use of com.manydesigns.portofino.operations.annotations.Guard in project Portofino by ManyDesigns.
the class AbstractCrudAction method httpPostJson.
/**
* Handles object creation via REST. See <a href="http://portofino.manydesigns.com/en/docs/reference/page-types/crud/rest">the CRUD action REST API documentation.</a>
* @param jsonObject the object (in serialized JSON form)
* @since 4.2
* @return the created object as JSON (in a JAX-RS Response).
* @throws Exception only to make the compiler happy. Nothing should be thrown in normal operation. If this method throws, it is probably a bug.
*/
@POST
@RequiresPermissions(permissions = PERMISSION_CREATE)
@Guard(test = "isCreateEnabled()", type = GuardType.VISIBLE)
@Produces(MimeTypes.APPLICATION_JSON_UTF8)
@Consumes(MimeTypes.APPLICATION_JSON_UTF8)
@Operation(summary = "Create a new object (without blob data)")
public Response httpPostJson(@RequestBody(description = "The object in JSON form, as returned by GET") String jsonObject) throws Exception {
if (object != null) {
return Response.status(Response.Status.BAD_REQUEST).entity("Update not supported, PUT to /objectKey instead").build();
}
checkAccessorPermissions(new String[] { PERMISSION_CREATE });
preCreate();
FormUtil.readFromJson(form, new JSONObject(jsonObject));
if (form.validate()) {
writeFormToObject();
if (createValidate(object)) {
try {
doSave(object);
createPostProcess(object);
commitTransaction();
} catch (Throwable e) {
String rootCauseMessage = ExceptionUtils.getRootCauseMessage(e);
logger.warn(rootCauseMessage, e);
return Response.serverError().entity(e).build();
}
return objectCreated();
} else {
return Response.serverError().entity(form).build();
}
} else {
return Response.serverError().entity(form).build();
}
}
use of com.manydesigns.portofino.operations.annotations.Guard in project Portofino by ManyDesigns.
the class Operations method doGuardsPass.
public static boolean doGuardsPass(Object actionBean, Method method, @Nullable GuardType type) {
List<Guard> guards = getGuards(method, type);
boolean pass = true;
OgnlContext ognlContext = ElementsThreadLocals.getOgnlContext();
for (Guard guard : guards) {
Object result = OgnlUtils.getValueQuietly(guard.test(), ognlContext, actionBean);
pass &= result instanceof Boolean && ((Boolean) result);
}
return pass;
}
use of com.manydesigns.portofino.operations.annotations.Guard in project Portofino by ManyDesigns.
the class Operations method getGuards.
public static List<Guard> getGuards(Method method, GuardType type) {
List<Guard> guardList = new ArrayList<Guard>();
Guard guard = method.getAnnotation(Guard.class);
if (guard != null && (type == null || type == guard.type())) {
guardList.add(guard);
} else {
Guards guards = method.getAnnotation(Guards.class);
if (guards != null) {
for (Guard g : guards.value()) {
if (type == null || type == g.type()) {
guardList.add(g);
}
}
}
}
return guardList;
}
use of com.manydesigns.portofino.operations.annotations.Guard in project Portofino by ManyDesigns.
the class AbstractCrudAction method uploadBlob.
@PUT
@Path(":blob/{propertyName}")
@RequiresPermissions(permissions = PERMISSION_EDIT)
@Guard(test = "isEditEnabled()", type = GuardType.VISIBLE)
@Operation(summary = "Upload a blob property")
public Response uploadBlob(@Parameter(description = "The name of the property", required = true) @PathParam("propertyName") String propertyName, @Parameter(description = "The name of uploaded file") @QueryParam("filename") String filename, InputStream inputStream) throws IOException {
if (object == null) {
return Response.status(Response.Status.BAD_REQUEST).entity("Object can not be null (this method can only be called with /objectKey)").build();
}
checkAccessorPermissions(new String[] { PERMISSION_EDIT });
setupForm(Mode.EDIT);
form.readFromObject(object);
AbstractBlobField field = (AbstractBlobField) form.findFieldByPropertyName(propertyName);
if (field == null) {
return Response.status(Response.Status.NOT_FOUND).build();
}
if (!field.isUpdatable()) {
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Property not writable").build();
}
Blob blob = new Blob(field.generateNewCode());
blob.setFilename(filename);
blob.setSize(context.getRequest().getContentLength());
blob.setContentType(context.getRequest().getContentType());
blob.setCharacterEncoding(context.getRequest().getCharacterEncoding());
blob.setCreateTimestamp(new DateTime());
blob.setInputStream(inputStream);
Blob oldBlob = field.getValue();
field.setValue(blob);
field.writeToObject(object);
if (!field.isSaveBlobOnObject()) {
BlobManager blobManager = getBlobManager();
blobManager.save(blob);
if (oldBlob != null) {
try {
blobManager.delete(oldBlob);
} catch (IOException e) {
logger.warn("Could not delete old blob (code: " + oldBlob.getCode() + ")", e);
}
}
}
commitTransaction();
return Response.ok().build();
}
Aggregations