Search in sources :

Example 11 with OrcidAccessControlException

use of org.orcid.core.exception.OrcidAccessControlException in project ORCID-Source by ORCID.

the class MemberV3ApiServiceDelegator_WorksTest method testReadPublicScope_Works.

@Test
public void testReadPublicScope_Works() {
    SecurityContextTestUtils.setUpSecurityContext(ORCID, ScopePathType.READ_PUBLIC);
    // Public works
    Response r = serviceDelegator.viewWork(ORCID, 11L);
    assertNotNull(r);
    assertEquals(Work.class.getName(), r.getEntity().getClass().getName());
    r = serviceDelegator.viewWorkSummary(ORCID, 11L);
    assertNotNull(r);
    assertEquals(WorkSummary.class.getName(), r.getEntity().getClass().getName());
    // Limited where source is me, should work
    serviceDelegator.viewWork(ORCID, 12L);
    serviceDelegator.viewWorkSummary(ORCID, 12L);
    // Limited with other source should fail
    try {
        serviceDelegator.viewWork(ORCID, 14L);
        fail();
    } catch (OrcidAccessControlException e) {
    } catch (Exception e) {
        fail();
    }
    try {
        serviceDelegator.viewWorkSummary(ORCID, 14L);
        fail();
    } catch (OrcidAccessControlException e) {
    } catch (Exception e) {
        fail();
    }
    // Private where am the source should work
    serviceDelegator.viewWork(ORCID, 13L);
    serviceDelegator.viewWorkSummary(ORCID, 13L);
    // Private with other source should fail
    try {
        serviceDelegator.viewWork(ORCID, 15L);
        fail();
    } catch (OrcidAccessControlException e) {
    } catch (Exception e) {
        fail();
    }
    try {
        serviceDelegator.viewWork(ORCID, 15L);
        fail();
    } catch (OrcidAccessControlException e) {
    } catch (Exception e) {
        fail();
    }
}
Also used : Response(javax.ws.rs.core.Response) WorkSummary(org.orcid.jaxb.model.v3.dev1.record.summary.WorkSummary) Work(org.orcid.jaxb.model.v3.dev1.record.Work) OrcidAccessControlException(org.orcid.core.exception.OrcidAccessControlException) ExceedMaxNumberOfPutCodesException(org.orcid.core.exception.ExceedMaxNumberOfPutCodesException) NoResultException(javax.persistence.NoResultException) VisibilityMismatchException(org.orcid.core.exception.VisibilityMismatchException) OrcidNoResultException(org.orcid.core.exception.OrcidNoResultException) WrongSourceException(org.orcid.core.exception.WrongSourceException) ActivityIdentifierValidationException(org.orcid.core.exception.ActivityIdentifierValidationException) OrcidAccessControlException(org.orcid.core.exception.OrcidAccessControlException) OrcidVisibilityException(org.orcid.core.exception.OrcidVisibilityException) OrcidUnauthorizedException(org.orcid.core.exception.OrcidUnauthorizedException) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test)

Example 12 with OrcidAccessControlException

use of org.orcid.core.exception.OrcidAccessControlException in project ORCID-Source by ORCID.

the class OrcidSecurityManagerImpl method checkScopes.

@Override
public void checkScopes(ScopePathType... requiredScopes) {
    // Verify the client is not a public client
    checkClientType();
    OAuth2Authentication oAuth2Authentication = getOAuth2Authentication();
    OAuth2Request authorizationRequest = oAuth2Authentication.getOAuth2Request();
    Set<ScopePathType> requestedScopes = ScopePathType.getScopesFromStrings(authorizationRequest.getScope());
    for (ScopePathType scope : requestedScopes) {
        for (ScopePathType requiredScope : requiredScopes) {
            if (scope.hasScope(requiredScope)) {
                return;
            }
        }
    }
    throw new OrcidAccessControlException();
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) ScopePathType(org.orcid.jaxb.model.message.ScopePathType) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) OrcidAccessControlException(org.orcid.core.exception.OrcidAccessControlException)

Example 13 with OrcidAccessControlException

use of org.orcid.core.exception.OrcidAccessControlException in project ORCID-Source by ORCID.

the class MemberV2ApiServiceDelegator_ExternalIdentifiersTest method testReadPublicScope_ExternalIdentifiers.

