use of org.orcid.core.security.visibility.aop.AccessControl in project ORCID-Source by ORCID.
the class NotificationsApiServiceDelegatorImpl method flagNotificationAsArchived.
@Override
@AccessControl(requiredScope = ScopePathType.PREMIUM_NOTIFICATION)
public Response flagNotificationAsArchived(String orcid, Long id) throws OrcidNotificationAlreadyReadException {
checkIfProfileDeprecated(orcid);
Notification notification = notificationManager.flagAsArchived(orcid, id);
if (notification == null) {
Map<String, String> params = new HashMap<String, String>();
params.put("orcid", orcid);
params.put("id", String.valueOf(id));
throw new OrcidNotificationNotFoundException(params);
}
return Response.ok(notification).build();
}
use of org.orcid.core.security.visibility.aop.AccessControl in project ORCID-Source by ORCID.
the class NotificationsApiServiceDelegatorImpl method findPermissionNotification.
@Override
@AccessControl(requiredScope = ScopePathType.PREMIUM_NOTIFICATION)
public Response findPermissionNotification(String orcid, Long id) {
checkIfProfileDeprecated(orcid);
Notification notification = notificationManager.findByOrcidAndId(orcid, id);
if (notification != null) {
checkSource(notification);
return Response.ok(notification).build();
} else {
Map<String, String> params = new HashMap<String, String>();
params.put("orcid", orcid);
params.put("id", String.valueOf(id));
throw new OrcidNotificationNotFoundException(params);
}
}
use of org.orcid.core.security.visibility.aop.AccessControl in project ORCID-Source by ORCID.
the class NotificationsApiServiceDelegatorImpl method addPermissionNotification.
@Override
@AccessControl(requiredScope = ScopePathType.PREMIUM_NOTIFICATION)
public Response addPermissionNotification(UriInfo uriInfo, String orcid, NotificationPermission notification) {
checkIfProfileDeprecated(orcid);
notificationValidationManager.validateNotificationPermission(notification);
ProfileEntity profile = profileEntityCacheManager.retrieve(orcid);
if (profile == null) {
throw OrcidNotFoundException.newInstance(orcid);
}
if (profile.getSendMemberUpdateRequests() != null && !profile.getSendMemberUpdateRequests()) {
Map<String, String> params = new HashMap<String, String>();
params.put("orcid", orcid);
throw new OrcidNotificationException(params);
}
Notification createdNotification = notificationManager.createNotification(orcid, notification);
try {
return Response.created(new URI(uriInfo.getAbsolutePath() + "/" + createdNotification.getPutCode())).build();
} catch (URISyntaxException e) {
throw new RuntimeException(localeManager.resolveMessage("apiError.notification_uri.exception"), e);
}
}
use of org.orcid.core.security.visibility.aop.AccessControl in project ORCID-Source by ORCID.
the class T2OrcidApiServiceDelegatorImpl method addExternalIdentifiers.
/**
* Add new external identifiers to the profile. As with all calls, if the
* message contains any other elements, a 400 Bad Request will be returned.
*
* @param orcidMessage
* the message congtaining the external ids
* @return If successful, returns a 200 OK with the updated content.
*/
@Override
@AccessControl(requiredScope = ScopePathType.ORCID_BIO_EXTERNAL_IDENTIFIERS_CREATE)
public Response addExternalIdentifiers(UriInfo uriInfo, String orcid, OrcidMessage orcidMessage) {
OrcidProfile orcidProfile = orcidMessage.getOrcidProfile();
try {
ExternalIdentifiers updatedExternalIdentifiers = orcidProfile.getOrcidBio().getExternalIdentifiers();
// Get the client profile information
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
String clientId = null;
if (OAuth2Authentication.class.isAssignableFrom(authentication.getClass())) {
OAuth2Request authorizationRequest = ((OAuth2Authentication) authentication).getOAuth2Request();
clientId = authorizationRequest.getClientId();
}
for (ExternalIdentifier ei : updatedExternalIdentifiers.getExternalIdentifier()) {
// Set the client profile to each external identifier
if (ei.getSource() == null) {
Source source = new Source();
source.setSourceClientId(new SourceClientId(clientId));
ei.setSource(source);
} else {
// Check if the provided external orcid exists
Source source = ei.getSource();
String sourceOrcid = source.retrieveSourcePath();
if (sourceOrcid != null) {
if (StringUtils.isBlank(sourceOrcid) || (!profileEntityManager.orcidExists(sourceOrcid) && !clientDetailsManager.exists(sourceOrcid))) {
Map<String, String> params = new HashMap<String, String>();
params.put("orcid", sourceOrcid);
throw new OrcidNotFoundException(params);
}
}
}
}
orcidProfile = orcidProfileManager.addExternalIdentifiers(orcidProfile);
return getOrcidMessageResponse(orcidProfile, orcid);
} catch (DataAccessException e) {
throw new OrcidBadRequestException(localeManager.resolveMessage("apiError.badrequest_createorcid.exception"));
}
}
use of org.orcid.core.security.visibility.aop.AccessControl in project ORCID-Source by ORCID.
the class T2OrcidApiServiceDelegatorImpl method registerWebhook.
/**
* Register a new webhook to the profile. As with all calls, if the message
* contains any other elements, a 400 Bad Request will be returned.
*
* @param orcid
* the identifier of the profile to add the webhook
* @param uriInfo
* an uri object containing the webhook
* @return If successful, returns a 2xx.
* */
@Override
@AccessControl(requiredScope = ScopePathType.WEBHOOK)
public Response registerWebhook(UriInfo uriInfo, String orcid, String webhookUri) {
@SuppressWarnings("unused") URI validatedWebhookUri = null;
try {
validatedWebhookUri = new URI(webhookUri);
} catch (URISyntaxException e) {
Object[] params = { webhookUri };
throw new OrcidBadRequestException(localeManager.resolveMessage("apiError.badrequest_incorrect_webhook.exception", params));
}
ProfileEntity profile = profileEntityCacheManager.retrieve(orcid);
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
ClientDetailsEntity clientDetails = null;
String clientId = null;
if (OAuth2Authentication.class.isAssignableFrom(authentication.getClass())) {
OAuth2Request authorizationRequest = ((OAuth2Authentication) authentication).getOAuth2Request();
clientId = authorizationRequest.getClientId();
clientDetails = clientDetailsManager.findByClientId(clientId);
}
if (profile != null && clientDetails != null) {
WebhookEntityPk webhookPk = new WebhookEntityPk(profile, webhookUri);
WebhookEntity webhook = webhookManager.find(webhookPk);
boolean isNew = webhook == null;
if (isNew) {
webhook = new WebhookEntity();
webhook.setProfile(profile);
webhook.setDateCreated(new Date());
webhook.setEnabled(true);
webhook.setUri(webhookUri);
webhook.setClientDetails(clientDetails);
}
webhookManager.update(webhook);
return isNew ? Response.created(uriInfo.getAbsolutePath()).build() : Response.noContent().build();
} else if (profile == null) {
Map<String, String> params = new HashMap<String, String>();
params.put("orcid", orcid);
throw new OrcidNotFoundException(params);
} else {
Map<String, String> params = new HashMap<String, String>();
params.put("client", clientId);
throw new OrcidClientNotFoundException(params);
}
}
Aggregations