private void authorizeDelete(TypedFormRecord record, FormPermissions formPermissions, FormClass formClass) { if (formClass.isSubForm()){ if (!formPermissions.isDeleteAllowed()) { throw new InvalidUpdateException("Unauthorized deletion"); } } else if (!PermissionOracle.canDelete(record, formPermissions, formClass)) { throw new InvalidUpdateException("Unauthorized deletion"); } }
private void authorizeEdit(TypedFormRecord record, FormPermissions formPermissions, FormClass formClass) { if (formClass.isSubForm()){ if (!formPermissions.isEditAllowed()) { throw new InvalidUpdateException("Unauthorized modification"); } } else if (!PermissionOracle.canEdit(record, formPermissions, formClass)) { throw new InvalidUpdateException("Unauthorized modification"); } }
private void authorizeCreate(TypedFormRecord record, FormPermissions formPermissions, FormClass formClass) { if (formClass.isSubForm()){ if (!formPermissions.isCreateAllowed()) { throw new InvalidUpdateException("Unauthorized creation"); } } else if (!PermissionOracle.canCreate(record, formPermissions, formClass)) { throw new InvalidUpdateException("Unauthorized creation"); } }
public static void validateUpdate(FormClass formClass, Optional<FormRecord> existingResource, TypedRecordUpdate update) { LOGGER.info("Loaded existingResource " + existingResource); Map<ResourceId, FormField> fieldMap = new HashMap<>(); for (FormField formField : formClass.getFields()) { fieldMap.put(formField.getId(), formField); } // Verify that provided types are correct for (Map.Entry<ResourceId, FieldValue> change : update.getChangedFieldValues().entrySet()) { FormField field = fieldMap.get(change.getKey()); if(field == null) { throw new InvalidUpdateException("No such field '%s'", change.getKey()); } validateType(field, change.getValue()); } // AI-1578 Allow missing fields //validateRequiredFields(formClass, existingResource, update); }
/** * Validates and executes a {@code ResourceUpdate} encoded as a json object. The object * must have a changes property that takes the value of an array. * * @throws InvalidUpdateException if the given update * is not a validate update. */ public void execute(JsonValue transactionObject) { try { execute(Json.fromJson(RecordTransaction.class, transactionObject)); } catch (JsonMappingException e) { throw new InvalidUpdateException(e); } }
public void executeChange(RecordUpdate update) { Optional<FormStorage> storage = catalog.getForm(update.getFormId()); if(!storage.isPresent()) { throw new InvalidUpdateException(format("Form '%s' does not exist.", update.getFormId())); } FormClass formClass = storage.get().getFormClass(); TypedRecordUpdate typedUpdate = parseChange(formClass, update, this.userId); executeUpdate(storage.get(), typedUpdate); }
public void execute(TypedRecordUpdate update) { if(update.getFormId() == null) { throw new IllegalArgumentException("No formId provided."); } Optional<FormStorage> storage = catalog.getForm(update.getFormId()); if(!storage.isPresent()) { throw new InvalidUpdateException("No such resource: " + update.getRecordId()); } executeUpdate(storage.get(), update); }
private static ResourceId parseEnumId(EnumType type, String item) { for (EnumItem enumItem : type.getValues()) { if(enumItem.getId().asString().equals(item)) { return enumItem.getId(); } } for (EnumItem enumItem : type.getValues()) { if(enumItem.getLabel().equals(item)) { return enumItem.getId(); } } throw new InvalidUpdateException(format("Invalid enum value '%s', expected one of: %s", item, Joiner.on(", ").join(type.getValues()))); }
private static FieldValue parseEnumValue(EnumType type, JsonValue JsonValue) { Set<ResourceId> itemIds = new HashSet<>(); if(JsonValue.isJsonPrimitive()) { itemIds.add(parseEnumId(type, JsonValue.asString())); } else if(JsonValue.isJsonArray()) { for (JsonValue element : JsonValue.values()) { itemIds.add(parseEnumId(type, element.asString())); } } if(type.getCardinality() == Cardinality.SINGLE && itemIds.size() > 1) { throw new InvalidUpdateException("Field with SINGLE enum type has multiple values."); } return new EnumValue(itemIds); }
private static FieldValue validateType(FormField field, FieldValue updatedValue) { Preconditions.checkNotNull(field); if(updatedValue != null) { if ( !field.getType().isUpdatable()) { throw new InvalidUpdateException( format("Field %s ('%s') is a field of type '%s' and its value cannot be set. Found %s", field.getId(), field.getLabel(), field.getType().getTypeClass().getId(), updatedValue)); } if (!field.getType().getTypeClass().equals(updatedValue.getTypeClass())) { throw new InvalidUpdateException( format("Updated value for field %s ('%s') has invalid type. Expected %s, found %s.", field.getId(), field.getLabel(), field.getType().getTypeClass().getId(), updatedValue.getTypeClass().getId())); } } return updatedValue; }
Collection<FormField> byCode = codeMap.get(fieldName); if (byCode.size() == 0) { throw new InvalidUpdateException("Unknown field '" + fieldName + "'."); } else if (byCode.size() > 1) { throw new InvalidUpdateException("Ambiguous field code '" + fieldName + "'"); fieldValue = parseFieldValue(field, changeObject.getFields().get(fieldName)); } catch (Exception e) { throw new InvalidUpdateException(format("Invalid value for field '%s' (id: %s, code: %s): %s", field.getLabel(), field.getId(),
if(!existingBlobIds.contains(attachment.getBlobId())) { if(!blobAuthorizer.isOwner(userId, attachment.getBlobId())) { throw new InvalidUpdateException(String.format("User %d does not own blob %s", userId, attachment.getBlobId()));
private void executeUpdate(FormStorage form, TypedRecordUpdate update) { Preconditions.checkNotNull(update.getFormId()); FormClass formClass = form.getFormClass(); Optional<FormRecord> existingResource = form.get(update.getRecordId()); if(update.isDeleted() && update.getChangedFieldValues().size() > 0) { throw new InvalidUpdateException("A deletion may not include field value updates."); } if(!update.isDeleted()) { validateUpdate(formClass, existingResource, update); } authorizeUpdate(form, existingResource, update); generateSerialNumbers(formClass, existingResource, update); UsageTracker.track(userId, "update_record", formClass); if(existingResource.isPresent()) { form.update(update); } else { form.add(update); } }
/** * Verify that all required fields are provided for new resources */ private static void validateRequiredFields(FormClass formClass, Optional<FormRecord> existingResource, TypedRecordUpdate update) { if(!existingResource.isPresent()) { for (FormField formField : formClass.getFields()) { if (formField.isRequired() && formField.isVisible() && formField.getType().isUpdatable() && !isProvided(formField, existingResource, update)) { throw new InvalidUpdateException("Required field '%s' [%s] is missing from record with schema %s", formField.getCode(), formField.getId(), formClass.getId().asString()); } } } }
private void createOrUpdate(ResourceId formId, ResourceId recordId, JsonValue jsonObject, boolean create) { Optional<FormStorage> collection = catalog.getForm(formId); if(!collection.isPresent()) { throw new InvalidUpdateException("No such formId: " + formId); } catch(Exception e) { e.printStackTrace(); throw new InvalidUpdateException("Could not parse updated value for field " + formField.getId() + ": " + e.getMessage());
throw new InvalidUpdateException("Creation of entity with deleted flag is not allowed."); ResourceId parentId = update.getParentId(); if (parentId == null) { throw new InvalidUpdateException("@parent is required for subform submissions");