Example 46 with RESTPermit
use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.
the class UserRESTService method getUserEntityProperties.
@GET
@Path("/properties/{USERENTITYID}")
@RESTPermit(handling = Handling.INLINE, requireLoggedIn = true)
public Response getUserEntityProperties(@PathParam("USERENTITYID") Long userEntityId, @QueryParam("properties") String keys) {
// TODO Security (maybe via visibility in userEntityProperty?)
UserEntity userEntity = userEntityController.findUserEntityById(userEntityId);
if (userEntity == null) {
return Response.status(Status.NOT_FOUND).build();
}
List<UserEntityProperty> storedProperties = new ArrayList<UserEntityProperty>();
List<fi.otavanopisto.muikku.rest.model.UserEntityProperty> restProperties = new ArrayList<fi.otavanopisto.muikku.rest.model.UserEntityProperty>();
if (StringUtils.isBlank(keys)) {
storedProperties = userEntityController.listUserEntityProperties(userEntity);
for (UserEntityProperty property : storedProperties) {
restProperties.add(new fi.otavanopisto.muikku.rest.model.UserEntityProperty(property.getKey(), property.getValue()));
}
} else {
UserEntityProperty storedProperty;
String[] keyArray = keys.split(",");
for (int i = 0; i < keyArray.length; i++) {
storedProperty = userEntityController.getUserEntityPropertyByKey(userEntity, keyArray[i]);
String value = storedProperty == null ? null : storedProperty.getValue();
restProperties.add(new fi.otavanopisto.muikku.rest.model.UserEntityProperty(keyArray[i], value));
}
}
return Response.ok(restProperties).build();
}
Also used :
ArrayList(java.util.ArrayList)
UserEntityProperty(fi.otavanopisto.muikku.model.users.UserEntityProperty)
UserEntity(fi.otavanopisto.muikku.model.users.UserEntity)
WorkspaceUserEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceUserEntity)
Path(javax.ws.rs.Path)
RESTPermit(fi.otavanopisto.security.rest.RESTPermit)
GET(javax.ws.rs.GET)
Example 47 with RESTPermit
use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.
the class UserRESTService method createFlagShare.
@POST
@Path("/flags/{ID}/shares")
@RESTPermit(handling = Handling.INLINE, requireLoggedIn = true)
public Response createFlagShare(@PathParam("ID") Long id, fi.otavanopisto.muikku.rest.model.FlagShare payload) {
if (!sessionController.isLoggedIn()) {
return Response.status(Status.UNAUTHORIZED).build();
}
Flag flag = flagController.findFlagById(id);
if (flag == null) {
return Response.status(Status.NOT_FOUND).entity(String.format("Flag#%d not found", id)).build();
}
if (flag.getArchived()) {
return Response.status(Status.NOT_FOUND).entity(String.format("Flag#%d not found", id)).build();
}
if (!flagController.hasFlagPermission(flag, sessionController.getLoggedUser())) {
return Response.status(Status.FORBIDDEN).entity(String.format("You do not have permission to flag#%d", flag.getId())).build();
}
SchoolDataIdentifier userIdentifier = SchoolDataIdentifier.fromId(payload.getUserIdentifier());
if (userIdentifier == null) {
return Response.status(Status.BAD_REQUEST).entity("userIdentifier is malformed").build();
}
return Response.ok(createRestModel(flagController.createFlagShare(flag, userIdentifier))).build();
}
Also used :
SchoolDataIdentifier(fi.otavanopisto.muikku.schooldata.SchoolDataIdentifier)
UserSchoolDataIdentifier(fi.otavanopisto.muikku.model.users.UserSchoolDataIdentifier)
Flag(fi.otavanopisto.muikku.model.users.Flag)
Path(javax.ws.rs.Path)
RESTPermit(fi.otavanopisto.security.rest.RESTPermit)
POST(javax.ws.rs.POST)
Example 48 with RESTPermit
use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.
the class UserRESTService method findStudent.
