Examples with VBoardException com.vsct.vboard.models.VBoardException used on opensource projects

Example 1 with VBoardException

use of com.vsct.vboard.models.VBoardException in project vboard by voyages-sncf-technologies.

the class AuthenticationController method ensureUserHasRightsToAlterPin.

// Check whether the user has the authorization to do that action (the author or an admins)
public void ensureUserHasRightsToAlterPin(String pinAuthor) {
    final User sessionUser = this.getSessionUser();
    final String userString = sessionUser.getUserString();
    if (!(userString.equals(pinAuthor) || sessionUser.isAdmin() || hasModeratorRole())) {
        throw new VBoardException("Unauthorized Access - User cannot update nor delete pins: " + userString);
    }
}

Example 2 with VBoardException

use of com.vsct.vboard.models.VBoardException in project vboard by voyages-sncf-technologies.

the class AuthenticationController method ensureUserHasRightsToAlterComment.

// Check whether the user has the authorization to do that action (the author or an admins)
public void ensureUserHasRightsToAlterComment(String commentAuthor) {
    final User sessionUser = this.getSessionUser();
    final String userString = sessionUser.getUserString();
    if (!(userString.equals(commentAuthor) || sessionUser.isAdmin() || this.getSessionUser().getEmail().equals(commentAuthor) || hasModeratorRole())) {
        throw new VBoardException("Unauthorized Access - The user does not have the authorization to do that action(" + userString + ")");
    }
}

Example 3 with VBoardException

use of com.vsct.vboard.models.VBoardException in project vboard by voyages-sncf-technologies.

the class CommentsController method removeComment.

@RequestMapping(value = "", method = RequestMethod.DELETE)
@ResponseBody
@Valid
public Comment removeComment(@RequestParam(value = "id") String id) {
    Comment comment;
    try {
        comment = this.commentDAO.findById(id);
        if (comment != null) {
            // Check if the user can update this comment (or throw an exception)
            permission.ensureUserHasRightsToAlterPin(comment.getAuthor());
            this.commentDAO.delete(comment);
            String pinId = comment.getPinId();
            Pin pin = this.pinDAO.findByPinId(pinId);
            if (pin != null) {
                pin.decreaseCommentsNumber();
                this.pinDAO.save(pin);
            }
            // Decrease the number of comments for the given pin in elasticsearch
            this.elsClient.removeComment(pinId);
            this.logger.debug("deleteComment: id={}", id);
            // Update the stats
            this.gamification.updateStats(permission.getSessionUserWithSyncFromDB());
        } else {
            throw new VBoardException("Comment does not exist or already deleted");
        }
    } catch (UnexpectedRollbackException e) {
        throw new VBoardException(e.getMessage(), e.getMostSpecificCause());
    }
    return comment;
}

Example 4 with VBoardException

use of com.vsct.vboard.models.VBoardException in project vboard by voyages-sncf-technologies.

the class UsersController method updateUser.

@RequestMapping(value = "/update", method = RequestMethod.POST)
@ResponseBody
@Valid
public // Parsing the params in the JSON body requires using a dedicated @RequestBody annotated class instead of simple @RequestParam arguments
User updateUser(@Valid @RequestBody UserParamsUpdate params) {
    permission.ensureEmailMatchesSessionUser(params.getEmail());
    this.logger.debug("Updating user {}", params.getEmail());
    final String email = params.getEmail();
    final String team = params.getTeam();
    final User user = this.userDAO.findByEmail(email);
    List<String> previousList = Arrays.asList(user.getTeam().split(","));
    List<String> newList = Arrays.asList(team.split(","));
    List<String> removedTeam = new ArrayList<>();
    if (!user.getTeam().isEmpty()) {
        for (String t : previousList) {
            if (!newList.contains(t)) {
                removedTeam.add(t);
            }
        }
    }
    if (!removedTeam.isEmpty()) {
        for (String t : removedTeam) {
            teamsController.removeMember(t, permission.getSessionUser().getUserString());
        }
    }
    user.setTeam(team);
    // unchanged means that the avatar has not been changed by the user and thus no need to change it
    if (!"unchanged".equals(params.getAvatar())) {
        user.setHasCustomAvatar(!"default".equals(params.getAvatar()));
        uploadsManager.saveAvatar(params.getAvatar(), email);
    }
    final String info = params.getInfo();
    user.setInfo(info);
    user.setReceiveNlEmails(params.isReceiveNlEmails());
    user.setReceiveLeaderboardEmails(params.isReceiveLeaderboardEmails());
    user.setReceivePopularPinsEmails(params.isReceivePopularPins());
    user.setReceiveRecapEmails(params.isReceiveRecapEmails());
    try {
        this.logger.debug("User updated: email={} - team={} - info={}", email, team, info);
        this.userDAO.save(user);
    } catch (UnexpectedRollbackException e) {
        throw new VBoardException(e.getMessage(), e.getMostSpecificCause());
    }
    return user;
}

Example 5 with VBoardException

use of com.vsct.vboard.models.VBoardException in project vboard by voyages-sncf-technologies.

the class UsersController method updateFavoriteLabels.

@RequestMapping(value = "/favoriteLabels", method = RequestMethod.POST)
@ResponseBody
@Valid
public User updateFavoriteLabels(@Valid @RequestBody String labels) {
    User user = permission.getSessionUserWithSyncFromDB();
    labels = JavaUtils.extractJSONObject(labels, "labels");
    user.setFavoriteLabels(labels);
    try {
        this.userDAO.save(user);
        this.logger.debug("User {} updated its favorite labels: {}", user.getNiceName(), labels);
    } catch (UnexpectedRollbackException e) {
        throw new VBoardException(e.getMessage(), e.getMostSpecificCause());
    }
    return user;
}