ThirdPartyAccessService.java

/**
 * Copyright (C) 2011 Talend Inc. - www.talend.com
 */
package oauth.manager;

import java.util.List;

import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;

import oauth.common.Calendar;
import oauth.common.OAuthConstants;
import oauth.service.UserAccounts;

import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.rs.security.oauth.data.OAuthContext;
import org.apache.cxf.rs.security.oauth.data.OAuthPermission;

@Path("/calendar")
public class ThirdPartyAccessService {

    @Context 
    private MessageContext mc;
    private UserAccounts accounts;
	
	public void setAccounts(UserAccounts accounts) {
		this.accounts = accounts;
	}
	
	@GET
	public Calendar getUserCalendar() {
	    OAuthContext oauth = getOAuthContext();
	    String userName = oauth.getSubject().getLogin();
		return accounts.getAccount(userName).getCalendar();
	}
	
	@POST
	public void updateCalendar(@FormParam("hour") int hour, 
	                           @FormParam("description") String description) {
	    // This permission check can be done in a custom filter; it can be simpler to do
	    // in the actual service code if the context data (such as an hour in this case)
	    // are not available in the request URI but in the message payload
	    OAuthContext oauth = getOAuthContext();
	    List<OAuthPermission> perms = oauth.getPermissions();
	    boolean checkPassed = false;
	    for (OAuthPermission perm : perms) {
	        if (perm.getPermission().startsWith(OAuthConstants.UPDATE_CALENDAR_SCOPE)) {
	            int authorizedHour = 
	                Integer.valueOf(perm.getPermission().substring(OAuthConstants.UPDATE_CALENDAR_SCOPE.length()));
	            if (authorizedHour == hour) {
	                checkPassed = true;
	            }
	        }
	    }
	    if (!checkPassed) {
	        throw new WebApplicationException(403);
	    }
	    // end of the check
	    
	    Calendar calendar = getUserCalendar();
	    calendar.getEntry(hour).setEventDescription(description);
	}
	
	private OAuthContext getOAuthContext() {
	    OAuthContext oauth = mc.getContent(OAuthContext.class);
        if (oauth == null || oauth.getSubject() == null || oauth.getSubject().getLogin() == null) {
            throw new WebApplicationException(403);
        }
        return oauth;
	}
	
	
}