MaDgIK
/
uoa-monitor-service
13
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Trunk | Monitor Service]: 

1. RolesUtils.java: New class connected to "AuthorizationService" and returns helper methods for roles and authorities.
2. StakeholderController.java & TopicController.java & CategoryController.java & SubCategoryController.java & SectionController.java & IndicatorController.java:
	a. Add authorization checks according to user roles (authorization library).
	b. Handle new fields "createDate" and "updateDate" (StakeholderController.java already had these fields).
	c. [Bug fix] On save method, if it is default entity, add it before "onSaveDefault...()" or after "onUpdateDefault...()".
	d. (not in SectionController) Comment methods for toggling status and access and add method for changing visibility.
		e.g. "changeIndicatorVisibility()" (/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{indicatorId}/change-visibility).
3. StakeholderController.java: Method "getAllRealStakeholders()" (/stakeholder) returns now basic Stakeholder info (topicIds, not full entities).
4. IndicatorController.java:
	a. [Bug fix] On "onUpdateDefaultIndicator()", "changed" is set to false for each indicatorBasedOnDefault.
	b. On "onUpdateDefaultIndicator()" handle update policy for "description" and "additionalDescription".
	c. [Bug fix] On "onUpdateDefaultIndicator()", bug fixes when updating "jsonPath".
This commit is contained in:
Konstantina Galouni 2020-11-11 12:45:59 +00:00
parent b7a4471385
commit 1a784f29bd
7 changed files with 854 additions and 215 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

148
src/main/java/eu/dnetlib/uoamonitorservice/controllers/CategoryController.java
View File

@ -4,11 +4,15 @@ import eu.dnetlib.uoamonitorservice.dao.*;
import eu.dnetlib.uoamonitorservice.entities.*;
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException;
import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException;
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
@ -17,6 +21,9 @@ import java.util.List;
public class CategoryController {
private final Logger log = Logger.getLogger(this.getClass());
@Autowired
private RolesUtils rolesUtils;
@Autowired
private StakeholderDAO stakeholderDAO;
@ -29,12 +36,6 @@ public class CategoryController {
@Autowired
private SubCategoryDAO subCategoryDAO;
@Autowired
private SectionDAO sectionDAO;
@Autowired
private IndicatorDAO indicatorDAO;
@Autowired
private SubCategoryController subCategoryController;
@ -51,12 +52,20 @@ public class CategoryController {
categoryFull.setSubCategories(subCategoriesFull);
category.setSubCategories(subCategories);
Date date = new Date();
category.setCreationDate(date);
category.setUpdateDate(date);
categoryFull.setCreationDate(date);
categoryFull.setUpdateDate(date);
categoryDAO.save(category);
categoryFull.setId(category.getId());
return categoryFull;
}
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/save", method = RequestMethod.POST)
public Category<SubCategory> saveCategory(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@ -67,6 +76,13 @@ public class CategoryController {
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId);
if(stakeholder != null) {
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Save Category: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Category<String> oldCategory = null;
if(categoryFull.getId() != null) {
oldCategory = categoryDAO.findById(categoryFull.getId());
@ -75,8 +91,17 @@ public class CategoryController {
Topic<String> topic = topicDAO.findById(topicId);
if(topic != null) {
if(stakeholder.getTopics().contains(topicId)) {
Category<String> category = new Category<>(categoryFull);
Date date = new Date();
category.setUpdateDate(date);
categoryFull.setUpdateDate(date);
// if category not exists (no id), create a new default subcategory, identical to category
if(categoryFull.getId() == null) {
category.setCreationDate(date);
categoryFull.setCreationDate(date);
SubCategory<String> subCategory = new SubCategory<>();
subCategory.createOverviewSubCategory(categoryFull);
@ -85,23 +110,22 @@ public class CategoryController {
