Search in sources :

Example 6 with AccessDeniedException

use of org.alfresco.repo.security.permissions.AccessDeniedException in project alfresco-remote-api by Alfresco.

the class QuickShareLinksImpl method create.

/**
 * Create quick share.
 * <p>
 * Requires authenticated access.
 *
 * @param nodeIds
 * @param parameters
 * @return
 */
public List<QuickShareLink> create(List<QuickShareLink> nodeIds, Parameters parameters) {
    checkEnabled();
    List<QuickShareLink> result = new ArrayList<>(nodeIds.size());
    List<String> includeParam = parameters != null ? parameters.getInclude() : Collections.<String>emptyList();
    for (QuickShareLink qs : nodeIds) {
        String nodeId = qs.getNodeId();
        if (nodeId == null) {
            throw new InvalidArgumentException("A valid nodeId must be specified !");
        }
        NodeRef nodeRef = new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, nodeId);
        try {
            // Note: will throw InvalidNodeRefException (=> 404) if node does not exist
            String sharedId = (String) nodeService.getProperty(nodeRef, QuickShareModel.PROP_QSHARE_SHAREDID);
            if (sharedId != null) {
                throw new ConstraintViolatedException("sharedId already exists: " + nodeId + " [" + sharedId + "]");
            }
            // Note: since we already check node exists above, we can assume that InvalidNodeRefException (=> 404) here means not content (see type check)
            try {
                QuickShareDTO qsDto = quickShareService.shareContent(nodeRef, qs.getExpiresAt());
                result.add(getQuickShareInfo(qsDto.getId(), false, includeParam));
            } catch (InvalidNodeRefException inre) {
                throw new InvalidArgumentException("Unable to create shared link to non-file content: " + nodeId);
            } catch (QuickShareLinkExpiryActionException ex) {
                throw new InvalidArgumentException(ex.getMessage());
            }
        } catch (AccessDeniedException ade) {
            throw new PermissionDeniedException("Unable to create shared link to node that does not exist: " + nodeId);
        } catch (InvalidNodeRefException inre) {
            logger.warn("Unable to create shared link: [" + nodeRef + "]");
            throw new EntityNotFoundException(nodeId);
        }
    }
    return result;
}
Also used : AccessDeniedException(org.alfresco.repo.security.permissions.AccessDeniedException) ArrayList(java.util.ArrayList) QuickShareLinkExpiryActionException(org.alfresco.repo.quickshare.QuickShareLinkExpiryActionException) EntityNotFoundException(org.alfresco.rest.framework.core.exceptions.EntityNotFoundException) ConstraintViolatedException(org.alfresco.rest.framework.core.exceptions.ConstraintViolatedException) NodeRef(org.alfresco.service.cmr.repository.NodeRef) InvalidArgumentException(org.alfresco.rest.framework.core.exceptions.InvalidArgumentException) QuickShareDTO(org.alfresco.service.cmr.quickshare.QuickShareDTO) InvalidNodeRefException(org.alfresco.service.cmr.repository.InvalidNodeRefException) PermissionDeniedException(org.alfresco.rest.framework.core.exceptions.PermissionDeniedException) QuickShareLink(org.alfresco.rest.api.model.QuickShareLink)

Example 7 with AccessDeniedException

use of org.alfresco.repo.security.permissions.AccessDeniedException in project alfresco-remote-api by Alfresco.

the class SitesImpl method deleteSite.

public void deleteSite(String siteId, Parameters parameters) {
    SiteInfo siteInfo = validateSite(siteId);
    if (siteInfo == null) {
        // site does not exist
        throw new EntityNotFoundException(siteId);
    }
    siteId = siteInfo.getShortName();
    NodeRef siteNodeRef = siteInfo.getNodeRef();
    // belt-and-braces - double-check before purge/delete (rather than rollback)
    if (permissionService.hasPermission(siteNodeRef, PermissionService.DELETE) != AccessStatus.ALLOWED) {
        throw new AccessDeniedException("Cannot delete site: " + siteId);
    }
    // default false (if not provided)
    boolean permanentDelete = Boolean.valueOf(parameters.getParameter(PARAM_PERMANENT));
    if (permanentDelete == true) {
        // Set as temporary to delete node instead of archiving.
        nodeService.addAspect(siteNodeRef, ContentModel.ASPECT_TEMPORARY, null);
        // bypassing trashcan means that purge behaviour will not fire, so explicitly force cleanup here
        siteServiceImpl.beforePurgeNode(siteNodeRef);
    }
    siteService.deleteSite(siteId);
}
Also used : SiteInfo(org.alfresco.service.cmr.site.SiteInfo) NodeRef(org.alfresco.service.cmr.repository.NodeRef) AccessDeniedException(org.alfresco.repo.security.permissions.AccessDeniedException) EntityNotFoundException(org.alfresco.rest.framework.core.exceptions.EntityNotFoundException)

Example 8 with AccessDeniedException

use of org.alfresco.repo.security.permissions.AccessDeniedException in project alfresco-remote-api by Alfresco.

the class LinksDeletePost method executeImpl.

