Example 1 with ReadOnlyPropertyToken
use of org.structr.common.error.ReadOnlyPropertyToken in project structr by structr.
the class AbstractNode method setPropertyInternal.
private <T> Object setPropertyInternal(final PropertyKey<T> key, final T value) throws FrameworkException {
if (key == null) {
logger.error("Tried to set property with null key (action was denied)");
throw new FrameworkException(422, "Tried to set property with null key (action was denied)", new NullArgumentToken(getClass().getSimpleName(), base));
}
try {
// check for system properties
if (key.isSystemInternal() && !internalSystemPropertiesUnlocked) {
throw new FrameworkException(422, "Property " + key.jsonName() + " is an internal system property", new InternalSystemPropertyToken(getClass().getSimpleName(), key));
}
// check for read-only properties
if ((key.isReadOnly() || key.isWriteOnce()) && !readOnlyPropertiesUnlocked && !securityContext.isSuperUser()) {
throw new FrameworkException(422, "Property " + key.jsonName() + " is read-only", new ReadOnlyPropertyToken(getClass().getSimpleName(), key));
}
return key.setProperty(securityContext, this, value);
} finally {
// unconditionally lock read-only properties after every write (attempt) to avoid security problems
// since we made "unlock_readonly_properties_once" available through scripting
internalSystemPropertiesUnlocked = false;
readOnlyPropertiesUnlocked = false;
}
}
Also used :
ReadOnlyPropertyToken(org.structr.common.error.ReadOnlyPropertyToken)
FrameworkException(org.structr.common.error.FrameworkException)
NullArgumentToken(org.structr.common.error.NullArgumentToken)
InternalSystemPropertyToken(org.structr.common.error.InternalSystemPropertyToken)
Example 2 with ReadOnlyPropertyToken
use of org.structr.common.error.ReadOnlyPropertyToken in project structr by structr.
the class AbstractNode method removeProperty.
@Override
public final void removeProperty(final PropertyKey key) throws FrameworkException {
if (!isGranted(Permission.write, securityContext)) {
throw new FrameworkException(403, "Modification not permitted.");
}
if (this.dbNode != null) {
if (key == null) {
logger.error("Tried to set property with null key (action was denied)");
return;
}
// check for read-only properties
if (key.isReadOnly()) {
// allow super user to set read-only properties
if (readOnlyPropertiesUnlocked || securityContext.isSuperUser()) {
// permit write operation once and
// lock read-only properties again
internalSystemPropertiesUnlocked = false;
} else {
throw new FrameworkException(404, "Property " + key.jsonName() + " is read-only", new ReadOnlyPropertyToken(getType(), key));
}
}
// check for system properties - cannot be overriden with super-user rights
if (key.isSystemInternal()) {
// allow super user to set read-only properties
if (internalSystemPropertiesUnlocked) {
// permit write operation once and
// lock read-only properties again
internalSystemPropertiesUnlocked = false;
} else {
throw new FrameworkException(404, "Property " + key.jsonName() + " is read-only", new InternalSystemPropertyToken(getType(), key));
}
}
dbNode.removeProperty(key.dbName());
// remove from index
removeFromIndex(key);
}
}
Also used :
ReadOnlyPropertyToken(org.structr.common.error.ReadOnlyPropertyToken)
FrameworkException(org.structr.common.error.FrameworkException)
InternalSystemPropertyToken(org.structr.common.error.InternalSystemPropertyToken)
Example 3 with ReadOnlyPropertyToken
use of org.structr.common.error.ReadOnlyPropertyToken in project structr by structr.
the class ConstantBooleanTrue method setProperty.
@Override
public Boolean setProperty(final GraphObject entity, final PropertyKey<Boolean> key, final Boolean value) throws FrameworkException {
final Class declaringClass = key.getDeclaringClass();
String typeName = GraphObject.class.getSimpleName();
if (declaringClass != null) {
typeName = declaringClass.getSimpleName();
}
throw new FrameworkException(422, typeName + "." + key.jsonName() + " is_read_only_property", new ReadOnlyPropertyToken(typeName, key));
}
Also used :
ReadOnlyPropertyToken(org.structr.common.error.ReadOnlyPropertyToken)
FrameworkException(org.structr.common.error.FrameworkException)
Example 4 with ReadOnlyPropertyToken
use of org.structr.common.error.ReadOnlyPropertyToken in project structr by structr.
the class GroupProperty method setGroupedProperties.
