Search in sources :

Example 16 with RESTPermit

use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.

the class AnnouncerRESTService method updateAnnouncement.

@PUT
@Path("/announcements/{ID}")
@RESTPermit(handling = Handling.INLINE)
public Response updateAnnouncement(@PathParam("ID") Long announcementId, AnnouncementRESTModel restModel) {
    UserEntity userEntity = sessionController.getLoggedUserEntity();
    if (announcementId == null) {
        return Response.status(Status.BAD_REQUEST).build();
    }
    Announcement oldAnnouncement = announcementController.findById(announcementId);
    if (oldAnnouncement == null) {
        return Response.status(Status.NOT_FOUND).build();
    }
    // Check that the user has permission to update the old announcement
    if (!canEdit(oldAnnouncement, userEntity))
        return Response.status(Status.FORBIDDEN).entity("You don't have the permission to update this announcement.").build();
    List<Long> workspaceEntityIds = restModel.getWorkspaceEntityIds();
    if (workspaceEntityIds == null) {
        workspaceEntityIds = Collections.emptyList();
    }
    List<Long> userGroupEntityIds = restModel.getUserGroupEntityIds();
    if (userGroupEntityIds == null) {
        userGroupEntityIds = Collections.emptyList();
    }
    if (workspaceEntityIds.isEmpty() && !sessionController.hasEnvironmentPermission(AnnouncerPermissions.UPDATE_ANNOUNCEMENT)) {
        return Response.status(Status.FORBIDDEN).entity("You don't have the permission to update environment announcements").build();
    }
    for (Long workspaceEntityId : workspaceEntityIds) {
        WorkspaceEntity workspaceEntity = workspaceEntityController.findWorkspaceEntityById(workspaceEntityId);
        if (workspaceEntity == null) {
            return Response.status(Status.BAD_REQUEST).entity("Invalid workspaceEntityId").build();
        }
        if (!sessionController.hasWorkspacePermission(AnnouncerPermissions.UPDATE_WORKSPACE_ANNOUNCEMENT, workspaceEntity)) {
            return Response.status(Status.FORBIDDEN).entity("You don't have the permission to update workspace announcement").build();
        }
    }
    Announcement newAnnouncement = announcementController.updateAnnouncement(oldAnnouncement, restModel.getCaption(), restModel.getContent(), restModel.getStartDate(), restModel.getEndDate(), restModel.getPubliclyVisible(), restModel.isArchived());
    announcementController.clearAnnouncementTargetGroups(newAnnouncement);
    for (Long userGroupEntityId : userGroupEntityIds) {
        UserGroupEntity userGroupEntity = userGroupEntityController.findUserGroupEntityById(userGroupEntityId);
        if (userGroupEntity == null) {
            return Response.status(Status.BAD_REQUEST).entity("Invalid userGroupEntityId").build();
        }
        announcementController.addAnnouncementTargetGroup(newAnnouncement, userGroupEntity);
    }
    announcementController.clearAnnouncementWorkspaces(newAnnouncement);
    for (Long workspaceEntityId : workspaceEntityIds) {
        WorkspaceEntity workspaceEntity = workspaceEntityController.findWorkspaceEntityById(workspaceEntityId);
        if (workspaceEntity == null) {
            return Response.status(Status.BAD_REQUEST).entity("Invalid workspaceEntityId").build();
        }
        announcementController.addAnnouncementWorkspace(newAnnouncement, workspaceEntity);
    }
    List<AnnouncementUserGroup> announcementUserGroups = announcementController.listAnnouncementUserGroups(newAnnouncement);
    List<AnnouncementWorkspace> announcementWorkspaces = announcementController.listAnnouncementWorkspaces(newAnnouncement);
    return Response.ok(createRESTModel(newAnnouncement, announcementUserGroups, announcementWorkspaces)).build();
}
Also used : Announcement(fi.otavanopisto.muikku.plugins.announcer.model.Announcement) WorkspaceEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceEntity) AnnouncementUserGroup(fi.otavanopisto.muikku.plugins.announcer.model.AnnouncementUserGroup) AnnouncementWorkspace(fi.otavanopisto.muikku.plugins.announcer.workspace.model.AnnouncementWorkspace) UserGroupEntity(fi.otavanopisto.muikku.model.users.UserGroupEntity) UserEntity(fi.otavanopisto.muikku.model.users.UserEntity) Path(javax.ws.rs.Path) RESTPermit(fi.otavanopisto.security.rest.RESTPermit) PUT(javax.ws.rs.PUT)

Example 17 with RESTPermit

use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.

the class AnnouncerRESTService method deleteAnnouncement.