subCategories.add(subCategory);
}
Category<String> category = new Category<>(categoryFull);
List<String> subCategories = new ArrayList<>();
for(SubCategory subCategory : categoryFull.getSubCategories()) {
subCategories.add(subCategory.getId());
}
category.setSubCategories(subCategories);
categoryDAO.save(category);
if(stakeholder.getDefaultId() == null) {
if(categoryFull.getId() == null) {
categoryDAO.save(category);
onSaveDefaultCategory(category, topicId);
} else {
onUpdateDefaultCategory(category, oldCategory);
categoryDAO.save(category);
}
} else {
categoryDAO.save(category);
}
List<String> categories = topic.getCategories();
@ -178,10 +202,12 @@ public class CategoryController {
// categoryBasedOnDefault.setName(category.getName());
// categoryBasedOnDefault.setDescription(category.getDescription());
categoryBasedOnDefault.setUpdateDate(category.getUpdateDate());
categoryDAO.save(categoryBasedOnDefault);
}
}
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/delete", method = RequestMethod.DELETE)
public boolean deleteCategory(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@ -194,6 +220,12 @@ public class CategoryController {
if(stakeholder != null) {
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Delete category: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Topic<String> topic = topicDAO.findById(topicId);
if(topic != null) {
if(stakeholder.getTopics().contains(topicId)) {
@ -201,6 +233,12 @@ public class CategoryController {
Category<String> category = categoryDAO.findById(categoryId);
if(category != null) {
if(category.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Delete category: You are not authorized to delete a default Category in stakeholder with id: "+stakeholderId);
}
List<String> categories = topic.getCategories();
int index = categories.indexOf(categoryId);
if(index != -1) {
@ -321,6 +359,7 @@ public class CategoryController {
return true;
}
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/reorder", method = RequestMethod.POST)
public List<Category> reorderCategories(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@ -342,42 +381,63 @@ public class CategoryController {
return categoriesFull;
}
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/toggle-status", method = RequestMethod.POST)
public Boolean toggleCategoryStatus(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@PathVariable("categoryId") String categoryId) {
log.debug("toggle category status (isActive)");
// @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/toggle-status", method = RequestMethod.POST)
// public Boolean toggleCategoryStatus(@PathVariable("stakeholderId") String stakeholderId,
// @PathVariable("topicId") String topicId,
// @PathVariable("categoryId") String categoryId) {
// log.debug("toggle category status (isActive)");
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId);
//
// Category category = categoryDAO.findById(categoryId);
// if (category == null) {
// // EXCEPTION - Category not found
// throw new EntityNotFoundException("Toggle category status: Category with id: "+categoryId+" not found");
// }
// category.setIsActive(!category.getIsActive());
//
// this.toggleCategory(stakeholderId, topicId, category);
//
// return category.getIsActive();
// }
//
// @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/toggle-access", method = RequestMethod.POST)
// public Boolean toggleCategoryAccess(@PathVariable("stakeholderId") String stakeholderId,
// @PathVariable("topicId") String topicId,
// @PathVariable("categoryId") String categoryId) {
// log.debug("toggle category access (isPublic)");
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId);
//
// Category category = categoryDAO.findById(categoryId);
// if (category == null) {
// // EXCEPTION - Category not found
// throw new EntityNotFoundException("Toggle category access: Category with id: "+categoryId+" not found");
// }
// category.setIsPublic(!category.getIsPublic());
//
// this.toggleCategory(stakeholderId, topicId, category);
//
// return category.getIsPublic();
// }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/change-visibility", method = RequestMethod.POST)
