use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.
the class UserRESTService method getUserEntityProperties.
@GET
@Path("/properties/{USERENTITYID}")
@RESTPermit(handling = Handling.INLINE, requireLoggedIn = true)
public Response getUserEntityProperties(@PathParam("USERENTITYID") Long userEntityId, @QueryParam("properties") String keys) {
// TODO Security (maybe via visibility in userEntityProperty?)
UserEntity userEntity = userEntityController.findUserEntityById(userEntityId);
if (userEntity == null) {
return Response.status(Status.NOT_FOUND).build();
}
List<UserEntityProperty> storedProperties = new ArrayList<UserEntityProperty>();
List<fi.otavanopisto.muikku.rest.model.UserEntityProperty> restProperties = new ArrayList<fi.otavanopisto.muikku.rest.model.UserEntityProperty>();
if (StringUtils.isBlank(keys)) {
storedProperties = userEntityController.listUserEntityProperties(userEntity);
for (UserEntityProperty property : storedProperties) {
restProperties.add(new fi.otavanopisto.muikku.rest.model.UserEntityProperty(property.getKey(), property.getValue()));
}
} else {
UserEntityProperty storedProperty;
String[] keyArray = keys.split(",");
for (int i = 0; i < keyArray.length; i++) {
storedProperty = userEntityController.getUserEntityPropertyByKey(userEntity, keyArray[i]);
String value = storedProperty == null ? null : storedProperty.getValue();
restProperties.add(new fi.otavanopisto.muikku.rest.model.UserEntityProperty(keyArray[i], value));
}
}
return Response.ok(restProperties).build();
}
use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.
the class UserRESTService method createFlagShare.
@POST
@Path("/flags/{ID}/shares")
@RESTPermit(handling = Handling.INLINE, requireLoggedIn = true)
public Response createFlagShare(@PathParam("ID") Long id, fi.otavanopisto.muikku.rest.model.FlagShare payload) {
if (!sessionController.isLoggedIn()) {
return Response.status(Status.UNAUTHORIZED).build();
}
Flag flag = flagController.findFlagById(id);
if (flag == null) {
return Response.status(Status.NOT_FOUND).entity(String.format("Flag#%d not found", id)).build();
}
if (flag.getArchived()) {
return Response.status(Status.NOT_FOUND).entity(String.format("Flag#%d not found", id)).build();
}
if (!flagController.hasFlagPermission(flag, sessionController.getLoggedUser())) {
return Response.status(Status.FORBIDDEN).entity(String.format("You do not have permission to flag#%d", flag.getId())).build();
}
SchoolDataIdentifier userIdentifier = SchoolDataIdentifier.fromId(payload.getUserIdentifier());
if (userIdentifier == null) {
return Response.status(Status.BAD_REQUEST).entity("userIdentifier is malformed").build();
}
return Response.ok(createRestModel(flagController.createFlagShare(flag, userIdentifier))).build();
}
use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.
the class UserRESTService method findStudent.
