Search in sources :

Example 1 with OLATSecurityException

use of org.olat.core.logging.OLATSecurityException in project OpenOLAT by OpenOLAT.

the class GlobalMapperRegistry method execute.

/**
 * @param hreq
 * @param hres
 */
@Override
public void execute(HttpServletRequest hreq, HttpServletResponse hres) throws IOException {
    String pathInfo = DispatcherModule.subtractContextPath(hreq);
    // e.g. 23423/bla/blu.html
    String subInfo = pathInfo.substring(DispatcherModule.PATH_GLOBAL_MAPPED.length());
    int slashPos = subInfo.indexOf('/');
    if (slashPos == -1) {
        DispatcherModule.sendNotFound("not found", hres);
        return;
    }
    // smappath e.g. org.olat.demo.DemoController
    String smappath = subInfo.substring(0, slashPos);
    Mapper m = pathToMapper.get(smappath);
    MediaResource mr;
    if (m == null) {
        // not mapped
        mr = NOTFOUND;
    } else {
        String mod = subInfo.substring(slashPos);
        // brasato:: can this happen at all, or does tomcat filter out - till now never reached - needs some little cpu cycles
        if (mod.indexOf("..") != -1)
            throw new OLATSecurityException("mapper path contained '..' : " + mod);
        // /bla/blu.html
        mr = m.handle(mod, hreq);
    }
    ServletUtil.serveResource(hreq, hres, mr);
}
Also used : OLATSecurityException(org.olat.core.logging.OLATSecurityException) MediaResource(org.olat.core.gui.media.MediaResource) NotFoundMediaResource(org.olat.core.gui.media.NotFoundMediaResource)

Example 2 with OLATSecurityException

use of org.olat.core.logging.OLATSecurityException in project OpenOLAT by OpenOLAT.

the class GenericQuotaEditController method initMyContent.

private void initMyContent(UserRequest ureq) {
    QuotaManager qm = QuotaManager.getInstance();
    if (!qm.hasQuotaEditRights(ureq.getIdentity())) {
        throw new OLATSecurityException("Insufficient permissions to access QuotaController");
    }
    myContent = createVelocityContainer("edit");
    LinkFactory.createButtonSmall("qf.new", myContent, this);
    delQuotaButton = LinkFactory.createButtonSmall("qf.del", myContent, this);
    myContent.contextPut("users", qm.getDefaultQuota(QuotaConstants.IDENTIFIER_DEFAULT_USERS));
    myContent.contextPut("powerusers", qm.getDefaultQuota(QuotaConstants.IDENTIFIER_DEFAULT_POWER));
    myContent.contextPut("groups", qm.getDefaultQuota(QuotaConstants.IDENTIFIER_DEFAULT_GROUPS));
    myContent.contextPut("repository", qm.getDefaultQuota(QuotaConstants.IDENTIFIER_DEFAULT_REPO));
    myContent.contextPut("coursefolder", qm.getDefaultQuota(QuotaConstants.IDENTIFIER_DEFAULT_COURSE));
    myContent.contextPut("nodefolder", qm.getDefaultQuota(QuotaConstants.IDENTIFIER_DEFAULT_NODES));
    myContent.contextPut("feeds", qm.getDefaultQuota(QuotaConstants.IDENTIFIER_DEFAULT_FEEDS));
}
Also used : OLATSecurityException(org.olat.core.logging.OLATSecurityException) QuotaManager(org.olat.core.util.vfs.QuotaManager)

Example 3 with OLATSecurityException

use of org.olat.core.logging.OLATSecurityException in project OpenOLAT by OpenOLAT.

the class RepositoryEntryRuntimeController method doDelete.

