Example 46 with RolesAllowed
use of javax.annotation.security.RolesAllowed in project jeeshop by remibantos.
the class Discounts method modify.
@PUT
@Transactional
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@RolesAllowed({ ADMIN, STORE_ADMIN })
public Discount modify(@Context SecurityContext securityContext, Discount discount) {
Discount originalDiscount = entityManager.find(Discount.class, discount.getId());
checkNotNull(originalDiscount);
if (isAdminUser(securityContext) || isOwner(securityContext, discount.getOwner())) {
discount.setPresentationByLocale(originalDiscount.getPresentationByLocale());
return entityManager.merge(discount);
} else
throw new WebApplicationException(Response.Status.FORBIDDEN);
}
Also used :
WebApplicationException(org.rembx.jeeshop.rest.WebApplicationException)
RolesAllowed(javax.annotation.security.RolesAllowed)
Transactional(javax.transaction.Transactional)
Example 47 with RolesAllowed
use of javax.annotation.security.RolesAllowed in project jeeshop by remibantos.
the class SKUs method findPresentationsLocales.
@GET
@Path("/{skuId}/presentationslocales")
@Produces(MediaType.APPLICATION_JSON)
@RolesAllowed({ ADMIN, STORE_ADMIN, ADMIN_READONLY })
public Set<String> findPresentationsLocales(@Context SecurityContext securityContext, @PathParam("skuId") @NotNull Long skuId) {
SKU sku = entityManager.find(SKU.class, skuId);
checkNotNull(sku);
if (!isAdminUser(securityContext) && !isOwner(securityContext, sku.getOwner()))
throw new WebApplicationException(Response.Status.FORBIDDEN);
return sku.getPresentationByLocale().keySet();
}
Also used :
WebApplicationException(org.rembx.jeeshop.rest.WebApplicationException)
RolesAllowed(javax.annotation.security.RolesAllowed)
Example 48 with RolesAllowed
use of javax.annotation.security.RolesAllowed in project jeeshop by remibantos.
the class Medias method upload.
@POST
@Consumes("multipart/form-data")
@Produces(MediaType.APPLICATION_JSON)
@RolesAllowed(ADMIN)
@Path("/{type}/{id}/{locale}/upload")
public void upload(@Context HttpServletRequest request, @NotNull @PathParam("type") String itemType, @NotNull @PathParam("id") Long itemId, @NotNull @PathParam("locale") String locale) {
try {
ServletFileUpload upload = new ServletFileUpload();
FileItemIterator iterator = upload.getItemIterator(request);
while (iterator.hasNext()) {
FileItemStream item = iterator.next();
java.nio.file.Path itemBasePath = getBasePath().resolve(itemType).resolve(itemId.toString()).resolve(locale);
if (!Files.exists(itemBasePath))
Files.createDirectories(itemBasePath);
java.nio.file.Path filePath = itemBasePath.resolve(item.getName());
Files.copy(item.openStream(), filePath, StandardCopyOption.REPLACE_EXISTING);
LOG.info("File written to " + filePath);
}
} catch (IOException | FileUploadException e) {
LOG.error("Could not handle upload of file with type: " + itemType + " and id: " + itemId, e);
throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
}
}
Also used :
ServletFileUpload(org.apache.commons.fileupload.servlet.ServletFileUpload)
WebApplicationException(org.rembx.jeeshop.rest.WebApplicationException)
FileItemStream(org.apache.commons.fileupload.FileItemStream)
IOException(java.io.IOException)
FileItemIterator(org.apache.commons.fileupload.FileItemIterator)
FileUploadException(org.apache.commons.fileupload.FileUploadException)
RolesAllowed(javax.annotation.security.RolesAllowed)
Example 49 with RolesAllowed
use of javax.annotation.security.RolesAllowed in project jeeshop by remibantos.
the class Orders method find.
@GET
@Path("/{orderId}")
@Produces(MediaType.APPLICATION_JSON)
@RolesAllowed({ ADMIN, ADMIN_READONLY, USER })
public Order find(@Context SecurityContext securityContext, @PathParam("orderId") @NotNull Long orderId, @QueryParam("enhanced") Boolean enhanced) {
Order order = entityManager.find(Order.class, orderId);
if (securityContext.isUserInRole(USER) && !securityContext.isUserInRole(ADMIN)) {
User authenticatedUser = userFinder.findByLogin(securityContext.getUserPrincipal().getName());
if (!order.getUser().equals(authenticatedUser)) {
throw new WebApplicationException(Response.Status.UNAUTHORIZED);
}
}
if (enhanced != null && enhanced) {
orderFinder.enhanceOrder(order);
}
checkNotNull(order);
return order;
}
Also used :
Order(org.rembx.jeeshop.order.model.Order)
User(org.rembx.jeeshop.user.model.User)
WebApplicationException(org.rembx.jeeshop.rest.WebApplicationException)
RolesAllowed(javax.annotation.security.RolesAllowed)
Example 50 with RolesAllowed
use of javax.annotation.security.RolesAllowed in project jeeshop by remibantos.
the class MailTemplates method delete.
@DELETE
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@RolesAllowed(ADMIN)
@Transactional
@Path("/{id}")
public void delete(@PathParam("id") Long id) {
MailTemplate mailTemplate = entityManager.find(MailTemplate.class, id);
checkNotNull(mailTemplate);
entityManager.remove(mailTemplate);
}
Also used :
MailTemplate(org.rembx.jeeshop.user.model.MailTemplate)
RolesAllowed(javax.annotation.security.RolesAllowed)
Transactional(javax.transaction.Transactional)
Aggregations
RolesAllowed (javax.annotation.security.RolesAllowed)191
Path (javax.ws.rs.Path)127
Produces (javax.ws.rs.Produces)110
Consumes (javax.ws.rs.Consumes)55
GET (javax.ws.rs.GET)54
POST (javax.ws.rs.POST)40
PUT (javax.ws.rs.PUT)35
HashMap (java.util.HashMap)34
ArrayList (java.util.ArrayList)32
IOException (java.io.IOException)30
ApiOperation (io.swagger.annotations.ApiOperation)29
ApiResponses (io.swagger.annotations.ApiResponses)29
Response (javax.ws.rs.core.Response)28
Adapter (nl.nn.adapterframework.core.Adapter)21
DELETE (javax.ws.rs.DELETE)19
WebApplicationException (org.rembx.jeeshop.rest.WebApplicationException)19
LinkedHashMap (java.util.LinkedHashMap)16
Locale (java.util.Locale)16
Map (java.util.Map)12
ResponseBuilder (javax.ws.rs.core.Response.ResponseBuilder)12
