Package ru.org.linux.auth

Examples of ru.org.linux.auth.AccessViolationException


        throw new MessageNotFoundException(message.getId(), "Нельзя посмотреть чужой черновик");
      }
    }

    if (group.getCommentsRestriction() == -1 && unauthorized) {
      throw new AccessViolationException("Это сообщение нельзя посмотреть");
    }
  }
View Full Code Here


    @ModelAttribute("form") EditTopicRequest form
  ) throws Exception {
    Template tmpl = Template.getTemplate(request);

    if (!tmpl.isModeratorSession()) {
      throw new AccessViolationException("Not authorized");
    }

    Topic message = messageDao.getById(msgid);

    if (message.isCommited()) {
View Full Code Here

    @ModelAttribute("form") EditTopicRequest form
  ) throws Exception {
    Template tmpl = Template.getTemplate(request);

    if (!tmpl.isSessionAuthorized()) {
      throw new AccessViolationException("Not authorized");
    }

    Topic message = messageDao.getById(msgid);

    User user = tmpl.getCurrentUser();

    PreparedTopic preparedMessage = prepareService.prepareTopic(message, request.isSecure(), tmpl.getCurrentUser());

    if (!permissionService.isEditable(preparedMessage, user) && !permissionService.isTagsEditable(preparedMessage, user)) {
      throw new AccessViolationException("это сообщение нельзя править");
    }

    return prepareModel(
            preparedMessage,
            form,
View Full Code Here

    @ModelAttribute("ipBlockInfo") IPBlockInfo ipBlockInfo
  ) throws Exception {
    Template tmpl = Template.getTemplate(request);

    if (!tmpl.isSessionAuthorized()) {
      throw new AccessViolationException("Not authorized");
    }

    Map<String, Object> params = new HashMap<>();

    final Topic message = messageDao.getById(msgid);
    PreparedTopic preparedTopic = prepareService.prepareTopic(message, request.isSecure(), tmpl.getCurrentUser());
    Group group = preparedTopic.getGroup();

    User user = tmpl.getCurrentUser();

    IPBlockDao.checkBlockIP(ipBlockInfo, errors, user);

    boolean tagsEditable = permissionService.isTagsEditable(preparedTopic, user);
    boolean editable = permissionService.isEditable(preparedTopic, user);

    if (!editable && !tagsEditable) {
      throw new AccessViolationException("это сообщение нельзя править");
    }

    params.put("message", message);
    params.put("preparedMessage", preparedTopic);
    params.put("group", group);
    params.put("topicMenu", prepareService.getTopicMenu(
            preparedTopic,
            tmpl.getCurrentUser(),
            request.isSecure(),
            tmpl.getProf(),
            true
    ));

    params.put("groups", groupDao.getGroups(preparedTopic.getSection()));

    if (editable) {
      String title = request.getParameter("title");
      if (title == null || title.trim().isEmpty()) {
        throw new BadInputException("заголовок сообщения не может быть пустым");
      }
    }

    boolean preview = request.getParameter("preview") != null;
    if (preview) {
      params.put("info", "Предпросмотр");
    }

    boolean publish = request.getParameter("publish") != null;

    List<EditHistoryDto> editInfoList = editHistoryService.getEditInfo(message.getId(), EditHistoryObjectTypeEnum.TOPIC);

    if (!editInfoList.isEmpty()) {
      EditHistoryDto editHistoryDto = editInfoList.get(0);
      params.put("editInfo", editHistoryDto);

      if (lastEdit == null || editHistoryDto.getEditdate().getTime()!=lastEdit) {
        errors.reject(null, "Сообщение было отредактировано независимо");
      }
    }

    boolean commit = request.getParameter("commit") != null;

    if (commit) {
      user.checkCommit();
      if (message.isCommited()) {
        throw new BadInputException("сообщение уже подтверждено");
      }
    }

    params.put("commit", !message.isCommited() && preparedTopic.getSection().isPremoderated() && user.isModerator());

    Topic newMsg = new Topic(group, message, form, publish);

    boolean modified = false;

    if (!message.getTitle().equals(newMsg.getTitle())) {
      modified = true;
    }
   
    if (form.getMsg()!=null) {
      String oldText = msgbaseDao.getMessageText(message.getId()).getText();
 
      if (!oldText.equals(form.getMsg())) {
        modified = true;
      }
    }
   
    if (message.getLinktext() == null) {
      if (newMsg.getLinktext() != null) {
        modified = true;
      }
    } else if (!message.getLinktext().equals(newMsg.getLinktext())) {
      modified = true;
    }

    if (group.isLinksAllowed()) {
      if (message.getUrl() == null) {
        if (newMsg.getUrl() != null) {
          modified = true;
        }
      } else if (!message.getUrl().equals(newMsg.getUrl())) {
        modified = true;
      }
    }

    if (!editable && modified) {
      throw new AccessViolationException("нельзя править это сообщение, только теги");
    }

    if (form.getMinor()!=null && !tmpl.isModeratorSession()) {
      throw new AccessViolationException("вы не можете менять статус новости");
    }

