@AroundInvoke
public Object invoke(InvocationContext ctx) throws Exception {
Object[] params = ctx.getParameters();
Secured secureAnnotation = ctx.getMethod().getAnnotation(Secured.class);
if (params.length > 0) {
// just verify first attribute
Object param = params[0];
SecuredEntity se = param.getClass().getAnnotation(SecuredEntity.class);
if (se != null && param instanceof Entity<?>) {
Entity<?> entity = (Entity<?>) param;
if (entity.getId() == null) {
// create mode, need to verify parent entity
entity = (Entity<?>) PropertyUtils.getProperty(entity, se.parent());
}
if (!authorizationService.isUserAuthorizedFor(secureAnnotation.accessType(), entity)) {
throw new org.perfrepo.web.security.SecurityException(
"securityException.permissionDenied",
ctx.getMethod().getName(),
param.getClass().getSimpleName(),
((Entity<?>) param).getId().toString());
}
}
}
return ctx.proceed();
}
@Override
public void filter(final ContainerRequestContext requestContext) throws IOException {
String method = requestContext.getMethod();
String requestUrl = requestContext.getUriInfo().getPath();
// We do allow wadl to be retrieve
if (method.equals("GET")
&& (requestUrl.indexOf("application.wadl") > -1 || requestUrl.indexOf("api-docs") > -1)) {
return;
}
// Get the authentification passed in HTTP headers parameters
String authToken = requestContext.getHeaderString("authorization");
SecurityContext context = null;
if (StringUtils.isNotBlank(authToken)) {
AuthorizationRequestContext authRequestContext =
AuthorizationRequestContext.with()
.httpMethod(method)
.requestUrl(requestUrl)
.authorizationToken(authToken)
.build();
context = authorizationService.authorize(authRequestContext);
} else {
context = new SecurityContextImpl();
}
requestContext.setSecurityContext(context);
}
@Override
public List<Integer> getOrganizationProfiles(int organizationId) {
if (!authService.isUserAuthorized(ROLE_CURATOR, organizationId)) {
throw new NotAuthorizedException();
}
return profilePersister.getProfileIdsForOrganization(organizationId);
}
@Override
public Profile updateProfile(Profile profile) {
if (!authService.isUserAuthorized(ROLE_CURATOR, profile)) {
throw new NotAuthorizedException();
}
return profilePersister.update(profile);
}
@Override
public ProfileSummary createProfile(Profile profile) {
User loggedInUser = userService.getLoggedInUser();
if (profile.getUserId() != null && profile.getUserId() == loggedInUser.getId()
|| authService.isUserAuthorized(ROLE_ADMIN, profile.getOrganizationId())) {
return profilePersister.create(profile);
} else {
throw new NotAuthorizedException();
}
}
@Override
public void delete(int id) {
if (!authService.isUserAuthorized(AuthConstants.ROLE_ADMIN, id)) {
throw new NotAuthorizedException();
}
try {
// Let FK handle profile dependencies
profilePersister.delete(id);
} catch (GeneralException ignored) {
throw new BadRequestException();
}
}
@Override
public ProfileSummary get(int id) {
ProfileSummary profileSummary = profilePersister.getProfileSummary(id);
if (profileSummary == null) {
throw new NotFoundException();
}
if (!authService.canRead(profileSummary.getProfile())) {
throw new NotAuthorizedException();
}
return profileSummary;
}
@Override
public Profile getProfile(int id) {
Profile profile = profilePersister.get(id);
if (profile == null) {
throw new NotFoundException();
}
if (!authService.isUserAuthorized(ROLE_READER, profile)) {
throw new NotAuthorizedException();
}
return profile;
}
@Override
public StoryExport<StoryTellerCsv> exportStoryTellers(
int profileId, Integer collectionId, Integer questionnaireId, int window) {
try {
int windowSize = 75;
User user = userService.getUserForProfile(profileId);
Profile userProfile = profilePersister.get(profileId);
int organizationContext = userProfile.getOrganizationId();
int accessMode = ACCESS_MODE_PRIVILEGED;
if (authService.isSuperUser(user)) {
accessMode = ACCESS_MODE_ROOT;
}
List<StoryTellerCsv> storyTellers = new ArrayList<StoryTellerCsv>();
try {
StoryTellersParams countParams =
new StoryTellersParams(
0,
1,
StorySortField.CREATED_OLD,
false,
collectionId,
questionnaireId,
accessMode,
userService.getEffectiveSubject(user),
null);
int countStories = storyService.getStorytellerCount(countParams);
// window starts at 0; bail out if we're asked for a window beyond what's available
if (window * windowSize >= countStories) {
return new StoryExport<StoryTellerCsv>(storyTellers, countStories);
}
try {
SolrQuery sQuery = new SolrQuery("*:*");
if (collectionId != null) {
sQuery.addFilterQuery("collections:" + collectionId);
sQuery.setSort("lastStoryDateByCollection_" + collectionId, SolrQuery.ORDER.desc);
}
if (questionnaireId != null) {
sQuery.addFilterQuery("questionnaires:" + questionnaireId);
sQuery.setSort("lastStoryDateByCollection_" + questionnaireId, SolrQuery.ORDER.desc);
}
if (!authService.isSuperUser(user)) {
sQuery.addFilterQuery("readAuths:" + organizationContext);
}
sQuery.setRows(windowSize);
sQuery.setStart(window * windowSize);
QueryResponse result = solrPersonServer.query(sQuery);
if (result.getResults().getNumFound() > 0) {
for (SolrDocument entries : result.getResults()) {
ProfileDocument doc = new ProfileDocument(entries);
Profile profile = profilePersister.get(doc.getId());
StoryTellerCsv storyTellerCsv = new StoryTellerCsv(doc, profile);
storyTellers.add(storyTellerCsv);
}
}
return new StoryExport<StoryTellerCsv>(storyTellers, countStories);
} catch (Exception e) {
throw new GeneralException(e);
}
} catch (Exception e) {
e.printStackTrace();
}
return new StoryExport<StoryTellerCsv>(storyTellers, 0);
} catch (NotLoggedInException e) {
throw new GeneralException(e);
}
}