@GET
@Path("/students/{ID}")
@RESTPermit(handling = Handling.INLINE)
public Response findStudent(@Context Request request, @PathParam("ID") String id) {
if (!sessionController.isLoggedIn()) {
return Response.status(Status.FORBIDDEN).build();
}
SchoolDataIdentifier studentIdentifier = SchoolDataIdentifier.fromId(id);
if (studentIdentifier == null) {
return Response.status(Response.Status.BAD_REQUEST).entity(String.format("Invalid studentIdentifier %s", id)).build();
}
UserEntity userEntity = userEntityController.findUserEntityByUserIdentifier(studentIdentifier);
if (userEntity == null) {
return Response.status(Status.NOT_FOUND).entity("UserEntity not found").build();
}
// Bug fix #2966: REST endpoint should only return students
EnvironmentUser environmentUser = environmentUserController.findEnvironmentUserByUserEntity(userEntity);
if (environmentUser != null) {
EnvironmentRoleEntity userRole = environmentUser.getRole();
if (userRole == null || userRole.getArchetype() != EnvironmentRoleArchetype.STUDENT) {
return Response.status(Status.NOT_FOUND).build();
}
}
EntityTag tag = new EntityTag(DigestUtils.md5Hex(String.valueOf(userEntity.getVersion())));
ResponseBuilder builder = request.evaluatePreconditions(tag);
if (builder != null) {
return builder.build();
}
CacheControl cacheControl = new CacheControl();
cacheControl.setMustRevalidate(true);
// TODO: There's no permission handling, this is relying on schooldatacontroller to check for permission
User user = userController.findUserByIdentifier(studentIdentifier);
if (user == null) {
return Response.status(Status.NOT_FOUND).entity("User not found").build();
}
String emailAddress = userEmailEntityController.getUserDefaultEmailAddress(userEntity, true);
Date studyStartDate = user.getStudyStartDate() != null ? Date.from(user.getStudyStartDate().toInstant()) : null;
Date studyEndDate = user.getStudyEndDate() != null ? Date.from(user.getStudyEndDate().toInstant()) : null;
Date studyTimeEnd = user.getStudyTimeEnd() != null ? Date.from(user.getStudyTimeEnd().toInstant()) : null;
Student student = new Student(studentIdentifier.toId(), user.getFirstName(), user.getLastName(), user.getNickName(), user.getStudyProgrammeName(), false, user.getNationality(), user.getLanguage(), user.getMunicipality(), user.getSchool(), emailAddress, studyStartDate, studyEndDate, studyTimeEnd, user.getCurriculumIdentifier(), userEntity.getUpdatedByStudent());
return Response.ok(student).cacheControl(cacheControl).tag(tag).build();
}
Also used :
SchoolDataIdentifier(fi.otavanopisto.muikku.schooldata.SchoolDataIdentifier)
UserSchoolDataIdentifier(fi.otavanopisto.muikku.model.users.UserSchoolDataIdentifier)
EnvironmentUser(fi.otavanopisto.muikku.model.users.EnvironmentUser)
EnvironmentRoleEntity(fi.otavanopisto.muikku.model.users.EnvironmentRoleEntity)
User(fi.otavanopisto.muikku.schooldata.entity.User)
EnvironmentUser(fi.otavanopisto.muikku.model.users.EnvironmentUser)
EntityTag(javax.ws.rs.core.EntityTag)
CacheControl(javax.ws.rs.core.CacheControl)
ResponseBuilder(javax.ws.rs.core.Response.ResponseBuilder)
FlagStudent(fi.otavanopisto.muikku.model.users.FlagStudent)
Student(fi.otavanopisto.muikku.rest.model.Student)
UserEntity(fi.otavanopisto.muikku.model.users.UserEntity)
WorkspaceUserEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceUserEntity)
Date(java.util.Date)
Path(javax.ws.rs.Path)
RESTPermit(fi.otavanopisto.security.rest.RESTPermit)
GET(javax.ws.rs.GET)
Example 49 with RESTPermit
use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.
the class UserRESTService method listFlags.
@GET
@Path("/flags/")
@RESTPermit(handling = Handling.INLINE, requireLoggedIn = true)
public Response listFlags(@QueryParam("ownerIdentifier") String ownerId) {
SchoolDataIdentifier ownerIdentifier = null;
if (StringUtils.isNotBlank(ownerId)) {
ownerIdentifier = SchoolDataIdentifier.fromId(ownerId);
if (ownerIdentifier == null) {
return Response.status(Status.BAD_REQUEST).entity("ownerIdentifier is malformed").build();
}
// TODO: Add permission to list flags owned by others
if (!ownerIdentifier.equals(sessionController.getLoggedUser())) {
return Response.status(Status.FORBIDDEN).build();
}
} else {
return Response.status(Status.FORBIDDEN).build();
}
List<Flag> flags = flagController.listByOwnedAndSharedFlags(ownerIdentifier);
return Response.ok(createRestModel(flags.toArray(new Flag[0]))).build();
}
Also used :
SchoolDataIdentifier(fi.otavanopisto.muikku.schooldata.SchoolDataIdentifier)
UserSchoolDataIdentifier(fi.otavanopisto.muikku.model.users.UserSchoolDataIdentifier)
Flag(fi.otavanopisto.muikku.model.users.Flag)
Path(javax.ws.rs.Path)
RESTPermit(fi.otavanopisto.security.rest.RESTPermit)
GET(javax.ws.rs.GET)
Example 50 with RESTPermit
use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.
