use of org.orcid.core.exception.OrcidUnauthorizedException in project ORCID-Source by ORCID.
the class OrcidSecurityManagerImpl method checkClientType.
private void checkClientType() {
String clientId = sourceManager.retrieveSourceOrcid();
ClientDetailsEntity client = clientDetailsEntityCacheManager.retrieve(clientId);
if (client.getClientType() == null || ClientType.PUBLIC_CLIENT.equals(client.getClientType())) {
throw new OrcidUnauthorizedException("The client application is forbidden to perform the action.");
}
}
use of org.orcid.core.exception.OrcidUnauthorizedException in project ORCID-Source by ORCID.
the class OrcidSecurityManagerImpl method checkAndFilter.
@Override
public void checkAndFilter(String orcid, WorkBulk workBulk, ScopePathType scopePathType) {
isMyToken(orcid);
List<BulkElement> bulkElements = workBulk.getBulk();
List<BulkElement> filteredElements = new ArrayList<>();
for (int i = 0; i < bulkElements.size(); i++) {
BulkElement element = bulkElements.get(i);
if (element instanceof OrcidError) {
filteredElements.add(element);
continue;
}
try {
checkAndFilter(orcid, (Work) element, scopePathType, true);
filteredElements.add(element);
} catch (Exception e) {
if (e instanceof OrcidUnauthorizedException) {
throw e;
}
OrcidError error = orcidCoreExceptionMapper.getOrcidError(e);
filteredElements.add(error);
}
}
workBulk.setBulk(filteredElements);
}
use of org.orcid.core.exception.OrcidUnauthorizedException in project ORCID-Source by ORCID.
the class SalesForceManagerImpl method checkContactUpdatePermissions.
@Override
public void checkContactUpdatePermissions(Collection<Contact> existingContacts, Collection<Contact> updatedContacts) {
List<ContactPermission> permissions = calculateContactPermissions(existingContacts);
Map<String, ContactPermission> permissionsMap = ContactPermission.mapByContactRoleId(permissions);
Map<String, Contact> existingContactsMap = Contact.mapByContactRoleId(existingContacts);
for (Contact updatedContact : updatedContacts) {
String updatedContactRoleId = updatedContact.getRole().getId();
Contact existingContact = existingContactsMap.get(updatedContactRoleId);
if (existingContact == null) {
throw new IllegalStateException("Should be able to update a non-existent contact");
}
if (contactChanged(existingContact, updatedContact)) {
ContactPermission permission = permissionsMap.get(existingContact.getRole().getId());
if (permission == null) {
throw new IllegalStateException("Can't find permissions for existing contact");
}
if (!permission.isAllowedEdit()) {
throw new OrcidUnauthorizedException("Insufficient permissions to update contact");
}
}
}
}
use of org.orcid.core.exception.OrcidUnauthorizedException in project ORCID-Source by ORCID.
the class ManageConsortiumController method updateConsortium.
@RequestMapping(value = "/update-consortium.json", method = RequestMethod.POST)
@ResponseBody
public ConsortiumForm updateConsortium(@RequestBody ConsortiumForm consortium) {
MemberDetails memberDetails = consortium.toMemberDetails();
String usersAuthorizedAccountId = salesForceManager.retrieveAccountIdByOrcid(getCurrentUserOrcid());
Member member = memberDetails.getMember();
if (!usersAuthorizedAccountId.equals(member.getId())) {
throw new OrcidUnauthorizedException("You are not authorized for account ID = " + member.getId());
}
salesForceManager.updateMember(member);
return consortium;
}
use of org.orcid.core.exception.OrcidUnauthorizedException in project ORCID-Source by ORCID.
the class OrcidSecurityManagerImpl method checkClientType.
private void checkClientType() {
String clientId = sourceManager.retrieveSourceOrcid();
ClientDetailsEntity client = clientDetailsEntityCacheManager.retrieve(clientId);
if (client.getClientType() == null || ClientType.PUBLIC_CLIENT.equals(client.getClientType())) {
throw new OrcidUnauthorizedException("The client application is forbidden to perform the action.");
}
}
Aggregations