Package org.eurekastreams.commons.exceptions

Examples of org.eurekastreams.commons.exceptions.AuthorizationException

58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
        // User cannot follow themselves
        if (request.getFollowerUniqueId() != null && request.getFollowerUniqueId().equals(request.getTargetUniqueId()))
        {
            logger.error("Error occurred authorizing Following a person: " + AUTH_ERROR_FOLLOWING_SELF);
            throw new AuthorizationException(AUTH_ERROR_FOLLOWING_SELF);
        }

        // The user calling the action is the only one who can request to follow another user.
        if (request.getFollowerUniqueId() != null && !request.getFollowerUniqueId()
            .equals(inActionContext.getPrincipal().getAccountId()))
        {
            logger.error("Error occurred authorizing Following a person: " + AUTH_ERROR_NONOWNER_FOLLOWING);
            throw new AuthorizationException(AUTH_ERROR_NONOWNER_FOLLOWING);
        }
    }
View Full Code Here
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
            if (!targetResult.isPublic())
            {
                Set<Long> groupCoordinators = groupCoordMapper.execute(targetResult.getEntityId());
                if (!groupCoordinators.contains(inActionContext.getPrincipal().getId()))
                {
                    throw new AuthorizationException("Only group coordinators can add members to a private group.");
                }
            }
        }
        else
        {
            // if the group is private, the follower and group coordinators are the only users that can sever the
            // relationship.
            if (!targetResult.isPublic())
            {
                Set<Long> groupCoordinators = groupCoordMapper.execute(targetResult.getEntityId());
                if (!groupCoordinators.contains(inActionContext.getPrincipal().getId())
                        && !request.getFollowerUniqueId().equals(inActionContext.getPrincipal().getAccountId()))
                {
                    throw new AuthorizationException("Coordinators and Followers are the only ones who can remove a "
                            + "follower from a private group.");
                }
            }
            // If the group is public only the own can sever the relationship.
            else if (request.getFollowerUniqueId() != null && request.getFollowerUniqueId() != ""
                    && !request.getFollowerUniqueId().equals(inActionContext.getPrincipal().getAccountId()))
            {
                throw new AuthorizationException("Only the owner of a relationship can remove it.");
            }
        }

    }
View Full Code Here
85
86
87
88
89
90
91
92
        }

        // This will throw AuthorizationException if user doesn't have permissions.
        if (!tabPermission.canModifyGadgets(inActionContext.getPrincipal().getAccountId(), tabId, true))
        {
            throw new AuthorizationException("Failed to authorize adding of the supplied gadget.");
        }
    }
View Full Code Here
104
105
106
107
108
109
110
111
112
113
        // If unable to delete, throw access exception.
        if (!comment.isDeletable())
        {
            // if you get to this point, "No soup for you!".
            throw new AuthorizationException("Current user does not have permissions to modify comment id: "
                    + commentId);
        }

    }
View Full Code Here
129
130
131
132
133
134
135
136
137
138
            }
        });
        if (comments.size() == 0)
        {
            log.error("Unable to locate comment with id: " + inCommentId + ". User will be denied authorization.");
            throw new AuthorizationException("Current user does not have permissions to modify comment id: "
                    + inCommentId);
        }
        return comments.get(0);
    }
View Full Code Here
152
153
154
155
156
157
158
159
160
161
        List<ActivityDTO> activities = activityDAO.execute(Arrays.asList(inCommentDTO.getActivityId()));
        if (activities.size() == 0)
        {
            log.error("Unable to locate activity with id: " + inCommentDTO.getActivityId() + ". User : "
                    + inCurrentUserAcctId + " will be denied authorization.");
            throw new AuthorizationException("Current user does not have permissions to modify comment id: "
                    + inCommentDTO.getId());
        }
        return activities.get(0);
    }
View Full Code Here
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
            activity = getActivityDAO.execute(activityId);
        }
        catch (Exception ex)
        {
            logger.error("Error occurred retrieving the activity dto params.", ex);
            throw new AuthorizationException(
                    "This action could not authorize the request due to failure retrieving parameters.", ex);
        }

        if (!activityAuthorizer.authorize(principal.getId(), activity, type))
        {
            throw new AuthorizationException("Current user does not have permissions to "
                    + type.toString().toLowerCase() + " activity.");
        }
    }
View Full Code Here
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
            activityDeletePropertySetter.execute(currentUserAccountId, currentUserId, activity);
        }
        catch (Exception ex)
        {
            log.error("Error occurred determining access rights for activity delete.", ex);
            throw new AuthorizationException("Unable to determine access rights.");
        }

        // If unable to delete, throw access exception.
        if (!activity.isDeletable())
        {
            // if you get to this point, "No soup for you!".
            throw new AuthorizationException("Current user does not have permissions to modify activity id: "
                    + activityId);
        }
    }
View Full Code Here
104
105
106
107
108
109
110
111
112
113
    {
        List<ActivityDTO> activities = activityDAO.execute(Arrays.asList(inActivityId));
        if (activities.size() == 0)
        {
            log.error("Unable to locate activity with id: " + inActivityId);
            throw new AuthorizationException("Current user does not have permissions to delete activity id: "
                    + inActivityId);
        }
        return activities.get(0);
    }
View Full Code Here
57
58
59
60
61
62
63
64
    {
        // Unauthorized if all results are trimed away.
        if (securityTrimmer.trim(Arrays.asList((Long) inActionContext.getParams()),
                inActionContext.getPrincipal().getId()).size() == 0)
        {
            throw new AuthorizationException("Current user does not have access right to view activity.");
        }
    }
View Full Code Here
TOP

Related Classes of org.eurekastreams.commons.exceptions.AuthorizationException

  • org.eurekastreams.commons.actions.InlineActionExecutorTest
  • org.eurekastreams.commons.server.ExceptionSanitizer
  • org.eurekastreams.commons.server.ExceptionSanitizerTest
  • org.eurekastreams.commons.server.service.ServiceActionControllerTest
  • org.eurekastreams.server.action.authorization.CurrentUserGroupCoordinatorRecursivelyAuthorization
  • org.eurekastreams.server.action.authorization.CurrentUserIsSystemAdministratorAuthorization
  • org.eurekastreams.server.action.authorization.IsFormSubmitterUserAuthorization
  • org.eurekastreams.server.action.authorization.opensocial.OAuthRequestAuthorization
  • org.eurekastreams.server.action.authorization.profile.GetFollowersAuthorizationStrategy
  • org.eurekastreams.server.action.authorization.profile.SetFollowingGroupStatusAuthorization
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.