the class MetaRESTService method getResources.
@GET
@Path("/resources")
@RESTPermit(handling = Handling.UNSECURED)
public Response getResources(@Context Request request, @QueryParam("format") String format) {
EntityTag tag = new EntityTag(ETAG);
ResponseBuilder builder = request.evaluatePreconditions(tag);
if (builder != null) {
return builder.build();
}
List<String> resources = new ArrayList<>();
ResourceMethodRegistry registry = (ResourceMethodRegistry) dispatcher.getRegistry();
Set<Entry<String, java.util.List<org.jboss.resteasy.core.ResourceInvoker>>> entries = registry.getBounded().entrySet();
for (Entry<String, java.util.List<org.jboss.resteasy.core.ResourceInvoker>> entry : entries) {
String path = entry.getKey();
resources.add(path);
}
CacheControl cacheControl = new CacheControl();
cacheControl.setMaxAge(-1);
cacheControl.setPrivate(false);
cacheControl.setMustRevalidate(false);
Collections.sort(resources);
if (StringUtils.isNotBlank(format) && "js".equals(format)) {
try {
return Response.ok(String.format("var META_RESOURCES = %s", new ObjectMapper().writeValueAsString(resources)), "text/javascript").cacheControl(cacheControl).tag(tag).build();
} catch (JsonProcessingException e) {
return Response.status(Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build();
}
} else {
return Response.ok(resources).cacheControl(cacheControl).tag(tag).build();
}
}
Also used :
ArrayList(java.util.ArrayList)
ResourceMethodRegistry(org.jboss.resteasy.core.ResourceMethodRegistry)
Entry(java.util.Map.Entry)
EntityTag(javax.ws.rs.core.EntityTag)
ArrayList(java.util.ArrayList)
List(java.util.List)
CacheControl(javax.ws.rs.core.CacheControl)
ResponseBuilder(javax.ws.rs.core.Response.ResponseBuilder)
JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Path(javax.ws.rs.Path)
RESTPermit(fi.otavanopisto.security.rest.RESTPermit)
GET(javax.ws.rs.GET)
Aggregations
RESTPermit (fi.otavanopisto.security.rest.RESTPermit)215
Path (javax.ws.rs.Path)214
GET (javax.ws.rs.GET)99
UserEntity (fi.otavanopisto.muikku.model.users.UserEntity)90
WorkspaceEntity (fi.otavanopisto.muikku.model.workspace.WorkspaceEntity)83
SchoolDataIdentifier (fi.otavanopisto.muikku.schooldata.SchoolDataIdentifier)61
WorkspaceUserEntity (fi.otavanopisto.muikku.model.workspace.WorkspaceUserEntity)57
POST (javax.ws.rs.POST)51
DELETE (javax.ws.rs.DELETE)45
ArrayList (java.util.ArrayList)36
UserSchoolDataIdentifier (fi.otavanopisto.muikku.model.users.UserSchoolDataIdentifier)30
ForumArea (fi.otavanopisto.muikku.plugins.forum.model.ForumArea)30
PUT (javax.ws.rs.PUT)26
ForumThread (fi.otavanopisto.muikku.plugins.forum.model.ForumThread)24
WorkspaceForumArea (fi.otavanopisto.muikku.plugins.forum.model.WorkspaceForumArea)21
CommunicatorMessageId (fi.otavanopisto.muikku.plugins.communicator.model.CommunicatorMessageId)20
WorkspaceMaterial (fi.otavanopisto.muikku.plugins.workspace.model.WorkspaceMaterial)20
User (fi.otavanopisto.muikku.schooldata.entity.User)19
EnvironmentForumArea (fi.otavanopisto.muikku.plugins.forum.model.EnvironmentForumArea)18
Date (java.util.Date)16
