diff --git a/Site/src/main/java/org/clinepi/service/accessRequest/AccessRequestService.java b/Site/src/main/java/org/clinepi/service/accessRequest/AccessRequestService.java index 44c00361..2d7c55c7 100644 --- a/Site/src/main/java/org/clinepi/service/accessRequest/AccessRequestService.java +++ b/Site/src/main/java/org/clinepi/service/accessRequest/AccessRequestService.java @@ -68,7 +68,7 @@ public Response buildAccessRequest( @PathParam("dataset-id") String datasetId) throws WdkModelException, ConflictException, DataValidationException { LOG.info("Handling an access request for user id " + userId + " and dataset id " + datasetId + "..."); - if (userId != this.getSessionUser().getUserId() || this.getSessionUser().isGuest()) { + if (userId != this.getRequestingUser().getUserId() || this.getRequestingUser().isGuest()) { return Response.status(Status.UNAUTHORIZED).build(); } @@ -102,7 +102,7 @@ public DatasetAccessRequestAttributes retrieveDatasetRecordInstance(String datas RecordClass datasetRecordClass = getRecordClassOrNotFound(DATASET_RECORD_CLASS); List records = RecordClass.getRecordInstances( - getSessionUser(), + getRequestingUser(), createPrimaryKeyValue(datasetRecordClass, datasetId) ); diff --git a/Site/src/main/java/org/clinepi/service/accessRequest/AccessRequestSubmitter.java b/Site/src/main/java/org/clinepi/service/accessRequest/AccessRequestSubmitter.java index 9e8ea41e..48cbba9a 100644 --- a/Site/src/main/java/org/clinepi/service/accessRequest/AccessRequestSubmitter.java +++ b/Site/src/main/java/org/clinepi/service/accessRequest/AccessRequestSubmitter.java @@ -30,11 +30,12 @@ public static SubmissionResult submitAccessRequest(AccessRequestParams params, W // In one transaction... // (1) insert a DB record for the new request and // (2) email the request to the appropriate parties + String acctDbLink = wdkModel.getModelConfig().getAppDB().getAcctDbLink(); try ( - Connection conn = wdkModel.getAccountDb().getDataSource().getConnection(); + Connection conn = wdkModel.getAppDb().getDataSource().getConnection(); ) { conn.setAutoCommit(false); - String sql = insertRequestPreparedStatementBody(); + String sql = insertRequestPreparedStatementBody(acctDbLink); try ( PreparedStatement ps = insertRequestPreparedStatement(conn, sql, params); @@ -65,9 +66,9 @@ public static SubmissionResult submitAccessRequest(AccessRequestParams params, W return requestInitiated || params.inTestMode() ? SubmissionResult.SUCCESSFUL : SubmissionResult.ALREADY_REQUESTED; } - private static String insertRequestPreparedStatementBody() { + private static String insertRequestPreparedStatementBody(String acctDbLink) { return "INSERT INTO\n" - + " studyaccess.end_users (\n" + + " studyaccess.end_users" + acctDbLink + " (\n" + " user_id\n" + " , dataset_presenter_id\n" + " , purpose\n" @@ -88,14 +89,14 @@ private static String insertRequestPreparedStatementBody() { + ", ? -- prior_auth\n" + ", (\n" + " SELECT restriction_level_id\n" - + " FROM studyaccess.restriction_level" + + " FROM studyaccess.restriction_level" + acctDbLink + " WHERE name = ?" + " ) -- restriction_level\n" + ", ? -- approval_status\n" + "FROM dual\n" + "WHERE NOT EXISTS (\n" + " SELECT user_id, dataset_presenter_id\n" - + " FROM studyaccess.end_users\n" + + " FROM studyaccess.end_users" + acctDbLink + "\n" + " WHERE user_id = ?\n" + " AND dataset_presenter_id = ?\n" + ")";