Search in sources :

Example 46 with RESTPermit

use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.

the class UserRESTService method getUserEntityProperties.

@GET
@Path("/properties/{USERENTITYID}")
@RESTPermit(handling = Handling.INLINE, requireLoggedIn = true)
public Response getUserEntityProperties(@PathParam("USERENTITYID") Long userEntityId, @QueryParam("properties") String keys) {
    // TODO Security (maybe via visibility in userEntityProperty?)
    UserEntity userEntity = userEntityController.findUserEntityById(userEntityId);
    if (userEntity == null) {
        return Response.status(Status.NOT_FOUND).build();
    }
    List<UserEntityProperty> storedProperties = new ArrayList<UserEntityProperty>();
    List<fi.otavanopisto.muikku.rest.model.UserEntityProperty> restProperties = new ArrayList<fi.otavanopisto.muikku.rest.model.UserEntityProperty>();
    if (StringUtils.isBlank(keys)) {
        storedProperties = userEntityController.listUserEntityProperties(userEntity);
        for (UserEntityProperty property : storedProperties) {
            restProperties.add(new fi.otavanopisto.muikku.rest.model.UserEntityProperty(property.getKey(), property.getValue()));
        }
    } else {
        UserEntityProperty storedProperty;
        String[] keyArray = keys.split(",");
        for (int i = 0; i < keyArray.length; i++) {
            storedProperty = userEntityController.getUserEntityPropertyByKey(userEntity, keyArray[i]);
            String value = storedProperty == null ? null : storedProperty.getValue();
            restProperties.add(new fi.otavanopisto.muikku.rest.model.UserEntityProperty(keyArray[i], value));
        }
    }
    return Response.ok(restProperties).build();
}
Also used : ArrayList(java.util.ArrayList) UserEntityProperty(fi.otavanopisto.muikku.model.users.UserEntityProperty) UserEntity(fi.otavanopisto.muikku.model.users.UserEntity) WorkspaceUserEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceUserEntity) Path(javax.ws.rs.Path) RESTPermit(fi.otavanopisto.security.rest.RESTPermit) GET(javax.ws.rs.GET)

Example 47 with RESTPermit

use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.

the class UserRESTService method createFlagShare.

@POST
@Path("/flags/{ID}/shares")
@RESTPermit(handling = Handling.INLINE, requireLoggedIn = true)
public Response createFlagShare(@PathParam("ID") Long id, fi.otavanopisto.muikku.rest.model.FlagShare payload) {
    if (!sessionController.isLoggedIn()) {
        return Response.status(Status.UNAUTHORIZED).build();
    }
    Flag flag = flagController.findFlagById(id);
    if (flag == null) {
        return Response.status(Status.NOT_FOUND).entity(String.format("Flag#%d not found", id)).build();
    }
    if (flag.getArchived()) {
        return Response.status(Status.NOT_FOUND).entity(String.format("Flag#%d not found", id)).build();
    }
    if (!flagController.hasFlagPermission(flag, sessionController.getLoggedUser())) {
        return Response.status(Status.FORBIDDEN).entity(String.format("You do not have permission to flag#%d", flag.getId())).build();
    }
    SchoolDataIdentifier userIdentifier = SchoolDataIdentifier.fromId(payload.getUserIdentifier());
    if (userIdentifier == null) {
        return Response.status(Status.BAD_REQUEST).entity("userIdentifier is malformed").build();
    }
    return Response.ok(createRestModel(flagController.createFlagShare(flag, userIdentifier))).build();
}
Also used : SchoolDataIdentifier(fi.otavanopisto.muikku.schooldata.SchoolDataIdentifier) UserSchoolDataIdentifier(fi.otavanopisto.muikku.model.users.UserSchoolDataIdentifier) Flag(fi.otavanopisto.muikku.model.users.Flag) Path(javax.ws.rs.Path) RESTPermit(fi.otavanopisto.security.rest.RESTPermit) POST(javax.ws.rs.POST)

Example 48 with RESTPermit

use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.

the class UserRESTService method findStudent.