@Test
public void testReadPublicScope_ExternalIdentifiers() {
    SecurityContextTestUtils.setUpSecurityContext(ORCID, ScopePathType.READ_PUBLIC);
    // Public works
    Response r = serviceDelegator.viewExternalIdentifiers(ORCID);
    assertNotNull(r);
    assertEquals(PersonExternalIdentifiers.class.getName(), r.getEntity().getClass().getName());
    PersonExternalIdentifiers p = (PersonExternalIdentifiers) r.getEntity();
    assertNotNull(p);
    assertEquals("/0000-0000-0000-0003/external-identifiers", p.getPath());
    Utils.verifyLastModified(p.getLastModifiedDate());
    assertEquals(3, p.getExternalIdentifiers().size());
    boolean found13 = false, found14 = false, found15 = false;
    for (PersonExternalIdentifier element : p.getExternalIdentifiers()) {
        if (element.getPutCode() == 13) {
            found13 = true;
        } else if (element.getPutCode() == 14) {
            found14 = true;
        } else if (element.getPutCode() == 15) {
            found15 = true;
        } else {
            fail("Invalid put code " + element.getPutCode());
        }
    }
    assertTrue(found13);
    assertTrue(found14);
    assertTrue(found15);
    r = serviceDelegator.viewExternalIdentifier(ORCID, 13L);
    assertNotNull(r);
    assertEquals(PersonExternalIdentifier.class.getName(), r.getEntity().getClass().getName());
    // Limited am the source of should work
    serviceDelegator.viewExternalIdentifier(ORCID, 14L);
    // Limited fail
    try {
        serviceDelegator.viewExternalIdentifier(ORCID, 16L);
        fail();
    } catch (OrcidAccessControlException e) {
    } catch (Exception e) {
        fail();
    }
    // Private am the source of should work
    serviceDelegator.viewExternalIdentifier(ORCID, 15L);
    // Private fail
    try {
        serviceDelegator.viewExternalIdentifier(ORCID, 17L);
        fail();
    } catch (OrcidAccessControlException e) {
    } catch (Exception e) {
        fail();
    }
}
Also used : Response(javax.ws.rs.core.Response) PersonExternalIdentifiers(org.orcid.jaxb.model.record_v2.PersonExternalIdentifiers) PersonExternalIdentifier(org.orcid.jaxb.model.record_v2.PersonExternalIdentifier) OrcidAccessControlException(org.orcid.core.exception.OrcidAccessControlException) NoResultException(javax.persistence.NoResultException) OrcidAccessControlException(org.orcid.core.exception.OrcidAccessControlException) VisibilityMismatchException(org.orcid.core.exception.VisibilityMismatchException) OrcidVisibilityException(org.orcid.core.exception.OrcidVisibilityException) OrcidUnauthorizedException(org.orcid.core.exception.OrcidUnauthorizedException) WrongSourceException(org.orcid.core.exception.WrongSourceException) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test)

Example 14 with OrcidAccessControlException

use of org.orcid.core.exception.OrcidAccessControlException in project ORCID-Source by ORCID.

the class MemberV2ApiServiceDelegator_EmploymentsTest method testReadPublicScope_Employments.

@Test
public void testReadPublicScope_Employments() {
    SecurityContextTestUtils.setUpSecurityContext(ORCID, ScopePathType.READ_PUBLIC);
    Response r = serviceDelegator.viewEmployment(ORCID, 17L);
    assertNotNull(r);
    assertEquals(Employment.class.getName(), r.getEntity().getClass().getName());
    r = serviceDelegator.viewEmploymentSummary(ORCID, 17L);
    assertNotNull(r);
    assertEquals(EmploymentSummary.class.getName(), r.getEntity().getClass().getName());
    // Limited that am the source of should work
    serviceDelegator.viewEmployment(ORCID, 18L);
    serviceDelegator.viewEmploymentSummary(ORCID, 18L);
    // Limited that am not the source of should fail
    try {
        serviceDelegator.viewEmployment(ORCID, 23L);
        fail();
    } catch (OrcidAccessControlException e) {
    } catch (Exception e) {
        fail();
    }
    try {
        serviceDelegator.viewEmploymentSummary(ORCID, 23L);
        fail();
    } catch (OrcidAccessControlException e) {
    } catch (Exception e) {
        fail();
    }
    // Private that am the source of should work
    serviceDelegator.viewEmployment(ORCID, 19L);
    serviceDelegator.viewEmploymentSummary(ORCID, 19L);
    // Private that am not the source of should fail
    try {
        serviceDelegator.viewEmployment(ORCID, 24L);
        fail();
    } catch (OrcidAccessControlException e) {
    } catch (Exception e) {
        fail();
    }
    try {
        serviceDelegator.viewEmploymentSummary(ORCID, 24L);
        fail();
    } catch (OrcidAccessControlException e) {
    } catch (Exception e) {
        fail();
    }
}
Also used : Response(javax.ws.rs.core.Response) Employment(org.orcid.jaxb.model.record_v2.Employment) EmploymentSummary(org.orcid.jaxb.model.record.summary_v2.EmploymentSummary) OrcidAccessControlException(org.orcid.core.exception.OrcidAccessControlException) NoResultException(javax.persistence.NoResultException) OrcidAccessControlException(org.orcid.core.exception.OrcidAccessControlException) VisibilityMismatchException(org.orcid.core.exception.VisibilityMismatchException) OrcidVisibilityException(org.orcid.core.exception.OrcidVisibilityException) OrcidUnauthorizedException(org.orcid.core.exception.OrcidUnauthorizedException) WrongSourceException(org.orcid.core.exception.WrongSourceException) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test)

Example 15 with OrcidAccessControlException

use of org.orcid.core.exception.OrcidAccessControlException in project ORCID-Source by ORCID.

the class MemberV2ApiServiceDelegator_ResearcherUrlsTest method testReadPublicScope_ResearcherUrls.

