Java Code Examples for play.mvc.Results#unauthorized()
The following examples show how to use
play.mvc.Results#unauthorized() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: RecruitmentController.java From NationStatesPlusPlus with MIT License | 6 votes |
public Result getRecruitmentCampaigns(String region, boolean includeStats) throws SQLException { Result ret = Utils.validateRequest(request(), response(), getAPI(), getDatabase()); String nation = Utils.sanitizeName(Utils.getPostValue(request(), "nation")); if (ret != null) { logger.debug("Nation {} tried to view recruitment campaigns for {} but did not have permission", nation, region); return ret; } Utils.handleDefaultPostHeaders(request(), response()); try (Connection conn = getConnection()) { JsonNode result = getRecruitmentCampaigns(conn, nation, getDatabase().getNationId(nation), region, includeStats); if (result != null) { return ok(result).as("application/json"); } else { return Results.unauthorized(); } } }
Example 2
Source File: RecruitmentController.java From NationStatesPlusPlus with MIT License | 6 votes |
public Result changeOfficers(String region) throws SQLException { Result ret = Utils.validateRequest(request(), response(), getAPI(), getDatabase()); if (ret != null) { return ret; } Utils.handleDefaultPostHeaders(request(), response()); String add = Utils.getPostValue(request(), "add"); String remove = Utils.getPostValue(request(), "remove"); String submitter = Utils.getPostValue(request(), "nation"); try (Connection conn = getConnection()) { final int regionId = getRecruitmentAdministrator(conn, submitter, getDatabase().getNationId(submitter), region); if (regionId == -1) { Utils.handleDefaultPostHeaders(request(), response()); return Results.unauthorized(); } if (changeRecruitmentOfficers(getDatabase(), conn, regionId, add, remove)) { return ok(); } else { return badRequest(); } } }
Example 3
Source File: RecruitmentController.java From NationStatesPlusPlus with MIT License | 5 votes |
public Result hideRecruitmentCampaign(String region, int id) throws SQLException { Result ret = Utils.validateRequest(request(), response(), getAPI(), getDatabase()); if (ret != null) { return ret; } String nation = Utils.sanitizeName(Utils.getPostValue(request(), "nation")); Utils.handleDefaultPostHeaders(request(), response()); try (Connection conn = getConnection()) { if (!hideRecruitmentCampaign(conn, region, id, nation, getDatabase().getNationId(nation))) { return Results.unauthorized(); } } return Results.ok(); }
Example 4
Source File: RecruitmentController.java From NationStatesPlusPlus with MIT License | 5 votes |
public Result retireRecruitmentCampaign(String region, int id) throws SQLException { Result ret = Utils.validateRequest(request(), response(), getAPI(), getDatabase()); if (ret != null) { return ret; } String nation = Utils.sanitizeName(Utils.getPostValue(request(), "nation")); Utils.handleDefaultPostHeaders(request(), response()); try (Connection conn = getConnection()) { if (!retireRecruitmentCampaign(conn, region, id, nation, getDatabase().getNationId(nation))) { return Results.unauthorized(); } } return Results.ok(); }
Example 5
Source File: RecruitmentController.java From NationStatesPlusPlus with MIT License | 5 votes |
public Result findRecruitmentTarget(String region, String accessKey, boolean userAgentFix) throws SQLException, ExecutionException { Utils.handleDefaultPostHeaders(request(), response()); final boolean validScriptAccess = isValidAccessKey(region, accessKey); //Bypass standard nation authentication if we are a valid script if (!validScriptAccess) { Result ret = Utils.validateRequest(request(), response(), getAPI(), getDatabase()); if (ret != null) { return ret; } } String nation = Utils.sanitizeName(Utils.getPostValue(request(), "nation")); try (Connection conn = getConnection()) { final int regionId; //Bypass region officer authentication if we are a valid script if (!validScriptAccess) { regionId = getRecruitmentAdministrator(conn, nation, getDatabase().getNationId(nation), region); } else { regionId = getDatabase().getRegionId(region); } if (regionId == -1) { logger.debug("Unauthorized recruitment request by nation [{}] for region [{}]", nation, region); return Results.unauthorized(); } logger.debug("Making valid recruitment request for region [{}] by recruiter nation [{}]", region, nation); return ok(Json.toJson(calculateRecruitmentTarget(getDatabase(), conn, regionId, nation, getDatabase().getNationId(nation)))).as("application/json"); } }
