Examples with PermissionException org.jbei.ice.lib.access.PermissionException used on opensource projects

Example 36 with PermissionException

use of org.jbei.ice.lib.access.PermissionException in project ice by JBEI.

the class Groups method update.

public boolean update(long groupId, UserGroup userGroup) {
    Group group = dao.get(groupId);
    if (group == null) {
        return false;
    }
    if (group.getType() == GroupType.PUBLIC && !accountController.isAdministrator(userId)) {
        String errMsg = "Non admin " + userId + " attempting to update public group";
        Logger.error(errMsg);
        throw new PermissionException(errMsg);
    }
    group.setLabel(userGroup.getLabel());
    group.setDescription(userGroup.getDescription());
    group.setAutoJoin(userGroup.isAutoJoin());
    group = dao.update(group);
    setGroupMembers(group, userGroup.getMembers(), userGroup.getRemoteMembers());
    return true;
}

Example 37 with PermissionException

use of org.jbei.ice.lib.access.PermissionException in project ice by JBEI.

the class Groups method getGroupMembers.

/**
 * Retrieves both local and remote members of the specified group if the user making the request
 * has the appropriate permissions
 *
 * @param groupId unique local identifier of group
 * @return information about specified group including remote and local members
 * @throws PermissionException if the user does not have read permissions
 */
public UserGroup getGroupMembers(long groupId) {
    Group group = dao.get(groupId);
    if (group == null)
        return null;
    if (group.getType() == GroupType.PUBLIC) {
        if (!accountController.isAdministrator(userId))
            throw new PermissionException("Administrative privileges required");
    } else if (!userId.equalsIgnoreCase(group.getOwner().getEmail())) {
        Account account = accountDAO.getByEmail(this.userId);
        if (account.getType() != AccountType.ADMIN)
            throw new PermissionException("Missing required permissions");
    }
    UserGroup userGroup = group.toDataTransferObject();
    for (Account account : group.getMembers()) {
        userGroup.getMembers().add(account.toDataTransferObject());
    }
    // get remote members
    List<RemoteClientModel> clients = remoteClientModelDAO.getClientsForGroup(group);
    for (RemoteClientModel clientModel : clients) {
        userGroup.getRemoteMembers().add(clientModel.toDataTransferObject());
    }
    return userGroup;
}

Example 38 with PermissionException

use of org.jbei.ice.lib.access.PermissionException in project ice by JBEI.

the class AnnotationResource method getFeatures.

/**
 * Retrieve list of annotations available.
 * Administrative privileges required
 *
 * @param offset paging start
 * @param limit  maximum number of results to return
 * @param sort   sort field
 * @param asc    sort order
 */
@GET
@Produces(MediaType.APPLICATION_JSON)
public Response getFeatures(@DefaultValue("0") @QueryParam("offset") final int offset, @DefaultValue("15") @QueryParam("limit") final int limit, @DefaultValue("created") @QueryParam("sort") final String sort, @DefaultValue("false") @QueryParam("asc") final boolean asc, @QueryParam("filter") String filter) {
    String userId = requireUserId();
    Annotations annotations = new Annotations(userId);
    try {
        if (filter != null && !filter.isEmpty())
            return super.respond(annotations.filter(offset, limit, filter));
        return super.respond(annotations.get(offset, limit, sort));
    } catch (PermissionException pe) {
        throw new WebApplicationException(Response.Status.FORBIDDEN);
    }
}

Example 39 with PermissionException

use of org.jbei.ice.lib.access.PermissionException in project ice by JBEI.

the class Sequences method getRequestedSequence.

// responds to remote requested entry sequence
public FeaturedDNASequence getRequestedSequence(RegistryPartner requestingPartner, String remoteUserId, String token, String entryId, long folderId) {
    Entry entry = hasEntry.getEntry(entryId);
    if (entry == null)
        return null;
    // see folderContents.getRemotelySharedContents
    // todo : fold this into folder authorization and/or entry authorization
    // folder that the entry is contained in
    Folder folder = DAOFactory.getFolderDAO().get(folderId);
    RemotePartner remotePartner = DAOFactory.getRemotePartnerDAO().getByUrl(requestingPartner.getUrl());
    // check that the remote user has the right token
    Permission shareModel = DAOFactory.getPermissionDAO().get(remoteUserId, remotePartner, folder);
    if (shareModel == null) {
        Logger.error("Could not retrieve share model");
        return null;
    }
    if (shareModel.getFolder().getId() != folderId) {
        String msg = "Shared folder does not match folder being requested";
        Logger.error(msg);
        throw new PermissionException(msg);
    }
    // validate access token
    TokenHash tokenHash = new TokenHash();
    String secret = tokenHash.encrypt(folderId + remotePartner.getUrl() + remoteUserId, token);
    if (!secret.equals(shareModel.getSecret())) {
        throw new PermissionException("Secret does not match");
    }
    // check that entry id is contained in folder
    return getFeaturedSequence(entry, shareModel.isCanWrite());
}

Example 40 with PermissionException

use of org.jbei.ice.lib.access.PermissionException in project ice by JBEI.

the class FolderContents method removeFolderContents.

/**
 * Removes the specified contents of a folder, optionally adding them to another folder
 *
 * @param userId    unique identifier for user making request
 * @param folderId  unique identifier for folder whose (specified) entries are being removed
 * @param selection wrapper around the selection context for the contents
 * @param move      true, if the contents are to be added to another (set of) folder(s) (which should be specified in
 *                  <code>selection</code> parameter)
 * @return true, if action completed successfully; false otherwise
 */
public boolean removeFolderContents(String userId, long folderId, EntrySelection selection, boolean move) {
    // remove entries from specified folder
    boolean isAdministrator = accountController.isAdministrator(userId);
    Folder folder = folderDAO.get(folderId);
    if (folder.getType() == FolderType.PUBLIC && !isAdministrator) {
        String errMsg = userId + ": cannot modify folder " + folder.getName();
        throw new PermissionException(errMsg);
    }
    Entries entries = new Entries(userId);
    List<Long> entryIds = entries.getEntriesFromSelectionContext(selection);
    boolean successRemove = folderDAO.removeFolderEntries(folder, entryIds) != null;
    if (!move)
        return successRemove;
    // add to specified folder
    selection.setFolderId(Long.toString(folderId));
    List<FolderDetails> details = addEntrySelection(userId, selection);
    return !details.isEmpty();
}