List of usage examples for org.apache.shiro.authz UnauthorizedException UnauthorizedException
public UnauthorizedException()
From source file:com.parallax.server.blocklyprop.db.dao.impl.ProjectDaoImpl.java
License:Open Source License
/** * Update the code block in the specified project * * @param idProject/* www . jav a 2 s . c o m*/ * @param code * * @return * Returns the specified project record, otherwise it returns a null if * the current user does not own the project and the project is not shared * or public, or the requested project record was not found. * * @implNote This method will actually create a new project record based on the * existing project under specific conditions. Since this is an update record method, * the creation of a new project my be unexpected at higher layers of the application. */ @Override public ProjectRecord updateProjectCode(Long idProject, String code) { LOG.info("Update code for project {}.", idProject); // Retrieve the specified project ProjectRecord record = create.selectFrom(Tables.PROJECT).where(Tables.PROJECT.ID.equal(idProject)) .fetchOne(); // Get a timestamp used to update the modified field of the project record GregorianCalendar cal = new GregorianCalendar(); cal.setTime(new java.util.Date()); if (record != null) { // Found the project. Verify that the current user owns it Long idUser = BlocklyPropSecurityUtils.getCurrentUserId(); // TODO: Detecting a zero user id if (idUser == 0) { LOG.error("Detected current user ID is zero for project {}", idProject); return null; } if (record.getIdUser() == 0) { LOG.error("Detected project user ID is zero for project {}", idProject); return null; } // Update the project if the current user owns it if (record.getIdUser().equals(idUser)) { record.setCode(code); record.setModified(cal); record.setCodeBlockVersion(BLOCKLY_LIBRARY_VERSION); record.update(); return record; } else { // If the project is a shared project, allow the current user // to clone the project into their library if (record.getShared()) { ProjectRecord cloned = doProjectClone(record); cloned.setCode(code); cloned.setModified(cal); cloned.setCodeBlockVersion(BLOCKLY_LIBRARY_VERSION); cloned.setIdUser(idUser); // The logged in user owns this copy of the project cloned.update(); return cloned; } LOG.error("User {} tried and failed to update project {}.", idUser, idProject); throw new UnauthorizedException(); } } else { LOG.warn("Unable to project {}. Unknown reason.", idProject); return null; } }
From source file:com.parallax.server.blocklyprop.db.dao.impl.ProjectDaoImpl.java
License:Open Source License
private ProjectRecord getProject(Long idProject, boolean toEdit) { LOG.info("Retreiving project {}.", idProject); ProjectRecord record = create.selectFrom(Tables.PROJECT).where(Tables.PROJECT.ID.equal(idProject)) .fetchOne();/*from w w w . j a v a 2 s .c o m*/ if (record != null) { Long idUser = BlocklyPropSecurityUtils.getCurrentUserId(); // Return a project if the edit flag is off or the edit flag is // on and the project owner is the current user if (!toEdit || record.getIdUser().equals(idUser)) { // Todo: Verify that the record was fetched - it sometimes is not. return alterReadRecord(record); } else { LOG.error("User {} attempted to edit project {} without authorization.", idUser, idProject); throw new UnauthorizedException(); } } // Return the project after checking if for depricated blocks // // Todo: Verify that the record was fetched - it sometimes is not. return alterReadRecord(record); }
From source file:com.parallax.server.blocklyprop.db.dao.impl.UserDaoImpl.java
License:Open Source License
@Override public void setRoles(Long idUser, Set<Role> roles) { for (Role role : roles) { if (role != Role.USER) { if (!SecurityUtils.getSubject().hasRole(Role.ADMIN.name())) { throw new UnauthorizedException(); }//from www. j av a 2s .c o m } } // System.out.println(create.select(Tables.SEC_ROLE.ID, Tables.SEC_ROLE.NAME).from(Tables.SEC_ROLE).join(Tables.SEC_USER_ROLE).on(Tables.SEC_USER_ROLE.ID_ROLE.equal(Tables.SEC_ROLE.ID)).getSQL()); Result<SecRoleRecord> currentAssignedRoles = getRawRoles(idUser); for (SecRoleRecord roleRecord : currentAssignedRoles) { if (!roles.contains(roleRecord.getName())) { create.delete(Tables.SEC_USER_ROLE).where(Tables.SEC_USER_ROLE.ID_USER.equal(idUser)) .and(Tables.SEC_USER_ROLE.ID_ROLE.equal(roleRecord.getId())).execute(); } } for (Role role : roles) { if (!currentAssignedRoles.getValues(Tables.SEC_ROLE.NAME).contains(role)) { Long idRole = create.select(Tables.SEC_ROLE.ID).from(Tables.SEC_ROLE) .where(Tables.SEC_ROLE.NAME.equal(role)).fetchOne(Tables.SEC_ROLE.ID); if (idRole == null || idRole == 0) { SecRoleRecord roleRecord = createRole(role); idRole = roleRecord.getId(); } create.insertInto(Tables.SEC_USER_ROLE, Tables.SEC_USER_ROLE.ID_USER, Tables.SEC_USER_ROLE.ID_ROLE) .values(idUser, idRole).execute(); } } }
