#5929

Committed 19 May 2025 12:36PM UTC coverage: 78.551% (-0.2%) from 78.727%

Build # #5929

Build Type

push

Committed by

Commit Message

DT-1564, Progress Report DAC flow (#2523)

Run Details

175 of 228 new or added lines in 17 files covered. (76.75%)

5 existing lines in 3 files now uncovered.

10027 of 12765 relevant lines covered (78.55%)

0.79 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

96.98

/src/main/java/org/broadinstitute/consent/http/service/DataAccessRequestService.java

package org.broadinstitute.consent.http.service;

import com.google.common.annotations.VisibleForTesting;
import com.google.inject.Inject;
import freemarker.template.TemplateException;
import jakarta.ws.rs.BadRequestException;
import jakarta.ws.rs.NotAcceptableException;
import jakarta.ws.rs.NotFoundException;
import java.io.IOException;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.time.Instant;
import java.time.LocalDate;
import java.time.LocalTime;
import java.time.ZoneOffset;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.UUID;
import org.apache.commons.validator.routines.EmailValidator;
import org.broadinstitute.consent.http.configurations.ConsentConfiguration;
import org.broadinstitute.consent.http.db.DAOContainer;
import org.broadinstitute.consent.http.db.DarCollectionDAO;
import org.broadinstitute.consent.http.db.DataAccessRequestDAO;
import org.broadinstitute.consent.http.db.ElectionDAO;
import org.broadinstitute.consent.http.db.MatchDAO;
import org.broadinstitute.consent.http.db.UserDAO;
import org.broadinstitute.consent.http.db.VoteDAO;
import org.broadinstitute.consent.http.enumeration.EmailType;
import org.broadinstitute.consent.http.enumeration.UserRoles;
import org.broadinstitute.consent.http.exceptions.InvalidEmailAddressException;
import org.broadinstitute.consent.http.exceptions.LibraryCardRequiredException;
import org.broadinstitute.consent.http.exceptions.NIHComplianceRuleException;
import org.broadinstitute.consent.http.exceptions.SubmittedDARCannotBeEditedException;
import org.broadinstitute.consent.http.mail.message.ReminderMessage;
import org.broadinstitute.consent.http.models.Collaborator;
import org.broadinstitute.consent.http.models.DarCollection;
import org.broadinstitute.consent.http.models.DarDataset;
import org.broadinstitute.consent.http.models.DataAccessRequest;
import org.broadinstitute.consent.http.models.DataAccessRequestData;
import org.broadinstitute.consent.http.models.Dataset;
import org.broadinstitute.consent.http.models.Election;
import org.broadinstitute.consent.http.models.LibraryCard;
import org.broadinstitute.consent.http.models.User;
import org.broadinstitute.consent.http.models.Vote;
import org.broadinstitute.consent.http.service.dao.DataAccessRequestServiceDAO;
import org.broadinstitute.consent.http.util.ConsentLogger;
import org.jdbi.v3.core.statement.UnableToExecuteStatementException;

public class DataAccessRequestService implements ConsentLogger {
  public static final String EXPIRE_WARN_INTERVAL = "11 months";
  public static final String EXPIRE_NOTICE_INTERVAL = "1 year";
  protected static final Timestamp MINIMUM_SUBMITTED_DATE_FOR_DAR_EXPIRATIONS = Timestamp.from(
      Instant.ofEpochSecond(
          LocalDate.of(2024, 9, 30).toEpochSecond(LocalTime.of(0, 0, 0, 0), ZoneOffset.UTC)));
  private final CounterService counterService;
  private final DataAccessRequestDAO dataAccessRequestDAO;
  private final DarCollectionDAO darCollectionDAO;
  private final ElectionDAO electionDAO;
  private final EmailService emailService;
  private final MatchDAO matchDAO;
  private final VoteDAO voteDAO;
  private final UserDAO userDAO;
  private final UserService userService;
  private final DataAccessRequestServiceDAO dataAccessRequestServiceDAO;

  private final DacService dacService;
  private final String serverUrl;

  @Inject
  public DataAccessRequestService(CounterService counterService, DAOContainer container,
      DacService dacService, DataAccessRequestServiceDAO dataAccessRequestServiceDAO, UserService userService, EmailService emailService, ConsentConfiguration config) {
    this.counterService = counterService;
    this.dataAccessRequestDAO = container.getDataAccessRequestDAO();
    this.darCollectionDAO = container.getDarCollectionDAO();
    this.electionDAO = container.getElectionDAO();
    this.matchDAO = container.getMatchDAO();
    this.voteDAO = container.getVoteDAO();
    this.userDAO = container.getUserDAO();
    this.dacService = dacService;
    this.dataAccessRequestServiceDAO = dataAccessRequestServiceDAO;
    this.userService = userService;
    this.emailService = emailService;
    this.serverUrl = config.getServicesConfiguration().getLocalURL();
  }

  public List<DataAccessRequest> findAllDraftDataAccessRequests() {
    return dataAccessRequestDAO.findAllDraftDataAccessRequests();
  }

  public List<DataAccessRequest> findAllDraftDataAccessRequestsByUser(Integer userId) {
    return dataAccessRequestDAO.findAllDraftsByUserId(userId);
  }

