Search in sources :

Example 1 with AccessControl

use of org.orcid.core.security.visibility.aop.AccessControl in project ORCID-Source by ORCID.

the class NotificationsApiServiceDelegatorImpl method flagNotificationAsArchived.

@Override
@AccessControl(requiredScope = ScopePathType.PREMIUM_NOTIFICATION)
public Response flagNotificationAsArchived(String orcid, Long id) throws OrcidNotificationAlreadyReadException {
    checkIfProfileDeprecated(orcid);
    Notification notification = notificationManager.flagAsArchived(orcid, id);
    if (notification == null) {
        Map<String, String> params = new HashMap<String, String>();
        params.put("orcid", orcid);
        params.put("id", String.valueOf(id));
        throw new OrcidNotificationNotFoundException(params);
    }
    return Response.ok(notification).build();
}
Also used : HashMap(java.util.HashMap) OrcidNotificationNotFoundException(org.orcid.core.exception.OrcidNotificationNotFoundException) Notification(org.orcid.jaxb.model.notification_v2.Notification) AccessControl(org.orcid.core.security.visibility.aop.AccessControl)

Example 2 with AccessControl

use of org.orcid.core.security.visibility.aop.AccessControl in project ORCID-Source by ORCID.

the class NotificationsApiServiceDelegatorImpl method findPermissionNotification.

@Override
@AccessControl(requiredScope = ScopePathType.PREMIUM_NOTIFICATION)
public Response findPermissionNotification(String orcid, Long id) {
    checkIfProfileDeprecated(orcid);
    Notification notification = notificationManager.findByOrcidAndId(orcid, id);
    if (notification != null) {
        checkSource(notification);
        return Response.ok(notification).build();
    } else {
        Map<String, String> params = new HashMap<String, String>();
        params.put("orcid", orcid);
        params.put("id", String.valueOf(id));
        throw new OrcidNotificationNotFoundException(params);
    }
}
Also used : HashMap(java.util.HashMap) OrcidNotificationNotFoundException(org.orcid.core.exception.OrcidNotificationNotFoundException) Notification(org.orcid.jaxb.model.notification_v2.Notification) AccessControl(org.orcid.core.security.visibility.aop.AccessControl)

Example 3 with AccessControl

use of org.orcid.core.security.visibility.aop.AccessControl in project ORCID-Source by ORCID.

the class NotificationsApiServiceDelegatorImpl method addPermissionNotification.

@Override
@AccessControl(requiredScope = ScopePathType.PREMIUM_NOTIFICATION)
public Response addPermissionNotification(UriInfo uriInfo, String orcid, NotificationPermission notification) {
    checkIfProfileDeprecated(orcid);
    notificationValidationManager.validateNotificationPermission(notification);
    ProfileEntity profile = profileEntityCacheManager.retrieve(orcid);
    if (profile == null) {
        throw OrcidNotFoundException.newInstance(orcid);
    }
    if (profile.getSendMemberUpdateRequests() != null && !profile.getSendMemberUpdateRequests()) {
        Map<String, String> params = new HashMap<String, String>();
        params.put("orcid", orcid);
        throw new OrcidNotificationException(params);
    }
    Notification createdNotification = notificationManager.createNotification(orcid, notification);
    try {
        return Response.created(new URI(uriInfo.getAbsolutePath() + "/" + createdNotification.getPutCode())).build();
    } catch (URISyntaxException e) {
        throw new RuntimeException(localeManager.resolveMessage("apiError.notification_uri.exception"), e);
    }
}
Also used : HashMap(java.util.HashMap) OrcidNotificationException(org.orcid.core.exception.OrcidNotificationException) URISyntaxException(java.net.URISyntaxException) URI(java.net.URI) ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity) Notification(org.orcid.jaxb.model.notification_v2.Notification) AccessControl(org.orcid.core.security.visibility.aop.AccessControl)

Example 4 with AccessControl

use of org.orcid.core.security.visibility.aop.AccessControl in project ORCID-Source by ORCID.

the class T2OrcidApiServiceDelegatorImpl method addExternalIdentifiers.

