Examples with AccessDeniedException - com.infiniteautomation.mango.rest.v2.exception.AccessDeniedException

Example 11 with AccessDeniedException

use of com.infiniteautomation.mango.rest.v2.exception.AccessDeniedException in project ma-modules-public by infiniteautomation.

the class UserRestController method lockPassword.

@ApiOperation(value = "Locks a user's password", notes = "The user with a locked password cannot login using a username and password. " + "However the user's auth tokens will still work and the user can still reset their password using a reset token or email link")
@RequestMapping(method = RequestMethod.PUT, value = "/{username}/lock-password")
public ResponseEntity<Void> lockPassword(@ApiParam(value = "Username", required = true, allowMultiple = false) @PathVariable String username, @AuthenticationPrincipal User currentUser) {
    if (!currentUser.isAdmin()) {
        throw new AccessDeniedException();
    }
    User user = UserDao.instance.getUser(username);
    if (user == null) {
        throw new NotFoundRestException();
    }
    UserDao.instance.lockPassword(user);
    return new ResponseEntity<>(HttpStatus.NO_CONTENT);
}

Also used : AccessDeniedException(com.infiniteautomation.mango.rest.v2.exception.AccessDeniedException) NotFoundRestException(com.infiniteautomation.mango.rest.v2.exception.NotFoundRestException) ResponseEntity(org.springframework.http.ResponseEntity) User(com.serotonin.m2m2.vo.User) ApiOperation(com.wordnik.swagger.annotations.ApiOperation) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 12 with AccessDeniedException

use of com.infiniteautomation.mango.rest.v2.exception.AccessDeniedException in project ma-modules-public by infiniteautomation.

the class MangoTaskTemporaryResourceManager method scheduleTask.

private void scheduleTask(TemporaryResource<T, AbstractRestV2Exception> resource) {
    TaskData tasks = (TaskData) resource.getData();
    // TODO Mango 3.4 keep user inside the resource isntead of user id?
    // maybe change the user inside DataPointRestController bulk operation lambda function to get user from background context
    User user = UserDao.instance.get(resource.getUserId());
    if (user == null) {
        AccessDeniedException error = new AccessDeniedException();
        resource.safeError(error);
        return;
    }
    tasks.mainTask = new HighPriorityTask("Temporary resource " + resource.getResourceType() + " " + resource.getId()) {

        @Override
        public void run(long runtime) {
            try {
                BackgroundContext.set(user);
                resource.getTask().run(resource);
            } catch (Exception e) {
                AbstractRestV2Exception error = MangoTaskTemporaryResourceManager.this.mapException(e);
                resource.safeError(error);
            } finally {
                BackgroundContext.remove();
            }
        }

        @Override
        public void rejected(RejectedTaskReason reason) {
            super.rejected(reason);
            TranslatableMessage msg = null;
            switch(reason.getCode()) {
                case RejectedTaskReason.POOL_FULL:
                    msg = new TranslatableMessage("rest.error.rejectedTaskPoolFull");
                    break;
                case RejectedTaskReason.TASK_QUEUE_FULL:
                    msg = new TranslatableMessage("rest.error.rejectedTaskQueueFull");
                    break;
                case RejectedTaskReason.CURRENTLY_RUNNING:
                    msg = new TranslatableMessage("rest.error.rejectedTaskAlreadyRunning");
                    break;
            }
            ServerErrorException ex = msg == null ? new ServerErrorException() : new ServerErrorException(msg);
            AbstractRestV2Exception error = MangoTaskTemporaryResourceManager.this.mapException(ex);
            resource.safeError(error);
        }
    };
    Common.backgroundProcessing.execute(tasks.mainTask);
    this.scheduleTimeout(resource);
}

Also used : AccessDeniedException(com.infiniteautomation.mango.rest.v2.exception.AccessDeniedException) HighPriorityTask(com.serotonin.m2m2.util.timeout.HighPriorityTask) User(com.serotonin.m2m2.vo.User) AbstractRestV2Exception(com.infiniteautomation.mango.rest.v2.exception.AbstractRestV2Exception) TranslatableMessage(com.serotonin.m2m2.i18n.TranslatableMessage) ServerErrorException(com.infiniteautomation.mango.rest.v2.exception.ServerErrorException) AbstractRestV2Exception(com.infiniteautomation.mango.rest.v2.exception.AbstractRestV2Exception) ServerErrorException(com.infiniteautomation.mango.rest.v2.exception.ServerErrorException) AccessDeniedException(com.infiniteautomation.mango.rest.v2.exception.AccessDeniedException) RejectedTaskReason(com.serotonin.timer.RejectedTaskReason)

Example 13 with AccessDeniedException

use of com.infiniteautomation.mango.rest.v2.exception.AccessDeniedException in project ma-core-public by infiniteautomation.

the class MangoSpringExceptionHandler method handleAccessDenied.

@ExceptionHandler({ org.springframework.security.access.AccessDeniedException.class, PermissionException.class })
public ResponseEntity<Object> handleAccessDenied(HttpServletRequest request, HttpServletResponse response, Exception ex, WebRequest req) {
    Object model;
    if (ex instanceof PermissionException) {
        PermissionException permissionException = (PermissionException) ex;
        model = new AccessDeniedException(permissionException.getTranslatableMessage(), ex);
    } else {
        model = new AccessDeniedException(ex);
    }
    return handleExceptionInternal(ex, model, new HttpHeaders(), HttpStatus.FORBIDDEN, req);
}

Also used : PermissionException(com.serotonin.m2m2.vo.permission.PermissionException) HttpHeaders(org.springframework.http.HttpHeaders) AccessDeniedException(com.infiniteautomation.mango.rest.v2.exception.AccessDeniedException) ExceptionHandler(org.springframework.web.bind.annotation.ExceptionHandler) ResponseEntityExceptionHandler(org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler)

Aggregations

AccessDeniedException (com.infiniteautomation.mango.rest.v2.exception.AccessDeniedException)10 ApiOperation (com.wordnik.swagger.annotations.ApiOperation)10 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)10 TranslatableMessage (com.serotonin.m2m2.i18n.TranslatableMessage)7 User (com.serotonin.m2m2.vo.User)7 NotFoundRestException (com.infiniteautomation.mango.rest.v2.exception.NotFoundRestException)4 RestProcessResult (com.serotonin.m2m2.web.mvc.rest.v1.message.RestProcessResult)4 BadRequestException (com.infiniteautomation.mango.rest.v2.exception.BadRequestException)3 UserModel (com.serotonin.m2m2.web.mvc.rest.v1.model.user.UserModel)3 ResponseEntity (org.springframework.http.ResponseEntity)3 AccessDeniedException (org.springframework.security.access.AccessDeniedException)3 PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)3 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)3 DataPointVO (com.serotonin.m2m2.vo.DataPointVO)2 PermissionException (com.serotonin.m2m2.vo.permission.PermissionException)2 File (java.io.File)2 Date (java.util.Date)2 AbstractRestV2Exception (com.infiniteautomation.mango.rest.v2.exception.AbstractRestV2Exception)1 InvalidRQLRestException (com.infiniteautomation.mango.rest.v2.exception.InvalidRQLRestException)1 ResourceNotFoundException (com.infiniteautomation.mango.rest.v2.exception.ResourceNotFoundException)1