@Override
public void setGroupedProperties(SecurityContext securityContext, PropertyMap source, GraphObject destination) throws FrameworkException {
if (source.containsKey(nullValuesOnlyProperty)) {
throw new FrameworkException(422, "Property " + jsonName + " is read-only", new ReadOnlyPropertyToken(destination.getClass().getSimpleName(), nullValuesOnlyProperty));
}
if (source.isEmpty()) {
destination.setProperty(nullValuesOnlyProperty, true);
return;
}
// indicate that this group actually contains values
destination.setProperty(nullValuesOnlyProperty, false);
// set properties
for (PropertyKey key : propertyKeys.values()) {
Object value = source.get(new GenericProperty(key.jsonName()));
PropertyConverter converter = key.inputConverter(securityContext);
if (converter != null) {
try {
Object convertedValue = converter.convert(value);
destination.setProperty(key, convertedValue);
} catch (FrameworkException fex) {
logger.warn("Unable to convert grouped property {} on type {}: {}", new Object[] { key.dbName(), source.getClass().getSimpleName(), fex.getMessage() });
}
} else {
destination.setProperty(key, value);
}
}
}
Also used :
ReadOnlyPropertyToken(org.structr.common.error.ReadOnlyPropertyToken)
FrameworkException(org.structr.common.error.FrameworkException)
PropertyConverter(org.structr.core.converter.PropertyConverter)
GraphObject(org.structr.core.GraphObject)
Example 5 with ReadOnlyPropertyToken
use of org.structr.common.error.ReadOnlyPropertyToken in project structr by structr.
the class AbstractNode method setProperties.
@Override
public void setProperties(final SecurityContext securityContext, final PropertyMap properties) throws FrameworkException {
if (!isGranted(Permission.write, securityContext)) {
internalSystemPropertiesUnlocked = false;
readOnlyPropertiesUnlocked = false;
throw new FrameworkException(403, "Modification not permitted.");
}
for (final PropertyKey key : properties.keySet()) {
final Object value = properties.get(key);
final Object oldValue = getProperty(key);
// no old value exists OR old value exists and is NOT equal => set property
if (((oldValue == null) && (value != null)) || ((oldValue != null) && (!oldValue.equals(value)) || (key instanceof FunctionProperty))) {
if (!key.equals(GraphObject.id)) {
// check for system properties
if (key.isSystemInternal() && !internalSystemPropertiesUnlocked) {
throw new FrameworkException(422, "Property " + key.jsonName() + " is an internal system property", new InternalSystemPropertyToken(getClass().getSimpleName(), key));
}
// check for read-only properties
if ((key.isReadOnly() || key.isWriteOnce()) && !readOnlyPropertiesUnlocked && !securityContext.isSuperUser()) {
throw new FrameworkException(422, "Property " + key.jsonName() + " is read-only", new ReadOnlyPropertyToken(getClass().getSimpleName(), key));
}
}
}
}
NodeInterface.super.setProperties(securityContext, properties);
}
Also used :
ReadOnlyPropertyToken(org.structr.common.error.ReadOnlyPropertyToken)
FrameworkException(org.structr.common.error.FrameworkException)
InternalSystemPropertyToken(org.structr.common.error.InternalSystemPropertyToken)
GraphObject(org.structr.core.GraphObject)
FunctionProperty(org.structr.core.property.FunctionProperty)
PropertyKey(org.structr.core.property.PropertyKey)
Aggregations
FrameworkException (org.structr.common.error.FrameworkException)6
ReadOnlyPropertyToken (org.structr.common.error.ReadOnlyPropertyToken)6
InternalSystemPropertyToken (org.structr.common.error.InternalSystemPropertyToken)4
NullArgumentToken (org.structr.common.error.NullArgumentToken)2
GraphObject (org.structr.core.GraphObject)2
PropertyConverter (org.structr.core.converter.PropertyConverter)1
FunctionProperty (org.structr.core.property.FunctionProperty)1
PropertyKey (org.structr.core.property.PropertyKey)1
