use of org.orcid.core.exception.OrcidAccessControlException in project ORCID-Source by ORCID.
the class MemberV3ApiServiceDelegator_WorksTest method testReadPublicScope_Works.
@Test
public void testReadPublicScope_Works() {
SecurityContextTestUtils.setUpSecurityContext(ORCID, ScopePathType.READ_PUBLIC);
// Public works
Response r = serviceDelegator.viewWork(ORCID, 11L);
assertNotNull(r);
assertEquals(Work.class.getName(), r.getEntity().getClass().getName());
r = serviceDelegator.viewWorkSummary(ORCID, 11L);
assertNotNull(r);
assertEquals(WorkSummary.class.getName(), r.getEntity().getClass().getName());
// Limited where source is me, should work
serviceDelegator.viewWork(ORCID, 12L);
serviceDelegator.viewWorkSummary(ORCID, 12L);
// Limited with other source should fail
try {
serviceDelegator.viewWork(ORCID, 14L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
try {
serviceDelegator.viewWorkSummary(ORCID, 14L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
// Private where am the source should work
serviceDelegator.viewWork(ORCID, 13L);
serviceDelegator.viewWorkSummary(ORCID, 13L);
// Private with other source should fail
try {
serviceDelegator.viewWork(ORCID, 15L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
try {
serviceDelegator.viewWork(ORCID, 15L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
}
use of org.orcid.core.exception.OrcidAccessControlException in project ORCID-Source by ORCID.
the class OrcidSecurityManagerImpl method checkScopes.
@Override
public void checkScopes(ScopePathType... requiredScopes) {
// Verify the client is not a public client
checkClientType();
OAuth2Authentication oAuth2Authentication = getOAuth2Authentication();
OAuth2Request authorizationRequest = oAuth2Authentication.getOAuth2Request();
Set<ScopePathType> requestedScopes = ScopePathType.getScopesFromStrings(authorizationRequest.getScope());
for (ScopePathType scope : requestedScopes) {
for (ScopePathType requiredScope : requiredScopes) {
if (scope.hasScope(requiredScope)) {
return;
}
}
}
throw new OrcidAccessControlException();
}
use of org.orcid.core.exception.OrcidAccessControlException in project ORCID-Source by ORCID.
the class MemberV2ApiServiceDelegator_ExternalIdentifiersTest method testReadPublicScope_ExternalIdentifiers.
@Test
public void testReadPublicScope_ExternalIdentifiers() {
SecurityContextTestUtils.setUpSecurityContext(ORCID, ScopePathType.READ_PUBLIC);
// Public works
Response r = serviceDelegator.viewExternalIdentifiers(ORCID);
assertNotNull(r);
assertEquals(PersonExternalIdentifiers.class.getName(), r.getEntity().getClass().getName());
PersonExternalIdentifiers p = (PersonExternalIdentifiers) r.getEntity();
assertNotNull(p);
assertEquals("/0000-0000-0000-0003/external-identifiers", p.getPath());
Utils.verifyLastModified(p.getLastModifiedDate());
assertEquals(3, p.getExternalIdentifiers().size());
boolean found13 = false, found14 = false, found15 = false;
for (PersonExternalIdentifier element : p.getExternalIdentifiers()) {
if (element.getPutCode() == 13) {
found13 = true;
} else if (element.getPutCode() == 14) {
found14 = true;
} else if (element.getPutCode() == 15) {
found15 = true;
} else {
fail("Invalid put code " + element.getPutCode());
}
}
assertTrue(found13);
assertTrue(found14);
assertTrue(found15);
r = serviceDelegator.viewExternalIdentifier(ORCID, 13L);
assertNotNull(r);
assertEquals(PersonExternalIdentifier.class.getName(), r.getEntity().getClass().getName());
// Limited am the source of should work
serviceDelegator.viewExternalIdentifier(ORCID, 14L);
// Limited fail
try {
serviceDelegator.viewExternalIdentifier(ORCID, 16L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
// Private am the source of should work
serviceDelegator.viewExternalIdentifier(ORCID, 15L);
// Private fail
try {
serviceDelegator.viewExternalIdentifier(ORCID, 17L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
}
use of org.orcid.core.exception.OrcidAccessControlException in project ORCID-Source by ORCID.
the class MemberV2ApiServiceDelegator_EmploymentsTest method testReadPublicScope_Employments.
@Test
public void testReadPublicScope_Employments() {
SecurityContextTestUtils.setUpSecurityContext(ORCID, ScopePathType.READ_PUBLIC);
Response r = serviceDelegator.viewEmployment(ORCID, 17L);
assertNotNull(r);
assertEquals(Employment.class.getName(), r.getEntity().getClass().getName());
r = serviceDelegator.viewEmploymentSummary(ORCID, 17L);
assertNotNull(r);
assertEquals(EmploymentSummary.class.getName(), r.getEntity().getClass().getName());
// Limited that am the source of should work
serviceDelegator.viewEmployment(ORCID, 18L);
serviceDelegator.viewEmploymentSummary(ORCID, 18L);
// Limited that am not the source of should fail
try {
serviceDelegator.viewEmployment(ORCID, 23L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
try {
serviceDelegator.viewEmploymentSummary(ORCID, 23L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
// Private that am the source of should work
serviceDelegator.viewEmployment(ORCID, 19L);
serviceDelegator.viewEmploymentSummary(ORCID, 19L);
// Private that am not the source of should fail
try {
serviceDelegator.viewEmployment(ORCID, 24L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
try {
serviceDelegator.viewEmploymentSummary(ORCID, 24L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
}
use of org.orcid.core.exception.OrcidAccessControlException in project ORCID-Source by ORCID.
the class MemberV2ApiServiceDelegator_ResearcherUrlsTest method testReadPublicScope_ResearcherUrls.
@Test
public void testReadPublicScope_ResearcherUrls() {
SecurityContextTestUtils.setUpSecurityContext(ORCID, ScopePathType.READ_PUBLIC);
// Public works
Response r = serviceDelegator.viewResearcherUrls(ORCID);
assertNotNull(r);
ResearcherUrls ru = (ResearcherUrls) r.getEntity();
assertNotNull(ru);
assertEquals("/0000-0000-0000-0003/researcher-urls", ru.getPath());
Utils.verifyLastModified(ru.getLastModifiedDate());
assertEquals(3, ru.getResearcherUrls().size());
boolean found13 = false, found14 = false, found15 = false;
for (ResearcherUrl element : ru.getResearcherUrls()) {
if (element.getPutCode() == 13) {
found13 = true;
} else if (element.getPutCode() == 14) {
found14 = true;
} else if (element.getPutCode() == 15) {
found15 = true;
} else {
fail("Invalid put code " + element.getPutCode());
}
}
assertTrue(found13);
assertTrue(found14);
assertTrue(found15);
r = serviceDelegator.viewResearcherUrl(ORCID, 13L);
assertNotNull(r);
assertEquals(ResearcherUrl.class.getName(), r.getEntity().getClass().getName());
// Limited am the source of should work
serviceDelegator.viewResearcherUrl(ORCID, 14L);
// Limited am not the source of should fail
try {
serviceDelegator.viewResearcherUrl(ORCID, 16L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
// Private am the source of should work
serviceDelegator.viewResearcherUrl(ORCID, 15L);
// Private am not the source of should fail
try {
serviceDelegator.viewResearcherUrl(ORCID, 17L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
}
Aggregations