Merge branch '4.1.16'

pom.xml

@@ -4,7 +4,7 @@
     <groupId>org.jbei</groupId>
     <artifactId>ice</artifactId>
     <packaging>war</packaging>
-    <version>4.1.15</version>
+    <version>4.1.16</version>
     <name>ice</name>
     <description>Inventory of Composable Elements (ICE) for Synthetic Biology</description>
     <repositories>
@@ -22,12 +22,12 @@
         <dependency>
             <groupId>org.glassfish.jersey.containers</groupId>
             <artifactId>jersey-container-servlet-core</artifactId>
-            <version>2.13</version>
+            <version>2.17</version>
         </dependency>
         <dependency>
             <groupId>org.glassfish.jersey.media</groupId>
             <artifactId>jersey-media-multipart</artifactId>
-            <version>2.13</version>
+            <version>2.17</version>
         </dependency>
         <dependency>
             <groupId>javax.servlet</groupId>
@@ -48,7 +48,7 @@
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <version>4.11</version>
+            <version>4.12</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -60,12 +60,12 @@
         <dependency>
             <groupId>org.hibernate</groupId>
             <artifactId>hibernate-core</artifactId>
-            <version>4.3.8.Final</version>
+            <version>4.3.9.Final</version>
         </dependency>
         <dependency>
             <groupId>org.hibernate</groupId>
             <artifactId>hibernate-search</artifactId>
-            <version>5.0.1.Final</version>
+            <version>5.1.1.Final</version>
         </dependency>
         <dependency>
             <groupId>org.hibernate</groupId>

src/main/java/org/jbei/ice/lib/access/PermissionsController.java

@@ -305,13 +305,13 @@ public ArrayList<AccessPermission> retrieveSetFolderPermission(Folder folder, bo
     /**
      * Propagates the permissions for the folder to the contained entries
      *
-     * @param account account of user requesting action that led to this call
+     * @param userId unique identifier for account of user requesting action that led to this call
      * @param folder  folder user permissions are being propagated
      * @param add     true if folder is to be added, false otherwise
      * @return true if action permission was propagated successfully
      */
-    public boolean propagateFolderPermissions(Account account, Folder folder, boolean add) {
-        if (!accountController.isAdministrator(account) && !account.getEmail().equalsIgnoreCase(folder.getOwnerEmail()))
+    public boolean propagateFolderPermissions(String userId, Folder folder, boolean add) {
+        if (!accountController.isAdministrator(userId) && !userId.equalsIgnoreCase(folder.getOwnerEmail()))
             return false;
 
         // retrieve folder permissions

src/main/java/org/jbei/ice/lib/account/AccountController.java

@@ -279,13 +279,20 @@ public long getAccountId(String email) {
         return account.getId();
     }
 
-    public Account getAccountBySessionKey(String sessionKey) {
+    public AccountTransfer getAccountBySessionKey(String sessionKey) {
         String userId = SessionHandler.getUserIdBySession(sessionKey);
         if (userId == null) {
             Logger.warn("Could not retrieve user id for session " + sessionKey);
             return null;
         }
-        return dao.getByEmail(userId);
+        Account account = dao.getByEmail(userId);
+        if (account == null)
+            return null;
+
+        AccountTransfer transfer = account.toDataTransferObject();
+        transfer.setSessionId(sessionKey);
+        transfer.setAdmin(isAdministrator(userId));
+        return transfer;
     }
 
     /**
@@ -301,10 +308,6 @@ public Account save(Account account) {
         return dao.create(account);
     }
 
-    public boolean isAdministrator(Account account) {
-        return isAdministrator(account.getEmail());
-    }
-
     /**
      * Check in the database if an account is a moderator.
      *
@@ -412,16 +415,6 @@ public AccountTransfer authenticate(AccountTransfer transfer) {
         return info;
     }
 
-    /**
-     * See if the given sessionKey is still authenticated with the system.
-     *
-     * @param sessionKey unique session identifier
-     * @return True if sessionKey is still authenticated (active) to the system.
-     */
-    public static boolean isAuthenticated(String sessionKey) {
-        return SessionHandler.isValidSession(sessionKey);
-    }
-
     /**
      * De-authenticate the given sessionKey. The user is logged out from the system.
      *
@@ -441,7 +434,6 @@ public void saveAccountPreferences(AccountPreferences accountPreferences) {
     }
 
     public ArrayList<AccountTransfer> getMatchingAccounts(String userId, String query, int limit) {
-        Account account = getByEmail(userId);
         Set<Account> matches = dao.getMatchingAccounts(query, limit);
         ArrayList<AccountTransfer> result = new ArrayList<>();
         for (Account match : matches) {

src/main/java/org/jbei/ice/lib/dao/hibernate/AccountDAO.java

@@ -1,17 +1,16 @@
 package org.jbei.ice.lib.dao.hibernate;
 
