Examples with RESTPermit fi.otavanopisto.security.rest.RESTPermit used on opensource projects

Example 41 with RESTPermit

use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.

the class UserRESTService method searchStudentTransferCredits.

@GET
@Path("/students/{ID}/transferCredits")
@RESTPermit(handling = Handling.INLINE, requireLoggedIn = true)
public Response searchStudentTransferCredits(@PathParam("ID") String id, @QueryParam("curriculumEmpty") @DefaultValue("true") Boolean curriculumEmpty, @QueryParam("curriculumIdentifier") String curriculumIdentifier) {
    if (!sessionController.isLoggedIn()) {
        return Response.status(Status.UNAUTHORIZED).build();
    }
    SchoolDataIdentifier studentIdentifier = SchoolDataIdentifier.fromId(id);
    if (studentIdentifier == null) {
        return Response.status(Response.Status.BAD_REQUEST).entity(String.format("Invalid studentIdentifier %s", id)).build();
    }
    UserEntity studentEntity = userEntityController.findUserEntityByUserIdentifier(studentIdentifier);
    if (studentEntity == null) {
        return Response.status(Response.Status.BAD_REQUEST).entity(String.format("Could not find user entity for identifier %s", id)).build();
    }
    if (!studentEntity.getId().equals(sessionController.getLoggedUserEntity().getId())) {
        if (!sessionController.hasEnvironmentPermission(MuikkuPermissions.LIST_STUDENT_TRANSFER_CREDITS)) {
            return Response.status(Status.FORBIDDEN).build();
        }
    }
    List<TransferCredit> transferCredits = new ArrayList<TransferCredit>(gradingController.listStudentTransferCredits(studentIdentifier));
    for (int i = transferCredits.size() - 1; i >= 0; i--) {
        TransferCredit tc = transferCredits.get(i);
        SchoolDataIdentifier tcCurriculum = tc.getCurriculumIdentifier();
        if (tcCurriculum != null) {
            if (!StringUtils.isEmpty(curriculumIdentifier) && !Objects.equals(tcCurriculum.toId(), curriculumIdentifier)) {
                transferCredits.remove(i);
            }
        } else {
            if (!curriculumEmpty)
                transferCredits.remove(i);
        }
    }
    return Response.ok(createRestModel(transferCredits.toArray(new TransferCredit[0]))).build();
}

Example 42 with RESTPermit

use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.

the class UserRESTService method setUserEntityProperty.

@POST
@Path("/property")
@RESTPermit(handling = Handling.INLINE, requireLoggedIn = true)
public Response setUserEntityProperty(fi.otavanopisto.muikku.rest.model.UserEntityProperty payload) {
    UserEntity loggedUserEntity = sessionController.getLoggedUserEntity();
    userEntityController.setUserEntityProperty(loggedUserEntity, payload.getKey(), payload.getValue());
    return Response.ok(payload).build();
}

Example 43 with RESTPermit

use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.

the class UserRESTService method listStudentFlags.

@GET
@Path("/students/{ID}/flags")
@RESTPermit(handling = Handling.INLINE)
public Response listStudentFlags(@Context Request request, @PathParam("ID") String id, @QueryParam("ownerIdentifier") String ownerId) {
    if (!sessionController.isLoggedIn()) {
        return Response.status(Status.FORBIDDEN).build();
    }
    SchoolDataIdentifier studentIdentifier = SchoolDataIdentifier.fromId(id);
    if (studentIdentifier == null) {
        return Response.status(Response.Status.BAD_REQUEST).entity(String.format("Invalid studentIdentifier %s", id)).build();
    }
    if (StringUtils.isBlank(ownerId)) {
        return Response.status(Response.Status.NOT_IMPLEMENTED).entity("Listing student flags without owner is not implemented").build();
    }
    SchoolDataIdentifier ownerIdentifier = SchoolDataIdentifier.fromId(ownerId);
    if (ownerIdentifier == null) {
        return Response.status(Status.BAD_REQUEST).entity("ownerIdentifier is malformed").build();
    }
    if (!ownerIdentifier.equals(sessionController.getLoggedUser())) {
        return Response.status(Status.FORBIDDEN).build();
    }
    List<FlagStudent> flags = flagController.listByOwnedAndSharedStudentFlags(studentIdentifier, ownerIdentifier);
    return Response.ok(createRestModel(flags.toArray(new FlagStudent[0]))).build();
}

Example 44 with RESTPermit

use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.

the class UserRESTService method listStudentPhoneNumbers.

@GET
@Path("/students/{ID}/phoneNumbers")
@RESTPermit(handling = Handling.INLINE, requireLoggedIn = true)
public Response listStudentPhoneNumbers(@PathParam("ID") String id) {
    if (!sessionController.isLoggedIn()) {
        return Response.status(Status.UNAUTHORIZED).build();
    }
    SchoolDataIdentifier studentIdentifier = SchoolDataIdentifier.fromId(id);
    if (studentIdentifier == null) {
        return Response.status(Response.Status.BAD_REQUEST).entity(String.format("Invalid studentIdentifier %s", id)).build();
    }
    UserEntity studentEntity = userEntityController.findUserEntityByUserIdentifier(studentIdentifier);
    if (studentEntity == null) {
        return Response.status(Response.Status.BAD_REQUEST).entity(String.format("Could not find user entity for identifier %s", id)).build();
    }
    if (!studentEntity.getId().equals(sessionController.getLoggedUserEntity().getId())) {
        if (!sessionController.hasEnvironmentPermission(MuikkuPermissions.LIST_STUDENT_PHONE_NUMBERS)) {
            return Response.status(Status.FORBIDDEN).build();
        }
    }
    List<UserPhoneNumber> phoneNumbers = userController.listUserPhoneNumbers(studentIdentifier);
    Collections.sort(phoneNumbers, new Comparator<UserPhoneNumber>() {

        @Override
        public int compare(UserPhoneNumber o1, UserPhoneNumber o2) {
            return o1.getDefaultNumber() ? -1 : o2.getDefaultNumber() ? 1 : 0;
        }
    });
    return Response.ok(createRestModel(phoneNumbers.toArray(new UserPhoneNumber[0]))).build();
}

Example 45 with RESTPermit

use of fi.otavanopisto.security.rest.RESTPermit in project muikku by otavanopisto.

the class UserRESTService method createFlag.

@POST
@Path("/flags/")
@RESTPermit(handling = Handling.INLINE, requireLoggedIn = true)
public Response createFlag(fi.otavanopisto.muikku.rest.model.Flag payload) {
    if (StringUtils.isBlank(payload.getOwnerIdentifier())) {
        return Response.status(Status.BAD_REQUEST).entity("ownerIdentifier is missing").build();
    }
    if (StringUtils.isBlank(payload.getColor())) {
        return Response.status(Status.BAD_REQUEST).entity("color is missing").build();
    }
    if (StringUtils.isBlank(payload.getName())) {
        return Response.status(Status.BAD_REQUEST).entity("name is missing").build();
    }
    SchoolDataIdentifier ownerIdentifier = SchoolDataIdentifier.fromId(payload.getOwnerIdentifier());
    if (ownerIdentifier == null) {
        return Response.status(Status.BAD_REQUEST).entity("ownerIdentifier is malformed").build();
    }
    Flag flag = flagController.createFlag(ownerIdentifier, payload.getName(), payload.getColor(), payload.getDescription());
    return Response.ok(createRestModel(flag)).build();
}