Search in sources :

Example 1 with Filterable

use of org.orcid.jaxb.model.common_v2.Filterable in project ORCID-Source by ORCID.

the class PublicAPISecurityManagerV2Test method setVisibility.

private void setVisibility(GroupsContainer container, Visibility... vs) {
    assertEquals(container.retrieveGroups().size(), vs.length);
    int idx = 0;
    for (Group g : container.retrieveGroups()) {
        // Every group have just one element
        assertEquals(1, g.getActivities().size());
        for (Filterable f : g.getActivities()) {
            f.setVisibility(vs[idx++]);
        }
    }
}
Also used : WorkGroup(org.orcid.jaxb.model.record.summary_v2.WorkGroup) PeerReviewGroup(org.orcid.jaxb.model.record.summary_v2.PeerReviewGroup) FundingGroup(org.orcid.jaxb.model.record.summary_v2.FundingGroup) Group(org.orcid.jaxb.model.record_v2.Group) Filterable(org.orcid.jaxb.model.common_v2.Filterable)

Example 2 with Filterable

use of org.orcid.jaxb.model.common_v2.Filterable in project ORCID-Source by ORCID.

the class OrcidSecurityManagerImpl method checkAndFilter.

/**
 * Check the permissions of a request over an element. Private
 * implementation that will also include a parameter that indicates if we
 * should check the token or, if it was already checked previously
 *
 * @param orcid
 *            The user owner of the element
 * @param element
 *            The element to check
 * @param requiredScope
 *            The required scope to access this element
 * @param tokenAlreadyChecked
 *            Indicates if the token was already checked previously, so, we
 *            don't expend time checking it again
 * @throws OrcidUnauthorizedException
 *             In case the token used was not issued for the owner of the
 *             element
 * @throws OrcidAccessControlException
 *             In case the request doesn't have the required scopes
 * @throws OrcidVisibilityException
 *             In case the element is not visible due the visibility
 */
private void checkAndFilter(String orcid, VisibilityType element, ScopePathType requiredScope, boolean tokenAlreadyChecked) {
    if (element == null) {
        return;
    }
    // Check the token was issued for this user
    if (!tokenAlreadyChecked) {
        isMyToken(orcid);
    }
    // Check if the client is the source of the element
    if (element instanceof Filterable) {
        Filterable filterable = (Filterable) element;
        OAuth2Authentication oAuth2Authentication = getOAuth2Authentication();
        if (oAuth2Authentication != null) {
            OAuth2Request authorizationRequest = oAuth2Authentication.getOAuth2Request();
            String clientId = authorizationRequest.getClientId();
            if (clientId.equals(filterable.retrieveSourcePath())) {
                // The client doing the request is the source of the element
                return;
            }
        }
    }
    // /read-public scope
    if (Visibility.PUBLIC.equals(element.getVisibility())) {
        try {
            checkScopes(ScopePathType.READ_PUBLIC);
            // can return it
            return;
        } catch (OrcidAccessControlException e) {
        // Just continue filtering
        }
    }
    // Filter
    filter(element, requiredScope);
}
Also used : OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request) Filterable(org.orcid.jaxb.model.common_v2.Filterable) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) OrcidAccessControlException(org.orcid.core.exception.OrcidAccessControlException)

Aggregations

Filterable (org.orcid.jaxb.model.common_v2.Filterable)2 OrcidAccessControlException (org.orcid.core.exception.OrcidAccessControlException)1 FundingGroup (org.orcid.jaxb.model.record.summary_v2.FundingGroup)1 PeerReviewGroup (org.orcid.jaxb.model.record.summary_v2.PeerReviewGroup)1 WorkGroup (org.orcid.jaxb.model.record.summary_v2.WorkGroup)1 Group (org.orcid.jaxb.model.record_v2.Group)1 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)1 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)1