Example 6 with AccessControl
use of org.orcid.core.security.visibility.aop.AccessControl in project ORCID-Source by ORCID.
the class T2OrcidApiServiceDelegatorImpl method createProfile.
/**
* Creates a new profile and returns the saved representation of it. The
* response should include the 'location' to retrieve the newly created
* profile from.
*
* @param orcidMessage
* the message to be saved. If the message already contains an
* ORCID value a 400 Bad Request
* @return if the creation was successful, returns a 201 along with the
* location of the newly created resource otherwise returns an error
* response describing the problem
*/
@Override
@AccessControl(requiredScope = ScopePathType.ORCID_PROFILE_CREATE)
public Response createProfile(UriInfo uriInfo, OrcidMessage orcidMessage) {
OrcidProfile orcidProfile = orcidMessage.getOrcidProfile();
try {
setSponsorFromAuthentication(orcidProfile);
orcidProfile = orcidProfileManager.createOrcidProfileAndNotify(orcidProfile);
return getCreatedResponse(uriInfo, PROFILE_GET_PATH, orcidProfile);
} catch (DataAccessException e) {
if (e.getCause() != null && ConstraintViolationException.class.isAssignableFrom(e.getCause().getClass())) {
throw new OrcidBadRequestException(localeManager.resolveMessage("apiError.badrequest_email_exists.exception"));
}
throw new OrcidBadRequestException(localeManager.resolveMessage("apiError.badrequest_createorcid.exception"), e);
}
}
Also used :
OrcidProfile(org.orcid.jaxb.model.message.OrcidProfile)
OrcidBadRequestException(org.orcid.core.exception.OrcidBadRequestException)
DataAccessException(org.springframework.dao.DataAccessException)
AccessControl(org.orcid.core.security.visibility.aop.AccessControl)
Example 7 with AccessControl
use of org.orcid.core.security.visibility.aop.AccessControl in project ORCID-Source by ORCID.
the class T2OrcidApiServiceDelegatorImpl method unregisterWebhook.
/**
* Unregister a webhook from a profile. As with all calls, if the message
* contains any other elements, a 400 Bad Request will be returned.
*
* @param orcid
* the identifier of the profile to unregister the webhook
* @param uriInfo
* an uri object containing the webhook that will be unregistred
* @return If successful, returns a 204 No content.
* */
@Override
@AccessControl(requiredScope = ScopePathType.WEBHOOK)
public Response unregisterWebhook(UriInfo uriInfo, String orcid, String webhookUri) {
ProfileEntity profile = profileEntityCacheManager.retrieve(orcid);
if (profile != null) {
WebhookEntityPk webhookPk = new WebhookEntityPk(profile, webhookUri);
WebhookEntity webhook = webhookManager.find(webhookPk);
if (webhook == null) {
Map<String, String> params = new HashMap<String, String>();
params.put("orcid", orcid);
params.put("uri", webhookUri);
throw new OrcidWebhookNotFoundException(params);
} else {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
String clientId = null;
if (OAuth2Authentication.class.isAssignableFrom(authentication.getClass())) {
OAuth2Request authorizationRequest = ((OAuth2Authentication) authentication).getOAuth2Request();
clientId = authorizationRequest.getClientId();
}
// Check if user can unregister this webhook
if (webhook.getClientDetails().getId().equals(clientId)) {
webhookManager.delete(webhookPk);
return Response.noContent().build();
} else {
// that webhook
throw new OrcidForbiddenException(localeManager.resolveMessage("apiError.forbidden_unregister_webhook.exception"));
}
}
} else {
Map<String, String> params = new HashMap<String, String>();
params.put("orcid", orcid);
throw new OrcidNotFoundException(params);
}
}
Also used :
OrcidWebhookNotFoundException(org.orcid.core.exception.OrcidWebhookNotFoundException)
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
OrcidForbiddenException(org.orcid.core.exception.OrcidForbiddenException)
WebhookEntityPk(org.orcid.persistence.jpa.entities.keys.WebhookEntityPk)
HashMap(java.util.HashMap)
WebhookEntity(org.orcid.persistence.jpa.entities.WebhookEntity)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
OrcidNotFoundException(org.orcid.core.exception.OrcidNotFoundException)
ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity)
AccessControl(org.orcid.core.security.visibility.aop.AccessControl)
Example 8 with AccessControl
use of org.orcid.core.security.visibility.aop.AccessControl in project ORCID-Source by ORCID.
the class InternalApiServiceDelegatorImpl method viewPersonLastModified.
