Example 1 with OLATSecurityException
use of org.olat.core.logging.OLATSecurityException in project OpenOLAT by OpenOLAT.
the class GlobalMapperRegistry method execute.
/**
* @param hreq
* @param hres
*/
@Override
public void execute(HttpServletRequest hreq, HttpServletResponse hres) throws IOException {
String pathInfo = DispatcherModule.subtractContextPath(hreq);
// e.g. 23423/bla/blu.html
String subInfo = pathInfo.substring(DispatcherModule.PATH_GLOBAL_MAPPED.length());
int slashPos = subInfo.indexOf('/');
if (slashPos == -1) {
DispatcherModule.sendNotFound("not found", hres);
return;
}
// smappath e.g. org.olat.demo.DemoController
String smappath = subInfo.substring(0, slashPos);
Mapper m = pathToMapper.get(smappath);
MediaResource mr;
if (m == null) {
// not mapped
mr = NOTFOUND;
} else {
String mod = subInfo.substring(slashPos);
// brasato:: can this happen at all, or does tomcat filter out - till now never reached - needs some little cpu cycles
if (mod.indexOf("..") != -1)
throw new OLATSecurityException("mapper path contained '..' : " + mod);
// /bla/blu.html
mr = m.handle(mod, hreq);
}
ServletUtil.serveResource(hreq, hres, mr);
}
Also used :
OLATSecurityException(org.olat.core.logging.OLATSecurityException)
MediaResource(org.olat.core.gui.media.MediaResource)
NotFoundMediaResource(org.olat.core.gui.media.NotFoundMediaResource)
Example 2 with OLATSecurityException
use of org.olat.core.logging.OLATSecurityException in project OpenOLAT by OpenOLAT.
the class GenericQuotaEditController method initMyContent.
private void initMyContent(UserRequest ureq) {
QuotaManager qm = QuotaManager.getInstance();
if (!qm.hasQuotaEditRights(ureq.getIdentity())) {
throw new OLATSecurityException("Insufficient permissions to access QuotaController");
}
myContent = createVelocityContainer("edit");
LinkFactory.createButtonSmall("qf.new", myContent, this);
delQuotaButton = LinkFactory.createButtonSmall("qf.del", myContent, this);
myContent.contextPut("users", qm.getDefaultQuota(QuotaConstants.IDENTIFIER_DEFAULT_USERS));
myContent.contextPut("powerusers", qm.getDefaultQuota(QuotaConstants.IDENTIFIER_DEFAULT_POWER));
myContent.contextPut("groups", qm.getDefaultQuota(QuotaConstants.IDENTIFIER_DEFAULT_GROUPS));
myContent.contextPut("repository", qm.getDefaultQuota(QuotaConstants.IDENTIFIER_DEFAULT_REPO));
myContent.contextPut("coursefolder", qm.getDefaultQuota(QuotaConstants.IDENTIFIER_DEFAULT_COURSE));
myContent.contextPut("nodefolder", qm.getDefaultQuota(QuotaConstants.IDENTIFIER_DEFAULT_NODES));
myContent.contextPut("feeds", qm.getDefaultQuota(QuotaConstants.IDENTIFIER_DEFAULT_FEEDS));
}
Also used :
OLATSecurityException(org.olat.core.logging.OLATSecurityException)
QuotaManager(org.olat.core.util.vfs.QuotaManager)
Example 3 with OLATSecurityException
use of org.olat.core.logging.OLATSecurityException in project OpenOLAT by OpenOLAT.
the class RepositoryEntryRuntimeController method doDelete.
