Examples with Authorisation nikita.webapp.security.Authorisation used on opensource projects

Example 66 with Authorisation

use of nikita.webapp.security.Authorisation in project nikita-noark5-core by HiOA-ABI.

the class DocumentObjectHateoasController method handleFileUpload.

// API - All POST Requests (CRUD - CREATE)
// upload a file and associate it with a documentObject
// POST [contextPath][api]/arkivstruktur/dokumentobjekt/{systemID}/referanseFil
@ApiOperation(value = "Uploads a file and associates it with the documentObject identified by a systemId", response = DocumentObjectHateoas.class)
@ApiResponses(value = { @ApiResponse(code = 200, message = "File uploaded successfully", response = DocumentObjectHateoas.class), @ApiResponse(code = 401, message = API_MESSAGE_UNAUTHENTICATED_USER), @ApiResponse(code = 403, message = API_MESSAGE_UNAUTHORISED_FOR_USER), @ApiResponse(code = 500, message = API_MESSAGE_INTERNAL_SERVER_ERROR) })
@Counted
@RequestMapping(value = SLASH + LEFT_PARENTHESIS + SYSTEM_ID + RIGHT_PARENTHESIS + SLASH + REFERENCE_FILE, method = RequestMethod.POST, headers = "Accept=*/*", produces = { NOARK5_V4_CONTENT_TYPE_JSON, NOARK5_V4_CONTENT_TYPE_JSON_XML })
public ResponseEntity<DocumentObjectHateoas> handleFileUpload(final UriComponentsBuilder uriBuilder, HttpServletRequest request, final HttpServletResponse response, @ApiParam(name = "systemID", value = "systemID of the documentObject you wish to associate a file with", required = true) @PathVariable("systemID") final String documentObjectSystemId) {
    try {
        DocumentObject documentObject = documentObjectService.findBySystemId(documentObjectSystemId);
        if (documentObject == null) {
            throw new NoarkEntityNotFoundException(documentObjectSystemId);
        }
        InputStream inputStream;
        // Following will be needed for uploading file in chunks
        // String headerContentRange = request.getHeader("content-range");//Content-Range:bytes 737280-819199/845769
        // Check that content-length is set, > 0 and in agreement with the value set in documentObject
        Long contentLength = 0L;
        if (request.getHeader("content-length") == null) {
            throw new StorageException("Attempt to upload a document without content-length set. The document " + "was attempted to be associated with " + documentObject);
        }
        contentLength = (long) request.getIntHeader("content-length");
        if (contentLength < 1) {
            throw new StorageException("Attempt to upload a document with 0 or negative content-length set. " + "Actual value was (" + contentLength + "). The document  was attempted to be associated with " + documentObject);
        }
        if (null == documentObject.getFileSize()) {
            throw new StorageException("Attempt to upload a document with a content-length set in the header (" + contentLength + "), but the value in documentObject has not been set (== null).  The " + "document was attempted to be associated with " + documentObject);
        }
        if (!contentLength.equals(documentObject.getFileSize())) {
            throw new StorageException("Attempt to upload a document with a content-length set in the header (" + contentLength + ") that is not the same as the value in documentObject (" + documentObject.getFileSize() + ").  The document was attempted to be associated with " + documentObject);
        }
        // Check that the content-type is set and in agreement with mimeType value in documentObject
        String headerContentType = request.getHeader("content-type");
        if (headerContentType == null) {
            throw new StorageException("Attempt to upload a document without content-type set. The document " + "was attempted to be associated with " + documentObject);
        }
        if (!headerContentType.equals(documentObject.getMimeType())) {
            throw new StorageException("Attempt to upload a document with a content-type set in the header (" + contentLength + ") that is not the same as the mimeType in documentObject (" + documentObject.getMimeType() + ").  The document was attempted to be associated with " + documentObject);
        }
        documentObjectService.storeAndCalculateChecksum(request.getInputStream(), documentObject);
        // We need to update the documentObject in the database as checksum and checksum algorithm are set after
        // the document has been uploaded
        documentObjectService.update(documentObject);
        DocumentObjectHateoas documentObjectHateoas = new DocumentObjectHateoas(documentObject);
        documentObjectHateoasHandler.addLinks(documentObjectHateoas, new Authorisation());
        return new ResponseEntity<>(documentObjectHateoas, HttpStatus.OK);
    } catch (IOException e) {
        throw new StorageException(e.toString());
    }
}

Example 67 with Authorisation

use of nikita.webapp.security.Authorisation in project nikita-noark5-core by HiOA-ABI.

the class FileHateoasController method deleteFileBySystemId.