@Override
protected Map<String, Object> executeImpl(SiteInfo site, String linkName, WebScriptRequest req, JSONObject json, Status status, Cache cache) {
    final ResourceBundle rb = getResources();
    Map<String, Object> model = new HashMap<String, Object>();
    // Get the requested nodes from the JSON
    // Silently skips over any invalid ones specified
    List<LinkInfo> links = new ArrayList<LinkInfo>();
    if (json.containsKey("items")) {
        JSONArray items = (JSONArray) json.get("items");
        for (int i = 0; i < items.size(); i++) {
            String name = (String) items.get(i);
            LinkInfo link = linksService.getLink(site.getShortName(), name);
            if (link != null) {
                links.add(link);
            }
        }
    }
    // Check we got at least one link, and bail if not
    if (links.size() == 0) {
        String message = "No valid link names supplied";
        status.setCode(Status.STATUS_NOT_FOUND);
        status.setMessage(message);
        model.put(PARAM_MESSAGE, rb.getString(MSG_NAME_NOT_FOUND));
        return model;
    }
    // Delete each one in turn
    for (LinkInfo link : links) {
        // Do the delete
        try {
            linksService.deleteLink(link);
        } catch (AccessDeniedException e) {
            String message = "You don't have permission to delete the link with name '" + link.getTitle() + "'";
            status.setCode(Status.STATUS_FORBIDDEN);
            status.setMessage(message);
            message = rb.getString(MSG_ACCESS_DENIED);
            model.put(PARAM_MESSAGE, MessageFormat.format(message, link.getTitle()));
            return model;
        }
        // Generate the activity entry for it
        addActivityEntry("deleted", link, site, req, json);
        // Record a message (only the last one is used though!)
        String message = rb.getString(MSG_DELETED);
        model.put(PARAM_MESSAGE, MessageFormat.format(message, link.getNodeRef()));
    }
    // All done
    model.put("siteId", site.getShortName());
    model.put("site", site);
    return model;
}
Also used : AccessDeniedException(org.alfresco.repo.security.permissions.AccessDeniedException) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) JSONArray(org.json.simple.JSONArray) ResourceBundle(java.util.ResourceBundle) JSONObject(org.json.simple.JSONObject) LinkInfo(org.alfresco.service.cmr.links.LinkInfo)

Example 9 with AccessDeniedException

use of org.alfresco.repo.security.permissions.AccessDeniedException in project alfresco-remote-api by Alfresco.

the class ADMRemoteStore method deleteDocument.

/**
 * Deletes an existing document.
 * <p>
 * Delete methods are user authenticated, so the deletion of the document must be
 * allowed for the current user.
 *
 * @param path  document path
 */
@Override
protected void deleteDocument(final WebScriptResponse res, final String store, final String path) {
    final String encpath = encodePath(path);
    final FileInfo fileInfo = resolveFilePath(encpath);
    if (fileInfo == null || fileInfo.isFolder()) {
        res.setStatus(Status.STATUS_NOT_FOUND);
        return;
    }
    final String runAsUser = getPathRunAsUser(path);
    AuthenticationUtil.runAs(new RunAsWork<Void>() {

