Examples with ForbiddenException io.crnk.core.exception.ForbiddenException used on opensource projects

Example 1 with ForbiddenException

use of io.crnk.core.exception.ForbiddenException in project crnk-framework by crnk-project.

the class ResourceUpsert method canModifyField.

/**
 * Allows to check whether the given field can be written.
 *
 * @param field from the information model or null if is a dynamic field (like JsonAny).
 */
protected boolean canModifyField(ResourceInformation resourceInformation, String fieldName, ResourceField field) {
    if (field == null) {
        return true;
    }
    HttpMethod method = getHttpMethod();
    ResourceFieldAccess access = field.getAccess();
    boolean modifiable = method == HttpMethod.POST ? access.isPostable() : access.isPatchable();
    FilterBehavior filterBehavior = modifiable ? FilterBehavior.NONE : getDefaultFilterBehavior();
    filterBehavior = filterBehavior.merge(resourceFilterDirectory.get(field, method));
    if (filterBehavior == FilterBehavior.NONE) {
        return true;
    } else if (filterBehavior == FilterBehavior.FORBIDDEN) {
        throw new ForbiddenException("field '" + fieldName + "' cannot be modified");
    } else {
        PreconditionUtil.assertEquals("unknown behavior", FilterBehavior.IGNORED, filterBehavior);
        return false;
    }
}

Example 2 with ForbiddenException

use of io.crnk.core.exception.ForbiddenException in project crnk-framework by crnk-project.

the class ResourcePatchTest method onPatchingReadOnlyFieldReturnBadRequestWithFailBehavior.

@Test
public void onPatchingReadOnlyFieldReturnBadRequestWithFailBehavior() throws Exception {
    // GIVEN
    Document requestDocument = new Document();
    Resource data = createTask();
    requestDocument.setData(Nullable.of((Object) data));
    JsonPath postPath = pathBuilder.build("/tasks");
    ResourcePost post = new ResourcePost(resourceRegistry, PROPERTIES_PROVIDER, typeParser, objectMapper, documentMapper, modificationFilters);
    post.handle(postPath, emptyTaskQuery, null, requestDocument);
    PropertiesProvider propertiesProvider = new PropertiesProvider() {

        @Override
        public String getProperty(String key) {
            if (CrnkProperties.RESOURCE_FIELD_IMMUTABLE_WRITE_BEHAVIOR.equals(key)) {
                return ResourceFieldImmutableWriteBehavior.FAIL.toString();
            }
            return null;
        }
    };
    ResourcePatch sut = new ResourcePatch(resourceRegistry, propertiesProvider, typeParser, objectMapper, documentMapper, modificationFilters);
    data.getAttributes().put("readOnlyValue", objectMapper.readTree("\"newValue\""));
    // WHEN
    try {
        JsonPath patchPath = pathBuilder.build("/tasks/" + data.getId());
        sut.handle(patchPath, emptyTaskQuery, null, requestDocument);
        Assert.fail("should not be allowed to update read-only field");
    } catch (ForbiddenException e) {
        Assert.assertEquals("field 'readOnlyValue' cannot be modified", e.getMessage());
    }
}