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import org.jbei.ice.lib.account.model.Account;
-import org.jbei.ice.lib.common.logging.Logger;
-import org.jbei.ice.lib.dao.DAOException;
-
 import org.hibernate.HibernateException;
 import org.hibernate.Query;
 import org.hibernate.Session;
 import org.hibernate.criterion.Projections;
+import org.jbei.ice.lib.account.model.Account;
+import org.jbei.ice.lib.common.logging.Logger;
+import org.jbei.ice.lib.dao.DAOException;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
 
 /**
  * DAO to manipulate {@link Account} objects in the database.
@@ -55,10 +54,13 @@ public Set<Account> getMatchingAccounts(String token, int limit) {
      * Retrieve an {@link Account} by the email field.
      *
      * @param email unique email identifier for account
-     * @return Account
+     * @return Account record referenced by email or null if email is null
      */
     public Account getByEmail(String email) {
         Account account = null;
+        if (email == null)
+            return null;
+
         Session session = currentSession();
         try {
             Query query = session.createQuery("from " + Account.class.getName() + " where LOWER(email) = :email");

src/main/java/org/jbei/ice/lib/dao/hibernate/PermissionDAO.java

@@ -8,6 +8,7 @@
 import org.hibernate.criterion.Disjunction;
 import org.hibernate.criterion.Projections;
 import org.hibernate.criterion.Restrictions;
+import org.hibernate.sql.JoinType;
 import org.jbei.ice.lib.access.Permission;
 import org.jbei.ice.lib.account.model.Account;
 import org.jbei.ice.lib.bulkupload.BulkUpload;
@@ -327,20 +328,20 @@ public Set<Folder> getFolders(Group group) {
      */
     public List<Long> getCanReadEntries(Account account, Set<Group> groups, List<Long> entries) {
         Criteria criteria = currentSession().createCriteria(Permission.class);
+        Disjunction disjunction = Restrictions.disjunction();
+        disjunction.add(Restrictions.eq("account", account));
+        disjunction.add(Restrictions.eq("entry.ownerEmail", account.getEmail()));
 
         if (!groups.isEmpty()) {
-            Disjunction disjunction = Restrictions.disjunction();
-            disjunction.add(Restrictions.eq("account", account));
             disjunction.add(Restrictions.in("group", groups));
-            criteria.add(disjunction);
-        } else {
-            criteria.add(Restrictions.eq("account", account));
         }
 
-        criteria.createAlias("entry", "entry")
+        criteria.createAlias("entry", "entry", JoinType.LEFT_OUTER_JOIN)
                 .add(Restrictions.in("entry.id", entries))
                 .add(Restrictions.eq("entry.visibility", Visibility.OK.getValue()));
 
+        criteria.add(disjunction);
+
         return criteria.setProjection(
                 Projections.distinct(Projections.property("entry.id")))
                 .list();

src/main/java/org/jbei/ice/lib/dao/hibernate/SequenceDAO.java

@@ -21,7 +21,6 @@
 import java.nio.file.Files;
 import java.nio.file.Paths;
 import java.util.HashSet;
-import java.util.LinkedHashSet;
 import java.util.Set;
 
 /**
@@ -244,24 +243,53 @@ public boolean hasOriginalSequence(long entryId) {
     }
 
     /**
-     * Retrieve all {@link Sequence} objects in the database.
+     * Enables retrieving sequences in the database without loading everything memory
+     * <p>
+     * Expected usage is
+     * <code>
+     *     long count = getSequenceCount();
+     *     int offset = 0;
+     *     while( offset < count ) {
+     *         Sequence sequence = dao.getSequence(offset);
+     *         // do something with sequence
+     *     }
+     * </code>
      *
-     * @return ArrayList of Sequence objects.
+     * @return Sequence at the specified offset
      * @throws DAOException
      */
     @SuppressWarnings("unchecked")
-    public Set<Sequence> getAllSequences() {
+    public Sequence getSequence(int offset) throws DAOException {
         Session session = currentSession();
         try {
             Criteria criteria = session.createCriteria(Sequence.class);
 
             Criteria entryC = criteria.createCriteria("entry", "entry");
             entryC.add(Restrictions.disjunction()
-                                   .add(Restrictions.eq("visibility", Visibility.OK.getValue()))
-                                   .add(Restrictions.isNull("visibility"))
-                                   .add(Restrictions.ne("ownerEmail", "system")));
+                    .add(Restrictions.eq("visibility", Visibility.OK.getValue())));
+            criteria.setFirstResult(offset);
+            criteria.setMaxResults(1);
+            return (Sequence) criteria.uniqueResult();
+        } catch (HibernateException he) {
+            Logger.error(he);
+            throw new DAOException(he);
+        }
+    }
 
-            return new LinkedHashSet<>(criteria.list());
+    /**
+     * @return number of sequences available for all valid (visibility=9) entry object
+     */
+    public int getSequenceCount() {
+        Session session = currentSession();
+        try {
+            Criteria criteria = session.createCriteria(Sequence.class);
+
+            Criteria entryC = criteria.createCriteria("entry", "entry");
+            entryC.add(Restrictions.disjunction()
+                    .add(Restrictions.eq("visibility", Visibility.OK.getValue())));
+            criteria.setProjection(Projections.count("id"));
+            Number number = (Number) criteria.uniqueResult();
+            return number.intValue();
         } catch (HibernateException he) {
             Logger.error(he);
             throw new DAOException(he);

src/main/java/org/jbei/ice/lib/entry/EntryController.java

@@ -67,7 +67,7 @@ public FolderDetails retrieveVisibleEntries(String userId, ColumnField field, bo
         FolderDetails details = new FolderDetails();
         Account account = accountController.getByEmail(userId);
 