@DELETE
@Path("/announcements/{ID}")
@RESTPermit(handling = Handling.INLINE)
public Response deleteAnnouncement(@PathParam("ID") Long announcementId) {
    Announcement announcement = announcementController.findById(announcementId);
    if (announcement == null) {
        return Response.status(Status.NOT_FOUND).build();
    }
    List<AnnouncementWorkspace> announcementWorkspaces = announcementController.listAnnouncementWorkspaces(announcement);
    if (announcementWorkspaces.isEmpty() && !sessionController.hasEnvironmentPermission(AnnouncerPermissions.DELETE_ANNOUNCEMENT)) {
        return Response.status(Status.FORBIDDEN).entity("You don't have the permission to update environment announcements").build();
    }
    for (AnnouncementWorkspace announcementWorkspace : announcementWorkspaces) {
        WorkspaceEntity workspaceEntity = workspaceEntityController.findWorkspaceEntityById(announcementWorkspace.getWorkspaceEntityId());
        if (workspaceEntity == null) {
            return Response.status(Status.BAD_REQUEST).entity("Invalid workspaceEntityId").build();
        }
        if (!sessionController.hasWorkspacePermission(AnnouncerPermissions.DELETE_WORKSPACE_ANNOUNCEMENT, workspaceEntity)) {
            return Response.status(Status.FORBIDDEN).entity("You don't have the permission to update workspace announcement").build();
        }
    }
    announcementController.archive(announcement);
    return Response.noContent().build();
}
Also used : Announcement(fi.otavanopisto.muikku.plugins.announcer.model.Announcement) WorkspaceEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceEntity) AnnouncementWorkspace(fi.otavanopisto.muikku.plugins.announcer.workspace.model.AnnouncementWorkspace) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE) RESTPermit(fi.otavanopisto.security.rest.RESTPermit)

Example 18 with RESTPermit

use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.

the class AssessmentRequestRESTService method listAssessmentRequestsByWorkspaceId.

@GET
@Path("/workspace/{WORKSPACEENTITYID}/assessmentRequests")
@RESTPermit(handling = Handling.INLINE)
public Response listAssessmentRequestsByWorkspaceId(@PathParam("WORKSPACEENTITYID") Long workspaceEntityId, @QueryParam("studentIdentifier") String studentId) {
    WorkspaceEntity workspaceEntity = workspaceController.findWorkspaceEntityById(workspaceEntityId);
    if (workspaceEntity == null) {
        return Response.status(Status.NOT_FOUND).entity("Workspace not found").build();
    }
    SchoolDataIdentifier studentIdentifier = SchoolDataIdentifier.fromId(studentId);
    if (studentIdentifier != null) {
        if (!studentIdentifier.equals(sessionController.getLoggedUser())) {
            if (!sessionController.hasPermission(AssessmentRequestPermissions.LIST_WORKSPACE_ASSESSMENTREQUESTS, workspaceEntity)) {
                return Response.status(Status.FORBIDDEN).build();
            }
        }
        WorkspaceUserEntity workspaceUserEntity = workspaceUserEntityController.findWorkspaceUserEntityByWorkspaceAndUserIdentifier(workspaceEntity, studentIdentifier);
        if (workspaceUserEntity == null) {
            return Response.status(Status.BAD_REQUEST).entity("WorkspaceUserEntity could not find").build();
        }
        return Response.ok(restModel(assessmentRequestController.listByWorkspaceUser(workspaceUserEntity))).build();
    } else {
        if (!sessionController.hasPermission(AssessmentRequestPermissions.LIST_WORKSPACE_ASSESSMENTREQUESTS, workspaceEntity)) {
            return Response.status(Status.FORBIDDEN).build();
        }
        List<WorkspaceAssessmentRequest> assessmentRequests = assessmentRequestController.listByWorkspace(workspaceEntity);
        return Response.ok(restModel(assessmentRequests)).build();
    }
}
Also used : SchoolDataIdentifier(fi.otavanopisto.muikku.schooldata.SchoolDataIdentifier) WorkspaceUserEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceUserEntity) WorkspaceEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceEntity) WorkspaceAssessmentRequest(fi.otavanopisto.muikku.schooldata.entity.WorkspaceAssessmentRequest) Path(javax.ws.rs.Path) RESTPermit(fi.otavanopisto.security.rest.RESTPermit) GET(javax.ws.rs.GET)

Example 19 with RESTPermit

use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.

the class ChatRESTService method fetchCredentials.

