Examples with AccessForbiddenException de.tum.in.www1.artemis.web.rest.errors.AccessForbiddenException used on opensource projects

Example 1 with AccessForbiddenException

use of de.tum.in.www1.artemis.web.rest.errors.AccessForbiddenException in project Artemis by ls1intum.

the class PlagiarismResource method updatePlagiarismComparisonFinalStatus.

/**
 * Updates the final status of a plagiarism comparison concerning one of both students.
 * This process will send a notification to the respective student.
 * I.e. an instructor sends his final verdict/decision
 *
 * @param courseId the id of the course
 * @param comparisonId of the comparison
 * @param studentLogin of the student
 * @param statusDTO is the final status of this plagiarism comparison concerning one of both students
 * @return the final (updated) status of this plagiarism comparison concerning one of both students
 */
@PutMapping("courses/{courseId}/plagiarism-comparisons/{comparisonId}/final-status/{studentLogin}")
@PreAuthorize("hasRole('INSTRUCTOR')")
public ResponseEntity<PlagiarismComparisonStatusDTO> updatePlagiarismComparisonFinalStatus(@PathVariable("courseId") long courseId, @PathVariable("comparisonId") long comparisonId, @PathVariable("studentLogin") String studentLogin, @RequestBody PlagiarismComparisonStatusDTO statusDTO) {
    var comparison = plagiarismComparisonRepository.findByIdWithSubmissionsStudentsElseThrow(comparisonId);
    Course course = courseRepository.findByIdElseThrow(courseId);
    User affectedUser = userRepository.getUserWithGroupsAndAuthorities(studentLogin);
    User user = userRepository.getUserWithGroupsAndAuthorities();
    PlagiarismStatus finalStatus = statusDTO.getStatus();
    if (!authenticationCheckService.isAtLeastInstructorInCourse(course, user)) {
        throw new AccessForbiddenException("Only instructors responsible for this course can access this plagiarism comparison.");
    }
    if (!Objects.equals(comparison.getPlagiarismResult().getExercise().getCourseViaExerciseGroupOrCourseMember().getId(), courseId)) {
        throw new BadRequestAlertException("The courseId does not belong to the given comparisonId", "PlagiarismComparison", "idMismatch");
    }
    if (comparison.getSubmissionA().getStudentLogin().equals(studentLogin)) {
        plagiarismComparisonRepository.updatePlagiarismComparisonFinalStatusA(comparisonId, finalStatus);
        // needed for notifications
        comparison.setStatusA(finalStatus);
    } else if (comparison.getSubmissionB().getStudentLogin().equals(studentLogin)) {
        plagiarismComparisonRepository.updatePlagiarismComparisonFinalStatusB(comparisonId, finalStatus);
        // needed for notifications
        comparison.setStatusB(finalStatus);
    } else {
        return ResponseEntity.notFound().build();
    }
    singleUserNotificationService.notifyUserAboutFinalPlagiarismState(comparison, affectedUser);
    return ResponseEntity.ok(statusDTO);
}

Example 2 with AccessForbiddenException

use of de.tum.in.www1.artemis.web.rest.errors.AccessForbiddenException in project Artemis by ls1intum.

the class PlagiarismResource method updatePlagiarismComparisonInstructorStatement.