-        if (accountController.isAdministrator(account)) {
+        if (authorization.isAdmin(userId)) {
             // no filters
             results = dao.retrieveAllEntries(field, asc, start, limit);
         } else {
@@ -99,7 +99,7 @@ public long getNumberOfVisibleEntries(String userId) {
         if (account == null)
             return -1;
 
-        if (accountController.isAdministrator(account)) {
+        if (authorization.isAdmin(userId)) {
             return dao.getAllEntryCount();
         }
 
@@ -141,7 +141,7 @@ public List<PartData> retrieveOwnerEntries(String userId, String ownerEmail,
         List<Entry> entries;
         Account account = DAOFactory.getAccountDAO().getByEmail(userId);
 
-        if (accountController.isAdministrator(account) || account.getEmail().equals(ownerEmail)) {
+        if (authorization.isAdmin(userId) || account.getEmail().equals(ownerEmail)) {
             entries = dao.retrieveOwnerEntries(ownerEmail, sort, asc, start, limit);
         } else {
             Set<Group> accountGroups = new HashSet<>(account.getGroups());
@@ -162,7 +162,7 @@ public List<PartData> retrieveOwnerEntries(String userId, String ownerEmail,
 
     public long getNumberOfOwnerEntries(String requesterUserEmail, String ownerEmail) {
         Account account = DAOFactory.getAccountDAO().getByEmail(requesterUserEmail);
-        if (accountController.isAdministrator(account) || account.getEmail().equals(ownerEmail)) {
+        if (authorization.isAdmin(requesterUserEmail) || account.getEmail().equals(ownerEmail)) {
             return dao.ownerEntryCount(ownerEmail);
         }
 

src/main/java/org/jbei/ice/lib/entry/attachment/AttachmentController.java

@@ -59,6 +59,15 @@ public File getAttachmentByFileId(String userId, String fileId) {
         return dao.getFile(attachmentDir, attachment);
     }
 
+    public String getFileName(String userId, String fileId) {
+        Attachment attachment = dao.getByFileId(fileId);
+        if (attachment == null)
+            return null;
+
+        entryAuthorization.expectRead(userId, attachment.getEntry());
+        return dao.getByFileId(fileId).getFileName();
+    }
+
     /**
      * Save attachment to the database and the disk. Entry has to be a transferred entry (Visibility of 2)
      * or the account must have write permissions to it

src/main/java/org/jbei/ice/lib/entry/filter/EntryHasFilterFactory.java

@@ -1,19 +1,12 @@
 package org.jbei.ice.lib.entry.filter;
 
-import java.util.ArrayList;
-
 import org.apache.lucene.index.Term;
-import org.apache.lucene.search.BooleanClause;
-import org.apache.lucene.search.BooleanQuery;
-import org.apache.lucene.search.Filter;
-import org.apache.lucene.search.QueryWrapperFilter;
-import org.apache.lucene.search.TermQuery;
+import org.apache.lucene.search.*;
 import org.hibernate.search.annotations.Factory;
-import org.hibernate.search.annotations.Key;
-import org.hibernate.search.filter.FilterKey;
-import org.hibernate.search.filter.StandardFilterKey;
 import org.hibernate.search.filter.impl.CachingWrapperFilter;
 
+import java.util.ArrayList;
+
 /**
  * @author Hector Plahar
  */
@@ -26,13 +19,6 @@ public void setField(ArrayList<String> field) {
         this.field = field.toArray(new String[field.size()]);
     }
 
-    @Key
-    public FilterKey getKey() {
-        StandardFilterKey filterKey = new StandardFilterKey();
-        filterKey.addParameter(field);
-        return filterKey;
-    }
-
     @Factory
     public Filter getFilter() {
         BooleanQuery query = new BooleanQuery(true);

src/main/java/org/jbei/ice/lib/entry/filter/EntrySecurityFilterFactory.java

@@ -8,9 +8,6 @@
 import org.apache.lucene.util.Bits;
 import org.apache.lucene.util.OpenBitSet;
 import org.hibernate.search.annotations.Factory;
-import org.hibernate.search.annotations.Key;
-import org.hibernate.search.filter.FilterKey;
-import org.hibernate.search.filter.StandardFilterKey;
 
 import java.io.IOException;
 import java.util.HashSet;
@@ -33,13 +30,6 @@ public void setGroupUUids(HashSet<String> groupUUids) {
         this.groupUUids = groupUUids;
     }
 
-    @Key
-    public FilterKey getKey() {
-        StandardFilterKey key = new StandardFilterKey();
-        key.addParameter(accountId);
-        return key;
-    }
-
     @Factory
     public Filter getFilter() {
         Filter filter = new SecurityFilter(accountId, groupUUids);