Example 6
Source File: RecruitmentController.java From NationStatesPlusPlus with MIT License | 5 votes |
public Result confirmRecruitmentSent(String region, String target, String accessKey) throws SQLException { final boolean validScriptAccess = isValidAccessKey(region, accessKey); //Bypass standard nation authentication if we are a valid script if (!validScriptAccess) { Result ret = Utils.validateRequest(request(), response(), getAPI(), getDatabase()); if (ret != null) { return ret; } } Utils.handleDefaultPostHeaders(request(), response()); Connection conn = null; try { conn = getConnection(); final int regionId; //Bypass region officer authentication if we are a valid script if (validScriptAccess) { regionId = getDatabase().getRegionId(region); } else { String nation = Utils.sanitizeName(Utils.getPostValue(request(), "nation")); regionId = getRecruitmentAdministrator(conn, nation, getDatabase().getNationId(nation), region); } if (regionId == -1) { Utils.handleDefaultPostHeaders(request(), response()); return Results.unauthorized(); } confirmRecruitment(getDatabase(), conn, regionId, target); } finally { DbUtils.closeQuietly(conn); } return Results.ok(); }
Example 7
Source File: NewspaperController.java From NationStatesPlusPlus with MIT License | 5 votes |
private Result canEditImpl(int newspaper, boolean checkAuth, String nation) throws SQLException { if (checkAuth) { Result result = Utils.validateRequest(request(), response(), getAPI(), getDatabase()); if (result != null) { return result; } } try (Connection conn = getConnection()) { if (!isEditorInChief(newspaper, nation, conn)) { try (PreparedStatement editors = conn.prepareStatement("SELECT nation_id FROM assembly.newspaper_editors WHERE newspaper = ?")) { editors.setInt(1, newspaper); try (ResultSet set = editors.executeQuery()) { final int nationId = getDatabase().getNationId(nation); boolean validEditor = false; while (set.next()) { if (set.getInt(1) == nationId) { validEditor = true; break; } } if (!validEditor) { Utils.handleDefaultPostHeaders(request(), response()); return Results.unauthorized(); } } } } } return null; }
Example 8
Source File: NewspaperController.java From NationStatesPlusPlus with MIT License | 5 votes |
public Result administrateNewspaper(int newspaper) throws SQLException { Result result = Utils.validateRequest(request(), response(), getAPI(), getDatabase()); if (result != null) { return result; } String nation = Utils.getPostValue(request(), "nation"); String title = Utils.getPostValue(request(), "title"); String byline = Utils.getPostValue(request(), "byline"); String columns = Utils.getPostValue(request(), "columns"); Utils.handleDefaultPostHeaders(request(), response()); if (title == null || title.length() > 255 || byline == null || byline.length() > 255) { return Results.badRequest(); } Connection conn = null; try { conn = getConnection(); if (!isEditorInChief(newspaper, nation, conn)) { Utils.handleDefaultPostHeaders(request(), response()); return Results.unauthorized(); } try (PreparedStatement update = conn.prepareStatement("UPDATE assembly.newspapers SET title = ?, byline = ?" + (columns != null ? ", newspapers.columns = ?" : "") + " WHERE id = ?")) { update.setString(1, title); update.setString(2, byline); if (columns != null) { update.setInt(3, Math.max(1, Math.min(3, Integer.parseInt(columns)))); update.setInt(4, newspaper); } else { update.setInt(3, newspaper); } update.executeUpdate(); } } finally { DbUtils.closeQuietly(conn); } return Results.ok(); }
Example 9
Source File: NationController.java From NationStatesPlusPlus with MIT License | 5 votes |
public Result retrieveAllSettings(String name) throws SQLException { Utils.handleDefaultPostHeaders(request(), response()); final int nationId = getDatabase().getNationId(name); if (nationId == -1) { return Results.badRequest(); } String authToken = Utils.getPostValue(request(), "rss_token"); if (authToken == null || authToken.isEmpty()) { return Results.badRequest(); } int rssToken; try { rssToken = Integer.parseInt(authToken); } catch (NumberFormatException e) { return Results.unauthorized("Malformed rss token, expected integer"); } Authentication auth = new Authentication(Utils.sanitizeName(name), nationId, rssToken, this.getDatabase()); if (!auth.isValid()) { return Results.unauthorized("Invalid rss token"); } NationSettings settings = getDatabase().getNationSettings(name, false); if (settings instanceof MongoSettings) { MongoSettings mongoSettings = (MongoSettings)settings; BasicDBObject find = new BasicDBObject("nation", Utils.sanitizeName(name)); try (DBCursor cursor = mongoSettings.getCollection().find(find)) { if (cursor.hasNext()) { return Results.ok(Json.toJson(cursor.next().toMap())).as("application/json"); } } } return Results.noContent(); }
