use of org.alfresco.repo.security.permissions.AccessDeniedException in project alfresco-remote-api by Alfresco.
the class QuickShareLinksImpl method create.
/**
* Create quick share.
* <p>
* Requires authenticated access.
*
* @param nodeIds
* @param parameters
* @return
*/
public List<QuickShareLink> create(List<QuickShareLink> nodeIds, Parameters parameters) {
checkEnabled();
List<QuickShareLink> result = new ArrayList<>(nodeIds.size());
List<String> includeParam = parameters != null ? parameters.getInclude() : Collections.<String>emptyList();
for (QuickShareLink qs : nodeIds) {
String nodeId = qs.getNodeId();
if (nodeId == null) {
throw new InvalidArgumentException("A valid nodeId must be specified !");
}
NodeRef nodeRef = new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, nodeId);
try {
// Note: will throw InvalidNodeRefException (=> 404) if node does not exist
String sharedId = (String) nodeService.getProperty(nodeRef, QuickShareModel.PROP_QSHARE_SHAREDID);
if (sharedId != null) {
throw new ConstraintViolatedException("sharedId already exists: " + nodeId + " [" + sharedId + "]");
}
// Note: since we already check node exists above, we can assume that InvalidNodeRefException (=> 404) here means not content (see type check)
try {
QuickShareDTO qsDto = quickShareService.shareContent(nodeRef, qs.getExpiresAt());
result.add(getQuickShareInfo(qsDto.getId(), false, includeParam));
} catch (InvalidNodeRefException inre) {
throw new InvalidArgumentException("Unable to create shared link to non-file content: " + nodeId);
} catch (QuickShareLinkExpiryActionException ex) {
throw new InvalidArgumentException(ex.getMessage());
}
} catch (AccessDeniedException ade) {
throw new PermissionDeniedException("Unable to create shared link to node that does not exist: " + nodeId);
} catch (InvalidNodeRefException inre) {
logger.warn("Unable to create shared link: [" + nodeRef + "]");
throw new EntityNotFoundException(nodeId);
}
}
return result;
}
use of org.alfresco.repo.security.permissions.AccessDeniedException in project alfresco-remote-api by Alfresco.
the class SitesImpl method deleteSite.
public void deleteSite(String siteId, Parameters parameters) {
SiteInfo siteInfo = validateSite(siteId);
if (siteInfo == null) {
// site does not exist
throw new EntityNotFoundException(siteId);
}
siteId = siteInfo.getShortName();
NodeRef siteNodeRef = siteInfo.getNodeRef();
// belt-and-braces - double-check before purge/delete (rather than rollback)
if (permissionService.hasPermission(siteNodeRef, PermissionService.DELETE) != AccessStatus.ALLOWED) {
throw new AccessDeniedException("Cannot delete site: " + siteId);
}
// default false (if not provided)
boolean permanentDelete = Boolean.valueOf(parameters.getParameter(PARAM_PERMANENT));
if (permanentDelete == true) {
// Set as temporary to delete node instead of archiving.
nodeService.addAspect(siteNodeRef, ContentModel.ASPECT_TEMPORARY, null);
// bypassing trashcan means that purge behaviour will not fire, so explicitly force cleanup here
siteServiceImpl.beforePurgeNode(siteNodeRef);
}
siteService.deleteSite(siteId);
}
use of org.alfresco.repo.security.permissions.AccessDeniedException in project alfresco-remote-api by Alfresco.
the class LinksDeletePost method executeImpl.
