Examples with OperationForbiddenException org.eclipse.vorto.repository.services.exceptions.OperationForbiddenException used on opensource projects

Example 1 with OperationForbiddenException

use of org.eclipse.vorto.repository.services.exceptions.OperationForbiddenException in project vorto by eclipse.

the class ModelRepositoryController method getUserModels.

// ##################### Downloads ################################
@GetMapping(value = { "/mine/download" })
public void getUserModels(Principal principal, final HttpServletResponse response) {
    List<ModelId> userModels = Lists.newArrayList();
    User user = accountService.getUser(principal.getName());
    Collection<Namespace> namespaces = null;
    try {
        namespaces = userNamespaceRoleService.getNamespaces(user, user);
    } catch (OperationForbiddenException | DoesNotExistException e) {
        LOGGER.error(e.getMessage(), e);
    }
    for (Namespace namespace : namespaces) {
        IModelRepository modelRepo = getModelRepository(namespace.getWorkspaceId());
        List<ModelInfo> modelInfos = modelRepo.search(String.format("author:%s", user.getUsername()));
        List<ModelId> modelIds = modelInfos.stream().map(modelInfo -> modelInfo.getId()).collect(Collectors.toList());
        userModels.addAll(modelIds);
    }
    LOGGER.info("Exporting information models for user - results: " + userModels.size());
    sendAsZipFile(response, user.getUsername() + "-models.zip", getModelsAndDependencies(userModels));
}

Example 2 with OperationForbiddenException

use of org.eclipse.vorto.repository.services.exceptions.OperationForbiddenException in project vorto by eclipse.

the class AccountController method deleteUserAccount.

@DeleteMapping("/rest/accounts/{username:.+}")
@PreAuthorize("hasAuthority('sysadmin') or hasPermission(#username,'user:delete')")
public ResponseEntity<Void> deleteUserAccount(@PathVariable("username") final String username) {
    try {
        IUserContext userContext = UserContext.user(SecurityContextHolder.getContext().getAuthentication());
        userService.delete(userContext.getUsername(), username);
        return new ResponseEntity<>(HttpStatus.NO_CONTENT);
    } catch (OperationForbiddenException ofe) {
        return new ResponseEntity<>(HttpStatus.FORBIDDEN);
    } catch (DoesNotExistException dnee) {
        return new ResponseEntity<>(HttpStatus.NOT_FOUND);
    }
}

Example 3 with OperationForbiddenException

use of org.eclipse.vorto.repository.services.exceptions.OperationForbiddenException in project vorto by eclipse.

the class NamespaceController method getCollaboratorsByNamespace.

/**
 * @param namespace
 * @return all users of a given namespace, if the user acting the call has either administrative rights on the namespace, or on the repository.
 */
@RequestMapping(method = RequestMethod.GET, value = "/{namespace:.+}/users")
@PreAuthorize("isAuthenticated()")
public ResponseEntity<Collection<Collaborator>> getCollaboratorsByNamespace(@ApiParam(value = "namespace", required = true) @PathVariable String namespace) {
    Collection<Collaborator> collaborators = new HashSet<>();
    try {
        IUserContext userContext = UserContext.user(SecurityContextHolder.getContext().getAuthentication());
        collaborators = EntityDTOConverter.createCollaborators(userNamespaceRoleService.getRolesByUser(userContext.getUsername(), namespace));
        return new ResponseEntity<>(collaborators, HttpStatus.OK);
    } catch (OperationForbiddenException ofe) {
        return new ResponseEntity<>(collaborators, HttpStatus.FORBIDDEN);
    } catch (DoesNotExistException d) {
        return new ResponseEntity<>(collaborators, HttpStatus.NOT_FOUND);
    }
}

Example 4 with OperationForbiddenException

use of org.eclipse.vorto.repository.services.exceptions.OperationForbiddenException in project vorto by eclipse.

the class NamespaceController method getAllNamespacesForLoggedUser.