public Visibility changeCategoryVisibility(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@PathVariable("categoryId") String categoryId,
@RequestParam("visibility") Visibility visibility) {
log.debug("change category visibility: "+visibility);
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId);
Category category = categoryDAO.findById(categoryId);
if (category == null) {
// EXCEPTION - Category not found
throw new EntityNotFoundException("Toggle category status: Category with id: "+categoryId+" not found");
throw new EntityNotFoundException("Change topic visibility: Category with id: "+categoryId+" not found");
}
category.setIsActive(!category.getIsActive());
category.setVisibility(visibility);
this.toggleCategory(stakeholderId, topicId, category);
return category.getIsActive();
}
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/toggle-access", method = RequestMethod.POST)
public Boolean toggleCategoryAccess(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@PathVariable("categoryId") String categoryId) {
log.debug("toggle category access (isPublic)");
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId);
Category category = categoryDAO.findById(categoryId);
if (category == null) {
// EXCEPTION - Category not found
throw new EntityNotFoundException("Toggle category access: Category with id: "+categoryId+" not found");
}
category.setIsPublic(!category.getIsPublic());
this.toggleCategory(stakeholderId, topicId, category);
return category.getIsPublic();
return category.getVisibility();
}
public void toggleCategory(String stakeholderId, String topicId, Category category) {
@ -385,6 +445,12 @@ public class CategoryController {
if (stakeholder != null) {
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Toggle category: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Topic<String> topic = topicDAO.findById(topicId);
if (topic != null) {
if (stakeholder.getTopics().contains(topicId)) {
@ -419,6 +485,12 @@ public class CategoryController {
throw new EntityNotFoundException("checkForExceptions category: Stakeholder with id: " + stakeholderId + " not found");
}
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("checkForExceptions category: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Topic<String> topic = topicDAO.findById(topicId);
if(topic == null) {
// EXCEPTION - Topic not found

223
src/main/java/eu/dnetlib/uoamonitorservice/controllers/IndicatorController.java
View File

@ -5,8 +5,11 @@ import eu.dnetlib.uoamonitorservice.dao.*;
import eu.dnetlib.uoamonitorservice.entities.*;
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException;
import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException;
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import java.io.UnsupportedEncodingException;
@ -18,6 +21,9 @@ import java.util.*;
public class IndicatorController {
private final Logger log = Logger.getLogger(this.getClass());
@Autowired
private RolesUtils rolesUtils;
@Autowired
private StakeholderDAO stakeholderDAO;
@ -37,6 +43,7 @@ public class IndicatorController {
private IndicatorDAO indicatorDAO;
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/save", method = RequestMethod.POST)
public Indicator saveIndicator(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@ -49,23 +56,31 @@ public class IndicatorController {
Section<String> section = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId, sectionId, indicator.getType());
Date date = new Date();
indicator.setUpdateDate(date);
Indicator oldIndicator = null;
if(indicator.getId() != null) {
oldIndicator = indicatorDAO.findById(indicator.getId());
} else { // indicator does not exist in DB
indicator.setCreationDate(date);
}
String indicatorId = indicator.getId();
indicatorDAO.save(indicator);
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId);
// this indicator belongs in default profile and it is new or it is updated
if(stakeholder.getDefaultId() == null) {
if(indicatorId == null) {
indicatorDAO.save(indicator);
onSaveDefaultIndicator(indicator, sectionId);
}
else {
onUpdateDefaultIndicator(indicator, stakeholder, oldIndicator);
