Examples with UserRequest org.olat.core.gui.UserRequest used on opensource projects

Example 46 with UserRequest

use of org.olat.core.gui.UserRequest in project OpenOLAT by OpenOLAT.

the class RestApiLoginFilter method followWithoutAuthentication.

private void followWithoutAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
    UserSession uress = CoreSpringFactory.getImpl(UserSessionManager.class).getUserSessionIfAlreadySet(request);
    if (uress != null && uress.isAuthenticated()) {
        // is authenticated by session cookie, follow its current session
        followSession(request, response, chain);
        return;
    }
    String token = request.getHeader(RestSecurityHelper.SEC_TOKEN);
    RestSecurityBean securityBean = (RestSecurityBean) CoreSpringFactory.getBean(RestSecurityBean.class);
    if (StringHelper.containsNonWhitespace(token) && securityBean.isTokenRegistrated(token, request.getSession(true))) {
        // is authenticated by token, follow its current token
        followToken(token, request, response, chain);
        return;
    }
    // fxdiff FXOLAT-113: business path in DMZ
    UserRequest ureq = null;
    try {
        // upon creation URL is checked for
        String requestURI = request.getRequestURI();
        ureq = new UserRequestImpl(requestURI, request, response);
    } catch (NumberFormatException nfe) {
        response.sendError(401);
        return;
    }
    request.setAttribute(RestSecurityHelper.SEC_USER_REQUEST, ureq);
    // no authentication, but no authentication needed, go further
    chain.doFilter(request, response);
}

Example 47 with UserRequest

use of org.olat.core.gui.UserRequest in project OpenOLAT by OpenOLAT.

the class RestSecurityHelper method isAuthorEditor.

public static boolean isAuthorEditor(ICourse course, HttpServletRequest request) {
    try {
        Roles roles = getRoles(request);
        if (roles.isOLATAdmin())
            return true;
        if (roles.isAuthor()) {
            UserRequest ureq = getUserRequest(request);
            Identity identity = ureq.getIdentity();
            CourseGroupManager cgm = course.getCourseEnvironment().getCourseGroupManager();
            return cgm.isIdentityCourseAdministrator(identity) || cgm.hasRight(identity, CourseRights.RIGHT_COURSEEDITOR);
        }
        return false;
    } catch (Exception e) {
        return false;
    }
}

Example 48 with UserRequest

use of org.olat.core.gui.UserRequest in project OpenOLAT by OpenOLAT.

the class LearningGroupWebService method removeTutor.

/**
 * Removes the owner from the group.
 * @response.representation.200.doc The user is removed as owner from the group
 * @response.representation.401.doc The roles of the authenticated user are not sufficient
 * @response.representation.404.doc The business group or the user cannot be found
 * @param groupKey The key of the group
 * @param identityKey The user's id
 * @param request The HTTP request
 * @return
 */
@DELETE
@Path("{groupKey}/owners/{identityKey}")
public Response removeTutor(@PathParam("groupKey") Long groupKey, @PathParam("identityKey") Long identityKey, @Context HttpServletRequest request) {
    try {
        if (!isGroupManager(request)) {
            return Response.serverError().status(Status.UNAUTHORIZED).build();
        }
        final UserRequest ureq = RestSecurityHelper.getUserRequest(request);
        final BusinessGroupService bgs = CoreSpringFactory.getImpl(BusinessGroupService.class);
        final BusinessGroup group = bgs.loadBusinessGroup(groupKey);
        final Identity identity = BaseSecurityManager.getInstance().loadIdentityByKey(identityKey, false);
        if (identity == null || group == null) {
            return Response.serverError().status(Status.NOT_FOUND).build();
        }
        bgs.removeOwners(ureq.getIdentity(), Collections.singletonList(identity), group);
        return Response.ok().build();
    } catch (Exception e) {
        log.error("Trying to remove an owner to a group", e);
        return Response.serverError().status(Status.INTERNAL_SERVER_ERROR).build();
    }
}

Example 49 with UserRequest

use of org.olat.core.gui.UserRequest in project OpenOLAT by OpenOLAT.

the class LearningGroupWebService method removeParticipant.

/**
 * Removes a participant from the group.
 * @response.representation.200.doc The user is remove from the group as participant
 * @response.representation.401.doc The roles of the authenticated user are not sufficient
 * @response.representation.404.doc The business group or the user cannot be found
 * @param groupKey The key of the group
 * @param identityKey The id of the user
 * @param request The HTTP request
 * @return
 */
@DELETE
@Path("{groupKey}/participants/{identityKey}")
public Response removeParticipant(@PathParam("groupKey") Long groupKey, @PathParam("identityKey") Long identityKey, @Context HttpServletRequest request) {
    try {
        if (!isGroupManager(request)) {
            return Response.serverError().status(Status.UNAUTHORIZED).build();
        }
        final UserRequest ureq = RestSecurityHelper.getUserRequest(request);
        final BusinessGroupService bgs = CoreSpringFactory.getImpl(BusinessGroupService.class);
        final BusinessGroup group = bgs.loadBusinessGroup(groupKey);
        final Identity identity = BaseSecurityManager.getInstance().loadIdentityByKey(identityKey, false);
        if (identity == null || group == null) {
            return Response.serverError().status(Status.NOT_FOUND).build();
        }
        bgs.removeParticipants(ureq.getIdentity(), Collections.singletonList(identity), group, null);
        return Response.ok().build();
    } catch (Exception e) {
        log.error("Trying to remove a participant to a group", e);
        return Response.serverError().status(Status.INTERNAL_SERVER_ERROR).build();
    }
}

Example 50 with UserRequest

use of org.olat.core.gui.UserRequest in project OpenOLAT by OpenOLAT.

the class LearningGroupWebService method addTutor.

/**
 * Adds an owner to the group.
 * @response.representation.200.doc The user is added as owner of the group
 * @response.representation.401.doc The roles of the authenticated user are not sufficient
 * @response.representation.404.doc The business group or the user cannot be found
 * @param groupKey The key of the group
 * @param identityKey The user's id
 * @param request The HTTP request
 * @return
 */
@PUT
@Path("{groupKey}/owners/{identityKey}")
public Response addTutor(@PathParam("groupKey") Long groupKey, @PathParam("identityKey") Long identityKey, @Context HttpServletRequest request) {
    try {
        if (!isGroupManager(request)) {
            return Response.serverError().status(Status.UNAUTHORIZED).build();
        }
        final UserRequest ureq = RestSecurityHelper.getUserRequest(request);
        final BusinessGroupService bgs = CoreSpringFactory.getImpl(BusinessGroupService.class);
        final BusinessGroup group = bgs.loadBusinessGroup(groupKey);
        final Identity identity = BaseSecurityManager.getInstance().loadIdentityByKey(identityKey, false);
        if (identity == null || group == null) {
            return Response.serverError().status(Status.NOT_FOUND).build();
        }
        bgs.addOwners(ureq.getIdentity(), ureq.getUserSession().getRoles(), Collections.singletonList(identity), group, null);
        return Response.ok().build();
    } catch (Exception e) {
        log.error("Trying to add an owner to a group", e);
        return Response.serverError().status(Status.INTERNAL_SERVER_ERROR).build();
    }
}