use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.
the class AnnouncerRESTService method updateAnnouncement.
@PUT
@Path("/announcements/{ID}")
@RESTPermit(handling = Handling.INLINE)
public Response updateAnnouncement(@PathParam("ID") Long announcementId, AnnouncementRESTModel restModel) {
UserEntity userEntity = sessionController.getLoggedUserEntity();
if (announcementId == null) {
return Response.status(Status.BAD_REQUEST).build();
}
Announcement oldAnnouncement = announcementController.findById(announcementId);
if (oldAnnouncement == null) {
return Response.status(Status.NOT_FOUND).build();
}
// Check that the user has permission to update the old announcement
if (!canEdit(oldAnnouncement, userEntity))
return Response.status(Status.FORBIDDEN).entity("You don't have the permission to update this announcement.").build();
List<Long> workspaceEntityIds = restModel.getWorkspaceEntityIds();
if (workspaceEntityIds == null) {
workspaceEntityIds = Collections.emptyList();
}
List<Long> userGroupEntityIds = restModel.getUserGroupEntityIds();
if (userGroupEntityIds == null) {
userGroupEntityIds = Collections.emptyList();
}
if (workspaceEntityIds.isEmpty() && !sessionController.hasEnvironmentPermission(AnnouncerPermissions.UPDATE_ANNOUNCEMENT)) {
return Response.status(Status.FORBIDDEN).entity("You don't have the permission to update environment announcements").build();
}
for (Long workspaceEntityId : workspaceEntityIds) {
WorkspaceEntity workspaceEntity = workspaceEntityController.findWorkspaceEntityById(workspaceEntityId);
if (workspaceEntity == null) {
return Response.status(Status.BAD_REQUEST).entity("Invalid workspaceEntityId").build();
}
if (!sessionController.hasWorkspacePermission(AnnouncerPermissions.UPDATE_WORKSPACE_ANNOUNCEMENT, workspaceEntity)) {
return Response.status(Status.FORBIDDEN).entity("You don't have the permission to update workspace announcement").build();
}
}
Announcement newAnnouncement = announcementController.updateAnnouncement(oldAnnouncement, restModel.getCaption(), restModel.getContent(), restModel.getStartDate(), restModel.getEndDate(), restModel.getPubliclyVisible(), restModel.isArchived());
announcementController.clearAnnouncementTargetGroups(newAnnouncement);
for (Long userGroupEntityId : userGroupEntityIds) {
UserGroupEntity userGroupEntity = userGroupEntityController.findUserGroupEntityById(userGroupEntityId);
if (userGroupEntity == null) {
return Response.status(Status.BAD_REQUEST).entity("Invalid userGroupEntityId").build();
}
announcementController.addAnnouncementTargetGroup(newAnnouncement, userGroupEntity);
}
announcementController.clearAnnouncementWorkspaces(newAnnouncement);
for (Long workspaceEntityId : workspaceEntityIds) {
WorkspaceEntity workspaceEntity = workspaceEntityController.findWorkspaceEntityById(workspaceEntityId);
if (workspaceEntity == null) {
return Response.status(Status.BAD_REQUEST).entity("Invalid workspaceEntityId").build();
}
announcementController.addAnnouncementWorkspace(newAnnouncement, workspaceEntity);
}
List<AnnouncementUserGroup> announcementUserGroups = announcementController.listAnnouncementUserGroups(newAnnouncement);
List<AnnouncementWorkspace> announcementWorkspaces = announcementController.listAnnouncementWorkspaces(newAnnouncement);
return Response.ok(createRESTModel(newAnnouncement, announcementUserGroups, announcementWorkspaces)).build();
}
use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.
the class AnnouncerRESTService method deleteAnnouncement.
@DELETE
@Path("/announcements/{ID}")
@RESTPermit(handling = Handling.INLINE)
public Response deleteAnnouncement(@PathParam("ID") Long announcementId) {
Announcement announcement = announcementController.findById(announcementId);
if (announcement == null) {
return Response.status(Status.NOT_FOUND).build();
}
List<AnnouncementWorkspace> announcementWorkspaces = announcementController.listAnnouncementWorkspaces(announcement);
if (announcementWorkspaces.isEmpty() && !sessionController.hasEnvironmentPermission(AnnouncerPermissions.DELETE_ANNOUNCEMENT)) {
return Response.status(Status.FORBIDDEN).entity("You don't have the permission to update environment announcements").build();
}
for (AnnouncementWorkspace announcementWorkspace : announcementWorkspaces) {
WorkspaceEntity workspaceEntity = workspaceEntityController.findWorkspaceEntityById(announcementWorkspace.getWorkspaceEntityId());
if (workspaceEntity == null) {
return Response.status(Status.BAD_REQUEST).entity("Invalid workspaceEntityId").build();
}
if (!sessionController.hasWorkspacePermission(AnnouncerPermissions.DELETE_WORKSPACE_ANNOUNCEMENT, workspaceEntity)) {
return Response.status(Status.FORBIDDEN).entity("You don't have the permission to update workspace announcement").build();
}
}
announcementController.archive(announcement);
return Response.noContent().build();
}
use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.
the class AssessmentRequestRESTService method listAssessmentRequestsByWorkspaceId.