private void doDelete(UserRequest ureq) {
if (!reSecurity.isEntryAdmin()) {
throw new OLATSecurityException("Trying to delete, but not allowed: user = " + ureq.getIdentity());
}
List<RepositoryEntry> entryToDelete = Collections.singletonList(getRepositoryEntry());
confirmDeleteCtrl = new ConfirmDeleteSoftlyController(ureq, getWindowControl(), entryToDelete, false);
listenTo(confirmDeleteCtrl);
String title = translate("del.header", re.getDisplayname());
cmc = new CloseableModalController(getWindowControl(), "close", confirmDeleteCtrl.getInitialComponent(), true, title);
listenTo(cmc);
cmc.activate();
}
Also used :
CloseableModalController(org.olat.core.gui.control.generic.closablewrapper.CloseableModalController)
ConfirmDeleteSoftlyController(org.olat.repository.ui.author.ConfirmDeleteSoftlyController)
OLATSecurityException(org.olat.core.logging.OLATSecurityException)
RepositoryEntry(org.olat.repository.RepositoryEntry)
Example 4 with OLATSecurityException
use of org.olat.core.logging.OLATSecurityException in project OpenOLAT by OpenOLAT.
the class CourseRuntimeController method activate.
@Override
public void activate(UserRequest ureq, List<ContextEntry> entries, StateEntry state) {
if (entries == null || entries.isEmpty()) {
if (currentToolCtr != null) {
addToHistory(ureq, currentToolCtr);
} else {
Controller runtimeCtrl = getRuntimeController();
if (runtimeCtrl instanceof Activateable2) {
((Activateable2) runtimeCtrl).activate(ureq, entries, state);
} else {
addToHistory(ureq, runtimeCtrl);
}
}
return;
}
entries = removeRepositoryEntry(entries);
if (entries != null && entries.size() > 0) {
String type = entries.get(0).getOLATResourceable().getResourceableTypeName();
if ("Payment".equalsIgnoreCase(type)) {
doPostSuccessfullAccess(ureq);
} else if ("Editor".equalsIgnoreCase(type)) {
if (!isInEditor() && !RepositoryEntryManagedFlag.isManaged(getRepositoryEntry(), RepositoryEntryManagedFlag.editcontent)) {
doEdit(ureq);
}
} else if ("Catalog".equalsIgnoreCase(type)) {
doCatalog(ureq);
} else if ("Infos".equalsIgnoreCase(type)) {
doDetails(ureq);
} else if ("EditDescription".equalsIgnoreCase(type) || "Settings".equalsIgnoreCase(type)) {
doEditSettings(ureq);
} else if ("Settings".equalsIgnoreCase(type)) {
doOptions(ureq);
} else if ("CertificationSettings".equalsIgnoreCase(type)) {
doCertificatesOptions(ureq);
} else if ("Certification".equalsIgnoreCase(type)) {
doEfficiencyStatements(ureq);
} else if ("Reminders".equalsIgnoreCase(type) || "RemindersLogs".equalsIgnoreCase(type)) {
doReminders(ureq);
} else if ("Lectures".equalsIgnoreCase(type)) {
Activateable2 lectures = doLectures(ureq);
if (lectures != null) {
List<ContextEntry> subEntries = entries.subList(1, entries.size());
lectures.activate(ureq, subEntries, entries.get(0).getTransientState());
}
} else if ("LectureBlock".equalsIgnoreCase(type)) {
Activateable2 lectures = doLectures(ureq);
if (lectures != null) {
lectures.activate(ureq, entries, state);
}
} else if ("LecturesAdmin".equalsIgnoreCase(type)) {
Activateable2 lecturesAdmin = doLecturesAdmin(ureq);
if (lecturesAdmin != null) {
List<ContextEntry> subEntries = entries.subList(1, entries.size());
lecturesAdmin.activate(ureq, subEntries, entries.get(0).getTransientState());
}
} else if ("MembersMgmt".equalsIgnoreCase(type)) {
Activateable2 members = doMembers(ureq);
if (members != null) {
try {
List<ContextEntry> subEntries = entries.subList(1, entries.size());
members.activate(ureq, subEntries, entries.get(0).getTransientState());
} catch (OLATSecurityException e) {
// the wrong link to the wrong person
}
}
} else if ("assessmentTool".equalsIgnoreCase(type) || "assessmentToolv2".equalsIgnoreCase(type)) {