        @SuppressWarnings("synthetic-access")
        public Void doWork() throws Exception {
            try {
                final NodeRef fileRef = fileInfo.getNodeRef();
                // MNT-16371: Revoke ownership privileges for surf-config folder contents, to tighten access for former SiteManagers.
                nodeService.addAspect(fileRef, ContentModel.ASPECT_TEMPORARY, null);
                // ALF-17729
                NodeRef parentFolderRef = unprotNodeService.getPrimaryParent(fileRef).getParentRef();
                behaviourFilter.disableBehaviour(parentFolderRef, ContentModel.ASPECT_AUDITABLE);
                try {
                    nodeService.deleteNode(fileRef);
                } finally {
                    behaviourFilter.enableBehaviour(parentFolderRef, ContentModel.ASPECT_AUDITABLE);
                }
                if (logger.isDebugEnabled())
                    logger.debug("deleteDocument: " + fileInfo.toString());
            } catch (AccessDeniedException ae) {
                res.setStatus(Status.STATUS_UNAUTHORIZED);
                throw ae;
            }
            return null;
        }
    }, runAsUser);
}
Also used : NodeRef(org.alfresco.service.cmr.repository.NodeRef) AccessDeniedException(org.alfresco.repo.security.permissions.AccessDeniedException) FileInfo(org.alfresco.service.cmr.model.FileInfo) FileNotFoundException(org.alfresco.service.cmr.model.FileNotFoundException) FileExistsException(org.alfresco.service.cmr.model.FileExistsException) AccessDeniedException(org.alfresco.repo.security.permissions.AccessDeniedException) WebScriptException(org.springframework.extensions.webscripts.WebScriptException) SocketException(java.net.SocketException) ContentIOException(org.alfresco.service.cmr.repository.ContentIOException) IOException(java.io.IOException) AlfrescoRuntimeException(org.alfresco.error.AlfrescoRuntimeException)

Example 10 with AccessDeniedException

use of org.alfresco.repo.security.permissions.AccessDeniedException in project alfresco-remote-api by Alfresco.

the class UserCalendarEntriesGet method executeImpl.

