From a34350b62784d4332243ba40ffe928afd91f67d3 Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Fri, 26 Apr 2019 16:40:58 +0300 Subject: Authorization checks are in spring-security for a while --- .../java/com/juick/server/api/Notifications.java | 28 +++++++++------------- 1 file changed, 11 insertions(+), 17 deletions(-) (limited to 'src/main/java/com/juick/server/api/Notifications.java') diff --git a/src/main/java/com/juick/server/api/Notifications.java b/src/main/java/com/juick/server/api/Notifications.java index ea1d5c54..6829653c 100644 --- a/src/main/java/com/juick/server/api/Notifications.java +++ b/src/main/java/com/juick/server/api/Notifications.java @@ -23,13 +23,13 @@ import com.juick.ExternalToken; import com.juick.User; import com.juick.model.AnonymousUser; import com.juick.server.util.HttpBadRequestException; -import com.juick.server.util.HttpForbiddenException; import com.juick.server.util.UserUtils; import com.juick.service.MessagesService; import com.juick.service.PushQueriesService; import com.juick.service.SubscriptionService; import com.juick.service.TelegramService; import com.juick.service.UserService; +import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.RequestBody; @@ -88,8 +88,8 @@ public class Notifications { @RequestParam(required = false, defaultValue = "0") int mid, @RequestParam(required = false, defaultValue = "0") int rid) { User visitor = UserUtils.getCurrentUser(); - if (visitor.isAnonymous() || !(visitor.getName().equals("juick"))) { - throw new HttpForbiddenException(); + if (!(visitor.getName().equals("juick"))) { + return ResponseEntity.status(HttpStatus.FORBIDDEN).body(null); } if (uid > 0 && mid == 0) { // PM @@ -118,11 +118,11 @@ public class Notifications { @ApiIgnore @RequestMapping(value = "/api/notifications", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - public Status doDelete( + public ResponseEntity doDelete( @RequestBody List list) { User visitor = UserUtils.getCurrentUser(); - if ((visitor.isAnonymous()) || !(visitor.getName().equals("juick"))) { - throw new HttpForbiddenException(); + if (!visitor.getName().equals("juick")) { + return ResponseEntity.status(HttpStatus.FORBIDDEN).body(null); } list.forEach(t -> { switch (t.getType()) { @@ -140,15 +140,15 @@ public class Notifications { } }); - return Status.OK; + return ResponseEntity.ok(Status.OK); } @ApiIgnore @RequestMapping(value = "/api/notifications/delete", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) - public Status doDeleteTokens( + public ResponseEntity doDeleteTokens( @RequestBody List list) { User visitor = UserUtils.getCurrentUser(); - if ((visitor.isAnonymous()) || !(visitor.getName().equals("juick"))) { - throw new HttpForbiddenException(); + if (!visitor.getName().equals("juick")) { + return ResponseEntity.status(HttpStatus.FORBIDDEN).body(null); } list.forEach(t -> { switch (t.getType()) { @@ -166,7 +166,7 @@ public class Notifications { } }); - return Status.OK; + return ResponseEntity.ok(Status.OK); } @ApiIgnore @@ -174,9 +174,6 @@ public class Notifications { public Status doPut( @RequestBody List list) throws IOException { User visitor = UserUtils.getCurrentUser(); - if (visitor.isAnonymous()) { - throw new HttpForbiddenException(); - } list.forEach(t -> { switch (t.getType()) { case "gcm": @@ -200,9 +197,6 @@ public class Notifications { public Status doAndroidRegister( @RequestParam(name = "regid") String regId) { User visitor = UserUtils.getCurrentUser(); - if (visitor.isAnonymous()) { - throw new HttpForbiddenException(); - } pushQueriesService.addGCMToken(visitor.getUid(), regId); return Status.OK; } -- cgit v1.2.3