/**
 * Updates an instructor statement on a plagiarismComparison (for one side).
 * This process will send a notification to the respective student.
 * I.e. the instructor sets a personal message to one of the accused students.
 *
 * @param courseId the id of the course
 * @param comparisonId the id of the PlagiarismComparison
 * @param studentLogin of one of accused students
 * @param statement of the instructor directed to one of the accused students
 * @return the instructor statement (convention)
 */
@PutMapping("courses/{courseId}/plagiarism-comparisons/{comparisonId}/instructor-statement/{studentLogin}")
@PreAuthorize("hasRole('INSTRUCTOR')")
public ResponseEntity<PlagiarismStatementDTO> updatePlagiarismComparisonInstructorStatement(@PathVariable("courseId") long courseId, @PathVariable("comparisonId") long comparisonId, @PathVariable("studentLogin") String studentLogin, @RequestBody PlagiarismStatementDTO statement) {
    var comparison = plagiarismComparisonRepository.findByIdWithSubmissionsStudentsElseThrow(comparisonId);
    Course course = courseRepository.findByIdElseThrow(courseId);
    User affectedUser = userRepository.getUserByLoginElseThrow(studentLogin);
    User user = userRepository.getUserWithGroupsAndAuthorities();
    String instructorStatement = statement.statement;
    if (!authenticationCheckService.isAtLeastInstructorInCourse(course, user)) {
        throw new AccessForbiddenException("Only instructors responsible for this course can access this plagiarism case.");
    }
    if (!Objects.equals(comparison.getPlagiarismResult().getExercise().getCourseViaExerciseGroupOrCourseMember().getId(), courseId)) {
        throw new BadRequestAlertException("The courseId does not belong to the given comparisonId", "PlagiarismComparison", "idMismatch");
    }
    if (comparison.getSubmissionA().getStudentLogin().equals(studentLogin)) {
        plagiarismComparisonRepository.updatePlagiarismComparisonInstructorStatementA(comparison.getId(), instructorStatement);
        // needed for notifications
        comparison.setInstructorStatementA(instructorStatement);
    } else if (comparison.getSubmissionB().getStudentLogin().equals(studentLogin)) {
        plagiarismComparisonRepository.updatePlagiarismComparisonInstructorStatementB(comparison.getId(), instructorStatement);
        // needed for notifications
        comparison.setInstructorStatementB(instructorStatement);
    } else {
        throw new EntityNotFoundException("Student with id not found in plagiarism comparison");
    }
    singleUserNotificationService.notifyUserAboutNewPossiblePlagiarismCase(comparison, affectedUser);
    return ResponseEntity.ok(statement);
}

Example 3 with AccessForbiddenException

use of de.tum.in.www1.artemis.web.rest.errors.AccessForbiddenException in project ArTEMiS by ls1intum.

the class PlagiarismService method anonymizeComparisonForStudentView.

/**
 * Anonymizes the comparison for the student view.
 * A student should not have sensitive information (e.g. the userLogin of the other student)
 *
 * @param comparison that has to be anonymized.
 * @param userLogin of the student asking to see his plagiarism comparison.
 * @return the anoymized plagiarism comparison for the given student
 */
public PlagiarismComparison anonymizeComparisonForStudentView(PlagiarismComparison comparison, String userLogin) {
    if (comparison.getSubmissionA().getStudentLogin().equals(userLogin)) {
        comparison.getSubmissionA().setStudentLogin(YOUR_SUBMISSION);
        comparison.getSubmissionB().setStudentLogin(OTHER_SUBMISSION);
        comparison.setInstructorStatementB(null);
    } else if (comparison.getSubmissionB().getStudentLogin().equals(userLogin)) {
        comparison.getSubmissionA().setStudentLogin(OTHER_SUBMISSION);
        comparison.getSubmissionB().setStudentLogin(YOUR_SUBMISSION);
        comparison.setInstructorStatementA(null);
    } else {
        throw new AccessForbiddenException("This plagiarism comparison is not related to the requesting user.");
    }
    return comparison;
}

Example 4 with AccessForbiddenException

use of de.tum.in.www1.artemis.web.rest.errors.AccessForbiddenException in project ArTEMiS by ls1intum.

the class UserJWTController method authorizeSAML2.

