Examples with ForbiddenException org.candlepin.common.exceptions.ForbiddenException used on opensource projects

Example 11 with ForbiddenException

use of org.candlepin.common.exceptions.ForbiddenException in project candlepin by candlepin.

the class OwnerProductResourceTest method testDeleteLockedProductFails.

@Test(expected = ForbiddenException.class)
public void testDeleteLockedProductFails() {
    Owner owner = this.createOwner("test_owner");
    Product product = this.createProduct("test_product", "test_product", owner);
    product.setLocked(true);
    this.productCurator.merge(product);
    assertNotNull(this.ownerProductCurator.getProductById(owner, product.getId()));
    try {
        this.ownerProductResource.deleteProduct(owner.getKey(), product.getId());
    } catch (ForbiddenException e) {
        assertNotNull(this.ownerProductCurator.getProductById(owner, product.getId()));
        throw e;
    }
}

Example 12 with ForbiddenException

use of org.candlepin.common.exceptions.ForbiddenException in project candlepin by candlepin.

the class OwnerProductResourceTest method testUpdateLockedProductFails.

@Test(expected = ForbiddenException.class)
public void testUpdateLockedProductFails() {
    Owner owner = this.createOwner("test_owner");
    Product product = this.createProduct("test_product", "test_product", owner);
    ProductDTO pdto = TestUtil.createProductDTO("test_product", "updated_name");
    product.setLocked(true);
    this.productCurator.merge(product);
    assertNotNull(this.ownerProductCurator.getProductById(owner, pdto.getId()));
    try {
        this.ownerProductResource.updateProduct(owner.getKey(), pdto.getId(), pdto);
    } catch (ForbiddenException e) {
        Product entity = this.ownerProductCurator.getProductById(owner, pdto.getId());
        ProductDTO expected = this.modelTranslator.translate(entity, ProductDTO.class);
        assertNotNull(entity);
        assertNotEquals(expected, pdto);
        throw e;
    }
}

Example 13 with ForbiddenException

use of org.candlepin.common.exceptions.ForbiddenException in project candlepin by candlepin.

the class OwnerProductResource method deleteProduct.

@ApiOperation(notes = "Removes a Product", value = "deleteProduct")
@ApiResponses({ @ApiResponse(code = 400, message = ""), @ApiResponse(code = 404, message = "") })
@DELETE
@Produces(MediaType.APPLICATION_JSON)
@Path("/{product_id}")
@Transactional
public void deleteProduct(@PathParam("owner_key") String ownerKey, @PathParam("product_id") String productId) {
    Owner owner = this.getOwnerByKey(ownerKey);
    Product product = this.fetchProduct(owner, productId);
    if (product.isLocked()) {
        throw new ForbiddenException(i18n.tr("product \"{0}\" is locked", product.getId()));
    }
    if (this.productCurator.productHasSubscriptions(owner, product)) {
        throw new BadRequestException(i18n.tr("Product with ID \"{0}\" cannot be deleted while subscriptions exist.", productId));
    }
    this.productManager.removeProduct(owner, product);
}

Example 14 with ForbiddenException

use of org.candlepin.common.exceptions.ForbiddenException in project candlepin by candlepin.

the class OwnerProductResource method addBatchContent.

@ApiOperation(notes = "Adds one or more Content entities to a Product", value = "addBatchContent")
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("/{product_id}/batch_content")
@Transactional
public ProductDTO addBatchContent(@PathParam("owner_key") String ownerKey, @PathParam("product_id") String productId, @ApiParam(name = "contentMap", required = true) Map<String, Boolean> contentMap) {
    Owner owner = this.getOwnerByKey(ownerKey);
    Product product = this.fetchProduct(owner, productId);
    Collection<ProductContent> productContent = new LinkedList<>();
    if (product.isLocked()) {
        throw new ForbiddenException(i18n.tr("product \"{0}\" is locked", product.getId()));
    }
    this.productCurator.lock(product);
    ProductDTO pdto = this.translator.translate(product, ProductDTO.class);
    // Impl note:
    // This is a wholely inefficient way of doing this. When we return to using ID-based linking
    // and we're not linking the universe with our model, we can just attach the IDs directly
    // without needing all this DTO conversion back and forth.
    // Alternatively, we can shut off Hibernate's auto-commit junk and get in the habit of
    // calling commit methods as necessary so we don't have to work with DTOs internally.
    boolean changed = false;
    for (Entry<String, Boolean> entry : contentMap.entrySet()) {
        Content content = this.fetchContent(owner, entry.getKey());
        boolean enabled = entry.getValue() != null ? entry.getValue() : ProductContent.DEFAULT_ENABLED_STATE;
        ContentDTO cdto = this.translator.translate(content, ContentDTO.class);
        changed |= pdto.addContent(cdto, enabled);
    }
    if (changed) {
        product = this.productManager.updateProduct(pdto, owner, true);
    }
    return this.translator.translate(product, ProductDTO.class);
}

Example 15 with ForbiddenException

use of org.candlepin.common.exceptions.ForbiddenException in project candlepin by candlepin.

the class OwnerResource method listPools.