Example 10
Source File: RegionController.java From NationStatesPlusPlus with MIT License | 4 votes |
public Result setRegionalTitle(String region, boolean disband) throws SQLException { Result ret = Utils.validateRequest(request(), response(), getAPI(), getDatabase()); if (ret != null) { return ret; } String nation = Utils.sanitizeName(Utils.getPostValue(request(), "nation")); String delegateTitle = Utils.getPostValue(request(), "delegate_title"); String founderTitle = Utils.getPostValue(request(), "founder_title"); Utils.handleDefaultPostHeaders(request(), response()); //Must have valid title if (!disband) { if (delegateTitle == null || founderTitle == null || delegateTitle.isEmpty() || founderTitle.isEmpty()) { return Results.badRequest("Missing title"); } else if (delegateTitle.length() > 40 || founderTitle.length() > 40) { return Results.badRequest("Maximum title length is 40 characters"); } } Connection conn = null; try { conn = getConnection(); PreparedStatement select = conn.prepareStatement("SELECT id, delegate, founder FROM assembly.region WHERE name = ?"); select.setString(1, Utils.sanitizeName(region)); ResultSet result = select.executeQuery(); boolean regionAdministrator = true; int regionId = -1; if (result.next()) { regionId = result.getInt(1); final String delegate = result.getString(2); final String founder = result.getString(3); Logger.info("Attempting to set regional titles for " + region + ", nation: " + nation); Logger.info("Delegate: " + delegate + " | Founder: " + founder); if (!nation.equals(delegate) && !nation.equals(founder)) { regionAdministrator = false; } } else { Logger.info("Attempting to set regional titles for " + region + ", no region found!"); regionAdministrator = false; } if (regionAdministrator) { PreparedStatement update = conn.prepareStatement("UPDATE assembly.region SET delegate_title = ?, founder_title = ? WHERE id = ?"); if (!disband) { update.setString(1, delegateTitle); update.setString(2, founderTitle); } else { update.setNull(1, Types.VARCHAR); update.setNull(2, Types.VARCHAR); } update.setInt(3, regionId); update.executeUpdate(); return Results.ok(); } } finally { DbUtils.closeQuietly(conn); } return Results.unauthorized(); }
Example 11
Source File: NewspaperController.java From NationStatesPlusPlus with MIT License | 4 votes |
public Result foundNewspaper(String region) throws SQLException { Result ret = Utils.validateRequest(request(), response(), getAPI(), getDatabase()); if (ret != null) { return ret; } String nation = Utils.sanitizeName(Utils.getPostValue(request(), "nation")); final int regionId = getDatabase().getRegionId(region); Map<String, Object> results = new HashMap<String, Object>(1); Utils.handleDefaultPostHeaders(request(), response()); try (Connection conn = getConnection()) { try (PreparedStatement newspaper = conn.prepareStatement("SELECT id FROM assembly.newspapers WHERE region = ? AND disbanded = 0")) { newspaper.setInt(1, regionId); try (ResultSet result = newspaper.executeQuery()) { if (result.next()) { return Results.forbidden(); } } } try (PreparedStatement select = conn.prepareStatement("SELECT delegate, founder FROM assembly.region WHERE name = ?")) { select.setString(1, region); try (ResultSet result = select.executeQuery()) { boolean regionAdministrator = false; if (result.next()) { Logger.info("Attempting to found paper for " + region + ", nation: " + nation); Logger.info("Delegate: " + result.getString("delegate") + " | Founder: " + result.getString("founder")); if (nation.equals(result.getString("delegate")) || nation.equals(result.getString("founder"))) { regionAdministrator = true; } } else { Logger.info("Attempting to found paper for " + region + ", no region found!"); } if (!regionAdministrator) { return Results.unauthorized("You are not a regional administrator"); } } } final int newspaperId; try (PreparedStatement newspaper = conn.prepareStatement("INSERT INTO assembly.newspapers (region, editor, title, byline) VALUES (?, ?, ?, ?)", Statement.RETURN_GENERATED_KEYS)) { newspaper.setInt(1, regionId); newspaper.setString(2, nation); newspaper.setString(3, Utils.formatName(nation) + " Regional News"); newspaper.setString(4, Utils.formatName(nation) + " makes the trains run on time!"); newspaper.executeUpdate(); ResultSet keys = newspaper.getGeneratedKeys(); keys.next(); newspaperId = keys.getInt(1); } results.put("newspaper_id", newspaperId); try (PreparedStatement editors = conn.prepareStatement("INSERT INTO assembly.newspaper_editors (newspaper, nation_id) VALUES (?, ?)")) { editors.setInt(1, newspaperId); editors.setInt(2, getDatabase().getNationId(nation)); editors.executeUpdate(); } } return Results.ok(Json.toJson(results)).as("application/json"); }