// Delete a File identified by systemID
// DELETE [contextPath][api]/arkivstruktur/mappe/{systemId}/
@ApiOperation(value = "Deletes a single File entity identified by systemID", response = HateoasNoarkObject.class)
@ApiResponses(value = { @ApiResponse(code = 200, message = "Parent entity (DocumentDescription or File) returned", response = HateoasNoarkObject.class), @ApiResponse(code = 401, message = API_MESSAGE_UNAUTHENTICATED_USER), @ApiResponse(code = 403, message = API_MESSAGE_UNAUTHORISED_FOR_USER), @ApiResponse(code = 500, message = API_MESSAGE_INTERNAL_SERVER_ERROR) })
@Counted
@RequestMapping(value = SLASH + LEFT_PARENTHESIS + SYSTEM_ID + RIGHT_PARENTHESIS, method = RequestMethod.DELETE)
public ResponseEntity<HateoasNoarkObject> deleteFileBySystemId(final UriComponentsBuilder uriBuilder, HttpServletRequest request, final HttpServletResponse response, @ApiParam(name = "systemID", value = "systemID of the file to delete", required = true) @PathVariable("systemID") final String systemID) {
    File file = fileService.findBySystemId(systemID);
    NoarkEntity parentEntity = file.chooseParent();
    HateoasNoarkObject hateoasNoarkObject;
    if (parentEntity instanceof Series) {
        hateoasNoarkObject = new SeriesHateoas(parentEntity);
        seriesHateoasHandler.addLinks(hateoasNoarkObject, new Authorisation());
    } else if (parentEntity instanceof File) {
        hateoasNoarkObject = new FileHateoas(parentEntity);
        fileHateoasHandler.addLinks(hateoasNoarkObject, new Authorisation());
    } else if (parentEntity instanceof Class) {
        hateoasNoarkObject = new ClassHateoas(parentEntity);
        classHateoasHandler.addLinks(hateoasNoarkObject, new Authorisation());
    } else {
        throw new NikitaException("Internal error. Could not process" + request.getRequestURI());
    }
    fileService.deleteEntity(systemID);
    applicationEventPublisher.publishEvent(new AfterNoarkEntityDeletedEvent(this, file));
    return ResponseEntity.status(HttpStatus.OK).allow(CommonUtils.WebUtils.getMethodsForRequestOrThrow(request.getServletPath())).body(hateoasNoarkObject);
}

Example 68 with Authorisation

use of nikita.webapp.security.Authorisation in project nikita-noark5-core by HiOA-ABI.

the class FileHateoasController method createDefaultBasicRecord.

// Create a BasicRecord with default values
// GET [contextPath][api]/arkivstruktur/mappe/{systemId}/ny-basisregistrering
@ApiOperation(value = "Create a BasicRecord with default values", response = BasicRecord.class)
@ApiResponses(value = { @ApiResponse(code = 200, message = "BasicRecord returned", response = BasicRecord.class), @ApiResponse(code = 401, message = API_MESSAGE_UNAUTHENTICATED_USER), @ApiResponse(code = 403, message = API_MESSAGE_UNAUTHORISED_FOR_USER), @ApiResponse(code = 500, message = API_MESSAGE_INTERNAL_SERVER_ERROR) })
@Counted
@RequestMapping(value = SLASH + LEFT_PARENTHESIS + SYSTEM_ID + RIGHT_PARENTHESIS + SLASH + NEW_BASIC_RECORD, method = RequestMethod.GET)
public ResponseEntity<BasicRecordHateoas> createDefaultBasicRecord(final UriComponentsBuilder uriBuilder, HttpServletRequest request, final HttpServletResponse response) {
    BasicRecord defaultBasicRecord = new BasicRecord();
    defaultBasicRecord.setArchivedBy(TEST_USER_CASE_HANDLER_2);
    defaultBasicRecord.setArchivedDate(new Date());
    BasicRecordHateoas basicRecordHateoas = new BasicRecordHateoas(defaultBasicRecord);
    basicRecordHateoasHandler.addLinksOnNew(basicRecordHateoas, new Authorisation());
    return ResponseEntity.status(HttpStatus.CREATED).allow(CommonUtils.WebUtils.getMethodsForRequestOrThrow(request.getServletPath())).body(basicRecordHateoas);
}