/**
     * Add new external identifiers to the profile. As with all calls, if the
     * message contains any other elements, a 400 Bad Request will be returned.
     * 
     * @param orcidMessage
     *            the message congtaining the external ids
     * @return If successful, returns a 200 OK with the updated content.
     */
@Override
@AccessControl(requiredScope = ScopePathType.ORCID_BIO_EXTERNAL_IDENTIFIERS_CREATE)
public Response addExternalIdentifiers(UriInfo uriInfo, String orcid, OrcidMessage orcidMessage) {
    OrcidProfile orcidProfile = orcidMessage.getOrcidProfile();
    try {
        ExternalIdentifiers updatedExternalIdentifiers = orcidProfile.getOrcidBio().getExternalIdentifiers();
        // Get the client profile information
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        String clientId = null;
        if (OAuth2Authentication.class.isAssignableFrom(authentication.getClass())) {
            OAuth2Request authorizationRequest = ((OAuth2Authentication) authentication).getOAuth2Request();
            clientId = authorizationRequest.getClientId();
        }
        for (ExternalIdentifier ei : updatedExternalIdentifiers.getExternalIdentifier()) {
            // Set the client profile to each external identifier
            if (ei.getSource() == null) {
                Source source = new Source();
                source.setSourceClientId(new SourceClientId(clientId));
                ei.setSource(source);
            } else {
                // Check if the provided external orcid exists
                Source source = ei.getSource();
                String sourceOrcid = source.retrieveSourcePath();
                if (sourceOrcid != null) {
                    if (StringUtils.isBlank(sourceOrcid) || (!profileEntityManager.orcidExists(sourceOrcid) && !clientDetailsManager.exists(sourceOrcid))) {
                        Map<String, String> params = new HashMap<String, String>();
                        params.put("orcid", sourceOrcid);
                        throw new OrcidNotFoundException(params);
                    }
                }
            }
        }
        orcidProfile = orcidProfileManager.addExternalIdentifiers(orcidProfile);
        return getOrcidMessageResponse(orcidProfile, orcid);
    } catch (DataAccessException e) {
        throw new OrcidBadRequestException(localeManager.resolveMessage("apiError.badrequest_createorcid.exception"));
    }
}
Also used : ExternalIdentifier(org.orcid.jaxb.model.message.ExternalIdentifier) HashMap(java.util.HashMap) SourceClientId(org.orcid.jaxb.model.message.SourceClientId) Source(org.orcid.jaxb.model.message.Source) OrcidProfile(org.orcid.jaxb.model.message.OrcidProfile) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) OrcidBadRequestException(org.orcid.core.exception.OrcidBadRequestException) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) OrcidNotFoundException(org.orcid.core.exception.OrcidNotFoundException) ExternalIdentifiers(org.orcid.jaxb.model.message.ExternalIdentifiers) DataAccessException(org.springframework.dao.DataAccessException) AccessControl(org.orcid.core.security.visibility.aop.AccessControl)

Example 5 with AccessControl

use of org.orcid.core.security.visibility.aop.AccessControl in project ORCID-Source by ORCID.

the class T2OrcidApiServiceDelegatorImpl method registerWebhook.

/**
     * Register a new webhook to the profile. As with all calls, if the message
     * contains any other elements, a 400 Bad Request will be returned.
     * 
     * @param orcid
     *            the identifier of the profile to add the webhook
     * @param uriInfo
     *            an uri object containing the webhook
     * @return If successful, returns a 2xx.
     * */
@Override
@AccessControl(requiredScope = ScopePathType.WEBHOOK)
public Response registerWebhook(UriInfo uriInfo, String orcid, String webhookUri) {
    @SuppressWarnings("unused") URI validatedWebhookUri = null;
    try {
        validatedWebhookUri = new URI(webhookUri);
    } catch (URISyntaxException e) {
        Object[] params = { webhookUri };
        throw new OrcidBadRequestException(localeManager.resolveMessage("apiError.badrequest_incorrect_webhook.exception", params));
    }
    ProfileEntity profile = profileEntityCacheManager.retrieve(orcid);
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    ClientDetailsEntity clientDetails = null;
    String clientId = null;
    if (OAuth2Authentication.class.isAssignableFrom(authentication.getClass())) {
        OAuth2Request authorizationRequest = ((OAuth2Authentication) authentication).getOAuth2Request();
        clientId = authorizationRequest.getClientId();
        clientDetails = clientDetailsManager.findByClientId(clientId);
    }
    if (profile != null && clientDetails != null) {
        WebhookEntityPk webhookPk = new WebhookEntityPk(profile, webhookUri);
        WebhookEntity webhook = webhookManager.find(webhookPk);
        boolean isNew = webhook == null;
        if (isNew) {
            webhook = new WebhookEntity();
            webhook.setProfile(profile);
            webhook.setDateCreated(new Date());
            webhook.setEnabled(true);
            webhook.setUri(webhookUri);
            webhook.setClientDetails(clientDetails);
        }
        webhookManager.update(webhook);
        return isNew ? Response.created(uriInfo.getAbsolutePath()).build() : Response.noContent().build();
    } else if (profile == null) {
        Map<String, String> params = new HashMap<String, String>();
        params.put("orcid", orcid);
        throw new OrcidNotFoundException(params);
    } else {
        Map<String, String> params = new HashMap<String, String>();
        params.put("client", clientId);
        throw new OrcidClientNotFoundException(params);
    }
}
Also used : ClientDetailsEntity(org.orcid.persistence.jpa.entities.ClientDetailsEntity) WebhookEntityPk(org.orcid.persistence.jpa.entities.keys.WebhookEntityPk) URISyntaxException(java.net.URISyntaxException) URI(java.net.URI) ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity) Date(java.util.Date) SubmissionDate(org.orcid.jaxb.model.message.SubmissionDate) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) OrcidBadRequestException(org.orcid.core.exception.OrcidBadRequestException) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) WebhookEntity(org.orcid.persistence.jpa.entities.WebhookEntity) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) OrcidNotFoundException(org.orcid.core.exception.OrcidNotFoundException) Map(java.util.Map) HashMap(java.util.HashMap) OrcidClientNotFoundException(org.orcid.core.exception.OrcidClientNotFoundException) AccessControl(org.orcid.core.security.visibility.aop.AccessControl)

Aggregations

AccessControl (org.orcid.core.security.visibility.aop.AccessControl)10 HashMap (java.util.HashMap)6 Authentication (org.springframework.security.core.Authentication)4 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)4 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)4 OrcidBadRequestException (org.orcid.core.exception.OrcidBadRequestException)3 OrcidNotFoundException (org.orcid.core.exception.OrcidNotFoundException)3 Notification (org.orcid.jaxb.model.notification_v2.Notification)3 ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)3 URI (java.net.URI)2 URISyntaxException (java.net.URISyntaxException)2 Date (java.util.Date)2 OrcidNotificationNotFoundException (org.orcid.core.exception.OrcidNotificationNotFoundException)2 OrcidProfile (org.orcid.jaxb.model.message.OrcidProfile)2 WebhookEntity (org.orcid.persistence.jpa.entities.WebhookEntity)2 WebhookEntityPk (org.orcid.persistence.jpa.entities.keys.WebhookEntityPk)2 DataAccessException (org.springframework.dao.DataAccessException)2 Map (java.util.Map)1 Response (javax.ws.rs.core.Response)1 StatsTimelineList (org.orcid.api.common.writer.stats.StatsTimelineList)1