Examples with CustomAccessDeniedException com.ncedu.fooddelivery.api.v1.errors.security.CustomAccessDeniedException used on opensource projects

Example 11 with CustomAccessDeniedException

use of com.ncedu.fooddelivery.api.v1.errors.security.CustomAccessDeniedException in project 2021-msk-food-delivery by netcracker-edu.

the class OrderServiceImpl1 method changeClientRating.

@Override
public void changeClientRating(Order order, ChangeRatingDTO dto, User user) {
    if (order.getCourier() == null || !user.getId().equals(order.getCourier().getId()))
        throw new CustomAccessDeniedException();
    order.setClientRating(dto.getRating());
    orderRepo.save(order);
}

Example 12 with CustomAccessDeniedException

use of com.ncedu.fooddelivery.api.v1.errors.security.CustomAccessDeniedException in project 2021-msk-food-delivery by netcracker-edu.

the class FileServiceTest method deleteImgNotAdminNotOwner.

@Test
public void deleteImgNotAdminNotOwner() throws IOException {
    // prepare
    Long ownerId = 1L;
    User howardOwner = UserUtils.courierHowardWolowitz(ownerId);
    Long notOwnerId = 2L;
    User leonardNotOwner = UserUtils.moderatorLeonardHofstadter(notOwnerId);
    String imgName = "test.jpeg";
    Path pathTestPng = UPLOAD_PATH.resolve(imgName);
    // file name, where we locate our test.png
    final String fileUuid = "55420882-1e23-4559-b84e-03c3f4d597af";
    Path fileUuidPath = createFileUuidPath(fileUuid);
    Files.copy(pathTestPng, fileUuidPath, StandardCopyOption.REPLACE_EXISTING);
    File fileEntity = new File(UUID.fromString(fileUuid), FileType.JPEG, imgName, Files.size(fileUuidPath), Timestamp.valueOf(LocalDateTime.now()), howardOwner);
    doNothing().when(fileRepoMock).delete(fileEntity);
    Exception exception = assertThrows(CustomAccessDeniedException.class, () -> {
        fileService.delete(fileEntity, leonardNotOwner);
    });
    String perfectMessage = new CustomAccessDeniedException().getMessage();
    String resultMessage = exception.getMessage();
    assertEquals(perfectMessage, resultMessage);
    verify(fileRepoMock, never()).delete(fileEntity);
}

Example 13 with CustomAccessDeniedException

use of com.ncedu.fooddelivery.api.v1.errors.security.CustomAccessDeniedException in project 2021-msk-food-delivery by netcracker-edu.

the class FileServiceTest method replaceJpgNotOwnerNotAdmin.

@Test
public void replaceJpgNotOwnerNotAdmin() throws IOException {
    // prepare
    Long userId = 1L;
    User pennyClient = UserUtils.clientPennyTeller(userId);
    Long notOwnerId = 2L;
    User rajeshNotOwner = UserUtils.clientRajeshKoothrappali(notOwnerId);
    String oldImgName = "test.jpeg";
    Path pathTestJpeg = UPLOAD_PATH.resolve(oldImgName);
    final String fileUuid = "e897e931-12ce-4b3f-afbc-42f6c165dfc8";
    Path fileUuidPath = createFileUuidPath(fileUuid);
    Files.copy(pathTestJpeg, fileUuidPath, StandardCopyOption.REPLACE_EXISTING);
    File oldFileEntity = new File(UUID.fromString(fileUuid), FileType.JPEG, oldImgName, Files.size(fileUuidPath), Timestamp.valueOf(LocalDateTime.now()), pennyClient);
    MultipartFile newFile = getImgWithType("testLargeWidth", "png");
    when(fileRepoMock.save(any(File.class))).thenAnswer(invocation -> invocation.getArguments()[0]);
    Exception exception = assertThrows(CustomAccessDeniedException.class, () -> {
        fileService.replace(newFile, oldFileEntity, rajeshNotOwner);
    });
    String perfectMessage = new CustomAccessDeniedException().getMessage();
    String resultMessage = exception.getMessage();
    assertEquals(perfectMessage, resultMessage);
    verify(fileRepoMock, never()).save(any(File.class));
}

Example 14 with CustomAccessDeniedException

use of com.ncedu.fooddelivery.api.v1.errors.security.CustomAccessDeniedException in project 2021-msk-food-delivery by netcracker-edu.

the class ProductPositionController method nullifyProductPosition.

@PatchMapping("/api/v1/productPosition/{id}/currentAmount")
@PreAuthorize("hasAnyAuthority('ADMIN', 'MODERATOR')")
public ResponseEntity<?> nullifyProductPosition(@Min(value = 1) @Max(value = Long.MAX_VALUE) @PathVariable Long id, @AuthenticationPrincipal User user) {
    ProductPosition productPositionToNullify = productPositionService.getProductPosition(id);
    if (productPositionToNullify == null)
        throw new NotFoundEx(String.valueOf(id));
    if (Role.isMODERATOR(user.getRole().toString())) {
        if (!user.getModerator().getWarehouseId().equals(productPositionToNullify.getWarehouse().getId())) {
            throw new CustomAccessDeniedException();
        }
    }
    productPositionService.nullifyProductPosition(id);
    return new ResponseEntity<>(HttpStatus.OK);
}

Example 15 with CustomAccessDeniedException

use of com.ncedu.fooddelivery.api.v1.errors.security.CustomAccessDeniedException in project 2021-msk-food-delivery by netcracker-edu.

the class ProductPositionController method updatePaymentStatus.

@PatchMapping("/api/v1/productPositions/paymentState")
@PreAuthorize("hasAnyAuthority('ADMIN', 'MODERATOR')")
public ResponseEntity<?> updatePaymentStatus(@AuthenticationPrincipal User user, @Valid @RequestBody UpdatePaymentStatusDTO updatePaymentStatusDTO) {
    List<ProductPosition> productPositionList = new ArrayList<>();
    for (Long id : updatePaymentStatusDTO.getProductPositions()) {
        ProductPosition productPosition = productPositionService.getProductPosition(id);
        if (productPosition == null)
            throw new NotFoundEx(String.valueOf(id));
        productPositionList.add(productPosition);
    }
    if (Role.isMODERATOR(user.getRole().toString())) {
        Long moderatorBindedWarehouseId = user.getModerator().getWarehouseId();
        for (ProductPosition productPosition : productPositionList) {
            if (!productPosition.getWarehouse().getId().equals(moderatorBindedWarehouseId))
                throw new CustomAccessDeniedException();
        }
    }
    productPositionService.updatePaymentStatus(updatePaymentStatusDTO.getProductPositions());
    return new ResponseEntity<>(HttpStatus.OK);
}