@GET
@Path("/credentials")
@RESTPermit(handling = Handling.INLINE)
public Response fetchCredentials() {
    if (!sessionController.isLoggedIn()) {
        return Response.status(Status.FORBIDDEN).entity("Must be logged in").build();
    }
    PrivateKey privateKey = getPrivateKey();
    if (privateKey == null) {
        return Response.status(Status.INTERNAL_SERVER_ERROR).entity("Private key not set").build();
    }
    Instant now = Instant.now();
    SchoolDataIdentifier loggedUserIdentifier = sessionController.getLoggedUser();
    if (loggedUserIdentifier == null) {
        return Response.status(Status.BAD_REQUEST).entity("Logged user identifier not found").build();
    }
    String userIdentifierString = loggedUserIdentifier.toId();
    try {
        XmppCredentials credentials = computeXmppCredentials(privateKey, now, userIdentifierString);
        return Response.ok(credentials).build();
    } catch (InvalidKeyException | SignatureException | NoSuchAlgorithmException ex) {
        return Response.status(Status.INTERNAL_SERVER_ERROR).entity(ex.getMessage()).build();
    }
}
Also used : SchoolDataIdentifier(fi.otavanopisto.muikku.schooldata.SchoolDataIdentifier) PrivateKey(java.security.PrivateKey) Instant(java.time.Instant) SignatureException(java.security.SignatureException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) Path(javax.ws.rs.Path) RESTPermit(fi.otavanopisto.security.rest.RESTPermit) GET(javax.ws.rs.GET)

Example 20 with RESTPermit

use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.

the class FeedRESTService method findFeedByNames.

@GET
@Path("/feeds/{NAMES}")
@RESTPermit(handling = Handling.UNSECURED)
public Response findFeedByNames(@PathParam("NAMES") String names, @QueryParam("numItems") @DefaultValue("10") int numItems, @QueryParam("order") @DefaultValue("DESCENDING") FeedSortOrder order) {
    if (StringUtils.isBlank(names)) {
        return Response.status(Status.NOT_FOUND).build();
    }
    Set<String> nameSet = Stream.of(names.split(",")).collect(Collectors.toSet());
    List<Feed> feeds = new ArrayList<>();
    for (String name : nameSet) {
        Feed feed = feedDAO.findByName(name);
        if (feed != null) {
            feeds.add(feed);
        }
    }
    List<FeedItem> feedItems = feedItemDao.findByFeeds(feeds, numItems, order);
    return Response.ok(feedItems).build();
}
Also used : FeedItem(fi.otavanopisto.muikku.plugins.feed.model.FeedItem) ArrayList(java.util.ArrayList) Feed(fi.otavanopisto.muikku.plugins.feed.model.Feed) Path(javax.ws.rs.Path) RESTPermit(fi.otavanopisto.security.rest.RESTPermit) GET(javax.ws.rs.GET)

Aggregations

RESTPermit (fi.otavanopisto.security.rest.RESTPermit)215 Path (javax.ws.rs.Path)214 GET (javax.ws.rs.GET)99 UserEntity (fi.otavanopisto.muikku.model.users.UserEntity)90 WorkspaceEntity (fi.otavanopisto.muikku.model.workspace.WorkspaceEntity)83 SchoolDataIdentifier (fi.otavanopisto.muikku.schooldata.SchoolDataIdentifier)61 WorkspaceUserEntity (fi.otavanopisto.muikku.model.workspace.WorkspaceUserEntity)57 POST (javax.ws.rs.POST)51 DELETE (javax.ws.rs.DELETE)45 ArrayList (java.util.ArrayList)36 UserSchoolDataIdentifier (fi.otavanopisto.muikku.model.users.UserSchoolDataIdentifier)30 ForumArea (fi.otavanopisto.muikku.plugins.forum.model.ForumArea)30 PUT (javax.ws.rs.PUT)26 ForumThread (fi.otavanopisto.muikku.plugins.forum.model.ForumThread)24 WorkspaceForumArea (fi.otavanopisto.muikku.plugins.forum.model.WorkspaceForumArea)21 CommunicatorMessageId (fi.otavanopisto.muikku.plugins.communicator.model.CommunicatorMessageId)20 WorkspaceMaterial (fi.otavanopisto.muikku.plugins.workspace.model.WorkspaceMaterial)20 User (fi.otavanopisto.muikku.schooldata.entity.User)19 EnvironmentForumArea (fi.otavanopisto.muikku.plugins.forum.model.EnvironmentForumArea)18 Date (java.util.Date)16