@Override
public String getPathInfo() {
try {
return urlDecode(request.params().get("param0"));
} catch (URISyntaxException e) {
return request.params().get("param0");
}
}
private void isUserOrAdmin(
HttpServerRequest request, UserInfos user, final Handler<Boolean> handler) {
final String userId = request.params().get("userId");
if (user.getUserId().equals(userId)) {
handler.handle(true);
return;
}
final UserInfos.Function adminLocal = getFunction(user, handler);
if (adminLocal == null) return;
String query =
"MATCH (s:Structure)<-[:DEPENDS]-(:ProfileGroup)<-[:IN]-(u:User {id : {userId}}) "
+ "WHERE s.id IN {structures} "
+ "RETURN count(*) > 0 as exists ";
JsonObject params =
new JsonObject()
.putArray("structures", new JsonArray(adminLocal.getScope().toArray()))
.putString("userId", userId);
Neo4j.getInstance()
.execute(
query,
params,
new Handler<Message<JsonObject>>() {
@Override
public void handle(Message<JsonObject> message) {
JsonArray res = message.body().getArray("result");
handler.handle(
"ok".equals(message.body().getString("status"))
&& res != null
&& res.size() == 1
&& res.<JsonObject>get(0).getBoolean("exists", false));
}
});
}
private void authorizeOwner(
HttpServerRequest request, UserInfos user, String serviceMethod, Handler<Boolean> handler) {
String id = request.params().get("id");
if (id != null && !id.trim().isEmpty()) {
String query = "{ \"_id\": \"" + id + "\", \"owner\": \"" + user.getUserId() + "\" }";
executeCountQuery(
request, DocumentDao.DOCUMENTS_COLLECTION, new JsonObject(query), 1, handler);
} else {
handler.handle(false);
}
}
private void authorizeCommentOwner(
HttpServerRequest request,
UserInfos user,
String serviceMethod,
final Handler<Boolean> handler) {
final String id = request.params().get("id");
final String commentId = request.params().get("commentId");
JsonObject query =
new JsonObject(
"{ \"_id\": \""
+ id
+ "\", \"comments.id\": \""
+ commentId
+ "\", \"comments.author\": \""
+ user.getUserId()
+ "\" }");
if (commentId != null && !commentId.trim().isEmpty()) {
executeCountQuery(request, DocumentDao.DOCUMENTS_COLLECTION, query, 1, handler);
} else {
handler.handle(false);
}
}
@Post("/function/:profile")
@SecuredAction("profile.create.function")
public void createFunction(final HttpServerRequest request) {
final String profile = request.params().get("profile");
bodyToJson(
request,
pathPrefix + "createFunction",
new Handler<JsonObject>() {
@Override
public void handle(JsonObject event) {
profileService.createFunction(
profile, event, notEmptyResponseHandler(request, 201, 409));
}
});
}
private void authorizeRevisionOwner(
HttpServerRequest request,
UserInfos user,
String serviceMethod,
final Handler<Boolean> handler) {
final String revisionId = request.params().get("revisionId");
JsonObject query =
new JsonObject(
"{ \"_id\": \"" + revisionId + "\", \"userId\": \"" + user.getUserId() + "\" }");
if (revisionId != null && !revisionId.trim().isEmpty()) {
executeCountQuery(request, Workspace.REVISIONS_COLLECTION, query, 1, handler);
} else {
handler.handle(false);
}
}
private void authorizeGetDocument(
HttpServerRequest request, UserInfos user, String serviceMethod, Handler<Boolean> handler) {
String id = request.params().get("id");
if (id != null && !id.trim().isEmpty()) {
String query =
"{ \"_id\": \""
+ id
+ "\", \"$or\" : [{ \"owner\": \""
+ user.getUserId()
+ "\"}, { \"protected\" : true}, { \"public\" : true}, {\"shared\" : { \"$elemMatch\" : "
+ orSharedElementMatch(user, serviceMethod)
+ "}}]}";
executeCountQuery(
request, DocumentDao.DOCUMENTS_COLLECTION, new JsonObject(query), 1, handler);
} else {
handler.handle(false);
}
}
private void authorizeDocuments(
HttpServerRequest request, UserInfos user, String serviceMethod, Handler<Boolean> handler) {
String ids = request.params().get("ids");
if (ids != null && !ids.trim().isEmpty()) {
JsonArray idsArray = new JsonArray(ids.split(","));
String query =
"{ \"_id\": { \"$in\" : "
+ idsArray.encode()
+ "}, "
+ "\"$or\" : [{ \"owner\": \""
+ user.getUserId()
+ "\"}, {\"shared\" : { \"$elemMatch\" : "
+ orSharedElementMatch(user, serviceMethod)
+ "}}]}";
executeCountQuery(
request,
DocumentDao.DOCUMENTS_COLLECTION,
new JsonObject(query),
idsArray.size(),
handler);
} else {
handler.handle(false);
}
}
private void handleDbMongo(final HttpServerRequest req) {
int queriesParam = 1;
try {
queriesParam = Integer.parseInt(req.params().get("queries"));
} catch (NumberFormatException e) {
// do nothing
}
final MongoHandler dbh = new MongoHandler(req, queriesParam);
final Random random = ThreadLocalRandom.current();
for (int i = 0; i < queriesParam; i++) {
vertx
.eventBus()
.send(
"hello.persistor",
new JsonObject()
.putString("action", "findone")
.putString("collection", "world")
.putObject(
"matcher", new JsonObject().putNumber("id", (random.nextInt(10000) + 1))),
dbh);
}
}
private void isAdmin(HttpServerRequest request, UserInfos user, Handler<Boolean> handler) {
UserInfos.Function adminLocal = getFunction(user, handler);
if (adminLocal == null) return;
String structureId = request.params().get("structureId");
handler.handle(adminLocal.getScope().contains(structureId));
}
@Delete("/functiongroup/:groupId")
@SecuredAction("profile.delete.function.group")
public void deleteFunctionGroup(final HttpServerRequest request) {
final String groupId = request.params().get("groupId");
profileService.deleteFunctionGroup(groupId, defaultResponseHandler(request, 204));
}
@Delete("/function/:function")
@SecuredAction("profile.delete.function")
public void deleteFunction(final HttpServerRequest request) {
final String function = request.params().get("function");
profileService.deleteFunction(function, defaultResponseHandler(request, 204));
}