@GET
@Path("/students/{ID}")
@RESTPermit(handling = Handling.INLINE)
public Response findStudent(@Context Request request, @PathParam("ID") String id) {
    if (!sessionController.isLoggedIn()) {
        return Response.status(Status.FORBIDDEN).build();
    }
    SchoolDataIdentifier studentIdentifier = SchoolDataIdentifier.fromId(id);
    if (studentIdentifier == null) {
        return Response.status(Response.Status.BAD_REQUEST).entity(String.format("Invalid studentIdentifier %s", id)).build();
    }
    UserEntity userEntity = userEntityController.findUserEntityByUserIdentifier(studentIdentifier);
    if (userEntity == null) {
        return Response.status(Status.NOT_FOUND).entity("UserEntity not found").build();
    }
    // Bug fix #2966: REST endpoint should only return students
    EnvironmentUser environmentUser = environmentUserController.findEnvironmentUserByUserEntity(userEntity);
    if (environmentUser != null) {
        EnvironmentRoleEntity userRole = environmentUser.getRole();
        if (userRole == null || userRole.getArchetype() != EnvironmentRoleArchetype.STUDENT) {
            return Response.status(Status.NOT_FOUND).build();
        }
    }
    EntityTag tag = new EntityTag(DigestUtils.md5Hex(String.valueOf(userEntity.getVersion())));
    ResponseBuilder builder = request.evaluatePreconditions(tag);
    if (builder != null) {
        return builder.build();
    }
    CacheControl cacheControl = new CacheControl();
    cacheControl.setMustRevalidate(true);
    // TODO: There's no permission handling, this is relying on schooldatacontroller to check for permission
    User user = userController.findUserByIdentifier(studentIdentifier);
    if (user == null) {
        return Response.status(Status.NOT_FOUND).entity("User not found").build();
    }
    String emailAddress = userEmailEntityController.getUserDefaultEmailAddress(userEntity, true);
    Date studyStartDate = user.getStudyStartDate() != null ? Date.from(user.getStudyStartDate().toInstant()) : null;
    Date studyEndDate = user.getStudyEndDate() != null ? Date.from(user.getStudyEndDate().toInstant()) : null;
    Date studyTimeEnd = user.getStudyTimeEnd() != null ? Date.from(user.getStudyTimeEnd().toInstant()) : null;
    Student student = new Student(studentIdentifier.toId(), user.getFirstName(), user.getLastName(), user.getNickName(), user.getStudyProgrammeName(), false, user.getNationality(), user.getLanguage(), user.getMunicipality(), user.getSchool(), emailAddress, studyStartDate, studyEndDate, studyTimeEnd, user.getCurriculumIdentifier(), userEntity.getUpdatedByStudent());
    return Response.ok(student).cacheControl(cacheControl).tag(tag).build();
}
Also used : SchoolDataIdentifier(fi.otavanopisto.muikku.schooldata.SchoolDataIdentifier) UserSchoolDataIdentifier(fi.otavanopisto.muikku.model.users.UserSchoolDataIdentifier) EnvironmentUser(fi.otavanopisto.muikku.model.users.EnvironmentUser) EnvironmentRoleEntity(fi.otavanopisto.muikku.model.users.EnvironmentRoleEntity) User(fi.otavanopisto.muikku.schooldata.entity.User) EnvironmentUser(fi.otavanopisto.muikku.model.users.EnvironmentUser) EntityTag(javax.ws.rs.core.EntityTag) CacheControl(javax.ws.rs.core.CacheControl) ResponseBuilder(javax.ws.rs.core.Response.ResponseBuilder) FlagStudent(fi.otavanopisto.muikku.model.users.FlagStudent) Student(fi.otavanopisto.muikku.rest.model.Student) UserEntity(fi.otavanopisto.muikku.model.users.UserEntity) WorkspaceUserEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceUserEntity) Date(java.util.Date) Path(javax.ws.rs.Path) RESTPermit(fi.otavanopisto.security.rest.RESTPermit) GET(javax.ws.rs.GET)

Example 49 with RESTPermit

use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.

the class UserRESTService method listFlags.

@GET
@Path("/flags/")
@RESTPermit(handling = Handling.INLINE, requireLoggedIn = true)
public Response listFlags(@QueryParam("ownerIdentifier") String ownerId) {
    SchoolDataIdentifier ownerIdentifier = null;
    if (StringUtils.isNotBlank(ownerId)) {
        ownerIdentifier = SchoolDataIdentifier.fromId(ownerId);
        if (ownerIdentifier == null) {
            return Response.status(Status.BAD_REQUEST).entity("ownerIdentifier is malformed").build();
        }
        // TODO: Add permission to list flags owned by others
        if (!ownerIdentifier.equals(sessionController.getLoggedUser())) {
            return Response.status(Status.FORBIDDEN).build();
        }
    } else {
        return Response.status(Status.FORBIDDEN).build();
    }
    List<Flag> flags = flagController.listByOwnedAndSharedFlags(ownerIdentifier);
    return Response.ok(createRestModel(flags.toArray(new Flag[0]))).build();
}
Also used : SchoolDataIdentifier(fi.otavanopisto.muikku.schooldata.SchoolDataIdentifier) UserSchoolDataIdentifier(fi.otavanopisto.muikku.model.users.UserSchoolDataIdentifier) Flag(fi.otavanopisto.muikku.model.users.Flag) Path(javax.ws.rs.Path) RESTPermit(fi.otavanopisto.security.rest.RESTPermit) GET(javax.ws.rs.GET)