@Test
public void testReadPublicScope_ResearcherUrls() {
    SecurityContextTestUtils.setUpSecurityContext(ORCID, ScopePathType.READ_PUBLIC);
    // Public works
    Response r = serviceDelegator.viewResearcherUrls(ORCID);
    assertNotNull(r);
    ResearcherUrls ru = (ResearcherUrls) r.getEntity();
    assertNotNull(ru);
    assertEquals("/0000-0000-0000-0003/researcher-urls", ru.getPath());
    Utils.verifyLastModified(ru.getLastModifiedDate());
    assertEquals(3, ru.getResearcherUrls().size());
    boolean found13 = false, found14 = false, found15 = false;
    for (ResearcherUrl element : ru.getResearcherUrls()) {
        if (element.getPutCode() == 13) {
            found13 = true;
        } else if (element.getPutCode() == 14) {
            found14 = true;
        } else if (element.getPutCode() == 15) {
            found15 = true;
        } else {
            fail("Invalid put code " + element.getPutCode());
        }
    }
    assertTrue(found13);
    assertTrue(found14);
    assertTrue(found15);
    r = serviceDelegator.viewResearcherUrl(ORCID, 13L);
    assertNotNull(r);
    assertEquals(ResearcherUrl.class.getName(), r.getEntity().getClass().getName());
    // Limited am the source of should work
    serviceDelegator.viewResearcherUrl(ORCID, 14L);
    // Limited am not the source of should fail
    try {
        serviceDelegator.viewResearcherUrl(ORCID, 16L);
        fail();
    } catch (OrcidAccessControlException e) {
    } catch (Exception e) {
        fail();
    }
    // Private am the source of should work
    serviceDelegator.viewResearcherUrl(ORCID, 15L);
    // Private am not the source of should fail
    try {
        serviceDelegator.viewResearcherUrl(ORCID, 17L);
        fail();
    } catch (OrcidAccessControlException e) {
    } catch (Exception e) {
        fail();
    }
}
Also used : Response(javax.ws.rs.core.Response) ResearcherUrls(org.orcid.jaxb.model.record_v2.ResearcherUrls) ResearcherUrl(org.orcid.jaxb.model.record_v2.ResearcherUrl) OrcidAccessControlException(org.orcid.core.exception.OrcidAccessControlException) NoResultException(javax.persistence.NoResultException) OrcidAccessControlException(org.orcid.core.exception.OrcidAccessControlException) VisibilityMismatchException(org.orcid.core.exception.VisibilityMismatchException) OrcidVisibilityException(org.orcid.core.exception.OrcidVisibilityException) OrcidUnauthorizedException(org.orcid.core.exception.OrcidUnauthorizedException) WrongSourceException(org.orcid.core.exception.WrongSourceException) DBUnitTest(org.orcid.test.DBUnitTest) Test(org.junit.Test)

Aggregations

OrcidAccessControlException (org.orcid.core.exception.OrcidAccessControlException)31 NoResultException (javax.persistence.NoResultException)25 Response (javax.ws.rs.core.Response)25 Test (org.junit.Test)25 OrcidUnauthorizedException (org.orcid.core.exception.OrcidUnauthorizedException)25 OrcidVisibilityException (org.orcid.core.exception.OrcidVisibilityException)25 VisibilityMismatchException (org.orcid.core.exception.VisibilityMismatchException)25 WrongSourceException (org.orcid.core.exception.WrongSourceException)25 DBUnitTest (org.orcid.test.DBUnitTest)25 OrcidDuplicatedActivityException (org.orcid.core.exception.OrcidDuplicatedActivityException)9 OrcidValidationException (org.orcid.core.exception.OrcidValidationException)7 ActivityIdentifierValidationException (org.orcid.core.exception.ActivityIdentifierValidationException)6 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)4 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)4 ArrayList (java.util.ArrayList)2 List (java.util.List)2 ExceedMaxNumberOfPutCodesException (org.orcid.core.exception.ExceedMaxNumberOfPutCodesException)2 OrcidNoResultException (org.orcid.core.exception.OrcidNoResultException)2 ScopePathType (org.orcid.jaxb.model.message.ScopePathType)2 Filterable (org.orcid.jaxb.model.common_v2.Filterable)1