Examples with UnauthorizedException com.salesmanager.shop.store.api.exception.UnauthorizedException used on opensource projects

Example 1 with UnauthorizedException

use of com.salesmanager.shop.store.api.exception.UnauthorizedException in project shopizer by shopizer-ecommerce.

the class MerchantStoreArgumentResolver method resolveArgument.

@Override
public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) throws Exception {
    String storeValue = Optional.ofNullable(webRequest.getParameter(REQUEST_PARAMATER_STORE)).filter(StringUtils::isNotBlank).orElse(DEFAULT_STORE);
    // todo get from cache
    MerchantStore storeModel = storeFacade.get(storeValue);
    HttpServletRequest httpServletRequest = webRequest.getNativeRequest(HttpServletRequest.class);
    // TODO Move to an api filter
    // authorize request
    boolean authorized = userFacade.authorizeStore(storeModel, httpServletRequest.getRequestURI());
    LOGGER.debug("is request authorized {} for {} and store {}", authorized, httpServletRequest.getRequestURI(), storeModel.getCode());
    if (!authorized) {
        throw new UnauthorizedException("Cannot authorize user for store " + storeModel.getCode());
    }
    return storeModel;
}

Example 2 with UnauthorizedException

use of com.salesmanager.shop.store.api.exception.UnauthorizedException in project shopizer by shopizer-ecommerce.

the class UserFacadeImpl method authorizeStore.

@Override
public boolean authorizeStore(MerchantStore store, String path) {
    Validate.notNull(store, "MerchantStore cannot be null");
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (!StringUtils.isBlank(path) && path.contains(PRIVATE_PATH)) {
        Validate.notNull(authentication, "Don't call ths method if a user is not authenticated");
        try {
            String currentPrincipalName = authentication.getName();
            LOGGER.info("Principal " + currentPrincipalName);
            ReadableUser readableUser = findByUserName(currentPrincipalName, languageService.defaultLanguage());
            // ReadableUser readableUser =	  findByUserName(currentPrincipalName, store.getCode(), store.getDefaultLanguage());
            if (readableUser == null) {
                return false;
            }
            // current user match;
            String merchant = readableUser.getMerchant();
            // user store is store request param
            if (store.getCode().equalsIgnoreCase(merchant)) {
                return true;
            }
            // is superadmin
            for (ReadableGroup group : readableUser.getGroups()) {
                if (Constants.GROUP_SUPERADMIN.equals(group.getName())) {
                    return true;
                }
            }
            boolean authorized = false;
            // user store can be parent and requested store is child
            // get parent
            // TODO CACHE
            MerchantStore parent = null;
            if (store.getParent() != null) {
                parent = merchantStoreService.getParent(merchant);
            }
            // user can be in parent
            if (parent != null && parent.getCode().equals(store.getCode())) {
                authorized = true;
            }
            // else false
            return authorized;
        } catch (Exception e) {
            throw new UnauthorizedException("Cannot authorize user " + authentication.getPrincipal().toString() + " for store " + store.getCode(), e.getMessage());
        }
    }
    return true;
}

Example 3 with UnauthorizedException

use of com.salesmanager.shop.store.api.exception.UnauthorizedException in project shopizer by shopizer-ecommerce.

the class ManufacturerFacadeImpl method getByProductInCategory.

@Override
public List<ReadableManufacturer> getByProductInCategory(MerchantStore store, Language language, Long categoryId) {
    Validate.notNull(store, "MerchantStore cannot be null");
    Validate.notNull(language, "Language cannot be null");
    Validate.notNull(categoryId, "Category id cannot be null");
    Category category = categoryService.getById(categoryId, store.getId());
    if (category == null) {
        throw new ResourceNotFoundException("Category with id [" + categoryId + "] not found");
    }
    if (category.getMerchantStore().getId().longValue() != store.getId().longValue()) {
        throw new UnauthorizedException("Merchant [" + store.getCode() + "] not authorized");
    }
    try {
        List<Manufacturer> manufacturers = manufacturerService.listByProductsInCategory(store, category, language);
        List<ReadableManufacturer> manufacturersList = manufacturers.stream().sorted(new Comparator<Manufacturer>() {

            @Override
            public int compare(final Manufacturer object1, final Manufacturer object2) {
                return object1.getCode().compareTo(object2.getCode());
            }
        }).map(manuf -> readableManufacturerConverter.convert(manuf, store, language)).collect(Collectors.toList());
        return manufacturersList;
    } catch (ServiceException e) {
        throw new ServiceRuntimeException(e);
    }
}

Example 4 with UnauthorizedException

use of com.salesmanager.shop.store.api.exception.UnauthorizedException in project shopizer by shopizer-ecommerce.

the class UserApi method getAuthUser.

/**
 * Get logged in customer profile
 *
 * @param merchantStore
 * @param language
 * @param request
 * @return
 */
@GetMapping("/private/user/profile")
@ApiImplicitParams({ @ApiImplicitParam(name = "lang", dataType = "string", defaultValue = "en") })
public ReadableUser getAuthUser(@ApiIgnore Language language, HttpServletRequest request) {
    Principal principal = request.getUserPrincipal();
    String userName = principal.getName();
    ReadableUser user = userFacade.findByUserName(userName, null, language);
    if (!user.isActive()) {
        throw new UnauthorizedException("User " + userName + " not not active");
    }
    return user;
}

Example 5 with UnauthorizedException

use of com.salesmanager.shop.store.api.exception.UnauthorizedException in project shopizer by shopizer-ecommerce.

the class ProductApi method addProductToCategory.

@ResponseStatus(HttpStatus.CREATED)
@RequestMapping(value = { "/private/product/{productId}/category/{categoryId}", "/auth/product/{productId}/category/{categoryId}" }, method = RequestMethod.POST)
@ApiImplicitParams({ @ApiImplicitParam(name = "store", dataType = "String", defaultValue = "DEFAULT"), @ApiImplicitParam(name = "lang", dataType = "String", defaultValue = "en") })
@ResponseBody
public ReadableProduct addProductToCategory(@PathVariable Long productId, @PathVariable Long categoryId, @ApiIgnore MerchantStore merchantStore, @ApiIgnore Language language, HttpServletResponse response) throws Exception {
    try {
        // get the product
        Product product = productService.getById(productId);
        if (product == null) {
            throw new ResourceNotFoundException("Product id [" + productId + "] is not found");
        }
        if (product.getMerchantStore().getId().intValue() != merchantStore.getId().intValue()) {
            throw new UnauthorizedException("Product id [" + productId + "] does not belong to store [" + merchantStore.getCode() + "]");
        }
        Category category = categoryService.getById(categoryId);
        if (category == null) {
            throw new ResourceNotFoundException("Category id [" + categoryId + "] is not found");
        }
        if (category.getMerchantStore().getId().intValue() != merchantStore.getId().intValue()) {
            throw new UnauthorizedException("Category id [" + categoryId + "] does not belong to store [" + merchantStore.getCode() + "]");
        }
        return productCommonFacade.addProductToCategory(category, product, language);
    } catch (Exception e) {
        LOGGER.error("Error while adding product to category", e);
        try {
            response.sendError(503, "Error while adding product to category " + e.getMessage());
        } catch (Exception ignore) {
        }
        return null;
    }
}