// check the security before, the link is perhaps in the wrong hands
if (reSecurity.isEntryAdmin() || reSecurity.isCourseCoach() || reSecurity.isGroupCoach() || hasCourseRight(CourseRights.RIGHT_ASSESSMENT)) {
try {
Activateable2 assessmentCtrl = doAssessmentTool(ureq);
if (assessmentCtrl != null) {
List<ContextEntry> subEntries;
if (entries.size() > 1 && entries.get(1).getOLATResourceable().getResourceableTypeName().equals(type)) {
subEntries = entries.subList(2, entries.size());
} else {
subEntries = entries.subList(1, entries.size());
}
assessmentCtrl.activate(ureq, subEntries, entries.get(0).getTransientState());
}
} catch (OLATSecurityException e) {
// the wrong link to the wrong person
}
}
} else if ("TestStatistics".equalsIgnoreCase(type) || "SurveyStatistics".equalsIgnoreCase(type)) {
// check the security before, the link is perhaps in the wrong hands
if (reSecurity.isEntryAdmin() || reSecurity.isCourseCoach() || reSecurity.isGroupCoach() || hasCourseRight(CourseRights.RIGHT_ASSESSMENT)) {
try {
Activateable2 assessmentCtrl = null;
if ("TestStatistics".equalsIgnoreCase(type)) {
assessmentCtrl = doAssessmentTestStatistics(ureq);
} else {
assessmentCtrl = doAssessmentSurveyStatistics(ureq);
}
List<ContextEntry> subEntries;
if (entries.size() > 1 && entries.get(1).getOLATResourceable().getResourceableTypeName().equals(type)) {
subEntries = entries.subList(2, entries.size());
} else {
subEntries = entries.subList(1, entries.size());
}
assessmentCtrl.activate(ureq, subEntries, entries.get(0).getTransientState());
} catch (OLATSecurityException e) {
// the wrong link to the wrong person
}
}
} else if (type != null && type.startsWith("path=")) {
if (reSecurity.isEntryAdmin() || hasCourseRight(CourseRights.RIGHT_COURSEEDITOR)) {
String path = BusinessControlFactory.getInstance().getPath(entries.get(0));
FolderRunController folderCtrl = doCourseFolder(ureq);
if (folderCtrl != null) {
folderCtrl.activatePath(ureq, path);
}
}
}
}
if (getRunMainController() != null) {
getRunMainController().activate(ureq, entries, state);
}
}
Also used :
Activateable2(org.olat.core.gui.control.generic.dtabs.Activateable2)
FolderRunController(org.olat.core.commons.modules.bc.FolderRunController)
OLATSecurityException(org.olat.core.logging.OLATSecurityException)
List(java.util.List)
LeavingStatusList(org.olat.repository.LeavingStatusList)
StatisticCourseNodesController(org.olat.course.statistic.StatisticCourseNodesController)
CloseableModalController(org.olat.core.gui.control.generic.closablewrapper.CloseableModalController)
StatisticMainController(org.olat.course.statistic.StatisticMainController)
CustomDBMainController(org.olat.course.db.CustomDBMainController)
SearchInputController(org.olat.search.ui.SearchInputController)
LectureRepositoryAdminController(org.olat.modules.lecture.ui.LectureRepositoryAdminController)
CloseableCalloutWindowController(org.olat.core.gui.control.generic.closablewrapper.CloseableCalloutWindowController)
MembersManagementMainController(org.olat.course.member.MembersManagementMainController)
VetoableCloseController(org.olat.core.gui.control.VetoableCloseController)
GlossaryMainController(org.olat.core.commons.modules.glossary.GlossaryMainController)
CertificateAndEfficiencyStatementController(org.olat.course.certificate.ui.CertificateAndEfficiencyStatementController)
AssessmentToolController(org.olat.course.assessment.ui.tool.AssessmentToolController)
TeacherOverviewController(org.olat.modules.lecture.ui.TeacherOverviewController)
CourseAreasController(org.olat.course.area.CourseAreasController)
CourseOptionsController(org.olat.course.config.ui.CourseOptionsController)
EditorMainController(org.olat.course.editor.EditorMainController)
