Examples with PermissionException - org.neusoft.neubbs.exception.PermissionException

Example 1 with PermissionException

use of org.neusoft.neubbs.exception.PermissionException in project neubbs by nuitcoder.

the class ApiTestUtil method testApiThrowNoPermissionException.

/**
 * 访问 api，抛出用户无权限异常
 *      - 主要测试三个权限: @LoginAuthorization @AccountActivation @AdminRank
 *      - 若未抛出指定异常，则可能访问到空页面（Controller 的接口设定了访问限制，例如：consumes 和 参数列表）
 *
 * @param apiUrl api地址
 * @param requestMethod http请求方式
 * @param user 用户对象（用于构建Cookie）
 */
void testApiThrowNoPermissionException(String apiUrl, RequestMethod requestMethod, UserDO user) {
    // set post | get
    MockHttpServletRequestBuilder mockRequest = MockMvcRequestBuilders.get(apiUrl);
    if (RequestMethod.POST.equals(requestMethod)) {
        mockRequest = MockMvcRequestBuilders.post(apiUrl);
    }
    // set content type
    mockRequest.contentType(MediaType.APPLICATION_JSON);
    // upload file type, to change http request
    if (apiUrl.contains("/api/file/")) {
        mockRequest = MockMvcRequestBuilders.fileUpload(apiUrl).file(new MockMultipartFile("avatarImageFile", "testAvatarFile.jpg", "image/jpg", new byte[0]));
        mockRequest.contentType(MediaType.MULTIPART_FORM_DATA_VALUE);
    }
    if (user != null) {
        mockRequest.cookie(new Cookie(ParamConst.AUTHENTICATION, SecretUtil.generateUserInfoToken(user)));
    }
    try {
        mockMvc.perform(mockRequest.accept(MediaType.APPLICATION_JSON)).andExpect(MockMvcResultMatchers.jsonPath("$.success").value(false)).andExpect(MockMvcResultMatchers.jsonPath("$.message").value(ApiMessage.NO_PERMISSION)).andExpect(MockMvcResultMatchers.jsonPath("$.model").value(CoreMatchers.notNullValue()));
    } catch (NestedServletException ne) {
        Assert.assertTrue(ne.getRootCause() instanceof PermissionException);
        // the account no activated
        if (user != null && user.getState() == SetConst.ACCOUNT_NO_ACTIVATED_STATE) {
            Assert.assertEquals(ApiMessage.NO_ACTIVATE, ne.getRootCause().getMessage());
        } else {
            Assert.assertEquals(ApiMessage.NO_PERMISSION, ne.getRootCause().getMessage());
        }
    } catch (Exception e) {
        e.printStackTrace();
        throw new RuntimeException("no throw expected exception");
    }
}

Also used : MockMultipartFile(org.springframework.mock.web.MockMultipartFile) Cookie(javax.servlet.http.Cookie) PermissionException(org.neusoft.neubbs.exception.PermissionException) NestedServletException(org.springframework.web.util.NestedServletException) MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) PermissionException(org.neusoft.neubbs.exception.PermissionException) NestedServletException(org.springframework.web.util.NestedServletException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 2 with PermissionException

use of org.neusoft.neubbs.exception.PermissionException in project neubbs by nuitcoder.

the class ApiInterceptor method doAdminRank.

/**
 * 执行管理员权限验证
 *      - 判断 api 函数是否标识 @AdminRank
 *      - 判断是否存在 authentication Cookie（不存在表明未登陆, 未登录无权操作）
 *      - 判断 authentication Cookie 是否解密成功（解密失败，表示认认证信息已经过期）
 *      - 从认证信息内获取用户信息，判断用户权限
 *
 * @param request http 请求
 * @param handler 方法对象
 */
private void doAdminRank(HttpServletRequest request, Object handler) throws ServiceException {
    HandlerMethod handlerMethod = (HandlerMethod) handler;
    if (handlerMethod.getMethodAnnotation(AdminRank.class) != null) {
        String authentication = CookieUtil.getCookieValue(request, ParamConst.AUTHENTICATION);
        UserDO currentUser = this.judgeAuthentication(authentication);
        // judge user rank
        if (!SetConst.RANK_ADMIN.equals(currentUser.getRank())) {
            throw new PermissionException(ApiMessage.NO_PERMISSION).log(LogWarnEnum.AT3);
        }
    }
}

Also used : PermissionException(org.neusoft.neubbs.exception.PermissionException) AdminRank(org.neusoft.neubbs.controller.annotation.AdminRank) UserDO(org.neusoft.neubbs.entity.UserDO) HandlerMethod(org.springframework.web.method.HandlerMethod)

Example 3 with PermissionException

use of org.neusoft.neubbs.exception.PermissionException in project neubbs by nuitcoder.

the class ApiInterceptor method doAccountActivation.

/**
 * 执行账户激活验证
 *      - 判断 api 函数是否标识 @AccountActivation
 *      - 判断是否存在 authentication Cookie（不存在表明未登陆, 未登录无权操作）
 *      - 判断 authentication Cookie 是否解密成功（解密失败，表示认认证信息已经过期）
 *      - 从认证信息内获取用户信息，判断用户激活状态
 *
 * @param request http 请求
 * @param handler 方法对象
 */
private void doAccountActivation(HttpServletRequest request, Object handler) throws ServiceException {
    HandlerMethod handlerMethod = (HandlerMethod) handler;
    if (handlerMethod.getMethodAnnotation(AccountActivation.class) != null) {
        String authentication = CookieUtil.getCookieValue(request, ParamConst.AUTHENTICATION);
        UserDO currentUser = this.judgeAuthentication(authentication);
        // judge user state
        if (currentUser.getState() == SetConst.ACCOUNT_NO_ACTIVATED_STATE) {
            throw new PermissionException(ApiMessage.NO_ACTIVATE).log(LogWarnEnum.US17);
        }
    }
}

Also used : AccountActivation(org.neusoft.neubbs.controller.annotation.AccountActivation) PermissionException(org.neusoft.neubbs.exception.PermissionException) UserDO(org.neusoft.neubbs.entity.UserDO) HandlerMethod(org.springframework.web.method.HandlerMethod)

Aggregations

PermissionException (org.neusoft.neubbs.exception.PermissionException)3 UserDO (org.neusoft.neubbs.entity.UserDO)2 HandlerMethod (org.springframework.web.method.HandlerMethod)2 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 Cookie (javax.servlet.http.Cookie)1 AccountActivation (org.neusoft.neubbs.controller.annotation.AccountActivation)1 AdminRank (org.neusoft.neubbs.controller.annotation.AdminRank)1 MockMultipartFile (org.springframework.mock.web.MockMultipartFile)1 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)1 NestedServletException (org.springframework.web.util.NestedServletException)1