From source file:com.parallax.server.blocklyprop.services.impl.ProjectServiceImpl.java
/** * Return a list of projects.// www . j av a 2 s. c om * * @param idUser * @param sort * @param order * @param limit * @param offset * @return */ @Override public List<ProjectRecord> getUserProjects(Long idUser, TableSort sort, TableOrder order, Integer limit, Integer offset) { Long idCurrentUser = BlocklyPropSecurityUtils.getCurrentUserId(); if (idCurrentUser == null) { throw new UnauthorizedException(); } if (idCurrentUser.equals(idUser)) { return projectDao.getUserProjects(idUser, sort, order, limit, offset); } else { throw new UnauthorizedException(); } }
From source file:com.wegas.core.rest.ScriptController.java
License:MIT License
/** * * @param gameModelId/*from ww w . j a va 2s . com*/ * @param playerId * @param script * * @return p */ @POST @Path("Run/{playerId : [1-9][0-9]*}") public Object run(@PathParam("gameModelId") Long gameModelId, @PathParam("playerId") Long playerId, Script script) { if (SecurityUtils.getSubject().isPermitted("GameModel:Edit:gm" + gameModelId) || userFacade.matchCurrentUser(playerId)) { Object r = scriptManager.eval(playerId, script); requestFacade.commit(); return r; } else { throw new UnauthorizedException(); } }
From source file:com.wegas.core.rest.StateMachineController.java
License:MIT License
private void checkPermissions(Long gameId, Long playerId) throws UnauthorizedException { if (!SecurityHelper.isPermitted(gameFacade.find(gameId), "Edit") && !userFacade.matchCurrentUser(playerId)) { throw new UnauthorizedException(); }/* w w w .j ava 2s . com*/ }
From source file:com.wegas.core.rest.VariableInstanceController.java
License:MIT License
/** * * @param entityId/* w w w . ja va2 s. c o m*/ * @param entity * @return */ @PUT @Path("{entityId: [1-9][0-9]*}") public VariableInstance update(@PathParam("entityId") Long entityId, VariableInstance entity) { /* Check permission, either: * 1) current user can edit the game * 2) entity to update effectively belongs to the current player */ VariableInstance target = variableInstanceFacade.find(entityId); if (SecurityHelper.isPermitted(variableInstanceFacade.findGame(entityId), "Edit") || target == target.getDescriptor().getInstance()) { return variableInstanceFacade.update(entityId, entity); } else { throw new UnauthorizedException(); } }
From source file:com.wegas.core.security.rest.UserController.java
License:MIT License
/** * * @param value/*from w ww . j av a 2s .c o m*/ * @param rolesList * @return */ @POST @Path("AutoComplete/{value}") public List<JpaAccount> getAutoCompleteByRoles(@PathParam("value") String value, HashMap<String, Object> rolesList) { if (!SecurityUtils.getSubject().isRemembered() && !SecurityUtils.getSubject().isAuthenticated()) { throw new UnauthorizedException(); } return accountFacade.getAutoCompleteByRoles(value, rolesList); }
From source file:com.wegas.core.security.rest.UserController.java
License:MIT License
/** * * @param values/*from w ww .j ava 2 s . c o m*/ * @return */ @GET @Deprecated @Path("FindAccountsByName") public List<JpaAccount> findAccountsByName(@QueryParam("values") List<String> values) { if (!SecurityUtils.getSubject().isRemembered() && !SecurityUtils.getSubject().isAuthenticated()) { throw new UnauthorizedException(); } return accountFacade.findAccountsByName(values); }
From source file:com.wegas.mcq.rest.QuestionController.java
License:MIT License
private void checkPermissions(Game game, Long playerId) throws UnauthorizedException { if (!SecurityHelper.isPermitted(game, "Edit") && !userFacade.matchCurrentUser(playerId)) { throw new UnauthorizedException(); }//from www . j a v a 2 s . c o m }