indicatorDAO.save(indicator);
}
} else {
indicatorDAO.save(indicator);
}
List<String> indicators = section.getIndicators();
@ -86,7 +101,7 @@ public class IndicatorController {
// new indicator in default profile - add it on profiles of the same type
List<Section> sections = sectionDAO.findByDefaultId(defaultSectionId);
for (Section section : sections) {
for (Section section : sections) {
Indicator indicatorNew = new Indicator();
indicatorNew.copyFromDefault(indicator);
for (IndicatorPath indicatorPath : indicatorNew.getIndicatorPaths()) {
@ -108,10 +123,12 @@ public class IndicatorController {
// indicator already exists - check if changed and update all indicators based on it
boolean changed = false;
boolean changed;
List<Indicator> indicators = indicatorDAO.findByDefaultId(indicator.getId());
for(Indicator indicatorBasedOnDefault : indicators) {
changed = false;
if(indicator.getName() != null && !indicator.getName().equals(indicatorBasedOnDefault.getName())
&& (oldIndicator.getName() == null || oldIndicator.getName().equals(indicatorBasedOnDefault.getName()))) {
@ -119,18 +136,30 @@ public class IndicatorController {
changed = true;
}
if(indicator.getDescription() != null && !indicator.getDescription().equals(indicatorBasedOnDefault.getDescription())
&& (oldIndicator.getDescription() == null || oldIndicator.getDescription().equals(indicatorBasedOnDefault.getDescription()))) {
if(indicator.getDescription() != null && !indicator.getDescription().equals(indicatorBasedOnDefault.getDescription())) {
indicatorBasedOnDefault.setDescription(indicator.getDescription());
changed = true;
}
if(indicator.getAdditionalDescription() != null && !indicator.getAdditionalDescription().equals(indicatorBasedOnDefault.getAdditionalDescription())
&& (oldIndicator.getAdditionalDescription() == null || oldIndicator.getAdditionalDescription().equals(indicatorBasedOnDefault.getAdditionalDescription()))) {
indicatorBasedOnDefault.setAdditionalDescription(indicator.getAdditionalDescription());
changed = true;
}
int i = 0;
List<IndicatorPath> indicatorPaths = indicatorBasedOnDefault.getIndicatorPaths();
if(indicatorPaths == null && indicator.getIndicatorPaths() != null) {
indicatorPaths = new ArrayList<>();
}
for (IndicatorPath indicatorPath : indicator.getIndicatorPaths()) {
IndicatorPath indicatorPathBasedOnDefault = indicatorBasedOnDefault.getIndicatorPaths().get(i);
IndicatorPath indicatorPathBasedOnDefault = null;
if(i < indicatorPaths.size()) {
indicatorPathBasedOnDefault = indicatorPaths.get(i);
}
if(indicatorPathBasedOnDefault == null) {
// Add new indicator path in existing indicators
@ -142,7 +171,7 @@ public class IndicatorController {
IndicatorPath oldIndicatorPath = oldIndicator.getIndicatorPaths().get(i);
// Check if there are changes in indicator path and update existing indicators if needed
log.debug("update indicator path: "+i);
log.debug("update indicator path: "+i + " (indicator id: "+indicatorBasedOnDefault.getId()+")");
if(indicatorPath.getType() != null
&& !indicatorPath.getType().equals(indicatorPathBasedOnDefault.getType())
@ -189,7 +218,7 @@ public class IndicatorController {
for (Map.Entry<String, String> parameter : indicatorPath.getParameters().entrySet()) {
log.debug("\nindicatorPath: parameter.getKey(): "+parameter.getKey()+" - value: "+parameter.getValue()
+"\nindicatorPathBasedOnDefault:parameters:key: "+ indicatorPathBasedOnDefault.getParameters().get(parameter.getKey())
+"\noldIndicatorPath:parameters:key: "+ oldIndicatorPath.getParameters().get(parameter.getKey()));
+"\noldIndicatorPath:parameters:key: "+ (oldIndicatorPath.getParameters() == null ? "null" : oldIndicatorPath.getParameters().get(parameter.getKey())));
if (!indicatorPathBasedOnDefault.getParameters().containsKey(parameter.getKey())
|| (oldIndicatorPath.getParameters() == null
|| (oldIndicatorPath.getParameters().get(parameter.getKey()).equals(indicatorPathBasedOnDefault.getParameters().get(parameter.getKey()))
@ -203,43 +232,82 @@ public class IndicatorController {
// changed = true;
// }
}
parameterMapping(indicatorPathBasedOnDefault, stakeholder);
// TODO when deleting indicator path parameters... ???
