use of org.orcid.core.exception.OrcidAccessControlException in project ORCID-Source by ORCID.
the class MemberV2ApiServiceDelegator_WorksTest method testReadPublicScope_Works.
@Test
public void testReadPublicScope_Works() {
SecurityContextTestUtils.setUpSecurityContext(ORCID, ScopePathType.READ_PUBLIC);
// Public works
Response r = serviceDelegator.viewWork(ORCID, 11L);
assertNotNull(r);
assertEquals(Work.class.getName(), r.getEntity().getClass().getName());
r = serviceDelegator.viewWorkSummary(ORCID, 11L);
assertNotNull(r);
assertEquals(WorkSummary.class.getName(), r.getEntity().getClass().getName());
// Limited where source is me, should work
serviceDelegator.viewWork(ORCID, 12L);
serviceDelegator.viewWorkSummary(ORCID, 12L);
// Limited with other source should fail
try {
serviceDelegator.viewWork(ORCID, 14L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
try {
serviceDelegator.viewWorkSummary(ORCID, 14L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
// Private where am the source should work
serviceDelegator.viewWork(ORCID, 13L);
serviceDelegator.viewWorkSummary(ORCID, 13L);
// Private with other source should fail
try {
serviceDelegator.viewWork(ORCID, 15L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
try {
serviceDelegator.viewWork(ORCID, 15L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
}
use of org.orcid.core.exception.OrcidAccessControlException in project ORCID-Source by ORCID.
the class MemberV2ApiServiceDelegator_OtherNamesTest method testReadPublicScope_OtherNames.
@Test
public void testReadPublicScope_OtherNames() {
SecurityContextTestUtils.setUpSecurityContext(ORCID, ScopePathType.READ_PUBLIC);
// Public works
Response r = serviceDelegator.viewOtherNames(ORCID);
assertNotNull(r);
assertEquals(OtherNames.class.getName(), r.getEntity().getClass().getName());
OtherNames o = (OtherNames) r.getEntity();
assertNotNull(o);
Utils.verifyLastModified(o.getLastModifiedDate());
assertEquals(3, o.getOtherNames().size());
boolean found1 = false, found2 = false, found3 = false;
for (OtherName element : o.getOtherNames()) {
Utils.verifyLastModified(element.getLastModifiedDate());
if (element.getPutCode() == 13) {
found1 = true;
} else if (element.getPutCode() == 14) {
found2 = true;
} else if (element.getPutCode() == 15) {
found3 = true;
} else {
fail("Invalid put code " + element.getPutCode());
}
}
assertTrue(found1);
assertTrue(found2);
assertTrue(found3);
r = serviceDelegator.viewOtherName(ORCID, 13L);
assertNotNull(r);
assertEquals(OtherName.class.getName(), r.getEntity().getClass().getName());
// Limited where am the source should work
serviceDelegator.viewOtherName(ORCID, 14L);
// Limited where am not the source of should fail
try {
serviceDelegator.viewOtherName(ORCID, 16L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
// Private where am the source should work
serviceDelegator.viewOtherName(ORCID, 15L);
// Private where am not the source should work
try {
serviceDelegator.viewOtherName(ORCID, 17L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
}
use of org.orcid.core.exception.OrcidAccessControlException in project ORCID-Source by ORCID.
the class OrcidSecurityManagerImpl method checkAndFilter.