  public void deleteByReferenceId(User user, String referenceId) throws NotAcceptableException {
    List<Election> elections = electionDAO.findElectionsByReferenceId(referenceId);
    if (!elections.isEmpty()) {
      // If the user is an admin, delete all votes and elections
      if (user.hasUserRole(UserRoles.ADMIN)) {
        voteDAO.deleteVotesByReferenceId(referenceId);
        List<Integer> electionIds = elections.stream().map(Election::getElectionId).toList();
        electionDAO.deleteElectionsByIds(electionIds);
      } else {
        String message = String.format(
            "Unable to delete DAR: '%s', there are existing elections that reference it.",
            referenceId);
        logWarn(message);
        throw new NotAcceptableException(message);
      }
    }
    matchDAO.deleteRationalesByPurposeIds(List.of(referenceId));
    matchDAO.deleteMatchesByPurposeId(referenceId);
    dataAccessRequestDAO.deleteDARDatasetRelationByReferenceId(referenceId);
    dataAccessRequestDAO.deleteByReferenceId(referenceId);
  }

  public DataAccessRequest findByReferenceId(String referencedId) {
    DataAccessRequest dar = dataAccessRequestDAO.findByReferenceId(referencedId);
    if (Objects.isNull(dar)) {
      throw new NotFoundException("There does not exist a DAR with the given reference Id");
    }
    return dar;
  }

  //NOTE: rewrite method into new servicedao method on another ticket
  public DataAccessRequest insertDraftDataAccessRequest(User user, DataAccessRequest dar) {
    if (Objects.isNull(user) || Objects.isNull(dar) || Objects.isNull(
        dar.getReferenceId()) || Objects.isNull(dar.getData())) {
      throw new IllegalArgumentException("User and DataAccessRequest are required");
    }

    if (user.getLibraryCards().isEmpty()) {
      throw new LibraryCardRequiredException();
    }

    Date now = new Date();
    dataAccessRequestDAO.insertDraftDataAccessRequest(
        dar.getReferenceId(),
        user.getUserId(),
        now,
        now,
        now,
        dar.getData()
    );
    syncDataAccessRequestDatasets(dar.getDatasetIds(), dar.getReferenceId());

    return findByReferenceId(dar.getReferenceId());
  }

  /**
   * First delete any rows with the current reference id. This will allow us to keep (referenceId,
   * dataset_id) unique Takes in a list of datasetIds and a referenceId and adds them to the
   * dar_dataset collection
   *
   * @param datasetIds  List of Integers that represent the datasetIds
   * @param referenceId ReferenceId of the corresponding DAR
   */
  private void syncDataAccessRequestDatasets(List<Integer> datasetIds, String referenceId) {
    List<DarDataset> darDatasets = datasetIds.stream()
        .map(datasetId -> new DarDataset(referenceId, datasetId))
        .toList();
    dataAccessRequestDAO.deleteDARDatasetRelationByReferenceId(referenceId);

    if (!darDatasets.isEmpty()) {
      dataAccessRequestDAO.insertAllDarDatasets(darDatasets);
    }
  }

  /**
   * @param user User
   * @return List<DataAccessRequest>
   */
  public List<DataAccessRequest> getDataAccessRequestsByUserRole(User user) {
    List<DataAccessRequest> dars = dataAccessRequestDAO.findAllDataAccessRequests();
    return dacService.filterDataAccessRequestsByDac(dars, user);
  }

  /**
   * Generate a DataAccessRequest from the provided DAR. The provided DAR may or may not exist in
   * draft form, so it covers both cases of converting an existing draft to submitted and creating a
   * brand new DAR from scratch.
   *
   * @param user              The create User
   * @param dataAccessRequest DataAccessRequest with populated DAR data
   * @return The created DAR.
   */
  public DataAccessRequest createDataAccessRequest(User user, DataAccessRequest dataAccessRequest) {
    validateDar(user, dataAccessRequest);

    Date now = new Date();
    DataAccessRequestData darData = dataAccessRequest.getData();

    DataAccessRequest existingDar = dataAccessRequestDAO.findByReferenceId(
        dataAccessRequest.getReferenceId());
    if (existingDar != null && !existingDar.getDraft()) {
      throw new SubmittedDARCannotBeEditedException();
    }
    Integer collectionId;
    // Only create a new DarCollection if we haven't done so already
    if (Objects.nonNull(existingDar) && Objects.nonNull(existingDar.getCollectionId())) {
      collectionId = existingDar.getCollectionId();
    } else {
      String darCodeSequence = "DAR-" + counterService.getNextDarSequence();
      collectionId = darCollectionDAO.insertDarCollection(darCodeSequence, user.getUserId(), now);
    }
    String referenceId;
    List<Integer> datasetIds = dataAccessRequest.getDatasetIds();
    if (Objects.nonNull(existingDar)) {
      referenceId = dataAccessRequest.getReferenceId();
      dataAccessRequestDAO.updateDraftToSubmittedForCollection(collectionId,
          referenceId);
      dataAccessRequestDAO.updateDataByReferenceId(
          referenceId,
          user.getUserId(),
          now,
          now,
          now,
          darData,
          user.getEraCommonsId());
    } else {
      referenceId = UUID.randomUUID().toString();
      dataAccessRequestDAO.insertDataAccessRequest(
          collectionId,
          referenceId,
          user.getUserId(),
          now,
          now,
          now,
          now,
          darData,
          user.getEraCommonsId());
    }
    syncDataAccessRequestDatasets(datasetIds, referenceId);
    return findByReferenceId(referenceId);
  }