@GET
@Path("/students/{ID}")
@RESTPermit(handling = Handling.INLINE)
public Response findStudent(@Context Request request, @PathParam("ID") String id) {
if (!sessionController.isLoggedIn()) {
return Response.status(Status.FORBIDDEN).build();
}
SchoolDataIdentifier studentIdentifier = SchoolDataIdentifier.fromId(id);
if (studentIdentifier == null) {
return Response.status(Response.Status.BAD_REQUEST).entity(String.format("Invalid studentIdentifier %s", id)).build();
}
UserEntity userEntity = userEntityController.findUserEntityByUserIdentifier(studentIdentifier);
if (userEntity == null) {
return Response.status(Status.NOT_FOUND).entity("UserEntity not found").build();
}
// Bug fix #2966: REST endpoint should only return students
EnvironmentUser environmentUser = environmentUserController.findEnvironmentUserByUserEntity(userEntity);
if (environmentUser != null) {
EnvironmentRoleEntity userRole = environmentUser.getRole();
if (userRole == null || userRole.getArchetype() != EnvironmentRoleArchetype.STUDENT) {
return Response.status(Status.NOT_FOUND).build();
}
}
EntityTag tag = new EntityTag(DigestUtils.md5Hex(String.valueOf(userEntity.getVersion())));
ResponseBuilder builder = request.evaluatePreconditions(tag);
if (builder != null) {
return builder.build();
}
CacheControl cacheControl = new CacheControl();
cacheControl.setMustRevalidate(true);
// TODO: There's no permission handling, this is relying on schooldatacontroller to check for permission
User user = userController.findUserByIdentifier(studentIdentifier);
if (user == null) {
return Response.status(Status.NOT_FOUND).entity("User not found").build();
}
String emailAddress = userEmailEntityController.getUserDefaultEmailAddress(userEntity, true);
Date studyStartDate = user.getStudyStartDate() != null ? Date.from(user.getStudyStartDate().toInstant()) : null;
Date studyEndDate = user.getStudyEndDate() != null ? Date.from(user.getStudyEndDate().toInstant()) : null;
Date studyTimeEnd = user.getStudyTimeEnd() != null ? Date.from(user.getStudyTimeEnd().toInstant()) : null;
Student student = new Student(studentIdentifier.toId(), user.getFirstName(), user.getLastName(), user.getNickName(), user.getStudyProgrammeName(), false, user.getNationality(), user.getLanguage(), user.getMunicipality(), user.getSchool(), emailAddress, studyStartDate, studyEndDate, studyTimeEnd, user.getCurriculumIdentifier(), userEntity.getUpdatedByStudent());
return Response.ok(student).cacheControl(cacheControl).tag(tag).build();
}
use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.
the class UserRESTService method listFlags.
@GET
@Path("/flags/")
@RESTPermit(handling = Handling.INLINE, requireLoggedIn = true)
public Response listFlags(@QueryParam("ownerIdentifier") String ownerId) {
SchoolDataIdentifier ownerIdentifier = null;
if (StringUtils.isNotBlank(ownerId)) {
ownerIdentifier = SchoolDataIdentifier.fromId(ownerId);
if (ownerIdentifier == null) {
return Response.status(Status.BAD_REQUEST).entity("ownerIdentifier is malformed").build();
}
// TODO: Add permission to list flags owned by others
if (!ownerIdentifier.equals(sessionController.getLoggedUser())) {
return Response.status(Status.FORBIDDEN).build();
}
} else {
return Response.status(Status.FORBIDDEN).build();
}
List<Flag> flags = flagController.listByOwnedAndSharedFlags(ownerIdentifier);
return Response.ok(createRestModel(flags.toArray(new Flag[0]))).build();
}
use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.
the class MetaRESTService method getResources.
@GET
@Path("/resources")
@RESTPermit(handling = Handling.UNSECURED)
public Response getResources(@Context Request request, @QueryParam("format") String format) {
EntityTag tag = new EntityTag(ETAG);
ResponseBuilder builder = request.evaluatePreconditions(tag);
if (builder != null) {
return builder.build();
}
List<String> resources = new ArrayList<>();
ResourceMethodRegistry registry = (ResourceMethodRegistry) dispatcher.getRegistry();
Set<Entry<String, java.util.List<org.jboss.resteasy.core.ResourceInvoker>>> entries = registry.getBounded().entrySet();
for (Entry<String, java.util.List<org.jboss.resteasy.core.ResourceInvoker>> entry : entries) {
String path = entry.getKey();
resources.add(path);
}
CacheControl cacheControl = new CacheControl();
cacheControl.setMaxAge(-1);
cacheControl.setPrivate(false);
cacheControl.setMustRevalidate(false);
Collections.sort(resources);
if (StringUtils.isNotBlank(format) && "js".equals(format)) {
try {
return Response.ok(String.format("var META_RESOURCES = %s", new ObjectMapper().writeValueAsString(resources)), "text/javascript").cacheControl(cacheControl).tag(tag).build();
} catch (JsonProcessingException e) {
return Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build();
}
} else {
return Response.ok(resources).cacheControl(cacheControl).tag(tag).build();
}
}
Aggregations