parameterMapping(indicatorPathBasedOnDefault, stakeholder);
//}
log.debug("After parameters check: " + changed);
}
log.debug("After parameters check: " + changed);
if(indicatorPath.getJsonPath() != null) {
int j = 0;
for (String jsonString : indicatorPath.getJsonPath()) {
log.debug("indicatorPath.getJsonPath(): " + jsonString);
String jsonStringBasedOnDefault = null;
if(indicatorPathBasedOnDefault.getJsonPath() != null ) {
jsonStringBasedOnDefault = indicatorPathBasedOnDefault.getJsonPath().get(j);
} else {
boolean jsonPathChanged = false;
boolean breaked = false;
int oldJsonPathSize = 0;
if(oldIndicatorPath.getJsonPath() != null) {
oldJsonPathSize = oldIndicatorPath.getJsonPath().size();
}
int basedOnDefaultJsonPathSize = 0;
if(indicatorPathBasedOnDefault.getJsonPath() != null) {
basedOnDefaultJsonPathSize = indicatorPathBasedOnDefault.getJsonPath().size();
}
log.debug("old: "+oldJsonPathSize+" - based on default: "+basedOnDefaultJsonPathSize+" - new: "+indicatorPath.getJsonPath().size());
if(oldJsonPathSize == basedOnDefaultJsonPathSize) {
if(indicatorPathBasedOnDefault.getJsonPath() == null && indicatorPath.getJsonPath().size() > 0) {
indicatorPathBasedOnDefault.setJsonPath(new ArrayList<>());
}
log.debug("indicatorPathBasedOnDefault.getJsonPath().get(" + j + "): " + jsonStringBasedOnDefault);
if (!jsonString.equals(jsonStringBasedOnDefault)
&& (oldIndicatorPath.getJsonPath() == null
|| oldIndicatorPath.getJsonPath().get(i).equals(jsonStringBasedOnDefault))
) {
indicatorPathBasedOnDefault.getJsonPath().set(j, jsonString);
int basedOnDefaultIndex = 0;
int oldIndex = 0;
Iterator<String> jsonStringBasedOnDefaultIterator = indicatorPathBasedOnDefault.getJsonPath().iterator();
while (jsonStringBasedOnDefaultIterator.hasNext()) {
String jsonStringBasedOnDefault = jsonStringBasedOnDefaultIterator.next();
if(oldIndicatorPath.getJsonPath().get(oldIndex).equals(jsonStringBasedOnDefault)) {
if(basedOnDefaultIndex >= indicatorPath.getJsonPath().size()) { // string deleted
jsonStringBasedOnDefaultIterator.remove();
jsonPathChanged = true;
} else { // check if string changed
if(!indicatorPath.getJsonPath().get(basedOnDefaultIndex).equals(jsonStringBasedOnDefault)) {
indicatorPathBasedOnDefault.getJsonPath().set(basedOnDefaultIndex, indicatorPath.getJsonPath().get(basedOnDefaultIndex));
jsonPathChanged = true;
}
basedOnDefaultIndex++;
}
oldIndex++;
} else {
breaked = true;
jsonPathChanged = false;
log.debug("not the same: "+oldIndex);
break;
}
}
int index=0;
if(!breaked && indicatorPath.getJsonPath().size() > indicatorPathBasedOnDefault.getJsonPath().size()) { // strings added
jsonPathChanged = true;
for(index=indicatorPathBasedOnDefault.getJsonPath().size(); index < indicatorPath.getJsonPath().size(); index++) {
indicatorPathBasedOnDefault.getJsonPath().add(indicatorPath.getJsonPath().get(index));
}
}
if(jsonPathChanged) {
changed = true;
}
j++;
}
log.debug("After jsonPath check: " + changed);
// TODO when deleting indicator path json path strings...
}
log.debug("After jsonPath check: " + changed);
}
i++;
}
// TODO when deleting indicator paths...