@GET
@Path("/workspace/{WORKSPACEENTITYID}/assessmentRequests")
@RESTPermit(handling = Handling.INLINE)
public Response listAssessmentRequestsByWorkspaceId(@PathParam("WORKSPACEENTITYID") Long workspaceEntityId, @QueryParam("studentIdentifier") String studentId) {
WorkspaceEntity workspaceEntity = workspaceController.findWorkspaceEntityById(workspaceEntityId);
if (workspaceEntity == null) {
return Response.status(Status.NOT_FOUND).entity("Workspace not found").build();
}
SchoolDataIdentifier studentIdentifier = SchoolDataIdentifier.fromId(studentId);
if (studentIdentifier != null) {
if (!studentIdentifier.equals(sessionController.getLoggedUser())) {
if (!sessionController.hasPermission(AssessmentRequestPermissions.LIST_WORKSPACE_ASSESSMENTREQUESTS, workspaceEntity)) {
return Response.status(Status.FORBIDDEN).build();
}
}
WorkspaceUserEntity workspaceUserEntity = workspaceUserEntityController.findWorkspaceUserEntityByWorkspaceAndUserIdentifier(workspaceEntity, studentIdentifier);
if (workspaceUserEntity == null) {
return Response.status(Status.BAD_REQUEST).entity("WorkspaceUserEntity could not find").build();
}
return Response.ok(restModel(assessmentRequestController.listByWorkspaceUser(workspaceUserEntity))).build();
} else {
if (!sessionController.hasPermission(AssessmentRequestPermissions.LIST_WORKSPACE_ASSESSMENTREQUESTS, workspaceEntity)) {
return Response.status(Status.FORBIDDEN).build();
}
List<WorkspaceAssessmentRequest> assessmentRequests = assessmentRequestController.listByWorkspace(workspaceEntity);
return Response.ok(restModel(assessmentRequests)).build();
}
}
use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.
the class ChatRESTService method fetchCredentials.
@GET
@Path("/credentials")
@RESTPermit(handling = Handling.INLINE)
public Response fetchCredentials() {
if (!sessionController.isLoggedIn()) {
return Response.status(Status.FORBIDDEN).entity("Must be logged in").build();
}
PrivateKey privateKey = getPrivateKey();
if (privateKey == null) {
return Response.status(Status.INTERNAL_SERVER_ERROR).entity("Private key not set").build();
}
Instant now = Instant.now();
SchoolDataIdentifier loggedUserIdentifier = sessionController.getLoggedUser();
if (loggedUserIdentifier == null) {
return Response.status(Status.BAD_REQUEST).entity("Logged user identifier not found").build();
}
String userIdentifierString = loggedUserIdentifier.toId();
try {
XmppCredentials credentials = computeXmppCredentials(privateKey, now, userIdentifierString);
return Response.ok(credentials).build();
} catch (InvalidKeyException | SignatureException | NoSuchAlgorithmException ex) {
return Response.status(Status.INTERNAL_SERVER_ERROR).entity(ex.getMessage()).build();
}
}
use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.
the class FeedRESTService method findFeedByNames.
@GET
@Path("/feeds/{NAMES}")
@RESTPermit(handling = Handling.UNSECURED)
public Response findFeedByNames(@PathParam("NAMES") String names, @QueryParam("numItems") @DefaultValue("10") int numItems, @QueryParam("order") @DefaultValue("DESCENDING") FeedSortOrder order) {
if (StringUtils.isBlank(names)) {
return Response.status(Status.NOT_FOUND).build();
}
Set<String> nameSet = Stream.of(names.split(",")).collect(Collectors.toSet());
List<Feed> feeds = new ArrayList<>();
for (String name : nameSet) {
Feed feed = feedDAO.findByName(name);
if (feed != null) {
feeds.add(feed);
}
}
List<FeedItem> feedItems = feedItemDao.findByFeeds(feeds, numItems, order);
return Response.ok(feedItems).build();
}
Aggregations