Search in sources :

Example 1 with OrcidUnauthorizedException

use of org.orcid.core.exception.OrcidUnauthorizedException in project ORCID-Source by ORCID.

the class OrcidSecurityManagerImpl method checkClientType.

private void checkClientType() {
    String clientId = sourceManager.retrieveSourceOrcid();
    ClientDetailsEntity client = clientDetailsEntityCacheManager.retrieve(clientId);
    if (client.getClientType() == null || ClientType.PUBLIC_CLIENT.equals(client.getClientType())) {
        throw new OrcidUnauthorizedException("The client application is forbidden to perform the action.");
    }
}
Also used : ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity) OrcidUnauthorizedException(org.orcid.core.exception.OrcidUnauthorizedException)

Example 2 with OrcidUnauthorizedException

use of org.orcid.core.exception.OrcidUnauthorizedException in project ORCID-Source by ORCID.

the class OrcidSecurityManagerImpl method checkAndFilter.

@Override
public void checkAndFilter(String orcid, WorkBulk workBulk, ScopePathType scopePathType) {
    isMyToken(orcid);
    List<BulkElement> bulkElements = workBulk.getBulk();
    List<BulkElement> filteredElements = new ArrayList<>();
    for (int i = 0; i < bulkElements.size(); i++) {
        BulkElement element = bulkElements.get(i);
        if (element instanceof OrcidError) {
            filteredElements.add(element);
            continue;
        }
        try {
            checkAndFilter(orcid, (Work) element, scopePathType, true);
            filteredElements.add(element);
        } catch (Exception e) {
            if (e instanceof OrcidUnauthorizedException) {
                throw e;
            }
            OrcidError error = orcidCoreExceptionMapper.getOrcidError(e);
            filteredElements.add(error);
        }
    }
    workBulk.setBulk(filteredElements);
}
Also used : OrcidError(org.orcid.jaxb.model.error_v2.OrcidError) BulkElement(org.orcid.jaxb.model.record.bulk.BulkElement) OrcidUnauthorizedException(org.orcid.core.exception.OrcidUnauthorizedException) ArrayList(java.util.ArrayList) NoResultException(javax.persistence.NoResultException) OrcidNotClaimedException(org.orcid.core.exception.OrcidNotClaimedException) OrcidDeprecatedException(org.orcid.core.exception.OrcidDeprecatedException) WrongSourceException(org.orcid.core.exception.WrongSourceException) LockedException(org.orcid.core.security.aop.LockedException) AccessControlException(java.security.AccessControlException) OrcidAccessControlException(org.orcid.core.exception.OrcidAccessControlException) OrcidVisibilityException(org.orcid.core.exception.OrcidVisibilityException) OrcidUnauthorizedException(org.orcid.core.exception.OrcidUnauthorizedException) DeactivatedException(org.orcid.core.exception.DeactivatedException)

Example 3 with OrcidUnauthorizedException

use of org.orcid.core.exception.OrcidUnauthorizedException in project ORCID-Source by ORCID.

the class SalesForceManagerImpl method checkContactUpdatePermissions.

@Override
public void checkContactUpdatePermissions(Collection<Contact> existingContacts, Collection<Contact> updatedContacts) {
    List<ContactPermission> permissions = calculateContactPermissions(existingContacts);
    Map<String, ContactPermission> permissionsMap = ContactPermission.mapByContactRoleId(permissions);
    Map<String, Contact> existingContactsMap = Contact.mapByContactRoleId(existingContacts);
    for (Contact updatedContact : updatedContacts) {
        String updatedContactRoleId = updatedContact.getRole().getId();
        Contact existingContact = existingContactsMap.get(updatedContactRoleId);
        if (existingContact == null) {
            throw new IllegalStateException("Should be able to update a non-existent contact");
        }
        if (contactChanged(existingContact, updatedContact)) {
            ContactPermission permission = permissionsMap.get(existingContact.getRole().getId());
            if (permission == null) {
                throw new IllegalStateException("Can't find permissions for existing contact");
            }
            if (!permission.isAllowedEdit()) {
                throw new OrcidUnauthorizedException("Insufficient permissions to update contact");
            }
        }
    }
}
Also used : ContactPermission(org.orcid.core.salesforce.model.ContactPermission) OrcidUnauthorizedException(org.orcid.core.exception.OrcidUnauthorizedException) OrcidString(org.orcid.core.cache.OrcidString) Contact(org.orcid.core.salesforce.model.Contact)

Example 4 with OrcidUnauthorizedException

use of org.orcid.core.exception.OrcidUnauthorizedException in project ORCID-Source by ORCID.

the class ManageConsortiumController method updateConsortium.

@RequestMapping(value = "/update-consortium.json", method = RequestMethod.POST)
@ResponseBody
public ConsortiumForm updateConsortium(@RequestBody ConsortiumForm consortium) {
    MemberDetails memberDetails = consortium.toMemberDetails();
    String usersAuthorizedAccountId = salesForceManager.retrieveAccountIdByOrcid(getCurrentUserOrcid());
    Member member = memberDetails.getMember();
    if (!usersAuthorizedAccountId.equals(member.getId())) {
        throw new OrcidUnauthorizedException("You are not authorized for account ID = " + member.getId());
    }
    salesForceManager.updateMember(member);
    return consortium;
}
Also used : OrcidUnauthorizedException(org.orcid.core.exception.OrcidUnauthorizedException) MemberDetails(org.orcid.core.salesforce.model.MemberDetails) Member(org.orcid.core.salesforce.model.Member) SubMember(org.orcid.core.salesforce.model.SubMember) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) ResponseBody(org.springframework.web.bind.annotation.ResponseBody)

Example 5 with OrcidUnauthorizedException

use of org.orcid.core.exception.OrcidUnauthorizedException in project ORCID-Source by ORCID.

the class OrcidSecurityManagerImpl method checkClientType.

private void checkClientType() {
    String clientId = sourceManager.retrieveSourceOrcid();
    ClientDetailsEntity client = clientDetailsEntityCacheManager.retrieve(clientId);
    if (client.getClientType() == null || ClientType.PUBLIC_CLIENT.equals(client.getClientType())) {
        throw new OrcidUnauthorizedException("The client application is forbidden to perform the action.");
    }
}
Also used : ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity) OrcidUnauthorizedException(org.orcid.core.exception.OrcidUnauthorizedException)

Aggregations

OrcidUnauthorizedException (org.orcid.core.exception.OrcidUnauthorizedException)16 ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)4 Authentication (org.springframework.security.core.Authentication)4 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)4 AccessControlException (java.security.AccessControlException)3 ArrayList (java.util.ArrayList)3 Test (org.junit.Test)3 NoResultException (javax.persistence.NoResultException)2 Response (javax.ws.rs.core.Response)2 OrcidString (org.orcid.core.cache.OrcidString)2 DeactivatedException (org.orcid.core.exception.DeactivatedException)2 OrcidAccessControlException (org.orcid.core.exception.OrcidAccessControlException)2 OrcidDeprecatedException (org.orcid.core.exception.OrcidDeprecatedException)2 OrcidNotClaimedException (org.orcid.core.exception.OrcidNotClaimedException)2 OrcidVisibilityException (org.orcid.core.exception.OrcidVisibilityException)2 WrongSourceException (org.orcid.core.exception.WrongSourceException)2 Contact (org.orcid.core.salesforce.model.Contact)2 MemberDetails (org.orcid.core.salesforce.model.MemberDetails)2 LockedException (org.orcid.core.security.aop.LockedException)2 BulkElement (org.orcid.jaxb.model.record.bulk.BulkElement)2