Example 1 with InternalSystemPropertyToken
use of org.structr.common.error.InternalSystemPropertyToken in project structr by structr.
the class AbstractNode method setPropertyInternal.
private <T> Object setPropertyInternal(final PropertyKey<T> key, final T value) throws FrameworkException {
if (key == null) {
logger.error("Tried to set property with null key (action was denied)");
throw new FrameworkException(422, "Tried to set property with null key (action was denied)", new NullArgumentToken(getClass().getSimpleName(), base));
}
try {
// check for system properties
if (key.isSystemInternal() && !internalSystemPropertiesUnlocked) {
throw new FrameworkException(422, "Property " + key.jsonName() + " is an internal system property", new InternalSystemPropertyToken(getClass().getSimpleName(), key));
}
// check for read-only properties
if ((key.isReadOnly() || key.isWriteOnce()) && !readOnlyPropertiesUnlocked && !securityContext.isSuperUser()) {
throw new FrameworkException(422, "Property " + key.jsonName() + " is read-only", new ReadOnlyPropertyToken(getClass().getSimpleName(), key));
}
return key.setProperty(securityContext, this, value);
} finally {
// unconditionally lock read-only properties after every write (attempt) to avoid security problems
// since we made "unlock_readonly_properties_once" available through scripting
internalSystemPropertiesUnlocked = false;
readOnlyPropertiesUnlocked = false;
}
}
Also used :
ReadOnlyPropertyToken(org.structr.common.error.ReadOnlyPropertyToken)
FrameworkException(org.structr.common.error.FrameworkException)
NullArgumentToken(org.structr.common.error.NullArgumentToken)
InternalSystemPropertyToken(org.structr.common.error.InternalSystemPropertyToken)
Example 2 with InternalSystemPropertyToken
use of org.structr.common.error.InternalSystemPropertyToken in project structr by structr.
the class AbstractNode method removeProperty.
@Override
public final void removeProperty(final PropertyKey key) throws FrameworkException {
if (!isGranted(Permission.write, securityContext)) {
throw new FrameworkException(403, "Modification not permitted.");
}
if (this.dbNode != null) {
if (key == null) {
logger.error("Tried to set property with null key (action was denied)");
return;
}
// check for read-only properties
if (key.isReadOnly()) {
// allow super user to set read-only properties
if (readOnlyPropertiesUnlocked || securityContext.isSuperUser()) {
// permit write operation once and
// lock read-only properties again
internalSystemPropertiesUnlocked = false;
} else {
throw new FrameworkException(404, "Property " + key.jsonName() + " is read-only", new ReadOnlyPropertyToken(getType(), key));
}
}
// check for system properties - cannot be overriden with super-user rights
if (key.isSystemInternal()) {
// allow super user to set read-only properties
if (internalSystemPropertiesUnlocked) {
// permit write operation once and
// lock read-only properties again
internalSystemPropertiesUnlocked = false;
} else {
throw new FrameworkException(404, "Property " + key.jsonName() + " is read-only", new InternalSystemPropertyToken(getType(), key));
}
}
dbNode.removeProperty(key.dbName());
// remove from index
removeFromIndex(key);
}
}
Also used :
ReadOnlyPropertyToken(org.structr.common.error.ReadOnlyPropertyToken)
FrameworkException(org.structr.common.error.FrameworkException)
InternalSystemPropertyToken(org.structr.common.error.InternalSystemPropertyToken)
Example 3 with InternalSystemPropertyToken
use of org.structr.common.error.InternalSystemPropertyToken in project structr by structr.
the class AbstractNode method setProperties.
@Override
public void setProperties(final SecurityContext securityContext, final PropertyMap properties) throws FrameworkException {
if (!isGranted(Permission.write, securityContext)) {
internalSystemPropertiesUnlocked = false;
readOnlyPropertiesUnlocked = false;
throw new FrameworkException(403, "Modification not permitted.");
}
for (final PropertyKey key : properties.keySet()) {
final Object value = properties.get(key);
final Object oldValue = getProperty(key);
// no old value exists OR old value exists and is NOT equal => set property
if (((oldValue == null) && (value != null)) || ((oldValue != null) && (!oldValue.equals(value)) || (key instanceof FunctionProperty))) {
if (!key.equals(GraphObject.id)) {
// check for system properties
if (key.isSystemInternal() && !internalSystemPropertiesUnlocked) {
throw new FrameworkException(422, "Property " + key.jsonName() + " is an internal system property", new InternalSystemPropertyToken(getClass().getSimpleName(), key));
}
// check for read-only properties
if ((key.isReadOnly() || key.isWriteOnce()) && !readOnlyPropertiesUnlocked && !securityContext.isSuperUser()) {
throw new FrameworkException(422, "Property " + key.jsonName() + " is read-only", new ReadOnlyPropertyToken(getClass().getSimpleName(), key));
}
}
}
}
NodeInterface.super.setProperties(securityContext, properties);
}
Also used :
ReadOnlyPropertyToken(org.structr.common.error.ReadOnlyPropertyToken)
FrameworkException(org.structr.common.error.FrameworkException)
InternalSystemPropertyToken(org.structr.common.error.InternalSystemPropertyToken)
GraphObject(org.structr.core.GraphObject)
FunctionProperty(org.structr.core.property.FunctionProperty)
PropertyKey(org.structr.core.property.PropertyKey)
Example 4 with InternalSystemPropertyToken
use of org.structr.common.error.InternalSystemPropertyToken in project structr by structr.
the class AbstractRelationship method setProperty.
@Override
public final <T> Object setProperty(final PropertyKey<T> key, final T value) throws FrameworkException {
if (key == null) {
logger.error("Tried to set property with null key (action was denied)");
throw new FrameworkException(422, "Tried to set property with null key (action was denied)", new NullArgumentToken(getClass().getSimpleName(), base));
}
try {
if (dbRelationship != null && dbRelationship.hasProperty(key.dbName())) {
// check for system properties
if (key.isSystemInternal() && !internalSystemPropertiesUnlocked) {
throw new FrameworkException(422, "Property " + key.jsonName() + " is an internal system property", new InternalSystemPropertyToken(getClass().getSimpleName(), key));
}
// check for read-only properties
if ((key.isReadOnly() || key.isWriteOnce()) && !readOnlyPropertiesUnlocked && !securityContext.isSuperUser()) {
throw new FrameworkException(422, "Property " + key.jsonName() + " is read-only", new ReadOnlyPropertyToken(getClass().getSimpleName(), key));
}
}
return key.setProperty(securityContext, this, value);
} finally {
// unconditionally lock read-only properties after every write (attempt) to avoid security problems
// since we made "unlock_readonly_properties_once" available through scripting
internalSystemPropertiesUnlocked = false;
readOnlyPropertiesUnlocked = false;
}
}
Also used :
ReadOnlyPropertyToken(org.structr.common.error.ReadOnlyPropertyToken)
FrameworkException(org.structr.common.error.FrameworkException)
NullArgumentToken(org.structr.common.error.NullArgumentToken)
InternalSystemPropertyToken(org.structr.common.error.InternalSystemPropertyToken)
Aggregations
FrameworkException (org.structr.common.error.FrameworkException)4
InternalSystemPropertyToken (org.structr.common.error.InternalSystemPropertyToken)4
ReadOnlyPropertyToken (org.structr.common.error.ReadOnlyPropertyToken)4
NullArgumentToken (org.structr.common.error.NullArgumentToken)2
GraphObject (org.structr.core.GraphObject)1
FunctionProperty (org.structr.core.property.FunctionProperty)1
PropertyKey (org.structr.core.property.PropertyKey)1
