use of org.apache.cxf.rs.security.oauth.data.OAuthPermission in project tesb-rt-se by Talend.
the class ThirdPartyAccessService method updateCalendar.
@POST
public void updateCalendar(@FormParam("hour") int hour, @FormParam("description") String description) {
// This permission check can be done in a custom filter; it can be simpler to do
// in the actual service code if the context data (such as an hour in this case)
// are not available in the request URI but in the message payload
OAuthContext oauth = getOAuthContext();
List<OAuthPermission> perms = oauth.getPermissions();
boolean checkPassed = false;
for (OAuthPermission perm : perms) {
if (perm.getPermission().startsWith(OAuthConstants.UPDATE_CALENDAR_SCOPE)) {
int authorizedHour = Integer.valueOf(perm.getPermission().substring(OAuthConstants.UPDATE_CALENDAR_SCOPE.length()));
if (authorizedHour == hour) {
checkPassed = true;
}
}
}
if (!checkPassed) {
throw new WebApplicationException(403);
}
// end of the check
Calendar calendar = getUserCalendar();
calendar.getEntry(hour).setEventDescription(description);
}
Aggregations