@Override
protected Map<String, Object> executeImpl(SiteInfo site, String linkName, WebScriptRequest req, JSONObject json, Status status, Cache cache) {
final ResourceBundle rb = getResources();
Map<String, Object> model = new HashMap<String, Object>();
// Get the requested nodes from the JSON
// Silently skips over any invalid ones specified
List<LinkInfo> links = new ArrayList<LinkInfo>();
if (json.containsKey("items")) {
JSONArray items = (JSONArray) json.get("items");
for (int i = 0; i < items.size(); i++) {
String name = (String) items.get(i);
LinkInfo link = linksService.getLink(site.getShortName(), name);
if (link != null) {
links.add(link);
}
}
}
// Check we got at least one link, and bail if not
if (links.size() == 0) {
String message = "No valid link names supplied";
status.setCode(Status.STATUS_NOT_FOUND);
status.setMessage(message);
model.put(PARAM_MESSAGE, rb.getString(MSG_NAME_NOT_FOUND));
return model;
}
// Delete each one in turn
for (LinkInfo link : links) {
// Do the delete
try {
linksService.deleteLink(link);
} catch (AccessDeniedException e) {
String message = "You don't have permission to delete the link with name '" + link.getTitle() + "'";
status.setCode(Status.STATUS_FORBIDDEN);
status.setMessage(message);
message = rb.getString(MSG_ACCESS_DENIED);
model.put(PARAM_MESSAGE, MessageFormat.format(message, link.getTitle()));
return model;
}
// Generate the activity entry for it
addActivityEntry("deleted", link, site, req, json);
// Record a message (only the last one is used though!)
String message = rb.getString(MSG_DELETED);
model.put(PARAM_MESSAGE, MessageFormat.format(message, link.getNodeRef()));
}
// All done
model.put("siteId", site.getShortName());
model.put("site", site);
return model;
}
use of org.alfresco.repo.security.permissions.AccessDeniedException in project alfresco-remote-api by Alfresco.
the class ADMRemoteStore method deleteDocument.
/**
* Deletes an existing document.
* <p>
* Delete methods are user authenticated, so the deletion of the document must be
* allowed for the current user.
*
* @param path document path
*/
@Override
protected void deleteDocument(final WebScriptResponse res, final String store, final String path) {
final String encpath = encodePath(path);
final FileInfo fileInfo = resolveFilePath(encpath);
if (fileInfo == null || fileInfo.isFolder()) {
res.setStatus(Status.STATUS_NOT_FOUND);
return;
}
final String runAsUser = getPathRunAsUser(path);
AuthenticationUtil.runAs(new RunAsWork<Void>() {
@SuppressWarnings("synthetic-access")
public Void doWork() throws Exception {
try {
final NodeRef fileRef = fileInfo.getNodeRef();
// MNT-16371: Revoke ownership privileges for surf-config folder contents, to tighten access for former SiteManagers.
nodeService.addAspect(fileRef, ContentModel.ASPECT_TEMPORARY, null);
// ALF-17729
NodeRef parentFolderRef = unprotNodeService.getPrimaryParent(fileRef).getParentRef();
behaviourFilter.disableBehaviour(parentFolderRef, ContentModel.ASPECT_AUDITABLE);
try {
nodeService.deleteNode(fileRef);
} finally {
behaviourFilter.enableBehaviour(parentFolderRef, ContentModel.ASPECT_AUDITABLE);
}
if (logger.isDebugEnabled())
logger.debug("deleteDocument: " + fileInfo.toString());
} catch (AccessDeniedException ae) {
res.setStatus(Status.STATUS_UNAUTHORIZED);
throw ae;
}
return null;
}
}, runAsUser);
}
use of org.alfresco.repo.security.permissions.AccessDeniedException in project alfresco-remote-api by Alfresco.
the class UserCalendarEntriesGet method executeImpl.
@Override
protected Map<String, Object> executeImpl(SiteInfo singleSite, String eventName, WebScriptRequest req, JSONObject json, Status status, Cache cache) {
// Did they restrict by date?
Date fromDate = parseDate(req.getParameter("from"));
Date toDate = parseDate(req.getParameter("to"));
// What should we do about repeating events? First or all?
boolean repeatingFirstOnly = true;
String repeatingEvents = req.getParameter("repeating");
if (repeatingEvents != null) {
if ("first".equals(repeatingEvents)) {
repeatingFirstOnly = true;
} else if ("all".equals(repeatingEvents)) {
repeatingFirstOnly = false;
}
} else {
// the format of the from date, which differs between uses!
if (fromDate != null) {
String fromDateS = req.getParameter("from");
if (fromDateS.indexOf('-') != -1) {
// Apparently this is the site calendar dashlet...
repeatingFirstOnly = true;
}
if (fromDateS.indexOf('/') != -1) {
// This is something else, wants all events in range
repeatingFirstOnly = false;
}
}
}
// One site, or all the user's ones?