LayoutMain3ColsController(org.olat.core.commons.fullWebApp.LayoutMain3ColsController)
FolderRunController(org.olat.core.commons.modules.bc.FolderRunController)
CertificatesOptionsController(org.olat.course.certificate.ui.CertificatesOptionsController)
CourseGlossaryToolLinkController(org.olat.course.run.glossary.CourseGlossaryToolLinkController)
NoteController(org.olat.note.NoteController)
ChiefController(org.olat.core.gui.control.ChiefController)
ArchiverMainController(org.olat.course.archiver.ArchiverMainController)
AssessmentModeListController(org.olat.course.assessment.ui.mode.AssessmentModeListController)
CourseCalendarController(org.olat.course.run.calendar.CourseCalendarController)
RepositoryEntryRuntimeController(org.olat.repository.ui.RepositoryEntryRuntimeController)
RepositoryEntryLifeCycleChangeController(org.olat.repository.ui.RepositoryEntryLifeCycleChangeController)
CourseRemindersController(org.olat.course.reminder.ui.CourseRemindersController)
Controller(org.olat.core.gui.control.Controller)
CourseLayoutGeneratorController(org.olat.course.config.ui.courselayout.CourseLayoutGeneratorController)
ContextEntry(org.olat.core.id.context.ContextEntry)
Example 5 with OLATSecurityException
use of org.olat.core.logging.OLATSecurityException in project OpenOLAT by OpenOLAT.
the class OLATAuthenticationController method openChangePassword.
protected void openChangePassword(UserRequest ureq, String initialEmail) {
// double-check if allowed first
if (!userModule.isAnyPasswordChangeAllowed()) {
throw new OLATSecurityException("chose password to be changed, but disallowed by config");
}
removeAsListenerAndDispose(cmc);
removeAsListenerAndDispose(subController);
subController = new PwChangeController(ureq, getWindowControl(), initialEmail, true);
listenTo(subController);
String title = ((PwChangeController) subController).getWizardTitle();
cmc = new CloseableModalController(getWindowControl(), translate("close"), subController.getInitialComponent(), true, title);
listenTo(cmc);
cmc.activate();
}
Also used :
PwChangeController(org.olat.registration.PwChangeController)
CloseableModalController(org.olat.core.gui.control.generic.closablewrapper.CloseableModalController)
OLATSecurityException(org.olat.core.logging.OLATSecurityException)
Aggregations
OLATSecurityException (org.olat.core.logging.OLATSecurityException)16
CloseableModalController (org.olat.core.gui.control.generic.closablewrapper.CloseableModalController)10
RepositoryEntry (org.olat.repository.RepositoryEntry)6
MediaResource (org.olat.core.gui.media.MediaResource)4
ConfirmDeleteSoftlyController (org.olat.repository.ui.author.ConfirmDeleteSoftlyController)4
List (java.util.List)2
Authentication (org.olat.basesecurity.Authentication)2
LayoutMain3ColsController (org.olat.core.commons.fullWebApp.LayoutMain3ColsController)2
FolderRunController (org.olat.core.commons.modules.bc.FolderRunController)2
GlossaryMainController (org.olat.core.commons.modules.glossary.GlossaryMainController)2
UserRequest (org.olat.core.gui.UserRequest)2
UserRequestImpl (org.olat.core.gui.UserRequestImpl)2
ChiefController (org.olat.core.gui.control.ChiefController)2
Controller (org.olat.core.gui.control.Controller)2
VetoableCloseController (org.olat.core.gui.control.VetoableCloseController)2
CloseableCalloutWindowController (org.olat.core.gui.control.generic.closablewrapper.CloseableCalloutWindowController)2
Activateable2 (org.olat.core.gui.control.generic.dtabs.Activateable2)2
NotFoundMediaResource (org.olat.core.gui.media.NotFoundMediaResource)2
RedirectMediaResource (org.olat.core.gui.media.RedirectMediaResource)2
Identity (org.olat.core.id.Identity)2