    List<String> newTags = null;

    if (form.getTags()!=null) {
      newTags = TagName.parseAndSanitizeTags(form.getTags());
    }

    if (changeGroupId != null) {
      if (message.getGroupId() != changeGroupId) {
        Group changeGroup = groupDao.getGroup(changeGroupId);

        int section = message.getSectionId();

        if (changeGroup.getSectionId() != section) {
          throw new AccessViolationException("Can't move topics between sections");
        }
      }
    }

    Poll newPoll = null;
View Full Code Here

  @RequestMapping(value="/people/{nick}/profile", method = {RequestMethod.GET, RequestMethod.HEAD}, params="wipe")
  public ModelAndView wipe(@PathVariable String nick, ServletRequest request) throws Exception {
    Template tmpl = Template.getTemplate(request);

    if (!tmpl.isModeratorSession()) {
      throw new AccessViolationException("not moderator");
    }

    User user = userDao.getUser(nick);

    user.checkAnonymous();
    user.checkBlocked();

    if (!user.isBlockable()) {
      throw new AccessViolationException("Пользователя нельзя заблокировать");
    }

    ModelAndView mv = new ModelAndView("wipe-user");
    mv.getModel().put("user", user);
View Full Code Here

    @RequestParam(value = "filter", defaultValue="all") String filter,
    @RequestParam(value = "offset", defaultValue = "0") int offset
  ) throws Exception {
    Template tmpl = Template.getTemplate(request);
    if (!tmpl.isSessionAuthorized()) {
      throw new AccessViolationException("not authorized");
    }

    Map<String, Object> params = new HashMap<>();
    UserEventFilterEnum eventFilter = UserEventFilterEnum.fromNameOrDefault(filter);
    params.put("filter", eventFilter.getName());
View Full Code Here

    if (nick == null) {
      if (tmpl.isSessionAuthorized()) {
        return new ModelAndView(new RedirectView("/notifications"));
      }
      throw new AccessViolationException("not authorized");
    } else {
      User.checkNick(nick);
      if (!tmpl.isSessionAuthorized() && !feedRequested) {
        throw new AccessViolationException("not authorized");
      }
      if (tmpl.isSessionAuthorized() && nick.equals(tmpl.getCurrentUser().getNick()) && !feedRequested) {
        return new ModelAndView(new RedirectView("/notifications"));
      }
      if (!feedRequested && !tmpl.isModeratorSession()) {
        throw new AccessViolationException("нельзя смотреть чужие уведомления");
      }
    }

    Map<String, Object> params = new HashMap<>();
    params.put("nick", nick);
View Full Code Here

    Topic message = messageDao.getById(msgid);
    Group group = groupDao.getGroup(message.getGroupId());
    User currentUser = tmpl.getCurrentUser();
    if (!group.isResolvable()) {
      throw new AccessViolationException("В данной группе нельзя помечать темы как решенные");
    }

    if (!tmpl.isSessionAuthorized()) {
      throw new AccessViolationException("Not authorized");
    }

    if (!tmpl.isModeratorSession() && currentUser.getId() != message.getUid()) {
      throw new AccessViolationException("У Вас нет прав на решение данной темы");
    }
    messageDao.resolveMessage(message.getId(), (resolved != null) && "yes".equals(resolved));

    return new RedirectView(TopicLinkBuilder.baseLink(message).forceLastmod().build());
  }
View Full Code Here

      HttpServletRequest request,
      HttpServletResponse response
  ) throws Exception {
    Template tmpl = Template.getTemplate(request);
    if (!tmpl.isSessionAuthorized()) {
      throw new AccessViolationException("Not authorized");
    }
    if(!tmpl.getNick().equals(nick)) {
      throw new AccessViolationException("Not authorized");
    }
    User user = tmpl.getCurrentUser();
    UserInfo userInfo = userDao.getUserInfoClass(user);

    ModelAndView mv = new ModelAndView("edit-reg");
View Full Code Here

      Errors errors
  ) throws Exception {
    Template tmpl = Template.getTemplate(request);

    if (!tmpl.isSessionAuthorized()) {
      throw new AccessViolationException("Not authorized");
    }

    String nick = tmpl.getNick();
    String password = Strings.emptyToNull(form.getPassword());
View Full Code Here

TOP

Related Classes of ru.org.linux.auth.AccessViolationException

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.