Examples of org.apache.isis.viewer.scimpi.dispatcher.ForbiddenException

• org.apache.isis.viewer.scimpi.dispatcher.ForbiddenException
  Indicates that request could not complete as it could not access (for security reasons) some of the content.

            // be hidden/disabled, but will be visible/enabled (perhaps incorrectly)
            // for any other value for Where
            final Where where = Where.ANYWHERE;

            if (field.isVisible(IsisContext.getAuthenticationSession(), adapter, where).isVetoed()) {
                throw new ForbiddenException(field, ForbiddenException.VISIBLE);
            }
            IsisContext.getPersistenceSession().resolveField(adapter, field);
            adapter = field.get(adapter);
            if (adapter != null) {
                objectId = context.mapObject(adapter, Scope.INTERACTION);

public class DebugAccessCheck extends AbstractElementProcessor {

    @Override
    public void process(final Request request) {
        if (request.getContext().isDebugDisabled()) {
            throw new ForbiddenException("Debug is disabled");
        }
    }

        }
        if (!field.isOneToManyAssociation()) {
            throw new ScimpiException("Field " + fieldName + " not a collection, in " + adapter.getSpecification().getFullIdentifier());
        }
        if (field.isVisible(IsisContext.getAuthenticationSession(), adapter, where).isVetoed()) {
            throw new ForbiddenException(field, ForbiddenException.VISIBLE);
        }
        IsisContext.getPersistenceSession().resolveField(adapter, field);

        Consent usable = field.isUsable(IsisContext.getAuthenticationSession(), adapter, where);
        if (usable.isAllowed()) {

    }

    @Override
    public void process(final RequestContext context) throws IOException {
        if (context.isDebugDisabled()) {
            throw new ForbiddenException("Can't access debug action when debug is disabled");
        }

        final String action = context.getParameter("action");
        if ("list-i18n".equals(action)) {
            i18n(context, null);

        if (fieldName == null) {
            titleString = object.titleString();
        } else {
            final ObjectAssociation field = object.getSpecification().getAssociation(fieldName);
            if (field.isVisible(IsisContext.getAuthenticationSession(), object, Where.ANYWHERE).isVetoed()) {
                throw new ForbiddenException(field, ForbiddenException.VISIBLE);
            }
            final ObjectAdapter fieldReference = field.get(object);
            if (fieldReference != null) {
                titleString = fieldReference.titleString();
            } else {

            ObjectAdapter object = request.getContext().getMappedObjectOrResult(id);
            ObjectAssociation field = null;
            if (fieldName != null) {
                field = object.getSpecification().getAssociation(fieldName);
                if (field.isVisible(IsisContext.getAuthenticationSession(), object, where).isVetoed()) {
                    throw new ForbiddenException(field, ForbiddenException.VISIBLE);
                }
                object = field.get(object);
            }
            request.processUtilCloseTag();

        final ObjectAssociation field = object.getSpecification().getAssociation(fieldName);
        if (field == null) {
            throw new ScimpiException("No field " + fieldName + " in " + object.getSpecification().getFullIdentifier());
        }
        if (field.isVisible(IsisContext.getAuthenticationSession(), object, where).isVetoed()) {
            throw new ForbiddenException(field, ForbiddenException.VISIBLE);
        }
        final boolean isIconShowing = request.isRequested(SHOW_ICON, showIconByDefault());
        final int truncateTo = Integer.valueOf(request.getOptionalProperty(TRUNCATE, "0")).intValue();

        write(request, object, field, null, className, isIconShowing, truncateTo);

        final String fieldName = request.getOptionalProperty(FIELD);
        ObjectAdapter object = request.getContext().getMappedObjectOrResult(id);
        if (fieldName != null) {
            final ObjectAssociation field = object.getSpecification().getAssociation(fieldName);
            if (field.isVisible(IsisContext.getAuthenticationSession(), object, where).isVetoed()) {
                throw new ForbiddenException(field, ForbiddenException.VISIBLE);
            }
            object = field.get(object);
            id = request.getContext().mapObject(object, Scope.REQUEST);
        }

        if (field == null) {
            throw new ScimpiException("No field " + fieldName + " in " + object.getSpecification().getFullIdentifier());
        }
        final AuthenticationSession session = IsisContext.getAuthenticationSession();
        if (field.isVisible(session, object, where).isVetoed()) {
            throw new ForbiddenException(field, ForbiddenException.VISIBLE);
        }

        String pattern = request.getOptionalProperty("decimal-format");
        Format format = null;
        if (pattern != null) {

        final ObjectAssociation field = object.getSpecification().getAssociation(fieldName);
        if (field == null) {
            throw new ScimpiException("No field " + fieldName + " in " + object.getSpecification().getFullIdentifier());
        }
        if (field.isVisible(IsisContext.getAuthenticationSession(), object, where).isVetoed()) {
            throw new ForbiddenException(field, ForbiddenException.VISIBLE);
        }
        String delimiter = request.getOptionalProperty("delimiter");
        if (delimiter == null) {
            delimiter = ": ";
        } else if (delimiter.equals("")) {