  /**
   * Create a progress report for the given DataAccessRequest.
   * The parent DAR is just passed in for validation purposes.
   *
   * @param user              The User
   * @param progressReport    The DataAccessRequest
   * @param parentDar         The parent DataAccessRequest
   * @return The created progress report.
   */
  public DataAccessRequest createProgressReport(User user, DataAccessRequest progressReport, DataAccessRequest parentDar) {
    validateProgressReport(user, progressReport, parentDar);

    String referenceId = progressReport.getReferenceId();
    List<Integer> progressReportDatasetIds = progressReport.getDatasetIds();
    Set<Integer> darDatasetIds = dataAccessRequestDAO.findDatasetApprovalsByDars(List.of(parentDar.getReferenceId()));
    if (!darDatasetIds.containsAll(progressReportDatasetIds)) {
      throw new BadRequestException("Progress report can only be created for approved datasets in the parent DAR");
    }
    dataAccessRequestDAO.insertProgressReport(
          progressReport.getParentId(),
          progressReport.getCollectionId(),
          referenceId,
          user.getUserId(),
          progressReport.getData());
    syncDataAccessRequestDatasets(progressReportDatasetIds, referenceId);
    return findByReferenceId(referenceId);
  }

  public void validateProgressReport(User user, DataAccessRequest progressReport, DataAccessRequest parentDar) {
    validateDar(user, progressReport);
    if (parentDar.getDraft()) {
      throw new BadRequestException(
          "Cannot create a progress report for a draft Data Access Request");
    }
    if (progressReport.getDatasetIds() == null || progressReport.getDatasetIds().isEmpty() ) {
      throw new BadRequestException("At least one dataset is required");
    }
    if (!parentDar.getDatasetIds().containsAll(progressReport.getDatasetIds())) {
      throw new BadRequestException("Progress report can only be created for datasets in the parent DAR");
    }
    if (progressReport.getData().getProgressReportSummary() == null ||
        progressReport.getData().getProgressReportSummary().isEmpty()) {
      throw new BadRequestException("Progress report summary is required");
    }
    if (progressReport.getData().getIntellectualPropertySummary() == null ||
        progressReport.getData().getIntellectualPropertySummary().isEmpty()) {
      throw new BadRequestException("Intellectual Property Summary is required");
    }
  }

  public void validateDar(User user, DataAccessRequest dar) {
    if (Objects.isNull(user) || Objects.isNull(dar) || Objects.isNull(
        dar.getReferenceId()) || Objects.isNull(dar.getData())) {
      throw new IllegalArgumentException("User and DataAccessRequest are required");
    }

    if (user.getLibraryCards().isEmpty()) {
      throw new NIHComplianceRuleException();
    }

    userService.hasValidActiveERACredentials(user);

    validateInternalCollaborators(dar, user);
    validateNoKeyPersonnelDuplicates(dar.getData());
  }

  @VisibleForTesting
  protected void validateInternalCollaborators(DataAccessRequest payload, User requestingUser) {
    Integer institution = requestingUser.getInstitutionId();
    List<Collaborator> internalCollaborators = payload.getData().getInternalCollaborators();
    for (Collaborator collaborator : internalCollaborators) {
      User collabUser = userDAO.findUserByEmail(collaborator.getEmail());
      if (collabUser == null) {
        throw new NotFoundException(
            "Unable to find User with the provided email: " + collaborator.getEmail());
      }
      if (!Objects.equals(collabUser.getInstitutionId(), institution)) {
        throw new BadRequestException(
            "Collaborator " + collaborator.getEmail() + " is not part of the same institution, "
                + requestingUser.getInstitution().getName());
      }
      List<LibraryCard> libraryCards = collabUser.getLibraryCards();
      if (libraryCards.isEmpty()) {
        throw new BadRequestException(
            "Collaborator " + collaborator.getEmail() + " does not have a library card.");
      }
    }
  }

  /**
   * Update an existing DataAccessRequest. Replaces DataAccessRequestData.
   *
   * @param user The User
   * @param dar  The DataAccessRequest
   * @return The updated DataAccessRequest
   */
  public DataAccessRequest updateByReferenceId(User user, DataAccessRequest dar) {
    if (!dar.getDraft()) {
      throw new SubmittedDARCannotBeEditedException();
    }
    try {
      return dataAccessRequestServiceDAO.updateByReferenceId(user, dar);
    } catch (SQLException e) {
      // If I simply rethrow the error then I'll have to redefine any method that
      // calls this function to "throw SQLException"
      //Instead I'm going to throw an UnableToExecuteStatementException
      //Response class will catch it, log it, and throw a 500 through the "unableToExecuteExceptionHandler"
      //on the Resource class, just like it would with a SQLException
      throw new UnableToExecuteStatementException(e.getMessage());
    }
  }

  /**
   * Validates that PI email is not duplicated with SO or IT Director emails
   *
   * @param darData The data access request data to validate
   * @throws IllegalArgumentException if duplicate emails are found
   */
  public void validateNoKeyPersonnelDuplicates(DataAccessRequestData darData) {
    EmailValidator emailValidator = EmailValidator.getInstance();