/**
 * Retrieves a list of Pools for an Owner
 *
 * @param ownerKey id of the owner whose entitlement pools are sought.
 * @param matches Find pools matching the given pattern in a variety of fields.
 * * and ? wildcards are supported.
 * @return a list of Pool objects
 * @httpcode 400
 * @httpcode 404
 * @httpcode 200
 */
@GET
@Produces(MediaType.APPLICATION_JSON)
@Path("{owner_key}/pools")
@SuppressWarnings("checkstyle:indentation")
@ApiOperation(notes = "Retrieves a list of Pools for an Owner", value = "List Pools")
@ApiResponses({ @ApiResponse(code = 404, message = "Owner not found"), @ApiResponse(code = 400, message = "Invalid request") })
public List<PoolDTO> listPools(@PathParam("owner_key") @Verify(value = Owner.class, subResource = SubResource.POOLS) String ownerKey, @QueryParam("consumer") String consumerUuid, @QueryParam("activation_key") String activationKeyName, @QueryParam("product") String productId, @QueryParam("subscription") String subscriptionId, @ApiParam("Include pools that are not suited to the unit's facts.") @QueryParam("listall") @DefaultValue("false") boolean listAll, @ApiParam("Date to use as current time for lookup criteria. Defaults" + " to current date if not specified.") @QueryParam("activeon") @DefaultValue(DateFormat.NOW) @DateFormat Date activeOn, @ApiParam("Find pools matching the given pattern in a variety of fields;" + " * and ? wildcards are supported; may be specified multiple times") @QueryParam("matches") List<String> matches, @ApiParam("The attributes to return based on the specified types.") @QueryParam("attribute") @CandlepinParam(type = KeyValueParameter.class) List<KeyValueParameter> attrFilters, @ApiParam("When set to true, it will add future dated pools to the result, " + "based on the activeon date.") @QueryParam("add_future") @DefaultValue("false") boolean addFuture, @ApiParam("When set to true, it will return only future dated pools to the result, " + "based on the activeon date.") @QueryParam("only_future") @DefaultValue("false") boolean onlyFuture, @ApiParam("Will only return pools with a start date after the supplied date. " + "Overrides the activeOn date.") @QueryParam("after") @DateFormat Date after, @ApiParam("One or more pool IDs to use to filter the output; only pools with IDs matching " + "those provided will be returned; may be specified multiple times") @QueryParam("poolid") List<String> poolIds, @Context Principal principal, @Context PageRequest pageRequest) {
    Owner owner = findOwnerByKey(ownerKey);
    Consumer c = null;
    if (consumerUuid != null) {
        c = consumerCurator.findByUuid(consumerUuid);
        if (c == null) {
            throw new NotFoundException(i18n.tr("Unit: {0} not found", consumerUuid));
        }
        if (!c.getOwnerId().equals(owner.getId())) {
            throw new BadRequestException("Consumer specified does not belong to owner on path");
        }
        if (!principal.canAccess(c, SubResource.NONE, Access.READ_ONLY)) {
            throw new ForbiddenException(i18n.tr("User {0} cannot access consumer {1}", principal.getPrincipalName(), c.getUuid()));
        }
    }
    ActivationKey key = null;
    if (activationKeyName != null) {
        key = activationKeyCurator.lookupForOwner(activationKeyName, owner);
        if (key == null) {
            throw new BadRequestException(i18n.tr("ActivationKey with id {0} could not be found.", activationKeyName));
        }
    }
    if (addFuture && onlyFuture) {
        throw new BadRequestException(i18n.tr("The flags add_future and only_future cannot be used at the same time."));
    }
    if (after != null && (addFuture || onlyFuture)) {
        throw new BadRequestException(i18n.tr("The flags add_future and only_future cannot be used with the parameter after."));
    }
    if (after != null) {
        activeOn = null;
    }
    // Process the filters passed for the attributes
    PoolFilterBuilder poolFilters = new PoolFilterBuilder();
    for (KeyValueParameter filterParam : attrFilters) {
        poolFilters.addAttributeFilter(filterParam.key(), filterParam.value());
    }
    if (matches != null) {
        matches.stream().filter(elem -> elem != null && !elem.isEmpty()).forEach(elem -> poolFilters.addMatchesFilter(elem));
    }
    if (poolIds != null && !poolIds.isEmpty()) {
        poolFilters.addIdFilters(poolIds);
    }
    Page<List<Pool>> page = poolManager.listAvailableEntitlementPools(c, key, owner.getId(), productId, subscriptionId, activeOn, listAll, poolFilters, pageRequest, addFuture, onlyFuture, after);
    List<Pool> poolList = page.getPageData();
    calculatedAttributesUtil.setCalculatedAttributes(poolList, activeOn);
    calculatedAttributesUtil.setQuantityAttributes(poolList, c, activeOn);
    // Store the page for the LinkHeaderResponseFilter
    ResteasyProviderFactory.pushContext(Page.class, page);
    List<PoolDTO> poolDTOs = new ArrayList<>();
    for (Pool pool : poolList) {
        poolDTOs.add(translator.translate(pool, PoolDTO.class));
    }
    return poolDTOs;
}