if(!changed) {
// break;
continue;
}
indicatorBasedOnDefault.setUpdateDate(indicator.getUpdateDate());
indicatorDAO.save(indicatorBasedOnDefault);
}
}
@ -299,6 +367,7 @@ public class IndicatorController {
return indicatorPathField;
}
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{indicatorId}/delete", method = RequestMethod.DELETE)
public boolean deleteIndicator(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@ -314,6 +383,13 @@ public class IndicatorController {
if(indicator != null) {
Section<String> section = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId, sectionId, indicator.getType());
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId);
List<String> roles = rolesUtils.getRoles();
if(indicator.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Delete indicator: You are not authorized to delete a default Indicator in stakeholder with id: "+stakeholderId);
}
List<String> indicators = section.getIndicators();
int index = indicators.indexOf(indicatorId);
@ -484,6 +560,7 @@ public class IndicatorController {
// return true;
// }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{type}/reorder", method = RequestMethod.POST)
public List<Indicator> reorderIndicators(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@ -509,48 +586,72 @@ public class IndicatorController {
return indicatorsFull;
}
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{indicatorId}/toggle-status", method = RequestMethod.POST)
public Boolean toggleIndicatorStatus(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@PathVariable("categoryId") String categoryId,
@PathVariable("subcategoryId") String subcategoryId,
@PathVariable("sectionId") String sectionId,
@PathVariable("indicatorId") String indicatorId) {
log.debug("toggle indicator status (isActive)");
// @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{indicatorId}/toggle-status", method = RequestMethod.POST)
// public Boolean toggleIndicatorStatus(@PathVariable("stakeholderId") String stakeholderId,
// @PathVariable("topicId") String topicId,
// @PathVariable("categoryId") String categoryId,
// @PathVariable("subcategoryId") String subcategoryId,
// @PathVariable("sectionId") String sectionId,
// @PathVariable("indicatorId") String indicatorId) {
// log.debug("toggle indicator status (isActive)");
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId+ " - SubCategory: "+subcategoryId + " - Section: "+sectionId+ " - Indicator: "+indicatorId);
//
// Indicator indicator = indicatorDAO.findById(indicatorId);
// if (indicator == null) {
// // EXCEPTION - Indicator not found
// throw new EntityNotFoundException("Toggle indicator status: Indicator with id: "+indicatorId+" not found");
// }
// indicator.setIsActive(!indicator.getIsActive());
//
// this.toggleIndicator(stakeholderId, topicId, categoryId, subcategoryId, sectionId, indicator);
//
// return indicator.getIsActive();
// }
//
// @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{indicatorId}/toggle-access", method = RequestMethod.POST)
// public Boolean toggleIndicatorAccess(@PathVariable("stakeholderId") String stakeholderId,
// @PathVariable("topicId") String topicId,
// @PathVariable("categoryId") String categoryId,
// @PathVariable("subcategoryId") String subcategoryId,
// @PathVariable("sectionId") String sectionId,
// @PathVariable("indicatorId") String indicatorId) {
// log.debug("toggle indicator access (isPublic)");
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId+ " - SubCategory: "+subcategoryId + " - Section: "+sectionId+ " - Indicator: "+indicatorId);
//
// Indicator indicator = indicatorDAO.findById(indicatorId);
// if (indicator == null) {
// // EXCEPTION - Indicator not found
// throw new EntityNotFoundException("Toggle indicator access: Indicator with id: "+indicatorId+" not found");
// }
// indicator.setIsPublic(!indicator.getIsPublic());
//
// this.toggleIndicator(stakeholderId, topicId, categoryId, subcategoryId, sectionId, indicator);
//
// return indicator.getIsPublic();
// }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{indicatorId}/change-visibility", method = RequestMethod.POST)
public Visibility changeTopicVisibility(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@PathVariable("categoryId") String categoryId,
@PathVariable("subcategoryId") String subcategoryId,
@PathVariable("sectionId") String sectionId,
@PathVariable("indicatorId") String indicatorId,
@RequestParam("visibility") Visibility visibility) {
log.debug("change indicator visibility: "+visibility);
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId+ " - SubCategory: "+subcategoryId + " - Section: "+sectionId+ " - Indicator: "+indicatorId);
Indicator indicator = indicatorDAO.findById(indicatorId);
if (indicator == null) {
// EXCEPTION - Indicator not found
