Search in sources :

Example 6 with AccessControl

use of org.orcid.core.security.visibility.aop.AccessControl in project ORCID-Source by ORCID.

the class T2OrcidApiServiceDelegatorImpl method createProfile.

/**
     * Creates a new profile and returns the saved representation of it. The
     * response should include the 'location' to retrieve the newly created
     * profile from.
     * 
     * @param orcidMessage
     *            the message to be saved. If the message already contains an
     *            ORCID value a 400 Bad Request
     * @return if the creation was successful, returns a 201 along with the
     *         location of the newly created resource otherwise returns an error
     *         response describing the problem
     */
@Override
@AccessControl(requiredScope = ScopePathType.ORCID_PROFILE_CREATE)
public Response createProfile(UriInfo uriInfo, OrcidMessage orcidMessage) {
    OrcidProfile orcidProfile = orcidMessage.getOrcidProfile();
    try {
        setSponsorFromAuthentication(orcidProfile);
        orcidProfile = orcidProfileManager.createOrcidProfileAndNotify(orcidProfile);
        return getCreatedResponse(uriInfo, PROFILE_GET_PATH, orcidProfile);
    } catch (DataAccessException e) {
        if (e.getCause() != null && ConstraintViolationException.class.isAssignableFrom(e.getCause().getClass())) {
            throw new OrcidBadRequestException(localeManager.resolveMessage("apiError.badrequest_email_exists.exception"));
        }
        throw new OrcidBadRequestException(localeManager.resolveMessage("apiError.badrequest_createorcid.exception"), e);
    }
}
Also used : OrcidProfile(org.orcid.jaxb.model.message.OrcidProfile) OrcidBadRequestException(org.orcid.core.exception.OrcidBadRequestException) DataAccessException(org.springframework.dao.DataAccessException) AccessControl(org.orcid.core.security.visibility.aop.AccessControl)

Example 7 with AccessControl

use of org.orcid.core.security.visibility.aop.AccessControl in project ORCID-Source by ORCID.

the class T2OrcidApiServiceDelegatorImpl method unregisterWebhook.

/**
     * Unregister a webhook from a profile. As with all calls, if the message
     * contains any other elements, a 400 Bad Request will be returned.
     * 
     * @param orcid
     *            the identifier of the profile to unregister the webhook
     * @param uriInfo
     *            an uri object containing the webhook that will be unregistred
     * @return If successful, returns a 204 No content.
     * */
@Override
@AccessControl(requiredScope = ScopePathType.WEBHOOK)
public Response unregisterWebhook(UriInfo uriInfo, String orcid, String webhookUri) {
    ProfileEntity profile = profileEntityCacheManager.retrieve(orcid);
    if (profile != null) {
        WebhookEntityPk webhookPk = new WebhookEntityPk(profile, webhookUri);
        WebhookEntity webhook = webhookManager.find(webhookPk);
        if (webhook == null) {
            Map<String, String> params = new HashMap<String, String>();
            params.put("orcid", orcid);
            params.put("uri", webhookUri);
            throw new OrcidWebhookNotFoundException(params);
        } else {
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            String clientId = null;
            if (OAuth2Authentication.class.isAssignableFrom(authentication.getClass())) {
                OAuth2Request authorizationRequest = ((OAuth2Authentication) authentication).getOAuth2Request();
                clientId = authorizationRequest.getClientId();
            }
            // Check if user can unregister this webhook
            if (webhook.getClientDetails().getId().equals(clientId)) {
                webhookManager.delete(webhookPk);
                return Response.noContent().build();
            } else {
                // that webhook
                throw new OrcidForbiddenException(localeManager.resolveMessage("apiError.forbidden_unregister_webhook.exception"));
            }
        }
    } else {
        Map<String, String> params = new HashMap<String, String>();
        params.put("orcid", orcid);
        throw new OrcidNotFoundException(params);
    }
}
Also used : OrcidWebhookNotFoundException(org.orcid.core.exception.OrcidWebhookNotFoundException) OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) OrcidForbiddenException(org.orcid.core.exception.OrcidForbiddenException) WebhookEntityPk(org.orcid.persistence.jpa.entities.keys.WebhookEntityPk) HashMap(java.util.HashMap) WebhookEntity(org.orcid.persistence.jpa.entities.WebhookEntity) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) OrcidNotFoundException(org.orcid.core.exception.OrcidNotFoundException) ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity) AccessControl(org.orcid.core.security.visibility.aop.AccessControl)

Example 8 with AccessControl

use of org.orcid.core.security.visibility.aop.AccessControl in project ORCID-Source by ORCID.

the class InternalApiServiceDelegatorImpl method viewPersonLastModified.

