ApprovedSiteAPI.java

  1. /*******************************************************************************
  2.  * Copyright 2017 The MIT Internet Trust Consortium
  3.  *
  4.  * Portions copyright 2011-2013 The MITRE Corporation
  5.  *
  6.  * Licensed under the Apache License, Version 2.0 (the "License");
  7.  * you may not use this file except in compliance with the License.
  8.  * You may obtain a copy of the License at
  9.  *
  10.  *   http://www.apache.org/licenses/LICENSE-2.0
  11.  *
  12.  * Unless required by applicable law or agreed to in writing, software
  13.  * distributed under the License is distributed on an "AS IS" BASIS,
  14.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  15.  * See the License for the specific language governing permissions and
  16.  * limitations under the License.
  17.  *******************************************************************************/
  18. /**
  19.  *
  20.  */
  21. package org.mitre.openid.connect.web;

  23. import java.security.Principal;
  24. import java.util.Collection;

  26. import org.mitre.openid.connect.model.ApprovedSite;
  27. import org.mitre.openid.connect.service.ApprovedSiteService;
  28. import org.mitre.openid.connect.view.HttpCodeView;
  29. import org.mitre.openid.connect.view.JsonApprovedSiteView;
  30. import org.mitre.openid.connect.view.JsonEntityView;
  31. import org.mitre.openid.connect.view.JsonErrorView;
  32. import org.slf4j.Logger;
  33. import org.slf4j.LoggerFactory;
  34. import org.springframework.beans.factory.annotation.Autowired;
  35. import org.springframework.http.HttpStatus;
  36. import org.springframework.http.MediaType;
  37. import org.springframework.security.access.prepost.PreAuthorize;
  38. import org.springframework.stereotype.Controller;
  39. import org.springframework.ui.ModelMap;
  40. import org.springframework.web.bind.annotation.PathVariable;
  41. import org.springframework.web.bind.annotation.RequestMapping;
  42. import org.springframework.web.bind.annotation.RequestMethod;

  44. /**
  45.  * @author jricher
  46.  *
  47.  */
  48. @Controller
  49. @RequestMapping("/" + ApprovedSiteAPI.URL)
  50. @PreAuthorize("hasRole('ROLE_USER')")
  51. public class ApprovedSiteAPI {

  53.     public static final String URL = RootController.API_URL + "/approved";

  55.     @Autowired
  56.     private ApprovedSiteService approvedSiteService;

  58.     /**
  59.      * Logger for this class
  60.      */
  61.     private static final Logger logger = LoggerFactory.getLogger(ApprovedSiteAPI.class);

  63.     /**
  64.      * Get a list of all of this user's approved sites
  65.      * @param m
  66.      * @return
  67.      */
  68.     @RequestMapping(method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
  69.     public String getAllApprovedSites(ModelMap m, Principal p) {

  71.         Collection<ApprovedSite> all = approvedSiteService.getByUserId(p.getName());

  73.         m.put(JsonEntityView.ENTITY, all);

  75.         return JsonApprovedSiteView.VIEWNAME;
  76.     }

  78.     /**
  79.      * Delete an approved site
  80.      *
  81.      */
  82.     @RequestMapping(value="/{id}", method = RequestMethod.DELETE)
  83.     public String deleteApprovedSite(@PathVariable("id") Long id, ModelMap m, Principal p) {
  84.         ApprovedSite approvedSite = approvedSiteService.getById(id);

  86.         if (approvedSite == null) {
  87.             logger.error("deleteApprovedSite failed; no approved site found for id: " + id);
  88.             m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
  89.             m.put(JsonErrorView.ERROR_MESSAGE, "Could not delete approved site. The requested approved site with id: " + id + " could not be found.");
  90.             return JsonErrorView.VIEWNAME;
  91.         } else if (!approvedSite.getUserId().equals(p.getName())) {
  92.             logger.error("deleteApprovedSite failed; principal "
  93.                     + p.getName() + " does not own approved site" + id);
  94.             m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
  95.             m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to delete this approved site. The approved site decision will not be deleted.");
  96.             return JsonErrorView.VIEWNAME;
  97.         } else {
  98.             m.put(HttpCodeView.CODE, HttpStatus.OK);
  99.             approvedSiteService.remove(approvedSite);
  100.         }

  102.         return HttpCodeView.VIEWNAME;
  103.     }

  105.     /**
  106.      * Get a single approved site
  107.      */
  108.     @RequestMapping(value="/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
  109.     public String getApprovedSite(@PathVariable("id") Long id, ModelMap m, Principal p) {
  110.         ApprovedSite approvedSite = approvedSiteService.getById(id);
  111.         if (approvedSite == null) {
  112.             logger.error("getApprovedSite failed; no approved site found for id: " + id);
  113.             m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
  114.             m.put(JsonErrorView.ERROR_MESSAGE, "The requested approved site with id: " + id + " could not be found.");
  115.             return JsonErrorView.VIEWNAME;
  116.         } else if (!approvedSite.getUserId().equals(p.getName())) {
  117.             logger.error("getApprovedSite failed; principal "
  118.                     + p.getName() + " does not own approved site" + id);
  119.             m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
  120.             m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this approved site.");
  121.             return JsonErrorView.VIEWNAME;
  122.         } else {
  123.             m.put(JsonEntityView.ENTITY, approvedSite);
  124.             return JsonApprovedSiteView.VIEWNAME;
  125.         }

  127.     }

  129. }
Created with JaCoCo 0.7.9.201702052155