Example 69 with Authorisation

use of nikita.webapp.security.Authorisation in project nikita-noark5-core by HiOA-ABI.

the class FileHateoasController method findAllFiles.

// Retrieves all files
// GET [contextPath][api]/arkivstruktur/mappe
@ApiOperation(value = "Retrieves multiple File entities limited by ownership rights", notes = "The field skip" + "tells how many File rows of the result set to ignore (starting at 0), while  top tells how many rows" + " after skip to return. Note if the value of top is greater than system value " + " nikita-noark5-core.pagination.maxPageSize, then nikita-noark5-core.pagination.maxPageSize is used. ", response = FileHateoas.class)
@ApiResponses(value = { @ApiResponse(code = 200, message = "File list found", response = FileHateoas.class), @ApiResponse(code = 401, message = API_MESSAGE_UNAUTHENTICATED_USER), @ApiResponse(code = 403, message = API_MESSAGE_UNAUTHORISED_FOR_USER), @ApiResponse(code = 500, message = API_MESSAGE_INTERNAL_SERVER_ERROR) })
@Counted
@RequestMapping(method = RequestMethod.GET)
public ResponseEntity<FileHateoas> findAllFiles(final UriComponentsBuilder uriBuilder, HttpServletRequest request, final HttpServletResponse response, @RequestParam(name = "top", required = false) Integer top, @RequestParam(name = "skip", required = false) Integer skip) {
    String ownedBy = SecurityContextHolder.getContext().getAuthentication().getName();
    FileHateoas fileHateoas = new FileHateoas((List<INikitaEntity>) (List) fileService.findByOwnedBy(ownedBy));
    fileHateoasHandler.addLinks(fileHateoas, new Authorisation());
    return ResponseEntity.status(HttpStatus.CREATED).allow(CommonUtils.WebUtils.getMethodsForRequestOrThrow(request.getServletPath())).body(fileHateoas);
}

Example 70 with Authorisation

use of nikita.webapp.security.Authorisation in project nikita-noark5-core by HiOA-ABI.

the class FileHateoasController method findOneFileBySystemId.

// Retrieve a file identified by a systemId
// GET [contextPath][api]/arkivstruktur/mappe/{systemId}
@ApiOperation(value = "Retrieves a single File entity given a systemId", response = File.class)
@ApiResponses(value = { @ApiResponse(code = 200, message = "File returned", response = File.class), @ApiResponse(code = 401, message = API_MESSAGE_UNAUTHENTICATED_USER), @ApiResponse(code = 403, message = API_MESSAGE_UNAUTHORISED_FOR_USER), @ApiResponse(code = 500, message = API_MESSAGE_INTERNAL_SERVER_ERROR) })
@Counted
@RequestMapping(value = SLASH + LEFT_PARENTHESIS + SYSTEM_ID + RIGHT_PARENTHESIS, method = RequestMethod.GET)
public ResponseEntity<FileHateoas> findOneFileBySystemId(final UriComponentsBuilder uriBuilder, HttpServletRequest request, final HttpServletResponse response, @ApiParam(name = "systemID", value = "systemID of the file to retrieve", required = true) @PathVariable("systemID") final String systemID) {
    File file = fileService.findBySystemId(systemID);
    // TODO: If null return not found exception
    FileHateoas fileHateoas = new FileHateoas(file);
    fileHateoasHandler.addLinks(fileHateoas, new Authorisation());
    return ResponseEntity.status(HttpStatus.CREATED).allow(CommonUtils.WebUtils.getMethodsForRequestOrThrow(request.getServletPath())).eTag(file.getVersion().toString()).body(fileHateoas);
}