    String piEmail = darData.getPiEmail();
    String soEmail = darData.getSigningOfficialEmail();
    String itEmail = darData.getItDirectorEmail();

    if (!emailValidator.isValid(piEmail) || !emailValidator.isValid(soEmail)
        || !emailValidator.isValid(itEmail)) {
      throw new IllegalArgumentException(
          "Principal Investigator, Signing Official, and IT Director emails must be valid");
    }

    if (piEmail.equalsIgnoreCase(soEmail)) {
      throw new IllegalArgumentException(
          "Principal Investigator email cannot be the same as Signing Official email");
    }

    if (piEmail.equalsIgnoreCase(itEmail)) {
      throw new IllegalArgumentException(
          "Principal Investigator email cannot be the same as IT Director email");
    }
  }

  public Collection<DataAccessRequest> getApprovedDARsForDataset(Dataset dataset) {
    return dataAccessRequestDAO.findApprovedDARsByDatasetId(dataset.getDatasetId());
  }

  public void sendExpirationNotices() {
    sendDARExpirationReminderNotices();
    sendDARExpirationNotices();
  }

  private void sendDARExpirationNotices() {
    EmailType emailType = EmailType.DAR_EXPIRED;
    sendDARMessageToList(emailType, EXPIRE_NOTICE_INTERVAL);
  }

  private void sendDARExpirationReminderNotices() {
    EmailType emailType = EmailType.DAR_EXPIRATION_REMINDER;
    sendDARMessageToList(emailType, EXPIRE_WARN_INTERVAL);
  }

  private void sendDARMessageToList(EmailType type, String interval) {
    List<DataAccessRequest> expiredDars =
        dataAccessRequestDAO.findAgedDARsByEmailTypeOlderThanInterval(
            type.getTypeInt(), interval, MINIMUM_SUBMITTED_DATE_FOR_DAR_EXPIRATIONS);
    expiredDars.forEach(
        expiredDar -> {
          try {
            String referenceId = expiredDar.getReferenceId();
            User user = userDAO.findUserById(expiredDar.getUserId());
            String darCode = expiredDar.getDarCode();
            String userName = user.getDisplayName();
            if (user.getEmail() == null) {
              throw new InvalidEmailAddressException(
                  String.format(
                      "Email address for user %d (%s) not found for expiring warning.  DAR reference id: %s",
                      expiredDar.getUserId(), userName, referenceId));
            }
            switch (type) {
              case DAR_EXPIRATION_REMINDER:
                emailService.sendDarExpirationReminderMessage(
                    user, darCode, user.getUserId(), referenceId);
                break;
              case DAR_EXPIRED:
                emailService.sendDarExpiredMessage(user, darCode, user.getUserId(), referenceId);
                break;
              default:
                break;
            }
          } catch (Exception e) {
            logException(e);
          }
        });
  }

  public void sendReminderMessage(Integer voteId) throws IOException, TemplateException {
    Vote vote = voteDAO.findVoteById(voteId);
    Election election = electionDAO.findElectionWithFinalVoteById(vote.getElectionId());
    DarCollection collection = darCollectionDAO.findDARCollectionByReferenceId(
        election.getReferenceId());
    User user = findUserById(vote.getUserId());
    String voteUrl = serverUrl + "dar_collection/%d".formatted(collection.getDarCollectionId());
    emailService.sendReminderMessage(user, vote, collection.getDarCode(), election.getElectionType(), voteUrl);
    voteDAO.updateVoteReminderFlag(voteId, true);
  }

  private User findUserById(Integer id) throws IllegalArgumentException {
    User user = userDAO.findUserById(id);
    if (user == null) {
      throw new NotFoundException("Could not find dacUser for specified id : " + id);
    }
    return user;
  }