/**
* Check the permissions of a request over an element. Private
* implementation that will also include a parameter that indicates if we
* should check the token or, if it was already checked previously
*
* @param orcid
* The user owner of the element
* @param element
* The element to check
* @param requiredScope
* The required scope to access this element
* @param tokenAlreadyChecked
* Indicates if the token was already checked previously, so, we
* don't expend time checking it again
* @throws OrcidUnauthorizedException
* In case the token used was not issued for the owner of the
* element
* @throws OrcidAccessControlException
* In case the request doesn't have the required scopes
* @throws OrcidVisibilityException
* In case the element is not visible due the visibility
*/
private void checkAndFilter(String orcid, VisibilityType element, ScopePathType requiredScope, boolean tokenAlreadyChecked) {
if (element == null) {
return;
}
// Check the token was issued for this user
if (!tokenAlreadyChecked) {
isMyToken(orcid);
}
// Check if the client is the source of the element
if (element instanceof Filterable) {
Filterable filterable = (Filterable) element;
OAuth2Authentication oAuth2Authentication = getOAuth2Authentication();
if (oAuth2Authentication != null) {
OAuth2Request authorizationRequest = oAuth2Authentication.getOAuth2Request();
String clientId = authorizationRequest.getClientId();
if (clientId.equals(filterable.retrieveSourcePath())) {
// The client doing the request is the source of the element
return;
}
}
}
// /read-public scope
if (Visibility.PUBLIC.equals(element.getVisibility())) {
try {
checkScopes(ScopePathType.READ_PUBLIC);
// can return it
return;
} catch (OrcidAccessControlException e) {
// Just continue filtering
}
}
// Filter
filter(element, requiredScope);
}
use of org.orcid.core.exception.OrcidAccessControlException in project ORCID-Source by ORCID.
the class MemberV3ApiServiceDelegator_QualificationsTest method testReadPublicScope_Qualifications.
@Test
public void testReadPublicScope_Qualifications() {
SecurityContextTestUtils.setUpSecurityContext(ORCID, ScopePathType.READ_PUBLIC);
Response r = serviceDelegator.viewQualification(ORCID, 42L);
assertNotNull(r);
assertEquals(Qualification.class.getName(), r.getEntity().getClass().getName());
r = serviceDelegator.viewQualificationSummary(ORCID, 42L);
assertNotNull(r);
assertEquals(QualificationSummary.class.getName(), r.getEntity().getClass().getName());
// Limited that am the source of should work
serviceDelegator.viewQualification(ORCID, 43L);
serviceDelegator.viewQualificationSummary(ORCID, 43L);
// Private that am the source of should work
serviceDelegator.viewQualification(ORCID, 44L);
serviceDelegator.viewQualificationSummary(ORCID, 44L);
// Limited that am not the source of should fail
try {
serviceDelegator.viewQualification(ORCID, 45L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
try {
serviceDelegator.viewQualificationSummary(ORCID, 45L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
// Private that am not the source of should fails
try {
serviceDelegator.viewQualification(ORCID, 45L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
try {
serviceDelegator.viewQualificationSummary(ORCID, 45L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
}
use of org.orcid.core.exception.OrcidAccessControlException in project ORCID-Source by ORCID.
the class MemberV3ApiServiceDelegator_ResearcherUrlsTest method testReadPublicScope_ResearcherUrls.
@Test
public void testReadPublicScope_ResearcherUrls() {
SecurityContextTestUtils.setUpSecurityContext(ORCID, ScopePathType.READ_PUBLIC);
// Public works
Response r = serviceDelegator.viewResearcherUrls(ORCID);
assertNotNull(r);
ResearcherUrls ru = (ResearcherUrls) r.getEntity();
assertNotNull(ru);
assertEquals("/0000-0000-0000-0003/researcher-urls", ru.getPath());
Utils.verifyLastModified(ru.getLastModifiedDate());
assertEquals(3, ru.getResearcherUrls().size());
boolean found13 = false, found14 = false, found15 = false;
for (ResearcherUrl element : ru.getResearcherUrls()) {
if (element.getPutCode() == 13) {
found13 = true;
} else if (element.getPutCode() == 14) {
found14 = true;
} else if (element.getPutCode() == 15) {
found15 = true;
} else {
fail("Invalid put code " + element.getPutCode());
}
}
assertTrue(found13);
assertTrue(found14);
assertTrue(found15);
r = serviceDelegator.viewResearcherUrl(ORCID, 13L);
assertNotNull(r);
assertEquals(ResearcherUrl.class.getName(), r.getEntity().getClass().getName());
// Limited am the source of should work
serviceDelegator.viewResearcherUrl(ORCID, 14L);
// Limited am not the source of should fail
try {
serviceDelegator.viewResearcherUrl(ORCID, 16L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
// Private am the source of should work
serviceDelegator.viewResearcherUrl(ORCID, 15L);
// Private am not the source of should fail
try {
serviceDelegator.viewResearcherUrl(ORCID, 17L);
fail();
} catch (OrcidAccessControlException e) {
} catch (Exception e) {
fail();
}
}
Aggregations