@Override
@AccessControl(requiredScope = ScopePathType.INTERNAL_PERSON_LAST_MODIFIED, requestComesFromInternalApi = true)
public Response viewPersonLastModified(String orcid) {
Date lastModified = orcidProfileManager.retrieveLastModifiedDate(orcid);
LastModifiedResponse obj = new LastModifiedResponse(orcid, lastModified.toString());
Response response = Response.ok(obj).build();
return response;
}
Also used :
LastModifiedResponse(org.orcid.internal.util.LastModifiedResponse)
Response(javax.ws.rs.core.Response)
LastModifiedResponse(org.orcid.internal.util.LastModifiedResponse)
Date(java.util.Date)
AccessControl(org.orcid.core.security.visibility.aop.AccessControl)
Example 9 with AccessControl
use of org.orcid.core.security.visibility.aop.AccessControl in project ORCID-Source by ORCID.
the class StatsApiServiceDelegatorImpl method getAllStatsTimelines.
@Override
@AccessControl(requiredScope = ScopePathType.READ_PUBLIC, enableAnonymousAccess = true)
public Response getAllStatsTimelines() {
StatisticsSummary summary = statisticsCacheManager.retrieve();
if (summary == null)
return Response.status(Status.NOT_FOUND).build();
StatsTimelineList statsTimelines = new StatsTimelineList();
for (String key : summary.getStatistics().keySet()) {
StatisticsTimeline timeline = statisticsCacheManager.getStatisticsTimelineModel(StatisticsEnum.fromString(key));
if (timeline != null)
statsTimelines.getTimelines().add(timeline);
}
return Response.ok(statsTimelines).build();
}
Also used :
StatsTimelineList(org.orcid.api.common.writer.stats.StatsTimelineList)
StatisticsSummary(org.orcid.jaxb.model.statistics.StatisticsSummary)
StatisticsTimeline(org.orcid.jaxb.model.statistics.StatisticsTimeline)
AccessControl(org.orcid.core.security.visibility.aop.AccessControl)
Example 10 with AccessControl
use of org.orcid.core.security.visibility.aop.AccessControl in project ORCID-Source by ORCID.
the class NotificationsApiServiceDelegatorImpl method findPermissionNotifications.
@Override
@AccessControl(requiredScope = ScopePathType.PREMIUM_NOTIFICATION)
public Response findPermissionNotifications(String orcid) {
// Get the client profile information
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
String clientId = null;
if (OAuth2Authentication.class.isAssignableFrom(authentication.getClass())) {
OAuth2Request authorizationRequest = ((OAuth2Authentication) authentication).getOAuth2Request();
clientId = authorizationRequest.getClientId();
}
NotificationPermissions notifications = notificationManager.findPermissionsByOrcidAndClient(orcid, clientId, 0, MAX_NOTIFICATIONS_AVAILABLE);
return Response.ok(notifications).build();
}
Also used :
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
NotificationPermissions(org.orcid.jaxb.model.notification.permission_v2.NotificationPermissions)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
AccessControl(org.orcid.core.security.visibility.aop.AccessControl)
Aggregations
AccessControl (org.orcid.core.security.visibility.aop.AccessControl)10
HashMap (java.util.HashMap)6
Authentication (org.springframework.security.core.Authentication)4
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)4
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)4
OrcidBadRequestException (org.orcid.core.exception.OrcidBadRequestException)3
OrcidNotFoundException (org.orcid.core.exception.OrcidNotFoundException)3
Notification (org.orcid.jaxb.model.notification_v2.Notification)3
ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)3
URI (java.net.URI)2
URISyntaxException (java.net.URISyntaxException)2
Date (java.util.Date)2
OrcidNotificationNotFoundException (org.orcid.core.exception.OrcidNotificationNotFoundException)2
OrcidProfile (org.orcid.jaxb.model.message.OrcidProfile)2
WebhookEntity (org.orcid.persistence.jpa.entities.WebhookEntity)2
WebhookEntityPk (org.orcid.persistence.jpa.entities.keys.WebhookEntityPk)2
DataAccessException (org.springframework.dao.DataAccessException)2
Map (java.util.Map)1
Response (javax.ws.rs.core.Response)1
StatsTimelineList (org.orcid.api.common.writer.stats.StatsTimelineList)1
