Examples with VisibilityType org.orcid.jaxb.model.common_v2.VisibilityType used on opensource projects

Example 1 with VisibilityType

use of org.orcid.jaxb.model.common_v2.VisibilityType in project ORCID-Source by ORCID.

the class OrcidSecurityManagerImpl method checkAndFilter.

private void checkAndFilter(String orcid, Collection<? extends VisibilityType> elements, ScopePathType requiredScope, boolean tokenAlreadyChecked) {
    if (elements == null) {
        return;
    }
    // Check the token
    if (!tokenAlreadyChecked) {
        isMyToken(orcid);
    }
    Iterator<? extends VisibilityType> it = elements.iterator();
    while (it.hasNext()) {
        VisibilityType element = it.next();
        try {
            if (element instanceof Email) {
                Email email = (Email) element;
                checkAndFilter(orcid, email, requiredScope, true);
            } else {
                checkAndFilter(orcid, element, requiredScope, true);
            }
        } catch (Exception e) {
            it.remove();
        }
    }
}

Example 2 with VisibilityType

use of org.orcid.jaxb.model.common_v2.VisibilityType in project ORCID-Source by ORCID.

the class OrcidSecurityManagerImpl method checkAndFilter.

/**
     * Check the permissions of a request over an element. Private
     * implementation that will also include a parameter that indicates if we
     * should check the token or, if it was already checked previously
     * 
     * @param orcid
     *            The user owner of the element
     * @param element
     *            The element to check
     * @param requiredScope
     *            The required scope to access this element
     * @param tokenAlreadyChecked
     *            Indicates if the token was already checked previously, so, we
     *            don't expend time checking it again
     * @throws OrcidUnauthorizedException
     *             In case the token used was not issued for the owner of the
     *             element
     * @throws OrcidAccessControlException
     *             In case the request doesn't have the required scopes
     * @throws OrcidVisibilityException
     *             In case the element is not visible due the visibility
     */
private void checkAndFilter(String orcid, VisibilityType element, ScopePathType requiredScope, boolean tokenAlreadyChecked) {
    if (element == null) {
        return;
    }
    // Check the token was issued for this user
    if (!tokenAlreadyChecked) {
        isMyToken(orcid);
    }
    // Check if the client is the source of the element
    if (element instanceof Filterable) {
        Filterable filterable = (Filterable) element;
        OAuth2Authentication oAuth2Authentication = getOAuth2Authentication();
        if (oAuth2Authentication != null) {
            OAuth2Request authorizationRequest = oAuth2Authentication.getOAuth2Request();
            String clientId = authorizationRequest.getClientId();
            if (clientId.equals(filterable.retrieveSourcePath())) {
                // The client doing the request is the source of the element
                return;
            }
        }
    }
    // /read-public scope
    if (Visibility.PUBLIC.equals(element.getVisibility())) {
        try {
            checkScopes(ScopePathType.READ_PUBLIC);
            // can return it
            return;
        } catch (OrcidAccessControlException e) {
        // Just continue filtering
        }
    }
    // Filter
    filter(element, requiredScope);
}