use of org.alfresco.rest.framework.core.exceptions.PermissionDeniedException in project alfresco-remote-api by Alfresco.
the class DeploymentsImpl method getDeployments.
@Override
public CollectionWithPagingInfo<Deployment> getDeployments(Paging paging) {
// Only admin-user is allowed to get deployments
if (!authorityService.isAdminAuthority(AuthenticationUtil.getRunAsUser())) {
throw new PermissionDeniedException();
}
DeploymentQuery query = activitiProcessEngine.getRepositoryService().createDeploymentQuery().deploymentCategoryNotEquals(WorkflowDeployer.CATEGORY_ALFRESCO_INTERNAL);
if (tenantService.isEnabled() && deployWorkflowsInTenant) {
query.processDefinitionKeyLike("@" + TenantUtil.getCurrentDomain() + "@%");
}
query.orderByDeploymenTime().desc();
List<org.activiti.engine.repository.Deployment> deployments = query.listPage(paging.getSkipCount(), paging.getMaxItems());
int totalCount = (int) query.count();
List<Deployment> page = new ArrayList<Deployment>(deployments.size());
for (org.activiti.engine.repository.Deployment deployment : deployments) {
page.add(new Deployment(deployment));
}
return CollectionWithPagingInfo.asPaged(paging, page, (page.size() + paging.getSkipCount()) < totalCount, totalCount);
}
use of org.alfresco.rest.framework.core.exceptions.PermissionDeniedException in project alfresco-remote-api by Alfresco.
the class DeletedNodesImpl method restoreArchivedNode.
@Override
public Node restoreArchivedNode(String archivedId, NodeTargetAssoc nodeTargetAssoc) {
// First check the node is valid and has been archived.
NodeRef validatedNodeRef = nodes.validateNode(StoreRef.STORE_REF_ARCHIVE_SPACESSTORE, archivedId);
RestoreNodeReport restored = null;
if (nodeTargetAssoc != null) {
NodeRef targetNodeRef = new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, nodeTargetAssoc.getTargetParentId());
QName assocType = nodes.getAssocType(nodeTargetAssoc.getAssocType());
restored = nodeArchiveService.restoreArchivedNode(validatedNodeRef, targetNodeRef, assocType, null);
} else {
restored = nodeArchiveService.restoreArchivedNode(validatedNodeRef);
}
switch(restored.getStatus()) {
case SUCCESS:
return nodes.getFolderOrDocumentFullInfo(restored.getRestoredNodeRef(), null, null, null, null);
case FAILURE_PERMISSION:
throw new PermissionDeniedException();
case FAILURE_INTEGRITY:
throw new IntegrityException("Restore failed due to an integrity error", null);
case FAILURE_DUPLICATE_CHILD_NODE_NAME:
throw new ConstraintViolatedException("Name already exists in target");
case FAILURE_INVALID_ARCHIVE_NODE:
throw new EntityNotFoundException(archivedId);
case FAILURE_INVALID_PARENT:
throw new NotFoundException("Invalid parent id " + restored.getTargetParentNodeRef());
default:
throw new ApiException("Unable to restore node " + archivedId);
}
}
use of org.alfresco.rest.framework.core.exceptions.PermissionDeniedException in project alfresco-remote-api by Alfresco.
the class PeopleImpl method create.
@Override
public Person create(Person person) {
validateCreatePersonData(person);
if (!isAdminAuthority()) {
// hence next block would cause 409 to be returned)
throw new PermissionDeniedException();
}
// no sensible way to know that it was thrown due to the user already existing - hence this check here.
if (personService.personExists(person.getUserName())) {
throw new ConstraintViolatedException("Person '" + person.getUserName() + "' already exists.");
}
// set enabled default value true
if (person.isEnabled() == null) {
person.setEnabled(true);
}
Map<QName, Serializable> props = person.toProperties();
MutableAuthenticationService mas = (MutableAuthenticationService) authenticationService;
mas.createAuthentication(person.getUserName(), person.getPassword().toCharArray());
mas.setAuthenticationEnabled(person.getUserName(), person.isEnabled());
// Add custom properties
if (person.getProperties() != null) {
Map<String, Object> customProps = person.getProperties();
props.putAll(nodes.mapToNodeProperties(customProps));
}
NodeRef nodeRef = personService.createPerson(props);
// Add custom aspects
nodes.addCustomAspects(nodeRef, person.getAspectNames(), EXCLUDED_ASPECTS);
// and store the content URL in ContentModel.PROP_PERSONDESC
if (person.getDescription() != null) {
savePersonDescription(person.getDescription(), nodeRef);
}
// Return a fresh retrieval
return getPerson(person.getUserName());
}
use of org.alfresco.rest.framework.core.exceptions.PermissionDeniedException in project alfresco-remote-api by Alfresco.
the class QuickShareLinksImpl method create.