throw new EntityNotFoundException("Toggle indicator status: Indicator with id: "+indicatorId+" not found");
throw new EntityNotFoundException("Change indicator visibility: Indicator with id: "+indicatorId+" not found");
}
indicator.setIsActive(!indicator.getIsActive());
indicator.setVisibility(visibility);
this.toggleIndicator(stakeholderId, topicId, categoryId, subcategoryId, sectionId, indicator);
return indicator.getIsActive();
}
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{indicatorId}/toggle-access", method = RequestMethod.POST)
public Boolean toggleIndicatorAccess(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@PathVariable("categoryId") String categoryId,
@PathVariable("subcategoryId") String subcategoryId,
@PathVariable("sectionId") String sectionId,
@PathVariable("indicatorId") String indicatorId) {
log.debug("toggle indicator access (isPublic)");
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId+ " - SubCategory: "+subcategoryId + " - Section: "+sectionId+ " - Indicator: "+indicatorId);
Indicator indicator = indicatorDAO.findById(indicatorId);
if (indicator == null) {
// EXCEPTION - Indicator not found
throw new EntityNotFoundException("Toggle indicator access: Indicator with id: "+indicatorId+" not found");
}
indicator.setIsPublic(!indicator.getIsPublic());
this.toggleIndicator(stakeholderId, topicId, categoryId, subcategoryId, sectionId, indicator);
return indicator.getIsPublic();
return indicator.getVisibility();
}
public void toggleIndicator(String stakeholderId, String topicId, String categoryId, String subcategoryId, String sectionId, Indicator indicator) {
@ -576,6 +677,12 @@ public class IndicatorController {
throw new EntityNotFoundException("Save indicator: Stakeholder with id: " + stakeholderId + " not found");
}
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("CheckForExceptions Indicator: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Topic<String> topic = topicDAO.findById(topicId);
if(topic == null) {
// EXCEPTION - Topic not found

48
src/main/java/eu/dnetlib/uoamonitorservice/controllers/SectionController.java
View File

@ -4,11 +4,15 @@ import eu.dnetlib.uoamonitorservice.dao.*;
import eu.dnetlib.uoamonitorservice.entities.*;
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException;
import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException;
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
@ -17,6 +21,9 @@ import java.util.List;
public class SectionController {
private final Logger log = Logger.getLogger(this.getClass());
@Autowired
private RolesUtils rolesUtils;
@Autowired
private StakeholderDAO stakeholderDAO;
@ -52,12 +59,20 @@ public class SectionController {
sectionFull.setIndicators(indicatorsFull);
section.setIndicators(indicators);
Date date = new Date();
section.setCreationDate(date);
section.setUpdateDate(date);
sectionFull.setCreationDate(date);
sectionFull.setUpdateDate(date);
sectionDAO.save(section);
sectionFull.setId(section.getId());
return sectionFull;
}
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/save/{index}", method = RequestMethod.POST)
public Section saveSection(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@ -70,30 +85,40 @@ public class SectionController {
SubCategory<String> subCategory = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId);
Section<String> section = new Section<>(sectionFull);
Date date = new Date();
section.setUpdateDate(date);
sectionFull.setUpdateDate(date);
Section<String> oldSection = null;
if(sectionFull.getId() != null) {
oldSection = sectionDAO.findById(sectionFull.getId());
} else { // section does not exist in DB
section.setCreationDate(date);
sectionFull.setCreationDate(date);
}
Section<String> section = new Section<>(sectionFull);
String sectionId = sectionFull.getId();
List<String> indicators = new ArrayList<>();
for(Indicator indicator : sectionFull.getIndicators()) {
indicators.add(indicator.getId());
}
section.setIndicators(indicators);
sectionDAO.save(section);
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId);
// this section belongs in default profile and it is new or it is updated
if(stakeholder.getDefaultId() == null) {
if(sectionId == null) {
sectionDAO.save(section);
onSaveDefaultSection(section, topicId, categoryId, subcategoryId, stakeholder);
}
else {
onUpdateDefaultSection(section, stakeholder, oldSection);
sectionDAO.save(section);
}
} else {
sectionDAO.save(section);
}
List<String> sections = null;
@ -174,10 +199,12 @@ public class SectionController {
}
// sectionBasedOnDefault.setTitle(section.getTitle());
sectionBasedOnDefault.setUpdateDate(section.getUpdateDate());
sectionDAO.save(sectionBasedOnDefault);
}
}
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/delete", method = RequestMethod.DELETE)