}

1	package org.broadinstitute.consent.http.service;
2
3	import com.google.common.annotations.VisibleForTesting;
4	import com.google.inject.Inject;
5	import freemarker.template.TemplateException;
6	import jakarta.ws.rs.BadRequestException;
7	import jakarta.ws.rs.NotAcceptableException;
8	import jakarta.ws.rs.NotFoundException;
9	import java.io.IOException;
10	import java.sql.SQLException;
11	import java.sql.Timestamp;
12	import java.time.Instant;
13	import java.time.LocalDate;
14	import java.time.LocalTime;
15	import java.time.ZoneOffset;
16	import java.util.Collection;
17	import java.util.Date;
18	import java.util.List;
19	import java.util.Objects;
20	import java.util.Set;
21	import java.util.UUID;
22	import org.apache.commons.validator.routines.EmailValidator;
23	import org.broadinstitute.consent.http.configurations.ConsentConfiguration;
24	import org.broadinstitute.consent.http.db.DAOContainer;
25	import org.broadinstitute.consent.http.db.DarCollectionDAO;
26	import org.broadinstitute.consent.http.db.DataAccessRequestDAO;
27	import org.broadinstitute.consent.http.db.ElectionDAO;
28	import org.broadinstitute.consent.http.db.MatchDAO;
29	import org.broadinstitute.consent.http.db.UserDAO;
30	import org.broadinstitute.consent.http.db.VoteDAO;
31	import org.broadinstitute.consent.http.enumeration.EmailType;
32	import org.broadinstitute.consent.http.enumeration.UserRoles;
33	import org.broadinstitute.consent.http.exceptions.InvalidEmailAddressException;
34	import org.broadinstitute.consent.http.exceptions.LibraryCardRequiredException;
35	import org.broadinstitute.consent.http.exceptions.NIHComplianceRuleException;
36	import org.broadinstitute.consent.http.exceptions.SubmittedDARCannotBeEditedException;
37	import org.broadinstitute.consent.http.mail.message.ReminderMessage;
38	import org.broadinstitute.consent.http.models.Collaborator;
39	import org.broadinstitute.consent.http.models.DarCollection;
40	import org.broadinstitute.consent.http.models.DarDataset;
41	import org.broadinstitute.consent.http.models.DataAccessRequest;
42	import org.broadinstitute.consent.http.models.DataAccessRequestData;
43	import org.broadinstitute.consent.http.models.Dataset;
44	import org.broadinstitute.consent.http.models.Election;
45	import org.broadinstitute.consent.http.models.LibraryCard;
46	import org.broadinstitute.consent.http.models.User;
47	import org.broadinstitute.consent.http.models.Vote;
48	import org.broadinstitute.consent.http.service.dao.DataAccessRequestServiceDAO;
49	import org.broadinstitute.consent.http.util.ConsentLogger;
50	import org.jdbi.v3.core.statement.UnableToExecuteStatementException;
51
52	public class DataAccessRequestService implements ConsentLogger {
53	public static final String EXPIRE_WARN_INTERVAL = "11 months";
54	public static final String EXPIRE_NOTICE_INTERVAL = "1 year";
55	protected static final Timestamp MINIMUM_SUBMITTED_DATE_FOR_DAR_EXPIRATIONS = Timestamp.from(	1✔
56	Instant.ofEpochSecond(	1✔
57	LocalDate.of(2024, 9, 30).toEpochSecond(LocalTime.of(0, 0, 0, 0), ZoneOffset.UTC)));	1✔
58	private final CounterService counterService;
59	private final DataAccessRequestDAO dataAccessRequestDAO;
60	private final DarCollectionDAO darCollectionDAO;
61	private final ElectionDAO electionDAO;
62	private final EmailService emailService;
63	private final MatchDAO matchDAO;
64	private final VoteDAO voteDAO;
65	private final UserDAO userDAO;
66	private final UserService userService;
67	private final DataAccessRequestServiceDAO dataAccessRequestServiceDAO;
68
69	private final DacService dacService;
70	private final String serverUrl;
71
72	@Inject
73	public DataAccessRequestService(CounterService counterService, DAOContainer container,
74	DacService dacService, DataAccessRequestServiceDAO dataAccessRequestServiceDAO, UserService userService, EmailService emailService, ConsentConfiguration config) {	1✔
75	this.counterService = counterService;	1✔
76	this.dataAccessRequestDAO = container.getDataAccessRequestDAO();	1✔
77	this.darCollectionDAO = container.getDarCollectionDAO();	1✔
78	this.electionDAO = container.getElectionDAO();	1✔
79	this.matchDAO = container.getMatchDAO();	1✔
80	this.voteDAO = container.getVoteDAO();	1✔
81	this.userDAO = container.getUserDAO();	1✔
82	this.dacService = dacService;	1✔
83	this.dataAccessRequestServiceDAO = dataAccessRequestServiceDAO;	1✔
84	this.userService = userService;	1✔
85	this.emailService = emailService;	1✔
86	this.serverUrl = config.getServicesConfiguration().getLocalURL();	1✔
87	}	1✔
88
89	public List<DataAccessRequest> findAllDraftDataAccessRequests() {
90	return dataAccessRequestDAO.findAllDraftDataAccessRequests();	1✔
91	}
92
93	public List<DataAccessRequest> findAllDraftDataAccessRequestsByUser(Integer userId) {
94	return dataAccessRequestDAO.findAllDraftsByUserId(userId);	1✔
95	}
96
97	public void deleteByReferenceId(User user, String referenceId) throws NotAcceptableException {
