use of org.olat.core.logging.OLATSecurityException in project OpenOLAT by OpenOLAT.
the class GlobalMapperRegistry method execute.
/**
* @param hreq
* @param hres
*/
@Override
public void execute(HttpServletRequest hreq, HttpServletResponse hres) throws IOException {
String pathInfo = DispatcherModule.subtractContextPath(hreq);
// e.g. 23423/bla/blu.html
String subInfo = pathInfo.substring(DispatcherModule.PATH_GLOBAL_MAPPED.length());
int slashPos = subInfo.indexOf('/');
if (slashPos == -1) {
DispatcherModule.sendNotFound("not found", hres);
return;
}
// smappath e.g. org.olat.demo.DemoController
String smappath = subInfo.substring(0, slashPos);
Mapper m = pathToMapper.get(smappath);
MediaResource mr;
if (m == null) {
// not mapped
mr = NOTFOUND;
} else {
String mod = subInfo.substring(slashPos);
// brasato:: can this happen at all, or does tomcat filter out - till now never reached - needs some little cpu cycles
if (mod.indexOf("..") != -1)
throw new OLATSecurityException("mapper path contained '..' : " + mod);
// /bla/blu.html
mr = m.handle(mod, hreq);
}
ServletUtil.serveResource(hreq, hres, mr);
}
use of org.olat.core.logging.OLATSecurityException in project OpenOLAT by OpenOLAT.
the class GenericQuotaEditController method initMyContent.
private void initMyContent(UserRequest ureq) {
QuotaManager qm = QuotaManager.getInstance();
if (!qm.hasQuotaEditRights(ureq.getIdentity())) {
throw new OLATSecurityException("Insufficient permissions to access QuotaController");
}
myContent = createVelocityContainer("edit");
LinkFactory.createButtonSmall("qf.new", myContent, this);
delQuotaButton = LinkFactory.createButtonSmall("qf.del", myContent, this);
myContent.contextPut("users", qm.getDefaultQuota(QuotaConstants.IDENTIFIER_DEFAULT_USERS));
myContent.contextPut("powerusers", qm.getDefaultQuota(QuotaConstants.IDENTIFIER_DEFAULT_POWER));
myContent.contextPut("groups", qm.getDefaultQuota(QuotaConstants.IDENTIFIER_DEFAULT_GROUPS));
myContent.contextPut("repository", qm.getDefaultQuota(QuotaConstants.IDENTIFIER_DEFAULT_REPO));
myContent.contextPut("coursefolder", qm.getDefaultQuota(QuotaConstants.IDENTIFIER_DEFAULT_COURSE));
myContent.contextPut("nodefolder", qm.getDefaultQuota(QuotaConstants.IDENTIFIER_DEFAULT_NODES));
myContent.contextPut("feeds", qm.getDefaultQuota(QuotaConstants.IDENTIFIER_DEFAULT_FEEDS));
}
use of org.olat.core.logging.OLATSecurityException in project OpenOLAT by OpenOLAT.
the class RepositoryEntryRuntimeController method doDelete.
private void doDelete(UserRequest ureq) {
if (!reSecurity.isEntryAdmin()) {
throw new OLATSecurityException("Trying to delete, but not allowed: user = " + ureq.getIdentity());
}
List<RepositoryEntry> entryToDelete = Collections.singletonList(getRepositoryEntry());
confirmDeleteCtrl = new ConfirmDeleteSoftlyController(ureq, getWindowControl(), entryToDelete, false);
listenTo(confirmDeleteCtrl);
String title = translate("del.header", re.getDisplayname());
cmc = new CloseableModalController(getWindowControl(), "close", confirmDeleteCtrl.getInitialComponent(), true, title);
listenTo(cmc);
cmc.activate();
}
use of org.olat.core.logging.OLATSecurityException in project OpenOLAT by OpenOLAT.
the class CourseRuntimeController method activate.