@Override
protected Map<String, Object> executeImpl(SiteInfo singleSite, String eventName, WebScriptRequest req, JSONObject json, Status status, Cache cache) {
    // Did they restrict by date?
    Date fromDate = parseDate(req.getParameter("from"));
    Date toDate = parseDate(req.getParameter("to"));
    // What should we do about repeating events? First or all?
    boolean repeatingFirstOnly = true;
    String repeatingEvents = req.getParameter("repeating");
    if (repeatingEvents != null) {
        if ("first".equals(repeatingEvents)) {
            repeatingFirstOnly = true;
        } else if ("all".equals(repeatingEvents)) {
            repeatingFirstOnly = false;
        }
    } else {
        // the format of the from date, which differs between uses!
        if (fromDate != null) {
            String fromDateS = req.getParameter("from");
            if (fromDateS.indexOf('-') != -1) {
                // Apparently this is the site calendar dashlet...
                repeatingFirstOnly = true;
            }
            if (fromDateS.indexOf('/') != -1) {
                // This is something else, wants all events in range
                repeatingFirstOnly = false;
            }
        }
    }
    // One site, or all the user's ones?
    List<SiteInfo> sites = new ArrayList<SiteInfo>();
    if (singleSite != null) {
        // Just one
        sites.add(singleSite);
    } else {
        // All their sites (with optional limit)
        int max = 0;
        String strMax = req.getParameter("size");
        if (strMax != null && strMax.length() != 0) {
            max = Integer.parseInt(strMax);
        }
        sites = siteService.listSites(AuthenticationUtil.getRunAsUser(), max);
    }
    // We need to know the Site Names, and the NodeRefs of the calendar containers
    String[] siteShortNames = new String[sites.size()];
    Map<NodeRef, SiteInfo> containerLookup = new HashMap<NodeRef, SiteInfo>();
    for (int i = 0; i < sites.size(); i++) {
        SiteInfo site = sites.get(i);
        siteShortNames[i] = site.getShortName();
        try {
            containerLookup.put(siteService.getContainer(site.getShortName(), CalendarServiceImpl.CALENDAR_COMPONENT), site);
        } catch (AccessDeniedException e) {
        // You can see the site, but not the calendar, so skip it
        // This means you won't have any events in it anyway
        }
    }
    // Get the entries for the list
    PagingRequest paging = buildPagingRequest(req);
    PagingResults<CalendarEntry> entries = calendarService.listCalendarEntries(siteShortNames, fromDate, toDate, paging);
    boolean resortNeeded = false;
    List<Map<String, Object>> results = new ArrayList<Map<String, Object>>();
    for (CalendarEntry entry : entries.getPage()) {
        // Build the object
        Map<String, Object> result = new HashMap<String, Object>();
        boolean isAllDay = CalendarEntryDTO.isAllDay(entry);
        boolean removeTimezone = isAllDay && !entry.isOutlook();
        result.put(RESULT_EVENT, entry);
        result.put(RESULT_NAME, entry.getSystemName());
        result.put(RESULT_TITLE, entry.getTitle());
        result.put("description", entry.getDescription());
        result.put("where", entry.getLocation());
        result.put(RESULT_START, removeTimeZoneIfRequired(entry.getStart(), isAllDay, removeTimezone));
        result.put(RESULT_END, removeTimeZoneIfRequired(entry.getEnd(), isAllDay, removeTimezone));
        String legacyDateFormat = "yyyy-MM-dd";
        String legacyTimeFormat = "HH:mm";
        result.put("legacyDateFrom", removeTimeZoneIfRequired(entry.getStart(), isAllDay, removeTimezone, legacyDateFormat));
        result.put("legacyTimeFrom", removeTimeZoneIfRequired(entry.getStart(), isAllDay, removeTimezone, legacyTimeFormat));
        result.put("legacyDateTo", removeTimeZoneIfRequired(entry.getEnd(), isAllDay, removeTimezone, legacyDateFormat));
        result.put("legacyTimeTo", removeTimeZoneIfRequired(entry.getEnd(), isAllDay, removeTimezone, legacyTimeFormat));
        result.put("duration", buildDuration(entry));
        result.put("tags", entry.getTags());
        result.put("isoutlook", entry.isOutlook());
        result.put("allday", CalendarEntryDTO.isAllDay(entry));
        // Identify the site
        SiteInfo site = containerLookup.get(entry.getContainerNodeRef());
        result.put("site", site);
        result.put("siteName", site.getShortName());
        result.put("siteTitle", site.getTitle());
        // Check the permissions the user has on the entry
        AccessStatus canEdit = permissionService.hasPermission(entry.getNodeRef(), PermissionService.WRITE);
        AccessStatus canDelete = permissionService.hasPermission(entry.getNodeRef(), PermissionService.DELETE);
        result.put("canEdit", (canEdit == AccessStatus.ALLOWED));
        result.put("canDelete", (canDelete == AccessStatus.ALLOWED));
        // Replace nulls with blank strings for the JSON
        for (String key : result.keySet()) {
            if (result.get(key) == null) {
                result.put(key, "");
            }
        }
        // Save this one
        results.add(result);
        // Handle recurring as needed
        boolean orderChanged = handleRecurring(entry, result, results, fromDate, toDate, repeatingFirstOnly);
        if (orderChanged) {
            resortNeeded = true;
        }
    }
    // If the recurring events meant dates changed, re-sort
    if (resortNeeded) {
        Collections.sort(results, getEventDetailsSorter());
    }
    // All done
    Map<String, Object> model = new HashMap<String, Object>();
    model.put("events", results);
    return model;
}
Also used : SiteInfo(org.alfresco.service.cmr.site.SiteInfo) AccessDeniedException(org.alfresco.repo.security.permissions.AccessDeniedException) HashMap(java.util.HashMap) CalendarEntry(org.alfresco.service.cmr.calendar.CalendarEntry) ArrayList(java.util.ArrayList) Date(java.util.Date) PagingRequest(org.alfresco.query.PagingRequest) AccessStatus(org.alfresco.service.cmr.security.AccessStatus) NodeRef(org.alfresco.service.cmr.repository.NodeRef) JSONObject(org.json.simple.JSONObject) HashMap(java.util.HashMap) Map(java.util.Map)

Aggregations

AccessDeniedException (org.alfresco.repo.security.permissions.AccessDeniedException)46 NodeRef (org.alfresco.service.cmr.repository.NodeRef)30 HashMap (java.util.HashMap)17 IOException (java.io.IOException)8 AlfrescoRuntimeException (org.alfresco.error.AlfrescoRuntimeException)8 InvalidNodeRefException (org.alfresco.service.cmr.repository.InvalidNodeRefException)8 ArrayList (java.util.ArrayList)7 WebScriptException (org.springframework.extensions.webscripts.WebScriptException)7 FacesContext (javax.faces.context.FacesContext)6 FileNotFoundException (org.alfresco.service.cmr.model.FileNotFoundException)6 JSONObject (org.json.simple.JSONObject)6 Serializable (java.io.Serializable)5 EntityNotFoundException (org.alfresco.rest.framework.core.exceptions.EntityNotFoundException)5 FileExistsException (org.alfresco.service.cmr.model.FileExistsException)5 SocketException (java.net.SocketException)4 Map (java.util.Map)4 FileInfo (org.alfresco.service.cmr.model.FileInfo)4 ContentIOException (org.alfresco.service.cmr.repository.ContentIOException)4 QName (org.alfresco.service.namespace.QName)4 ResourceBundle (java.util.ResourceBundle)3