/**
* Create quick share.
* <p>
* Requires authenticated access.
*
* @param nodeIds
* @param parameters
* @return
*/
public List<QuickShareLink> create(List<QuickShareLink> nodeIds, Parameters parameters) {
checkEnabled();
List<QuickShareLink> result = new ArrayList<>(nodeIds.size());
List<String> includeParam = parameters != null ? parameters.getInclude() : Collections.<String>emptyList();
for (QuickShareLink qs : nodeIds) {
String nodeId = qs.getNodeId();
if (nodeId == null) {
throw new InvalidArgumentException("A valid nodeId must be specified !");
}
NodeRef nodeRef = new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, nodeId);
try {
// Note: will throw InvalidNodeRefException (=> 404) if node does not exist
String sharedId = (String) nodeService.getProperty(nodeRef, QuickShareModel.PROP_QSHARE_SHAREDID);
if (sharedId != null) {
throw new ConstraintViolatedException("sharedId already exists: " + nodeId + " [" + sharedId + "]");
}
// Note: since we already check node exists above, we can assume that InvalidNodeRefException (=> 404) here means not content (see type check)
try {
QuickShareDTO qsDto = quickShareService.shareContent(nodeRef, qs.getExpiresAt());
result.add(getQuickShareInfo(qsDto.getId(), false, includeParam));
} catch (InvalidNodeRefException inre) {
throw new InvalidArgumentException("Unable to create shared link to non-file content: " + nodeId);
} catch (QuickShareLinkExpiryActionException ex) {
throw new InvalidArgumentException(ex.getMessage());
}
} catch (AccessDeniedException ade) {
throw new PermissionDeniedException("Unable to create shared link to node that does not exist: " + nodeId);
} catch (InvalidNodeRefException inre) {
logger.warn("Unable to create shared link: [" + nodeRef + "]");
throw new EntityNotFoundException(nodeId);
}
}
return result;
}
use of org.alfresco.rest.framework.core.exceptions.PermissionDeniedException in project alfresco-remote-api by Alfresco.
the class SiteMembershipRequestsImpl method approveSiteMembershipRequest.
@Override
public void approveSiteMembershipRequest(String siteId, String inviteeId, SiteMembershipApproval siteMembershipApproval) {
SiteInfo siteInfo = sites.validateSite(siteId);
if (siteInfo == null) {
throw new EntityNotFoundException(siteId);
}
// Set the site id to the short name (to deal with case sensitivity issues with
// using the siteId from the url)
siteId = siteInfo.getShortName();
// Validate invitation.
Invitation invitation = getSiteInvitation(inviteeId, siteId);
if (invitation == null || !(invitation instanceof ModeratedInvitation)) {
throw new RelationshipResourceNotFoundException(siteId, inviteeId);
}
ModeratedInvitation moderatedInvitation = (ModeratedInvitation) invitation;
ResourceType resourceType = moderatedInvitation.getResourceType();
if (!resourceType.equals(ResourceType.WEB_SITE) || !SiteVisibility.MODERATED.equals(siteInfo.getVisibility())) {
// note: security, no indication that this has a different visibility
throw new RelationshipResourceNotFoundException(siteId, inviteeId);
}
try {
invitationService.approve(invitation.getInviteId(), "");
} catch (InvitationExceptionForbidden ex) {
throw new PermissionDeniedException();
}
// approval role differs from default one.
if (siteMembershipApproval != null && !(siteMembershipApproval.getRole() == null || siteMembershipApproval.getRole().isEmpty())) {
String role = siteMembershipApproval.getRole();
// Check if role chosen by moderator differs from the invite role.
if (!moderatedInvitation.getRoleName().equals(role)) {
String currentUserId = AuthenticationUtil.getFullyAuthenticatedUser();
// Update invitation with new role.
try {
addSiteMembership(invitation.getInviteeUserName(), siteId, role, currentUserId);
} catch (UnknownAuthorityException e) {
logger.debug("addSiteMember: UnknownAuthorityException " + siteId + " person " + invitation.getInviteId() + " role " + role);
throw new InvalidArgumentException("Unknown role '" + role + "'");
}
}
}
}
Aggregations