98	List<Election> elections = electionDAO.findElectionsByReferenceId(referenceId);	1✔
99	if (!elections.isEmpty()) {	1✔
100	// If the user is an admin, delete all votes and elections
101	if (user.hasUserRole(UserRoles.ADMIN)) {	1✔
102	voteDAO.deleteVotesByReferenceId(referenceId);	1✔
103	List<Integer> electionIds = elections.stream().map(Election::getElectionId).toList();	1✔
104	electionDAO.deleteElectionsByIds(electionIds);	1✔
105	} else {	1✔
106	String message = String.format(	1✔
107	"Unable to delete DAR: '%s', there are existing elections that reference it.",
108	referenceId);
109	logWarn(message);	1✔
110	throw new NotAcceptableException(message);	1✔
111	}
112	}
113	matchDAO.deleteRationalesByPurposeIds(List.of(referenceId));	1✔
114	matchDAO.deleteMatchesByPurposeId(referenceId);	1✔
115	dataAccessRequestDAO.deleteDARDatasetRelationByReferenceId(referenceId);	1✔
116	dataAccessRequestDAO.deleteByReferenceId(referenceId);	1✔
117	}	1✔
118
119	public DataAccessRequest findByReferenceId(String referencedId) {
120	DataAccessRequest dar = dataAccessRequestDAO.findByReferenceId(referencedId);	1✔
121	if (Objects.isNull(dar)) {	1✔
122	throw new NotFoundException("There does not exist a DAR with the given reference Id");	×
123	}
124	return dar;	1✔
125	}
126
127	//NOTE: rewrite method into new servicedao method on another ticket
128	public DataAccessRequest insertDraftDataAccessRequest(User user, DataAccessRequest dar) {
129	if (Objects.isNull(user) \|\| Objects.isNull(dar) \|\| Objects.isNull(	1✔
130	dar.getReferenceId()) \|\| Objects.isNull(dar.getData())) {	1✔
131	throw new IllegalArgumentException("User and DataAccessRequest are required");	1✔
132	}
133
134	if (user.getLibraryCards().isEmpty()) {	1✔
135	throw new LibraryCardRequiredException();	×
136	}
137
138	Date now = new Date();	1✔
139	dataAccessRequestDAO.insertDraftDataAccessRequest(	1✔
140	dar.getReferenceId(),	1✔
141	user.getUserId(),	1✔
142	now,
143	now,
144	now,
145	dar.getData()	1✔
146	);
147	syncDataAccessRequestDatasets(dar.getDatasetIds(), dar.getReferenceId());	1✔
148
149	return findByReferenceId(dar.getReferenceId());	1✔
150	}
151
152	/**
153	* First delete any rows with the current reference id. This will allow us to keep (referenceId,
154	* dataset_id) unique Takes in a list of datasetIds and a referenceId and adds them to the
155	* dar_dataset collection
156	*
157	* @param datasetIds List of Integers that represent the datasetIds
158	* @param referenceId ReferenceId of the corresponding DAR
159	*/
160	private void syncDataAccessRequestDatasets(List<Integer> datasetIds, String referenceId) {
161	List<DarDataset> darDatasets = datasetIds.stream()	1✔
162	.map(datasetId -> new DarDataset(referenceId, datasetId))	1✔
163	.toList();	1✔
164	dataAccessRequestDAO.deleteDARDatasetRelationByReferenceId(referenceId);	1✔
165
166	if (!darDatasets.isEmpty()) {	1✔
167	dataAccessRequestDAO.insertAllDarDatasets(darDatasets);	1✔
168	}
169	}	1✔
170
171	/**
172	* @param user User
173	* @return List<DataAccessRequest>
174	*/
175	public List<DataAccessRequest> getDataAccessRequestsByUserRole(User user) {
176	List<DataAccessRequest> dars = dataAccessRequestDAO.findAllDataAccessRequests();	1✔
177	return dacService.filterDataAccessRequestsByDac(dars, user);	1✔
178	}
179
180	/**
181	* Generate a DataAccessRequest from the provided DAR. The provided DAR may or may not exist in
182	* draft form, so it covers both cases of converting an existing draft to submitted and creating a
183	* brand new DAR from scratch.
184	*
185	* @param user The create User
186	* @param dataAccessRequest DataAccessRequest with populated DAR data
187	* @return The created DAR.
188	*/
189	public DataAccessRequest createDataAccessRequest(User user, DataAccessRequest dataAccessRequest) {
190	validateDar(user, dataAccessRequest);	1✔
191
192	Date now = new Date();	1✔
193	DataAccessRequestData darData = dataAccessRequest.getData();	1✔
194
195	DataAccessRequest existingDar = dataAccessRequestDAO.findByReferenceId(	1✔
196	dataAccessRequest.getReferenceId());	1✔
197	if (existingDar != null && !existingDar.getDraft()) {	1✔
198	throw new SubmittedDARCannotBeEditedException();	1✔
199	}
200	Integer collectionId;
201	// Only create a new DarCollection if we haven't done so already
202	if (Objects.nonNull(existingDar) && Objects.nonNull(existingDar.getCollectionId())) {	1✔
203	collectionId = existingDar.getCollectionId();	×
204	} else {
205	String darCodeSequence = "DAR-" + counterService.getNextDarSequence();	1✔
206	collectionId = darCollectionDAO.insertDarCollection(darCodeSequence, user.getUserId(), now);	1✔
207	}
208	String referenceId;
209	List<Integer> datasetIds = dataAccessRequest.getDatasetIds();	1✔
210	if (Objects.nonNull(existingDar)) {	1✔
211	referenceId = dataAccessRequest.getReferenceId();	1✔
212	dataAccessRequestDAO.updateDraftToSubmittedForCollection(collectionId,	1✔
213	referenceId);