/**
 * @return all namespaces the logged on user has access to.
 */
@RequestMapping(method = RequestMethod.GET, value = "/all")
@PreAuthorize("isAuthenticated()")
public ResponseEntity<Collection<NamespaceDto>> getAllNamespacesForLoggedUser() {
    IUserContext userContext = UserContext.user(SecurityContextHolder.getContext().getAuthentication());
    Collection<NamespaceDto> namespaces = new TreeSet<>(Comparator.comparing(NamespaceDto::getName));
    try {
        for (Map.Entry<Namespace, Map<User, Collection<IRole>>> entry : userNamespaceRoleService.getNamespacesCollaboratorsAndRoles(userContext.getUsername(), userContext.getUsername(), "namespace_admin").entrySet()) {
            namespaces.add(EntityDTOConverter.createNamespaceDTO(entry.getKey(), entry.getValue()));
        }
    } catch (OperationForbiddenException ofe) {
        return new ResponseEntity<>(namespaces, HttpStatus.FORBIDDEN);
    } catch (DoesNotExistException d) {
        return new ResponseEntity<>(namespaces, HttpStatus.NOT_FOUND);
    }
    return new ResponseEntity<>(namespaces, HttpStatus.OK);
}

Example 5 with OperationForbiddenException

use of org.eclipse.vorto.repository.services.exceptions.OperationForbiddenException in project vorto by eclipse.

the class UserService method delete.

/**
 * Deletes the given {@link User} and their namespace-role associations, as acted by the given
 * acting {@link User}.<br/>
 * This can fail for a number of reasons:
 * <ul>
 *   <li>
 *     The acting {@link User} does not have the {@literal sysadmin} repository role, or is not
 *     the same {@link User} as the target.
 *   </li>
 *   <li>
 *     The target {@link User} owns a {@link org.eclipse.vorto.repository.domain.Namespace} - in
 *     which case, ownership should be given to another {@link User} before deleting.
 *   </li>
 *   <li>
 *     The target {@link User} is the only one listed with namespace role {@literal namespace_admin}
 *     on one or more {@link org.eclipse.vorto.repository.domain.Namespace}s - in which case, the
 *     role should be given to at least one other {@link User} before deleting.
 *   </li>
 * </ul>
 * Failures above will throw checked exceptions. <br/>
 * It is also possible that this method will fail by returning {@code false}, should the target
 * {@link User} simply not exist.
 *
 * @param actor
 * @param target
 * @return
 */
@Transactional(rollbackFor = { OperationForbiddenException.class, DoesNotExistException.class })
public boolean delete(User actor, User target) throws OperationForbiddenException, DoesNotExistException {
    // boilerplate null validation
    ServiceValidationUtil.validateNulls(actor, target);
    if (cache.withUser(target).getUser() == null) {
        LOGGER.info("Attempting to delete a user that does not exist. ");
        return false;
    }
    // authorizing actor
    userUtil.authorizeActorAsTargetOrSysadmin(actor, target);
    // checking if only admin in any namespace
    if (userNamespaceRoleService.isOnlyAdminInAnyNamespace(actor, target)) {
        throw new OperationForbiddenException("User is the only administrator of at least one namespace - aborting delete operation.");
    }
    // retrieving namespaces target manages
    Collection<Namespace> namespacesManagedByTarget = userNamespaceRoleService.getNamespacesAndRolesByUser(actor, target).entrySet().stream().filter(e -> e.getValue().contains(userNamespaceRoleService.namespaceAdminRole())).map(Entry::getKey).collect(Collectors.toSet());
    // target owns at least one namespace - failing
    if (!namespacesManagedByTarget.isEmpty()) {
        throw new OperationForbiddenException("User is administrator in at least one namespace. Ownership must change before user can be deleted. Aborting operation.");
    }
    // collecting target user's e-mail address if any
    DeleteAccountMessage message = null;
    if (target.hasEmailAddress()) {
        message = new DeleteAccountMessage(target);
    }
    // firstly, publish the user deleted event - this way, the models are all anonymized while the
    // user and their namespace associations are still there
    eventPublisher.publishEvent(new AppEvent(this, target.getUsername(), EventType.USER_DELETED));
    // then, retrie namespaces where target has any role
    Collection<Namespace> namespacesWhereTargetHasAnyRole = userNamespaceRoleService.getNamespaces(actor, target);
    // and remove association for all namespaces
    for (Namespace namespace : namespacesWhereTargetHasAnyRole) {
        userNamespaceRoleService.deleteAllRoles(actor, target, namespace, false);
    }
    // finally, delete target user
    userRepository.delete(target);
    // and send them a message if possible
    if (message != null) {
        notificationService.sendNotification(message);
    }
    return true;
}