private void doDelete(UserRequest ureq) {
    if (!reSecurity.isEntryAdmin()) {
        throw new OLATSecurityException("Trying to delete, but not allowed: user = " + ureq.getIdentity());
    }
    List<RepositoryEntry> entryToDelete = Collections.singletonList(getRepositoryEntry());
    confirmDeleteCtrl = new ConfirmDeleteSoftlyController(ureq, getWindowControl(), entryToDelete, false);
    listenTo(confirmDeleteCtrl);
    String title = translate("del.header", re.getDisplayname());
    cmc = new CloseableModalController(getWindowControl(), "close", confirmDeleteCtrl.getInitialComponent(), true, title);
    listenTo(cmc);
    cmc.activate();
}
Also used : CloseableModalController(org.olat.core.gui.control.generic.closablewrapper.CloseableModalController) ConfirmDeleteSoftlyController(org.olat.repository.ui.author.ConfirmDeleteSoftlyController) OLATSecurityException(org.olat.core.logging.OLATSecurityException) RepositoryEntry(org.olat.repository.RepositoryEntry)

Example 4 with OLATSecurityException

use of org.olat.core.logging.OLATSecurityException in project OpenOLAT by OpenOLAT.

the class CourseRuntimeController method activate.

@Override
public void activate(UserRequest ureq, List<ContextEntry> entries, StateEntry state) {
    if (entries == null || entries.isEmpty()) {
        if (currentToolCtr != null) {
            addToHistory(ureq, currentToolCtr);
        } else {
            Controller runtimeCtrl = getRuntimeController();
            if (runtimeCtrl instanceof Activateable2) {
                ((Activateable2) runtimeCtrl).activate(ureq, entries, state);
            } else {
                addToHistory(ureq, runtimeCtrl);
            }
        }
        return;
    }
    entries = removeRepositoryEntry(entries);
    if (entries != null && entries.size() > 0) {
        String type = entries.get(0).getOLATResourceable().getResourceableTypeName();
        if ("Payment".equalsIgnoreCase(type)) {
            doPostSuccessfullAccess(ureq);
        } else if ("Editor".equalsIgnoreCase(type)) {
            if (!isInEditor() && !RepositoryEntryManagedFlag.isManaged(getRepositoryEntry(), RepositoryEntryManagedFlag.editcontent)) {
                doEdit(ureq);
            }
        } else if ("Catalog".equalsIgnoreCase(type)) {
            doCatalog(ureq);
        } else if ("Infos".equalsIgnoreCase(type)) {
            doDetails(ureq);
        } else if ("EditDescription".equalsIgnoreCase(type) || "Settings".equalsIgnoreCase(type)) {
            doEditSettings(ureq);
        } else if ("Settings".equalsIgnoreCase(type)) {
            doOptions(ureq);
        } else if ("CertificationSettings".equalsIgnoreCase(type)) {
            doCertificatesOptions(ureq);
        } else if ("Certification".equalsIgnoreCase(type)) {
            doEfficiencyStatements(ureq);
        } else if ("Reminders".equalsIgnoreCase(type) || "RemindersLogs".equalsIgnoreCase(type)) {
            doReminders(ureq);
        } else if ("Lectures".equalsIgnoreCase(type)) {
            Activateable2 lectures = doLectures(ureq);
            if (lectures != null) {
                List<ContextEntry> subEntries = entries.subList(1, entries.size());
                lectures.activate(ureq, subEntries, entries.get(0).getTransientState());
            }
        } else if ("LectureBlock".equalsIgnoreCase(type)) {
            Activateable2 lectures = doLectures(ureq);
            if (lectures != null) {
                lectures.activate(ureq, entries, state);
            }
        } else if ("LecturesAdmin".equalsIgnoreCase(type)) {
            Activateable2 lecturesAdmin = doLecturesAdmin(ureq);
            if (lecturesAdmin != null) {
                List<ContextEntry> subEntries = entries.subList(1, entries.size());
                lecturesAdmin.activate(ureq, subEntries, entries.get(0).getTransientState());
            }
        } else if ("MembersMgmt".equalsIgnoreCase(type)) {
            Activateable2 members = doMembers(ureq);
            if (members != null) {
                try {
                    List<ContextEntry> subEntries = entries.subList(1, entries.size());
                    members.activate(ureq, subEntries, entries.get(0).getTransientState());
                } catch (OLATSecurityException e) {
                // the wrong link to the wrong person
                }
            }
        } else if ("assessmentTool".equalsIgnoreCase(type) || "assessmentToolv2".equalsIgnoreCase(type)) {
            // check the security before, the link is perhaps in the wrong hands
            if (reSecurity.isEntryAdmin() || reSecurity.isCourseCoach() || reSecurity.isGroupCoach() || hasCourseRight(CourseRights.RIGHT_ASSESSMENT)) {
                try {
                    Activateable2 assessmentCtrl = doAssessmentTool(ureq);
                    if (assessmentCtrl != null) {
                        List<ContextEntry> subEntries;
                        if (entries.size() > 1 && entries.get(1).getOLATResourceable().getResourceableTypeName().equals(type)) {
                            subEntries = entries.subList(2, entries.size());