List<SiteInfo> sites = new ArrayList<SiteInfo>();
if (singleSite != null) {
// Just one
sites.add(singleSite);
} else {
// All their sites (with optional limit)
int max = 0;
String strMax = req.getParameter("size");
if (strMax != null && strMax.length() != 0) {
max = Integer.parseInt(strMax);
}
sites = siteService.listSites(AuthenticationUtil.getRunAsUser(), max);
}
// We need to know the Site Names, and the NodeRefs of the calendar containers
String[] siteShortNames = new String[sites.size()];
Map<NodeRef, SiteInfo> containerLookup = new HashMap<NodeRef, SiteInfo>();
for (int i = 0; i < sites.size(); i++) {
SiteInfo site = sites.get(i);
siteShortNames[i] = site.getShortName();
try {
containerLookup.put(siteService.getContainer(site.getShortName(), CalendarServiceImpl.CALENDAR_COMPONENT), site);
} catch (AccessDeniedException e) {
// You can see the site, but not the calendar, so skip it
// This means you won't have any events in it anyway
}
}
// Get the entries for the list
PagingRequest paging = buildPagingRequest(req);
PagingResults<CalendarEntry> entries = calendarService.listCalendarEntries(siteShortNames, fromDate, toDate, paging);
boolean resortNeeded = false;
List<Map<String, Object>> results = new ArrayList<Map<String, Object>>();
for (CalendarEntry entry : entries.getPage()) {
// Build the object
Map<String, Object> result = new HashMap<String, Object>();
boolean isAllDay = CalendarEntryDTO.isAllDay(entry);
boolean removeTimezone = isAllDay && !entry.isOutlook();
result.put(RESULT_EVENT, entry);
result.put(RESULT_NAME, entry.getSystemName());
result.put(RESULT_TITLE, entry.getTitle());
result.put("description", entry.getDescription());
result.put("where", entry.getLocation());
result.put(RESULT_START, removeTimeZoneIfRequired(entry.getStart(), isAllDay, removeTimezone));
result.put(RESULT_END, removeTimeZoneIfRequired(entry.getEnd(), isAllDay, removeTimezone));
String legacyDateFormat = "yyyy-MM-dd";
String legacyTimeFormat = "HH:mm";
result.put("legacyDateFrom", removeTimeZoneIfRequired(entry.getStart(), isAllDay, removeTimezone, legacyDateFormat));
result.put("legacyTimeFrom", removeTimeZoneIfRequired(entry.getStart(), isAllDay, removeTimezone, legacyTimeFormat));
result.put("legacyDateTo", removeTimeZoneIfRequired(entry.getEnd(), isAllDay, removeTimezone, legacyDateFormat));
result.put("legacyTimeTo", removeTimeZoneIfRequired(entry.getEnd(), isAllDay, removeTimezone, legacyTimeFormat));
result.put("duration", buildDuration(entry));
result.put("tags", entry.getTags());
result.put("isoutlook", entry.isOutlook());
result.put("allday", CalendarEntryDTO.isAllDay(entry));
// Identify the site
SiteInfo site = containerLookup.get(entry.getContainerNodeRef());
result.put("site", site);
result.put("siteName", site.getShortName());
result.put("siteTitle", site.getTitle());
// Check the permissions the user has on the entry
AccessStatus canEdit = permissionService.hasPermission(entry.getNodeRef(), PermissionService.WRITE);
AccessStatus canDelete = permissionService.hasPermission(entry.getNodeRef(), PermissionService.DELETE);
result.put("canEdit", (canEdit == AccessStatus.ALLOWED));
result.put("canDelete", (canDelete == AccessStatus.ALLOWED));
// Replace nulls with blank strings for the JSON
for (String key : result.keySet()) {
if (result.get(key) == null) {
result.put(key, "");
}
}
// Save this one
results.add(result);
// Handle recurring as needed
boolean orderChanged = handleRecurring(entry, result, results, fromDate, toDate, repeatingFirstOnly);
if (orderChanged) {
resortNeeded = true;
}
}
// If the recurring events meant dates changed, re-sort
if (resortNeeded) {
Collections.sort(results, getEventDetailsSorter());
}
// All done
Map<String, Object> model = new HashMap<String, Object>();
model.put("events", results);
return model;
}
Aggregations