/**
 * Authorizes an User logged in with SAML2
 *
 * @param body the body of the request. "true" to remember the user.
 * @return a JWT Token if the authorization is successful
 */
@PostMapping("/saml2")
public ResponseEntity<JWTToken> authorizeSAML2(@RequestBody final String body) {
    if (saml2Service.isEmpty()) {
        throw new AccessForbiddenException("SAML2 is disabled");
    }
    final boolean rememberMe = Boolean.parseBoolean(body);
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication == null || !authentication.isAuthenticated() || !(authentication.getPrincipal() instanceof Saml2AuthenticatedPrincipal)) {
        return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
    }
    log.debug("SAML2 authentication: {}", authentication);
    final Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
    try {
        authentication = saml2Service.get().handleAuthentication(principal);
    } catch (UserNotActivatedException e) {
        // That does not match the actual reason and would trigger authentication in the client
        return ResponseEntity.status(HttpStatus.FORBIDDEN).header("X-artemisApp-error", e.getMessage()).build();
    }
    final String jwt = tokenProvider.createToken(authentication, rememberMe);
    final HttpHeaders httpHeaders = new HttpHeaders();
    httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer " + jwt);
    return new ResponseEntity<>(new JWTToken(jwt), httpHeaders, HttpStatus.OK);
}

Example 5 with AccessForbiddenException

use of de.tum.in.www1.artemis.web.rest.errors.AccessForbiddenException in project ArTEMiS by ls1intum.

the class PlagiarismResource method updatePlagiarismComparisonInstructorStatement.

/**
 * Updates an instructor statement on a plagiarismComparison (for one side).
 * This process will send a notification to the respective student.
 * I.e. the instructor sets a personal message to one of the accused students.
 *
 * @param courseId the id of the course
 * @param comparisonId the id of the PlagiarismComparison
 * @param studentLogin of one of accused students
 * @param statement of the instructor directed to one of the accused students
 * @return the instructor statement (convention)
 */
@PutMapping("courses/{courseId}/plagiarism-comparisons/{comparisonId}/instructor-statement/{studentLogin}")
@PreAuthorize("hasRole('INSTRUCTOR')")
public ResponseEntity<PlagiarismStatementDTO> updatePlagiarismComparisonInstructorStatement(@PathVariable("courseId") long courseId, @PathVariable("comparisonId") long comparisonId, @PathVariable("studentLogin") String studentLogin, @RequestBody PlagiarismStatementDTO statement) {
    var comparison = plagiarismComparisonRepository.findByIdWithSubmissionsStudentsElseThrow(comparisonId);
    Course course = courseRepository.findByIdElseThrow(courseId);
    User affectedUser = userRepository.getUserByLoginElseThrow(studentLogin);
    User user = userRepository.getUserWithGroupsAndAuthorities();
    String instructorStatement = statement.statement;
    if (!authenticationCheckService.isAtLeastInstructorInCourse(course, user)) {
        throw new AccessForbiddenException("Only instructors responsible for this course can access this plagiarism case.");
    }
    if (!Objects.equals(comparison.getPlagiarismResult().getExercise().getCourseViaExerciseGroupOrCourseMember().getId(), courseId)) {
        throw new BadRequestAlertException("The courseId does not belong to the given comparisonId", "PlagiarismComparison", "idMismatch");
    }
    if (comparison.getSubmissionA().getStudentLogin().equals(studentLogin)) {
        plagiarismComparisonRepository.updatePlagiarismComparisonInstructorStatementA(comparison.getId(), instructorStatement);
        // needed for notifications
        comparison.setInstructorStatementA(instructorStatement);
    } else if (comparison.getSubmissionB().getStudentLogin().equals(studentLogin)) {
        plagiarismComparisonRepository.updatePlagiarismComparisonInstructorStatementB(comparison.getId(), instructorStatement);
        // needed for notifications
        comparison.setInstructorStatementB(instructorStatement);
    } else {
        throw new EntityNotFoundException("Student with id not found in plagiarism comparison");
    }
    singleUserNotificationService.notifyUserAboutNewPossiblePlagiarismCase(comparison, affectedUser);
    return ResponseEntity.ok(statement);
}