                        } else {
                            subEntries = entries.subList(1, entries.size());
                        }
                        assessmentCtrl.activate(ureq, subEntries, entries.get(0).getTransientState());
                    }
                } catch (OLATSecurityException e) {
                // the wrong link to the wrong person
                }
            }
        } else if ("TestStatistics".equalsIgnoreCase(type) || "SurveyStatistics".equalsIgnoreCase(type)) {
            // check the security before, the link is perhaps in the wrong hands
            if (reSecurity.isEntryAdmin() || reSecurity.isCourseCoach() || reSecurity.isGroupCoach() || hasCourseRight(CourseRights.RIGHT_ASSESSMENT)) {
                try {
                    Activateable2 assessmentCtrl = null;
                    if ("TestStatistics".equalsIgnoreCase(type)) {
                        assessmentCtrl = doAssessmentTestStatistics(ureq);
                    } else {
                        assessmentCtrl = doAssessmentSurveyStatistics(ureq);
                    }
                    List<ContextEntry> subEntries;
                    if (entries.size() > 1 && entries.get(1).getOLATResourceable().getResourceableTypeName().equals(type)) {
                        subEntries = entries.subList(2, entries.size());
                    } else {
                        subEntries = entries.subList(1, entries.size());
                    }
                    assessmentCtrl.activate(ureq, subEntries, entries.get(0).getTransientState());
                } catch (OLATSecurityException e) {
                // the wrong link to the wrong person
                }
            }
        } else if (type != null && type.startsWith("path=")) {
            if (reSecurity.isEntryAdmin() || hasCourseRight(CourseRights.RIGHT_COURSEEDITOR)) {
                String path = BusinessControlFactory.getInstance().getPath(entries.get(0));
                FolderRunController folderCtrl = doCourseFolder(ureq);
                if (folderCtrl != null) {
                    folderCtrl.activatePath(ureq, path);
                }
            }
        }
    }
    if (getRunMainController() != null) {
        getRunMainController().activate(ureq, entries, state);
    }
}
Also used : Activateable2(org.olat.core.gui.control.generic.dtabs.Activateable2) FolderRunController(org.olat.core.commons.modules.bc.FolderRunController) OLATSecurityException(org.olat.core.logging.OLATSecurityException) List(java.util.List) LeavingStatusList(org.olat.repository.LeavingStatusList) StatisticCourseNodesController(org.olat.course.statistic.StatisticCourseNodesController) CloseableModalController(org.olat.core.gui.control.generic.closablewrapper.CloseableModalController) StatisticMainController(org.olat.course.statistic.StatisticMainController) CustomDBMainController(org.olat.course.db.CustomDBMainController) SearchInputController(org.olat.search.ui.SearchInputController) LectureRepositoryAdminController(org.olat.modules.lecture.ui.LectureRepositoryAdminController) CloseableCalloutWindowController(org.olat.core.gui.control.generic.closablewrapper.CloseableCalloutWindowController) MembersManagementMainController(org.olat.course.member.MembersManagementMainController) VetoableCloseController(org.olat.core.gui.control.VetoableCloseController) GlossaryMainController(org.olat.core.commons.modules.glossary.GlossaryMainController) CertificateAndEfficiencyStatementController(org.olat.course.certificate.ui.CertificateAndEfficiencyStatementController) AssessmentToolController(org.olat.course.assessment.ui.tool.AssessmentToolController) TeacherOverviewController(org.olat.modules.lecture.ui.TeacherOverviewController) CourseAreasController(org.olat.course.area.CourseAreasController) CourseOptionsController(org.olat.course.config.ui.CourseOptionsController) EditorMainController(org.olat.course.editor.EditorMainController) LayoutMain3ColsController(org.olat.core.commons.fullWebApp.LayoutMain3ColsController) FolderRunController(org.olat.core.commons.modules.bc.FolderRunController) CertificatesOptionsController(org.olat.course.certificate.ui.CertificatesOptionsController) CourseGlossaryToolLinkController(org.olat.course.run.glossary.CourseGlossaryToolLinkController) NoteController(org.olat.note.NoteController) ChiefController(org.olat.core.gui.control.ChiefController) ArchiverMainController(org.olat.course.archiver.ArchiverMainController) AssessmentModeListController(org.olat.course.assessment.ui.mode.AssessmentModeListController) CourseCalendarController(org.olat.course.run.calendar.CourseCalendarController) RepositoryEntryRuntimeController(org.olat.repository.ui.RepositoryEntryRuntimeController) RepositoryEntryLifeCycleChangeController(org.olat.repository.ui.RepositoryEntryLifeCycleChangeController) CourseRemindersController(org.olat.course.reminder.ui.CourseRemindersController) Controller(org.olat.core.gui.control.Controller) CourseLayoutGeneratorController(org.olat.course.config.ui.courselayout.CourseLayoutGeneratorController) ContextEntry(org.olat.core.id.context.ContextEntry)