@Override
@AccessControl(requiredScope = ScopePathType.INTERNAL_PERSON_LAST_MODIFIED, requestComesFromInternalApi = true)
public Response viewPersonLastModified(String orcid) {
    Date lastModified = orcidProfileManager.retrieveLastModifiedDate(orcid);
    LastModifiedResponse obj = new LastModifiedResponse(orcid, lastModified.toString());
    Response response = Response.ok(obj).build();
    return response;
}
Also used : LastModifiedResponse(org.orcid.internal.util.LastModifiedResponse) Response(javax.ws.rs.core.Response) LastModifiedResponse(org.orcid.internal.util.LastModifiedResponse) Date(java.util.Date) AccessControl(org.orcid.core.security.visibility.aop.AccessControl)

Example 9 with AccessControl

use of org.orcid.core.security.visibility.aop.AccessControl in project ORCID-Source by ORCID.

the class StatsApiServiceDelegatorImpl method getAllStatsTimelines.

@Override
@AccessControl(requiredScope = ScopePathType.READ_PUBLIC, enableAnonymousAccess = true)
public Response getAllStatsTimelines() {
    StatisticsSummary summary = statisticsCacheManager.retrieve();
    if (summary == null)
        return Response.status(Status.NOT_FOUND).build();
    StatsTimelineList statsTimelines = new StatsTimelineList();
    for (String key : summary.getStatistics().keySet()) {
        StatisticsTimeline timeline = statisticsCacheManager.getStatisticsTimelineModel(StatisticsEnum.fromString(key));
        if (timeline != null)
            statsTimelines.getTimelines().add(timeline);
    }
    return Response.ok(statsTimelines).build();
}
Also used : StatsTimelineList(org.orcid.api.common.writer.stats.StatsTimelineList) StatisticsSummary(org.orcid.jaxb.model.statistics.StatisticsSummary) StatisticsTimeline(org.orcid.jaxb.model.statistics.StatisticsTimeline) AccessControl(org.orcid.core.security.visibility.aop.AccessControl)

Example 10 with AccessControl

use of org.orcid.core.security.visibility.aop.AccessControl in project ORCID-Source by ORCID.

the class NotificationsApiServiceDelegatorImpl method findPermissionNotifications.

@Override
@AccessControl(requiredScope = ScopePathType.PREMIUM_NOTIFICATION)
public Response findPermissionNotifications(String orcid) {
    // Get the client profile information
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    String clientId = null;
    if (OAuth2Authentication.class.isAssignableFrom(authentication.getClass())) {
        OAuth2Request authorizationRequest = ((OAuth2Authentication) authentication).getOAuth2Request();
        clientId = authorizationRequest.getClientId();
    }
    NotificationPermissions notifications = notificationManager.findPermissionsByOrcidAndClient(orcid, clientId, 0, MAX_NOTIFICATIONS_AVAILABLE);
    return Response.ok(notifications).build();
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) NotificationPermissions(org.orcid.jaxb.model.notification.permission_v2.NotificationPermissions) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) AccessControl(org.orcid.core.security.visibility.aop.AccessControl)

Aggregations

AccessControl (org.orcid.core.security.visibility.aop.AccessControl)10 HashMap (java.util.HashMap)6 Authentication (org.springframework.security.core.Authentication)4 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)4 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)4 OrcidBadRequestException (org.orcid.core.exception.OrcidBadRequestException)3 OrcidNotFoundException (org.orcid.core.exception.OrcidNotFoundException)3 Notification (org.orcid.jaxb.model.notification_v2.Notification)3 ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)3 URI (java.net.URI)2 URISyntaxException (java.net.URISyntaxException)2 Date (java.util.Date)2 OrcidNotificationNotFoundException (org.orcid.core.exception.OrcidNotificationNotFoundException)2 OrcidProfile (org.orcid.jaxb.model.message.OrcidProfile)2 WebhookEntity (org.orcid.persistence.jpa.entities.WebhookEntity)2 WebhookEntityPk (org.orcid.persistence.jpa.entities.keys.WebhookEntityPk)2 DataAccessException (org.springframework.dao.DataAccessException)2 Map (java.util.Map)1 Response (javax.ws.rs.core.Response)1 StatsTimelineList (org.orcid.api.common.writer.stats.StatsTimelineList)1