
-	private String buildCaseValidationGroupName(CaseDataDto caze) {
-		return String.format("%s %s", I18nProperties.getCaption(Captions.CaseData), DataHelper.getShortUuid(caze));
+	private String buildCaseValidationGroupName(HasUuid caze) {
+		return String.format("%s %s", I18nProperties.getCaption(Captions.CaseData), DataHelper.getShortUuid(caze.getUuid()));
 	}
 
 	private String buildContactValidationGroupName(ContactDto contact) {

sormas-ui/src/main/java/de/symeda/sormas/ui/caze/CasesView.java

@@ -372,7 +372,7 @@ private void addCommonCasesOverviewToolbar() {
 			}
 		}
 
-		if (UserProvider.getCurrent().hasUserRight(UserRight.PERFORM_BULK_OPERATIONS)) {
+		if (isBulkEditAllowed()) {
 			btnEnterBulkEditMode = ButtonHelper.createIconButton(Captions.actionEnterBulkEditMode, VaadinIcons.CHECK_SQUARE_O, e -> {
 				if (grid.getItemCount() > BULK_EDIT_MODE_WARNING_THRESHOLD) {
 					VaadinUiUtil.showConfirmationPopup(
@@ -678,36 +678,40 @@ public HorizontalLayout createStatusFilterBar() {
 			if (viewConfiguration.getViewType().isCaseOverview()) {
 				AbstractCaseGrid<?> caseGrid = (AbstractCaseGrid<?>) this.grid;
 				// Bulk operation dropdown
-				if (UserProvider.getCurrent().hasUserRight(UserRight.PERFORM_BULK_OPERATIONS)) {
+				if (isBulkEditAllowed()) {
+					boolean hasBulkOperationsRight = UserProvider.getCurrent().hasUserRight(UserRight.PERFORM_BULK_OPERATIONS);
+
 					bulkOperationsDropdown = MenuBarHelper.createDropDown(
 						Captions.bulkActions,
 						new MenuBarHelper.MenuBarItem(
 							I18nProperties.getCaption(Captions.bulkEdit),
 							VaadinIcons.ELLIPSIS_H,
-							mi -> ControllerProvider.getCaseController().showBulkCaseDataEditComponent(caseGrid.asMultiSelect().getSelectedItems())),
+							mi -> ControllerProvider.getCaseController().showBulkCaseDataEditComponent(caseGrid.asMultiSelect().getSelectedItems()),
+							hasBulkOperationsRight),
 						new MenuBarHelper.MenuBarItem(
 							I18nProperties.getCaption(Captions.bulkDelete),
 							VaadinIcons.TRASH,
 							selectedItem -> ControllerProvider.getCaseController()
-								.deleteAllSelectedItems(caseGrid.asMultiSelect().getSelectedItems(), () -> navigateTo(criteria))),
+								.deleteAllSelectedItems(caseGrid.asMultiSelect().getSelectedItems(), () -> navigateTo(criteria)),
+							hasBulkOperationsRight),
 						new MenuBarHelper.MenuBarItem(
 							I18nProperties.getCaption(Captions.actionArchive),
 							VaadinIcons.ARCHIVE,
 							mi -> ControllerProvider.getCaseController()
 								.archiveAllSelectedItems(caseGrid.asMultiSelect().getSelectedItems(), () -> navigateTo(criteria)),
-							EntityRelevanceStatus.ACTIVE.equals(criteria.getRelevanceStatus())),
+							hasBulkOperationsRight && EntityRelevanceStatus.ACTIVE.equals(criteria.getRelevanceStatus())),
 						new MenuBarHelper.MenuBarItem(
 							I18nProperties.getCaption(Captions.actionDearchive),
 							VaadinIcons.ARCHIVE,
 							mi -> ControllerProvider.getCaseController()
 								.dearchiveAllSelectedItems(caseGrid.asMultiSelect().getSelectedItems(), () -> navigateTo(criteria)),
-							EntityRelevanceStatus.ARCHIVED.equals(criteria.getRelevanceStatus())),
+							hasBulkOperationsRight && EntityRelevanceStatus.ARCHIVED.equals(criteria.getRelevanceStatus())),
 						new MenuBarHelper.MenuBarItem(
 							I18nProperties.getCaption(Captions.sormasToSormasShare),
 							VaadinIcons.SHARE,
 							mi -> ControllerProvider.getSormasToSormasController()
 								.shareSelectedCases(caseGrid.asMultiSelect().getSelectedItems(), () -> navigateTo(criteria)),
-							true));
+							FacadeProvider.getSormasToSormasFacade().isFeatureEnabled()));
 
 					bulkOperationsDropdown.setVisible(viewConfiguration.isInEagerMode());
 					actionButtonsLayout.addComponent(bulkOperationsDropdown);
@@ -766,4 +770,9 @@ private void updateStatusButtons() {
 				.setCaption(statusButtons.get(activeStatusButton) + LayoutUtil.spanCss(CssStyles.BADGE, String.valueOf(grid.getItemCount())));
 		}
 	}
+
+	private boolean isBulkEditAllowed() {
+		return UserProvider.getCurrent().hasUserRight(UserRight.PERFORM_BULK_OPERATIONS)
+			|| FacadeProvider.getSormasToSormasFacade().isFeatureEnabled();
+	}
 }