Esempio n. 1
0
  private Account getAccountRequested(
      Account authenticatedAsAccount, Set<Identity> identities, ApiRequest request) {
    Account project;

    String projectId =
        request.getServletContext().getRequest().getHeader(ProjectConstants.PROJECT_HEADER);
    if (projectId == null || projectId.isEmpty()) {
      projectId = request.getServletContext().getRequest().getParameter("projectId");
    }
    if (projectId == null || projectId.isEmpty()) {
      projectId = (String) request.getAttribute(ProjectConstants.PROJECT_HEADER);
    }

    if (projectId == null || projectId.isEmpty()) {
      return authenticatedAsAccount;
    }

    String parsedProjectId;

    try {
      parsedProjectId = ApiContext.getContext().getIdFormatter().parseId(projectId);
    } catch (NumberFormatException e) {
      throw new ClientVisibleException(
          ResponseCodes.BAD_REQUEST,
          "InvalidFormat",
          "projectId header format is incorrect " + projectId,
          null);
    }

    if (StringUtils.isEmpty(parsedProjectId)) {
      throw new ClientVisibleException(ResponseCodes.FORBIDDEN);
    }
    try {
      project = authDao.getAccountById(new Long(parsedProjectId));
      if (project == null || !project.getState().equalsIgnoreCase(CommonStatesConstants.ACTIVE)) {
        throw new ClientVisibleException(ResponseCodes.FORBIDDEN);
      }
      if (authenticatedAsAccount.getId().equals(project.getId())) {
        return authenticatedAsAccount;
      }
    } catch (NumberFormatException e) {
      throw new ClientVisibleException(ResponseCodes.FORBIDDEN);
    }
    Policy tempPolicy =
        getPolicy(authenticatedAsAccount, authenticatedAsAccount, identities, request);
    if (authDao.hasAccessToProject(
        project.getId(),
        authenticatedAsAccount.getId(),
        tempPolicy.isOption(Policy.AUTHORIZED_FOR_ALL_ACCOUNTS),
        identities)) {
      return project;
    }
    throw new ClientVisibleException(ResponseCodes.FORBIDDEN);
  }
Esempio n. 2
0
 protected void saveInContext(ApiRequest request, Policy policy, SchemaFactory schemaFactory) {
   if (schemaFactory != null) {
     request.setSchemaFactory(schemaFactory);
   }
   String accountId =
       (String)
           ApiContext.getContext()
               .getIdFormatter()
               .formatId(objectManager.getType(Account.class), policy.getAccountId());
   request.getServletContext().getResponse().addHeader(ACCOUNT_ID_HEADER, accountId);
   ApiContext.getContext().setPolicy(policy);
 }