Examples with ActionDeniedException org.craftercms.commons.security.exception.ActionDeniedException used on opensource projects

Example 1 with ActionDeniedException

use of org.craftercms.commons.security.exception.ActionDeniedException in project profile by craftercms.

the class TenantController method updateTenant.

@RequestMapping(value = URL_UPDATE_TENANT, method = RequestMethod.POST)
@ResponseBody
public Map<String, String> updateTenant(@RequestBody Tenant tenant) throws ProfileException {
    String name = tenant.getName();
    checkIfAllowed(name, Action.UPDATE_TENANT);
    Tenant currentTenant = tenantService.getTenant(name);
    if (currentTenant != null) {
        if (!currentTenant.getAvailableRoles().contains(AuthorizationUtils.SUPERADMIN_ROLE) && tenant.getAvailableRoles().contains(AuthorizationUtils.SUPERADMIN_ROLE)) {
            throw new ActionDeniedException(Action.UPDATE_TENANT.toString(), name);
        }
        if (currentTenant.getAvailableRoles().contains(AuthorizationUtils.SUPERADMIN_ROLE) && !tenant.getAvailableRoles().contains(AuthorizationUtils.SUPERADMIN_ROLE)) {
            throw new ActionDeniedException(Action.UPDATE_TENANT.toString(), name);
        }
        tenantService.updateTenant(tenant);
        return Collections.singletonMap(MODEL_MESSAGE, String.format(MSG_TENANT_UPDATED_FORMAT, name));
    } else {
        throw new ResourceNotFoundException("No tenant found with name '" + name + "'");
    }
}

Example 2 with ActionDeniedException

use of org.craftercms.commons.security.exception.ActionDeniedException in project commons by craftercms.

the class HasPermissionAnnotationHandler method checkPermissions.

// cortiz, OK permissionEvaluator.isAllowed
@SuppressWarnings("unchecked")
@Around("@within(org.craftercms.commons.security.permissions.annotations.HasPermission) || " + "@annotation(org.craftercms.commons.security.permissions.annotations.HasPermission)")
public Object checkPermissions(ProceedingJoinPoint pjp) throws Throwable {
    boolean allowed;
    Method method = AopUtils.getActualMethod(pjp);
    HasPermission hasPermission = getHasPermissionAnnotation(method, pjp);
    Class<?> type = hasPermission.type();
    String action = hasPermission.action();
    Object securedObject = getAnnotatedSecuredObject(method, pjp);
    PermissionEvaluator permissionEvaluator = permissionEvaluators.get(type);
    if (securedObject != null) {
        logger.debug(LOG_KEY_METHOD_INT, method, hasPermission, securedObject);
    } else {
        logger.debug(LOG_KEY_METHOD_INT_NO_SEC_OBJ, method, hasPermission);
    }
    if (permissionEvaluator == null) {
        throw new PermissionException(ERROR_KEY_EVALUATOR_NOT_FOUND, type);
    }
    try {
        allowed = permissionEvaluator.isAllowed(securedObject, action);
    } catch (PermissionException e) {
        throw new PermissionException(ERROR_KEY_EVALUATION_FAILED, e);
    }
    if (allowed) {
        return pjp.proceed();
    } else if (securedObject != null) {
        throw new ActionDeniedException(hasPermission.action(), securedObject);
    } else {
        throw new ActionDeniedException(hasPermission.action());
    }
}