@Override
public void activate(UserRequest ureq, List<ContextEntry> entries, StateEntry state) {
if (entries == null || entries.isEmpty()) {
if (currentToolCtr != null) {
addToHistory(ureq, currentToolCtr);
} else {
Controller runtimeCtrl = getRuntimeController();
if (runtimeCtrl instanceof Activateable2) {
((Activateable2) runtimeCtrl).activate(ureq, entries, state);
} else {
addToHistory(ureq, runtimeCtrl);
}
}
return;
}
entries = removeRepositoryEntry(entries);
if (entries != null && entries.size() > 0) {
String type = entries.get(0).getOLATResourceable().getResourceableTypeName();
if ("Payment".equalsIgnoreCase(type)) {
doPostSuccessfullAccess(ureq);
} else if ("Editor".equalsIgnoreCase(type)) {
if (!isInEditor() && !RepositoryEntryManagedFlag.isManaged(getRepositoryEntry(), RepositoryEntryManagedFlag.editcontent)) {
doEdit(ureq);
}
} else if ("Catalog".equalsIgnoreCase(type)) {
doCatalog(ureq);
} else if ("Infos".equalsIgnoreCase(type)) {
doDetails(ureq);
} else if ("EditDescription".equalsIgnoreCase(type) || "Settings".equalsIgnoreCase(type)) {
doEditSettings(ureq);
} else if ("Settings".equalsIgnoreCase(type)) {
doOptions(ureq);
} else if ("CertificationSettings".equalsIgnoreCase(type)) {
doCertificatesOptions(ureq);
} else if ("Certification".equalsIgnoreCase(type)) {
doEfficiencyStatements(ureq);
} else if ("Reminders".equalsIgnoreCase(type) || "RemindersLogs".equalsIgnoreCase(type)) {
doReminders(ureq);
} else if ("Lectures".equalsIgnoreCase(type)) {
Activateable2 lectures = doLectures(ureq);
if (lectures != null) {
List<ContextEntry> subEntries = entries.subList(1, entries.size());
lectures.activate(ureq, subEntries, entries.get(0).getTransientState());
}
} else if ("LectureBlock".equalsIgnoreCase(type)) {
Activateable2 lectures = doLectures(ureq);
if (lectures != null) {
lectures.activate(ureq, entries, state);
}
} else if ("LecturesAdmin".equalsIgnoreCase(type)) {
Activateable2 lecturesAdmin = doLecturesAdmin(ureq);
if (lecturesAdmin != null) {
List<ContextEntry> subEntries = entries.subList(1, entries.size());
lecturesAdmin.activate(ureq, subEntries, entries.get(0).getTransientState());
}
} else if ("MembersMgmt".equalsIgnoreCase(type)) {
Activateable2 members = doMembers(ureq);
if (members != null) {
try {
List<ContextEntry> subEntries = entries.subList(1, entries.size());
members.activate(ureq, subEntries, entries.get(0).getTransientState());
} catch (OLATSecurityException e) {
// the wrong link to the wrong person
}
}
} else if ("assessmentTool".equalsIgnoreCase(type) || "assessmentToolv2".equalsIgnoreCase(type)) {
// check the security before, the link is perhaps in the wrong hands
if (reSecurity.isEntryAdmin() || reSecurity.isCourseCoach() || reSecurity.isGroupCoach() || hasCourseRight(CourseRights.RIGHT_ASSESSMENT)) {
try {
Activateable2 assessmentCtrl = doAssessmentTool(ureq);
if (assessmentCtrl != null) {
List<ContextEntry> subEntries;
if (entries.size() > 1 && entries.get(1).getOLATResourceable().getResourceableTypeName().equals(type)) {
subEntries = entries.subList(2, entries.size());
} else {
subEntries = entries.subList(1, entries.size());
}
assessmentCtrl.activate(ureq, subEntries, entries.get(0).getTransientState());
}
} catch (OLATSecurityException e) {
// the wrong link to the wrong person
}
}
} else if ("TestStatistics".equalsIgnoreCase(type) || "SurveyStatistics".equalsIgnoreCase(type)) {
// check the security before, the link is perhaps in the wrong hands
if (reSecurity.isEntryAdmin() || reSecurity.isCourseCoach() || reSecurity.isGroupCoach() || hasCourseRight(CourseRights.RIGHT_ASSESSMENT)) {
try {
Activateable2 assessmentCtrl = null;
if ("TestStatistics".equalsIgnoreCase(type)) {
assessmentCtrl = doAssessmentTestStatistics(ureq);
} else {
assessmentCtrl = doAssessmentSurveyStatistics(ureq);
}
List<ContextEntry> subEntries;
if (entries.size() > 1 && entries.get(1).getOLATResourceable().getResourceableTypeName().equals(type)) {
subEntries = entries.subList(2, entries.size());
} else {
subEntries = entries.subList(1, entries.size());
}
assessmentCtrl.activate(ureq, subEntries, entries.get(0).getTransientState());
} catch (OLATSecurityException e) {
// the wrong link to the wrong person
}
}
} else if (type != null && type.startsWith("path=")) {
if (reSecurity.isEntryAdmin() || hasCourseRight(CourseRights.RIGHT_COURSEEDITOR)) {
String path = BusinessControlFactory.getInstance().getPath(entries.get(0));
FolderRunController folderCtrl = doCourseFolder(ureq);
if (folderCtrl != null) {
folderCtrl.activatePath(ureq, path);
}
}
}
}
if (getRunMainController() != null) {
getRunMainController().activate(ureq, entries, state);
}
}
use of org.olat.core.logging.OLATSecurityException in project OpenOLAT by OpenOLAT.
the class OLATAuthenticationController method openChangePassword.
protected void openChangePassword(UserRequest ureq, String initialEmail) {
// double-check if allowed first
if (!userModule.isAnyPasswordChangeAllowed()) {
throw new OLATSecurityException("chose password to be changed, but disallowed by config");
}
removeAsListenerAndDispose(cmc);
removeAsListenerAndDispose(subController);
subController = new PwChangeController(ureq, getWindowControl(), initialEmail, true);
listenTo(subController);
String title = ((PwChangeController) subController).getWizardTitle();
cmc = new CloseableModalController(getWindowControl(), translate("close"), subController.getInitialComponent(), true, title);
listenTo(cmc);
cmc.activate();
}
Aggregations