use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.
the class ForumRESTService method updateArea.
@PUT
@Path("/areas/{AREAID}")
@RESTPermit(handling = Handling.INLINE)
public Response updateArea(@PathParam("AREAID") Long areaId, ForumAreaRESTModel restModel) {
ForumArea forumArea = forumController.getForumArea(areaId);
if (forumArea != null) {
if (!(forumArea instanceof EnvironmentForumArea)) {
logger.severe(String.format("Trying to access forum %d via incorrect REST endpoint", forumArea.getId()));
return Response.status(Status.NOT_FOUND).build();
}
if (sessionController.hasEnvironmentPermission(ForumResourcePermissionCollection.FORUM_UPDATEENVIRONMENTFORUM)) {
forumController.updateForumAreaName(forumArea, restModel.getName());
forumController.updateForumAreaDescription(forumArea, restModel.getDescription());
return Response.noContent().build();
} else {
return Response.status(Status.FORBIDDEN).build();
}
} else {
return Response.status(Status.NOT_FOUND).build();
}
}
use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.
the class ForumRESTService method createThread.
@POST
@Path("/areas/{AREAID}/threads")
@RESTPermit(handling = Handling.INLINE)
public Response createThread(@PathParam("AREAID") Long areaId, ForumThreadRESTModel newThread) {
ForumArea forumArea = forumController.getForumArea(areaId);
if (forumArea == null) {
return Response.status(Status.NOT_FOUND).entity("Forum area not found").build();
}
if (!(forumArea instanceof EnvironmentForumArea)) {
logger.severe(String.format("Trying to create new thread to non environment area (%d) from environment endpoint", forumArea.getId()));
return Response.status(Status.BAD_REQUEST).build();
}
if (sessionController.hasEnvironmentPermission(ForumResourcePermissionCollection.FORUM_WRITE_ENVIRONMENT_MESSAGES)) {
if (Boolean.TRUE.equals(newThread.getSticky()) || Boolean.TRUE.equals(newThread.getLocked())) {
if (!sessionController.hasEnvironmentPermission(ForumResourcePermissionCollection.FORUM_LOCK_OR_STICKIFY_MESSAGES))
return Response.status(Status.BAD_REQUEST).build();
}
Document message = Jsoup.parse(Jsoup.clean(newThread.getMessage(), Whitelist.relaxed().addAttributes("a", "target")));
message.outputSettings().escapeMode(EscapeMode.xhtml);
message.select("a[target]").attr("rel", "noopener noreferer");
ForumThread thread = forumController.createForumThread(forumArea, newThread.getTitle(), message.body().toString(), newThread.getSticky(), newThread.getLocked());
ForumThreadRESTModel result = new ForumThreadRESTModel(thread.getId(), thread.getTitle(), thread.getMessage(), thread.getCreator(), thread.getCreated(), thread.getForumArea().getId(), thread.getSticky(), thread.getLocked(), thread.getUpdated(), 1l, thread.getLastModified());
return Response.ok(result).build();
} else {
return Response.status(Status.FORBIDDEN).build();
}
}
use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.
the class ForumRESTService method listForumAreas.
@GET
@Path("/areas")
@RESTPermit(handling = Handling.INLINE)
public Response listForumAreas() {
if (!sessionController.isLoggedIn()) {
return Response.status(Status.UNAUTHORIZED).entity("Not logged in").build();
}
if (!sessionController.hasEnvironmentPermission(ForumResourcePermissionCollection.FORUM_ACCESSENVIRONMENTFORUM)) {
return Response.status(Status.FORBIDDEN).entity("Forbidden").build();
}
// Permission to see the area is checked by controller here
List<EnvironmentForumArea> forums = forumController.listEnvironmentForums();
List<ForumAreaRESTModel> result = new ArrayList<ForumAreaRESTModel>();
for (EnvironmentForumArea forum : forums) {
Long numThreads = forumController.getThreadCount(forum);
result.add(new ForumAreaRESTModel(forum.getId(), forum.getName(), forum.getDescription(), forum.getGroup() != null ? forum.getGroup().getId() : null, numThreads));
}
return Response.ok(result).build();
}
use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.
the class ForumRESTService method findThread.
@GET
@Path("/areas/{AREAID}/threads/{THREADID}")
@RESTPermit(handling = Handling.INLINE)
public Response findThread(@PathParam("AREAID") Long areaId, @PathParam("THREADID") Long threadId) {
ForumThread thread = forumController.getForumThread(threadId);
if (thread == null) {
return Response.status(Status.NOT_FOUND).entity("Forum thread not found").build();
}
if (!(thread.getForumArea() instanceof EnvironmentForumArea)) {
logger.severe(String.format("Trying to list non environment forum thread messages (%d) from environment endpoint", thread.getId()));
return Response.status(Status.BAD_REQUEST).build();
}
if (sessionController.hasEnvironmentPermission(ForumResourcePermissionCollection.FORUM_READ_ENVIRONMENT_MESSAGES)) {
long numReplies = forumController.getThreadReplyCount(thread);
ForumThreadRESTModel result = new ForumThreadRESTModel(thread.getId(), thread.getTitle(), thread.getMessage(), thread.getCreator(), thread.getCreated(), thread.getForumArea().getId(), thread.getSticky(), thread.getLocked(), thread.getUpdated(), numReplies, thread.getLastModified());
return Response.ok(result).build();
} else {
return Response.status(Status.FORBIDDEN).build();
}
}
use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.
the class ForumRESTService method createForumAreaGroup.
@POST
@Path("/areagroups")
@RESTPermit(ForumResourcePermissionCollection.FORUM_CREATEFORUMAREAGROUP)
public Response createForumAreaGroup(ForumAreaGroupRESTModel newGroup) {
ForumAreaGroup forumArea = forumController.createForumAreaGroup(newGroup.getName());
ForumAreaGroupRESTModel result = new ForumAreaGroupRESTModel(forumArea.getId(), forumArea.getName());
return Response.ok(result).build();
}
Aggregations