214	dataAccessRequestDAO.updateDataByReferenceId(	1✔
215	referenceId,
216	user.getUserId(),	1✔
217	now,
218	now,
219	now,
220	darData,
221	user.getEraCommonsId());	1✔
222	} else {
223	referenceId = UUID.randomUUID().toString();	1✔
224	dataAccessRequestDAO.insertDataAccessRequest(	1✔
225	collectionId,
226	referenceId,
227	user.getUserId(),	1✔
228	now,
229	now,
230	now,
231	now,
232	darData,
233	user.getEraCommonsId());	1✔
234	}
235	syncDataAccessRequestDatasets(datasetIds, referenceId);	1✔
236	return findByReferenceId(referenceId);	1✔
237	}
238
239	/**
240	* Create a progress report for the given DataAccessRequest.
241	* The parent DAR is just passed in for validation purposes.
242	*
243	* @param user The User
244	* @param progressReport The DataAccessRequest
245	* @param parentDar The parent DataAccessRequest
246	* @return The created progress report.
247	*/
248	public DataAccessRequest createProgressReport(User user, DataAccessRequest progressReport, DataAccessRequest parentDar) {
249	validateProgressReport(user, progressReport, parentDar);	1✔
250
251	String referenceId = progressReport.getReferenceId();	1✔
252	List<Integer> progressReportDatasetIds = progressReport.getDatasetIds();	1✔
253	Set<Integer> darDatasetIds = dataAccessRequestDAO.findDatasetApprovalsByDars(List.of(parentDar.getReferenceId()));	1✔
254	if (!darDatasetIds.containsAll(progressReportDatasetIds)) {	1✔
255	throw new BadRequestException("Progress report can only be created for approved datasets in the parent DAR");	1✔
256	}
257	dataAccessRequestDAO.insertProgressReport(	1✔
258	progressReport.getParentId(),	1✔
259	progressReport.getCollectionId(),	1✔
260	referenceId,
261	user.getUserId(),	1✔
262	progressReport.getData());	1✔
263	syncDataAccessRequestDatasets(progressReportDatasetIds, referenceId);	1✔
264	return findByReferenceId(referenceId);	1✔
265	}
266
267	public void validateProgressReport(User user, DataAccessRequest progressReport, DataAccessRequest parentDar) {
268	validateDar(user, progressReport);	1✔
269	if (parentDar.getDraft()) {	1✔
270	throw new BadRequestException(	1✔
271	"Cannot create a progress report for a draft Data Access Request");
272	}
273	if (progressReport.getDatasetIds() == null \|\| progressReport.getDatasetIds().isEmpty() ) {	1✔
274	throw new BadRequestException("At least one dataset is required");	1✔
275	}
276	if (!parentDar.getDatasetIds().containsAll(progressReport.getDatasetIds())) {	1✔
277	throw new BadRequestException("Progress report can only be created for datasets in the parent DAR");	1✔
278	}
279	if (progressReport.getData().getProgressReportSummary() == null \|\|	1✔
280	progressReport.getData().getProgressReportSummary().isEmpty()) {	1✔
281	throw new BadRequestException("Progress report summary is required");	1✔
282	}
283	if (progressReport.getData().getIntellectualPropertySummary() == null \|\|	1✔
284	progressReport.getData().getIntellectualPropertySummary().isEmpty()) {	1✔
285	throw new BadRequestException("Intellectual Property Summary is required");	1✔
286	}
287	}	1✔
288
289	public void validateDar(User user, DataAccessRequest dar) {
290	if (Objects.isNull(user) \|\| Objects.isNull(dar) \|\| Objects.isNull(	1✔
291	dar.getReferenceId()) \|\| Objects.isNull(dar.getData())) {	1✔
292	throw new IllegalArgumentException("User and DataAccessRequest are required");	1✔
293	}
294
295	if (user.getLibraryCards().isEmpty()) {	1✔
296	throw new NIHComplianceRuleException();	1✔
297	}
298
299	userService.hasValidActiveERACredentials(user);	1✔
300
301	validateInternalCollaborators(dar, user);	1✔
302	validateNoKeyPersonnelDuplicates(dar.getData());	1✔
303	}	1✔
304
305	@VisibleForTesting
306	protected void validateInternalCollaborators(DataAccessRequest payload, User requestingUser) {
307	Integer institution = requestingUser.getInstitutionId();	1✔
308	List<Collaborator> internalCollaborators = payload.getData().getInternalCollaborators();	1✔
309	for (Collaborator collaborator : internalCollaborators) {	1✔
310	User collabUser = userDAO.findUserByEmail(collaborator.getEmail());	1✔
311	if (collabUser == null) {	1✔
312	throw new NotFoundException(	1✔
313	"Unable to find User with the provided email: " + collaborator.getEmail());	1✔
314	}
315	if (!Objects.equals(collabUser.getInstitutionId(), institution)) {	1✔
316	throw new BadRequestException(	1✔
317	"Collaborator " + collaborator.getEmail() + " is not part of the same institution, "	1✔
318	+ requestingUser.getInstitution().getName());	1✔
319	}
320	List<LibraryCard> libraryCards = collabUser.getLibraryCards();	1✔
321	if (libraryCards.isEmpty()) {	1✔
322	throw new BadRequestException(	1✔
323	"Collaborator " + collaborator.getEmail() + " does not have a library card.");	1✔
324	}
325	}	1✔
326	}	1✔
327
328	/**
329	* Update an existing DataAccessRequest. Replaces DataAccessRequestData.
330	*
331	* @param user The User
332	* @param dar The DataAccessRequest
333	* @return The updated DataAccessRequest