Example 12
Source File: NewspaperController.java From NationStatesPlusPlus with MIT License | 4 votes |
public Result disbandNewspaper(String region) throws SQLException { Result ret = Utils.validateRequest(request(), response(), getAPI(), getDatabase()); if (ret != null) { return ret; } final String nation = Utils.getPostValue(request(), "nation"); final int regionId = getDatabase().getRegionId(region); Utils.handleDefaultPostHeaders(request(), response()); try (Connection conn = getConnection()) { try (PreparedStatement newspaper = conn.prepareStatement("SELECT id FROM assembly.newspapers WHERE region = ? AND disbanded = 0")) { newspaper.setInt(1, regionId); try (ResultSet result = newspaper.executeQuery()) { if (!result.next()) { return Results.forbidden(); } } } try (PreparedStatement select = conn.prepareStatement("SELECT delegate, founder FROM assembly.region WHERE id = ?")) { select.setInt(1, regionId); try (ResultSet result = select.executeQuery()) { boolean regionAdministrator = false; if (result.next()) { if (nation.equals(result.getString("delegate")) || nation.equals(result.getString("founder"))) { regionAdministrator = true; } } if (!regionAdministrator) { return Results.unauthorized(); } } } try (PreparedStatement newspaper = conn.prepareStatement("UPDATE assembly.newspapers SET disbanded = 1 WHERE region = ?")) { newspaper.setInt(1, regionId); newspaper.executeUpdate(); } } return Results.ok(); }
Example 13
Source File: IRCController.java From NationStatesPlusPlus with MIT License | 4 votes |
public Result setIRCNetwork(String region, boolean deleteIRC) throws SQLException { Utils.handleDefaultPostHeaders(request(), response()); final int regionId = getDatabase().getRegionId(region); if (regionId == -1) { return Results.badRequest("Invalid region"); } final String nation = Utils.getPostValue(request(), "nation"); if (nation == null || nation.isEmpty()) { return Results.badRequest(); } final int nationId = getDatabase().getNationId(nation); if (nationId == -1) { return Results.badRequest(); } final String ircNetwork = Utils.getPostValue(request(), "irc_network"); final String ircChannel = Utils.getPostValue(request(), "irc_channel"); final String ircPort = Utils.getPostValue(request(), "irc_port"); if (!deleteIRC) { if (ircNetwork == null || ircNetwork.isEmpty() || ircChannel == null || ircChannel.isEmpty() || ircPort == null || ircPort.isEmpty()) { return Results.badRequest("Missing irc network, irc channel"); } } String authToken = Utils.getPostValue(request(), "rss_token"); if (authToken == null || authToken.isEmpty()) { return Results.badRequest("Missing authentication"); } int rssToken; try { rssToken = Integer.parseInt(authToken); } catch (NumberFormatException e) { return Results.unauthorized("Malformed rss token, expected integer"); } Authentication auth = new Authentication(Utils.sanitizeName(nation), nationId, rssToken, this.getDatabase()); if (!auth.isValid()) { return Results.unauthorized("Invalid rss token"); } boolean validAdministrator = false; try (Connection conn = this.getConnection()) { try (PreparedStatement select = conn.prepareStatement("SELECT founder, delegate FROM assembly.region WHERE id = ?")) { select.setInt(1, regionId); try (ResultSet result = select.executeQuery()) { if (result.next()) { validAdministrator = nation.equalsIgnoreCase(result.getString(1)) || nation.equalsIgnoreCase(result.getString(2)); } } } if (!validAdministrator) { return Results.unauthorized("You lack permission to edit " + region + "'s irc settings"); } try (PreparedStatement delete = conn.prepareStatement("DELETE FROM assembly.irc_networks WHERE region = ?")) { delete.setInt(1, regionId); delete.executeUpdate(); } if (!deleteIRC) { try (PreparedStatement insert = conn.prepareStatement("INSERT INTO assembly.irc_networks (region, irc_network, irc_channel, irc_port) VALUES (?, ?, ?, ?)")) { insert.setInt(1, regionId); insert.setString(2, ircNetwork); insert.setString(3, ircChannel); insert.setInt(4, Integer.parseInt(ircPort)); insert.executeUpdate(); } } } return Results.noContent(); }