Example 5 with OLATSecurityException

use of org.olat.core.logging.OLATSecurityException in project OpenOLAT by OpenOLAT.

the class OLATAuthenticationController method openChangePassword.

protected void openChangePassword(UserRequest ureq, String initialEmail) {
    // double-check if allowed first
    if (!userModule.isAnyPasswordChangeAllowed()) {
        throw new OLATSecurityException("chose password to be changed, but disallowed by config");
    }
    removeAsListenerAndDispose(cmc);
    removeAsListenerAndDispose(subController);
    subController = new PwChangeController(ureq, getWindowControl(), initialEmail, true);
    listenTo(subController);
    String title = ((PwChangeController) subController).getWizardTitle();
    cmc = new CloseableModalController(getWindowControl(), translate("close"), subController.getInitialComponent(), true, title);
    listenTo(cmc);
    cmc.activate();
}
Also used : PwChangeController(org.olat.registration.PwChangeController) CloseableModalController(org.olat.core.gui.control.generic.closablewrapper.CloseableModalController) OLATSecurityException(org.olat.core.logging.OLATSecurityException)

Aggregations

OLATSecurityException (org.olat.core.logging.OLATSecurityException)16 CloseableModalController (org.olat.core.gui.control.generic.closablewrapper.CloseableModalController)10 RepositoryEntry (org.olat.repository.RepositoryEntry)6 MediaResource (org.olat.core.gui.media.MediaResource)4 ConfirmDeleteSoftlyController (org.olat.repository.ui.author.ConfirmDeleteSoftlyController)4 List (java.util.List)2 Authentication (org.olat.basesecurity.Authentication)2 LayoutMain3ColsController (org.olat.core.commons.fullWebApp.LayoutMain3ColsController)2 FolderRunController (org.olat.core.commons.modules.bc.FolderRunController)2 GlossaryMainController (org.olat.core.commons.modules.glossary.GlossaryMainController)2 UserRequest (org.olat.core.gui.UserRequest)2 UserRequestImpl (org.olat.core.gui.UserRequestImpl)2 ChiefController (org.olat.core.gui.control.ChiefController)2 Controller (org.olat.core.gui.control.Controller)2 VetoableCloseController (org.olat.core.gui.control.VetoableCloseController)2 CloseableCalloutWindowController (org.olat.core.gui.control.generic.closablewrapper.CloseableCalloutWindowController)2 Activateable2 (org.olat.core.gui.control.generic.dtabs.Activateable2)2 NotFoundMediaResource (org.olat.core.gui.media.NotFoundMediaResource)2 RedirectMediaResource (org.olat.core.gui.media.RedirectMediaResource)2 Identity (org.olat.core.id.Identity)2