Example 50 with RESTPermit

use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.

the class MetaRESTService method getResources.

@GET
@Path("/resources")
@RESTPermit(handling = Handling.UNSECURED)
public Response getResources(@Context Request request, @QueryParam("format") String format) {
    EntityTag tag = new EntityTag(ETAG);
    ResponseBuilder builder = request.evaluatePreconditions(tag);
    if (builder != null) {
        return builder.build();
    }
    List<String> resources = new ArrayList<>();
    ResourceMethodRegistry registry = (ResourceMethodRegistry) dispatcher.getRegistry();
    Set<Entry<String, java.util.List<org.jboss.resteasy.core.ResourceInvoker>>> entries = registry.getBounded().entrySet();
    for (Entry<String, java.util.List<org.jboss.resteasy.core.ResourceInvoker>> entry : entries) {
        String path = entry.getKey();
        resources.add(path);
    }
    CacheControl cacheControl = new CacheControl();
    cacheControl.setMaxAge(-1);
    cacheControl.setPrivate(false);
    cacheControl.setMustRevalidate(false);
    Collections.sort(resources);
    if (StringUtils.isNotBlank(format) && "js".equals(format)) {
        try {
            return Response.ok(String.format("var META_RESOURCES = %s", new ObjectMapper().writeValueAsString(resources)), "text/javascript").cacheControl(cacheControl).tag(tag).build();
        } catch (JsonProcessingException e) {
            return Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build();
        }
    } else {
        return Response.ok(resources).cacheControl(cacheControl).tag(tag).build();
    }
}
Also used : ArrayList(java.util.ArrayList) ResourceMethodRegistry(org.jboss.resteasy.core.ResourceMethodRegistry) Entry(java.util.Map.Entry) EntityTag(javax.ws.rs.core.EntityTag) ArrayList(java.util.ArrayList) List(java.util.List) CacheControl(javax.ws.rs.core.CacheControl) ResponseBuilder(javax.ws.rs.core.Response.ResponseBuilder) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Path(javax.ws.rs.Path) RESTPermit(fi.otavanopisto.security.rest.RESTPermit) GET(javax.ws.rs.GET)

Aggregations

RESTPermit (fi.otavanopisto.security.rest.RESTPermit)215 Path (javax.ws.rs.Path)214 GET (javax.ws.rs.GET)99 UserEntity (fi.otavanopisto.muikku.model.users.UserEntity)90 WorkspaceEntity (fi.otavanopisto.muikku.model.workspace.WorkspaceEntity)83 SchoolDataIdentifier (fi.otavanopisto.muikku.schooldata.SchoolDataIdentifier)61 WorkspaceUserEntity (fi.otavanopisto.muikku.model.workspace.WorkspaceUserEntity)57 POST (javax.ws.rs.POST)51 DELETE (javax.ws.rs.DELETE)45 ArrayList (java.util.ArrayList)36 UserSchoolDataIdentifier (fi.otavanopisto.muikku.model.users.UserSchoolDataIdentifier)30 ForumArea (fi.otavanopisto.muikku.plugins.forum.model.ForumArea)30 PUT (javax.ws.rs.PUT)26 ForumThread (fi.otavanopisto.muikku.plugins.forum.model.ForumThread)24 WorkspaceForumArea (fi.otavanopisto.muikku.plugins.forum.model.WorkspaceForumArea)21 CommunicatorMessageId (fi.otavanopisto.muikku.plugins.communicator.model.CommunicatorMessageId)20 WorkspaceMaterial (fi.otavanopisto.muikku.plugins.workspace.model.WorkspaceMaterial)20 User (fi.otavanopisto.muikku.schooldata.entity.User)19 EnvironmentForumArea (fi.otavanopisto.muikku.plugins.forum.model.EnvironmentForumArea)18 Date (java.util.Date)16