Example 1 with AuthorisationException
use of com.willshex.blogwt.server.api.exception.AuthorisationException in project blogwt by billy1380.
the class GetPostsActionHandler method handle.
/* (non-Javadoc)
*
* @see
* com.willshex.gson.web.service.server.ActionHandler#handle(com.willshex.
* gson.web.service.shared.Request,
* com.willshex.gson.web.service.shared.Response) */
@Override
protected void handle(GetPostsRequest input, GetPostsResponse output) throws Exception {
ApiValidator.request(input, GetPostsRequest.class);
ApiValidator.accessCode(input.accessCode, "input.accessCode");
Boolean showAll = Boolean.TRUE.equals(input.showAll) ? Boolean.TRUE : Boolean.FALSE;
if (input.session != null) {
try {
output.session = input.session = SessionValidator.lookupCheckAndExtend(input.session, "input.session");
List<Permission> permissions = new ArrayList<Permission>();
Permission postPermission = PermissionServiceProvider.provide().getCodePermission(PermissionHelper.MANAGE_POSTS);
permissions.add(postPermission);
try {
UserValidator.authorisation(input.session.user, permissions, "input.session.user");
} catch (AuthorisationException aEx) {
showAll = Boolean.FALSE;
}
} catch (InputValidationException ex) {
output.session = input.session = null;
showAll = Boolean.FALSE;
}
} else {
showAll = Boolean.FALSE;
}
if (!showAll) {
input.pager.sortBy = PostSortType.PostSortTypePublished.toString();
}
if (input.includePostContents == null) {
input.includePostContents = Boolean.FALSE;
}
boolean postsForTag = false, postsForArchiveEntry = false, postsForQuery = false;
if (input.tag != null && input.tag.length() > 0) {
postsForTag = true;
Tag tag = TagServiceProvider.provide().getSlugTag(input.tag);
if (tag != null) {
output.posts = PersistenceHelper.batchLookup(PostServiceProvider.provide(), tag.postKeys);
}
}
if (!postsForTag && input.archiveEntry != null) {
postsForTag = true;
if (input.archiveEntry.posts != null) {
output.posts = input.archiveEntry.posts = PostValidator.lookupAll(input.archiveEntry.posts, "input.archiveEntry.posts");
} else {
input.archiveEntry = ArchiveEntryValidator.lookup(input.archiveEntry, "input.archiveEntry");
output.posts = PersistenceHelper.batchLookup(PostServiceProvider.provide(), input.archiveEntry.postKeys);
}
}
if (!postsForTag && !postsForArchiveEntry && input.query != null) {
postsForQuery = true;
if (input.session != null && input.session.user != null) {
output.posts = PostServiceProvider.provide().getUserViewablePartialSlugPosts(input.query, input.session.user, showAll, input.includePostContents, input.pager.start, input.pager.count, PostSortType.fromString(input.pager.sortBy), input.pager.sortDirection);
} else {
output.posts = PostServiceProvider.provide().getPartialSlugPosts(input.query, showAll, input.includePostContents, input.pager.start, input.pager.count, PostSortType.PostSortTypePublished, SortDirectionType.SortDirectionTypeDescending);
}
}
if (!postsForTag && !postsForArchiveEntry && !postsForQuery) {
output.posts = PostServiceProvider.provide().getPosts(showAll, input.includePostContents, input.pager.start, input.pager.count, PostSortType.fromString(input.pager.sortBy), input.pager.sortDirection);
}
if (output.posts != null) {
Map<Key<User>, User> users = new HashMap<Key<User>, User>();
for (Post post : output.posts) {
if (users.get(post.authorKey) == null) {
users.put(post.authorKey, UserHelper.stripSensitive(UserServiceProvider.provide().getUser(keyToId(post.authorKey))));
}
post.author = users.get(post.authorKey);
}
}
output.pager = PagerHelper.moveForward(input.pager);
}
Also used :
User(com.willshex.blogwt.shared.api.datatype.User)
HashMap(java.util.HashMap)
Post(com.willshex.blogwt.shared.api.datatype.Post)
ArrayList(java.util.ArrayList)
Permission(com.willshex.blogwt.shared.api.datatype.Permission)
InputValidationException(com.willshex.gson.web.service.server.InputValidationException)
Tag(com.willshex.blogwt.shared.api.datatype.Tag)
AuthorisationException(com.willshex.blogwt.server.api.exception.AuthorisationException)
Key(com.googlecode.objectify.Key)
Example 2 with AuthorisationException
use of com.willshex.blogwt.server.api.exception.AuthorisationException in project blogwt by billy1380.
the class UserValidator method authorisation.
public static void authorisation(User user, Collection<Permission> requiredPermissions, String name) throws AuthorisationException {
boolean authorised = isAdmin(user);
List<Permission> permissions = user.permissions == null && user.permissionKeys != null ? PersistenceHelper.batchLookup(PermissionServiceProvider.provide(), user.permissionKeys) : user.permissions;
if (!authorised && user != null && permissions != null) {
if (requiredPermissions != null && requiredPermissions.size() > 0) {
Map<String, Permission> lookup = PermissionHelper.toLookup(permissions);
for (Permission permission : requiredPermissions) {
if (permission.code != null && lookup.containsKey(permission.code)) {
authorised = true;
break;
}
}
}
}
if (!authorised)
throw new AuthorisationException(user, permissions, name);
}
Also used :
Permission(com.willshex.blogwt.shared.api.datatype.Permission)
AuthorisationException(com.willshex.blogwt.server.api.exception.AuthorisationException)
Aggregations
AuthorisationException (com.willshex.blogwt.server.api.exception.AuthorisationException)2
Permission (com.willshex.blogwt.shared.api.datatype.Permission)2
Key (com.googlecode.objectify.Key)1
Post (com.willshex.blogwt.shared.api.datatype.Post)1
Tag (com.willshex.blogwt.shared.api.datatype.Tag)1
User (com.willshex.blogwt.shared.api.datatype.User)1
InputValidationException (com.willshex.gson.web.service.server.InputValidationException)1
ArrayList (java.util.ArrayList)1
HashMap (java.util.HashMap)1