334	*/
335	public DataAccessRequest updateByReferenceId(User user, DataAccessRequest dar) {
336	if (!dar.getDraft()) {	1✔
337	throw new SubmittedDARCannotBeEditedException();	1✔
338	}
339	try {
340	return dataAccessRequestServiceDAO.updateByReferenceId(user, dar);	1✔
341	} catch (SQLException e) {	×
342	// If I simply rethrow the error then I'll have to redefine any method that
343	// calls this function to "throw SQLException"
344	//Instead I'm going to throw an UnableToExecuteStatementException
345	//Response class will catch it, log it, and throw a 500 through the "unableToExecuteExceptionHandler"
346	//on the Resource class, just like it would with a SQLException
347	throw new UnableToExecuteStatementException(e.getMessage());	×
348	}
349	}
350
351	/**
352	* Validates that PI email is not duplicated with SO or IT Director emails
353	*
354	* @param darData The data access request data to validate
355	* @throws IllegalArgumentException if duplicate emails are found
356	*/
357	public void validateNoKeyPersonnelDuplicates(DataAccessRequestData darData) {
358	EmailValidator emailValidator = EmailValidator.getInstance();	1✔
359
360	String piEmail = darData.getPiEmail();	1✔
361	String soEmail = darData.getSigningOfficialEmail();	1✔
362	String itEmail = darData.getItDirectorEmail();	1✔
363
364	if (!emailValidator.isValid(piEmail) \|\| !emailValidator.isValid(soEmail)	1✔
365	\|\| !emailValidator.isValid(itEmail)) {	1✔
366	throw new IllegalArgumentException(	1✔
367	"Principal Investigator, Signing Official, and IT Director emails must be valid");
368	}
369
370	if (piEmail.equalsIgnoreCase(soEmail)) {	1✔
371	throw new IllegalArgumentException(	1✔
372	"Principal Investigator email cannot be the same as Signing Official email");
373	}
374
375	if (piEmail.equalsIgnoreCase(itEmail)) {	1✔
376	throw new IllegalArgumentException(	1✔
377	"Principal Investigator email cannot be the same as IT Director email");
378	}
379	}	1✔
380
381	public Collection<DataAccessRequest> getApprovedDARsForDataset(Dataset dataset) {
382	return dataAccessRequestDAO.findApprovedDARsByDatasetId(dataset.getDatasetId());	1✔
383	}
384
385	public void sendExpirationNotices() {
386	sendDARExpirationReminderNotices();	1✔
387	sendDARExpirationNotices();	1✔
388	}	1✔
389
390	private void sendDARExpirationNotices() {
391	EmailType emailType = EmailType.DAR_EXPIRED;	1✔
392	sendDARMessageToList(emailType, EXPIRE_NOTICE_INTERVAL);	1✔
393	}	1✔
394
395	private void sendDARExpirationReminderNotices() {
396	EmailType emailType = EmailType.DAR_EXPIRATION_REMINDER;	1✔
397	sendDARMessageToList(emailType, EXPIRE_WARN_INTERVAL);	1✔
398	}	1✔
399
400	private void sendDARMessageToList(EmailType type, String interval) {
401	List<DataAccessRequest> expiredDars =	1✔
402	dataAccessRequestDAO.findAgedDARsByEmailTypeOlderThanInterval(	1✔
403	type.getTypeInt(), interval, MINIMUM_SUBMITTED_DATE_FOR_DAR_EXPIRATIONS);	1✔
404	expiredDars.forEach(	1✔
405	expiredDar -> {
406	try {
407	String referenceId = expiredDar.getReferenceId();	1✔
408	User user = userDAO.findUserById(expiredDar.getUserId());	1✔
409	String darCode = expiredDar.getDarCode();	1✔
410	String userName = user.getDisplayName();	1✔
411	if (user.getEmail() == null) {	1✔
412	throw new InvalidEmailAddressException(	1✔
413	String.format(	1✔
414	"Email address for user %d (%s) not found for expiring warning. DAR reference id: %s",
415	expiredDar.getUserId(), userName, referenceId));	1✔
416	}
417	switch (type) {	1✔
418	case DAR_EXPIRATION_REMINDER:
419	emailService.sendDarExpirationReminderMessage(	1✔
420	user, darCode, user.getUserId(), referenceId);	1✔
421	break;	1✔
422	case DAR_EXPIRED:
423	emailService.sendDarExpiredMessage(user, darCode, user.getUserId(), referenceId);	1✔
424	break;	1✔
425	default:
426	break;
427	}
428	} catch (Exception e) {	1✔
429	logException(e);	1✔
430	}	1✔
431	});	1✔
432	}	1✔
433
434	public void sendReminderMessage(Integer voteId) throws IOException, TemplateException {
435	Vote vote = voteDAO.findVoteById(voteId);	1✔
436	Election election = electionDAO.findElectionWithFinalVoteById(vote.getElectionId());	1✔
437	DarCollection collection = darCollectionDAO.findDARCollectionByReferenceId(	1✔
438	election.getReferenceId());	1✔
439	User user = findUserById(vote.getUserId());	1✔
440	String voteUrl = serverUrl + "dar_collection/%d".formatted(collection.getDarCollectionId());	1✔
441	emailService.sendReminderMessage(user, vote, collection.getDarCode(), election.getElectionType(), voteUrl);	1✔
442	voteDAO.updateVoteReminderFlag(voteId, true);	1✔
443	}	1✔
444
445	private User findUserById(Integer id) throws IllegalArgumentException {
446	User user = userDAO.findUserById(id);	1✔
447	if (user == null) {	1✔
NEW 448	throw new NotFoundException("Could not find dacUser for specified id : " + id);	×
449	}
450	return user;	1✔
451	}
452
453	}

DataBiosphere / consent / #5929

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous