use of org.orcid.core.security.visibility.aop.AccessControl in project ORCID-Source by ORCID.
the class T2OrcidApiServiceDelegatorImpl method createProfile.
/**
* Creates a new profile and returns the saved representation of it. The
* response should include the 'location' to retrieve the newly created
* profile from.
*
* @param orcidMessage
* the message to be saved. If the message already contains an
* ORCID value a 400 Bad Request
* @return if the creation was successful, returns a 201 along with the
* location of the newly created resource otherwise returns an error
* response describing the problem
*/
@Override
@AccessControl(requiredScope = ScopePathType.ORCID_PROFILE_CREATE)
public Response createProfile(UriInfo uriInfo, OrcidMessage orcidMessage) {
OrcidProfile orcidProfile = orcidMessage.getOrcidProfile();
try {
setSponsorFromAuthentication(orcidProfile);
orcidProfile = orcidProfileManager.createOrcidProfileAndNotify(orcidProfile);
return getCreatedResponse(uriInfo, PROFILE_GET_PATH, orcidProfile);
} catch (DataAccessException e) {
if (e.getCause() != null && ConstraintViolationException.class.isAssignableFrom(e.getCause().getClass())) {
throw new OrcidBadRequestException(localeManager.resolveMessage("apiError.badrequest_email_exists.exception"));
}
throw new OrcidBadRequestException(localeManager.resolveMessage("apiError.badrequest_createorcid.exception"), e);
}
}
use of org.orcid.core.security.visibility.aop.AccessControl in project ORCID-Source by ORCID.
the class T2OrcidApiServiceDelegatorImpl method unregisterWebhook.
/**
* Unregister a webhook from a profile. As with all calls, if the message
* contains any other elements, a 400 Bad Request will be returned.
*
* @param orcid
* the identifier of the profile to unregister the webhook
* @param uriInfo
* an uri object containing the webhook that will be unregistred
* @return If successful, returns a 204 No content.
* */
@Override
@AccessControl(requiredScope = ScopePathType.WEBHOOK)
public Response unregisterWebhook(UriInfo uriInfo, String orcid, String webhookUri) {
ProfileEntity profile = profileEntityCacheManager.retrieve(orcid);
if (profile != null) {
WebhookEntityPk webhookPk = new WebhookEntityPk(profile, webhookUri);
WebhookEntity webhook = webhookManager.find(webhookPk);
if (webhook == null) {
Map<String, String> params = new HashMap<String, String>();
params.put("orcid", orcid);
params.put("uri", webhookUri);
throw new OrcidWebhookNotFoundException(params);
} else {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
String clientId = null;
if (OAuth2Authentication.class.isAssignableFrom(authentication.getClass())) {
OAuth2Request authorizationRequest = ((OAuth2Authentication) authentication).getOAuth2Request();
clientId = authorizationRequest.getClientId();
}
// Check if user can unregister this webhook
if (webhook.getClientDetails().getId().equals(clientId)) {
webhookManager.delete(webhookPk);
return Response.noContent().build();
} else {
// that webhook
throw new OrcidForbiddenException(localeManager.resolveMessage("apiError.forbidden_unregister_webhook.exception"));
}
}
} else {
Map<String, String> params = new HashMap<String, String>();
params.put("orcid", orcid);
throw new OrcidNotFoundException(params);
}
}
use of org.orcid.core.security.visibility.aop.AccessControl in project ORCID-Source by ORCID.
the class InternalApiServiceDelegatorImpl method viewPersonLastModified.
@Override
@AccessControl(requiredScope = ScopePathType.INTERNAL_PERSON_LAST_MODIFIED, requestComesFromInternalApi = true)
public Response viewPersonLastModified(String orcid) {
Date lastModified = orcidProfileManager.retrieveLastModifiedDate(orcid);
LastModifiedResponse obj = new LastModifiedResponse(orcid, lastModified.toString());
Response response = Response.ok(obj).build();
return response;
}
use of org.orcid.core.security.visibility.aop.AccessControl in project ORCID-Source by ORCID.
the class StatsApiServiceDelegatorImpl method getAllStatsTimelines.
@Override
@AccessControl(requiredScope = ScopePathType.READ_PUBLIC, enableAnonymousAccess = true)
public Response getAllStatsTimelines() {
StatisticsSummary summary = statisticsCacheManager.retrieve();
if (summary == null)
return Response.status(Status.NOT_FOUND).build();
StatsTimelineList statsTimelines = new StatsTimelineList();
for (String key : summary.getStatistics().keySet()) {
StatisticsTimeline timeline = statisticsCacheManager.getStatisticsTimelineModel(StatisticsEnum.fromString(key));
if (timeline != null)
statsTimelines.getTimelines().add(timeline);
}
return Response.ok(statsTimelines).build();
}
use of org.orcid.core.security.visibility.aop.AccessControl in project ORCID-Source by ORCID.
the class NotificationsApiServiceDelegatorImpl method findPermissionNotifications.
@Override
@AccessControl(requiredScope = ScopePathType.PREMIUM_NOTIFICATION)
public Response findPermissionNotifications(String orcid) {
// Get the client profile information
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
String clientId = null;
if (OAuth2Authentication.class.isAssignableFrom(authentication.getClass())) {
OAuth2Request authorizationRequest = ((OAuth2Authentication) authentication).getOAuth2Request();
clientId = authorizationRequest.getClientId();
}
NotificationPermissions notifications = notificationManager.findPermissionsByOrcidAndClient(orcid, clientId, 0, MAX_NOTIFICATIONS_AVAILABLE);
return Response.ok(notifications).build();
}
Aggregations