public boolean deleteSection(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@ -192,6 +219,13 @@ public class SectionController {
if(section != null) {
SubCategory<String> subCategory = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId);
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId);
List<String> roles = rolesUtils.getRoles();
if(section.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Delete section: You are not authorized to delete a default Section in stakeholder with id: "+stakeholderId);
}
String type = "";
List<String> sections = null;
if (section.getType().equals("chart")) {
@ -273,6 +307,7 @@ public class SectionController {
return true;
}
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{type}/reorder", method = RequestMethod.POST)
public List<Section> reorderSections(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@ -343,6 +378,7 @@ public class SectionController {
// return section.getIsPublic();
// }
public void toggleSection(String stakeholderId, String topicId, String categoryId, String subcategoryId, Section section) {
SubCategory<String> subCategory = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId);
@ -372,6 +408,12 @@ public class SectionController {
throw new EntityNotFoundException("Save indicator: Stakeholder with id: " + stakeholderId + " not found");
}
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("CheckForExceptions Section: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Topic<String> topic = topicDAO.findById(topicId);
if(topic == null) {
// EXCEPTION - Topic not found

306
src/main/java/eu/dnetlib/uoamonitorservice/controllers/StakeholderController.java
View File

@ -1,17 +1,19 @@
package eu.dnetlib.uoamonitorservice.controllers;
//import com.fasterxml.jackson.core.type.TypeReference;
//import com.fasterxml.jackson.databind.ObjectMapper;
import eu.dnetlib.uoamonitorservice.dao.*;
import eu.dnetlib.uoamonitorservice.entities.*;
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException;
import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException;
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
@RestController
@ -19,6 +21,9 @@ import java.util.List;
public class StakeholderController {
private final Logger log = Logger.getLogger(this.getClass());
@Autowired
private RolesUtils rolesUtils;
@Autowired
private StakeholderDAO stakeholderDAO;
@ -40,6 +45,10 @@ public class StakeholderController {
@Autowired
private TopicController topicController;
// @PreAuthorize("isAuthenticated()")
@PreAuthorize("hasAnyAuthority(" +
"@AuthorizationService.PORTAL_ADMIN, " +
"@AuthorizationService.curator(#stakeholderFull.getType()))")
@RequestMapping(value = "/build-stakeholder", method = RequestMethod.POST)
public Stakeholder<Topic<Category<SubCategory<Section<Indicator>>>>> buildFullStakeholder(@RequestBody Stakeholder<Topic<Category<SubCategory<Section<Indicator>>>>> stakeholderFull) {
log.debug("build stakeholder");
@ -70,7 +79,28 @@ public class StakeholderController {
//return null;
}
public Stakeholder setFullEntities(Stakeholder<String> stakeholder) {
public Stakeholder setFullEntities(Stakeholder<String> stakeholder, List<String> roles) {
boolean addAll = false;
boolean addPublicAndRestricted = false;
// if(roles == null
// || roles.contains(authorizationService.PORTAL_ADMIN)
// || roles.contains(authorizationService.curator(stakeholder.getType()))
// || roles.contains(authorizationService.manager(stakeholder.getType(), stakeholder.getAlias()))) {
if(rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
//if(visibility == null || visibility == (Visibility.PRIVATE)) {
addAll = true;
//}
//if(visibility == null || visibility == (Visibility.PRIVATE) || visibility == (Visibility.RESTRICTED)) {
addPublicAndRestricted = true;
//}
// } else if(roles != null && roles.contains(authorizationService.member(stakeholder.getType(), stakeholder.getAlias()))) {
} else if(rolesUtils.isMember(roles, stakeholder.getType(), stakeholder.getAlias())) {
//if(visibility == null || visibility == (Visibility.PRIVATE) || visibility == (Visibility.RESTRICTED)) {
addPublicAndRestricted = true;
//}
}
Stakeholder<Topic> stakeholderFull = new Stakeholder<>(stakeholder);
List<Topic> topics = new ArrayList<>();
@ -81,6 +111,12 @@ public class StakeholderController {
// EXCEPTION - Topic not found
throw new EntityNotFoundException("Get stakeholder: Topic with id: "+topicId+" not found (topic exists in stakeholder: "+stakeholder.getId()+")");
}
if((!addAll && topic.getVisibility() == Visibility.PRIVATE)
|| (!addPublicAndRestricted && topic.getVisibility() == Visibility.RESTRICTED)) {
continue;
}
Topic<Category> topicFull = new Topic<Category>(topic);
List<Category> categories = new ArrayList<>();
@ -91,6 +127,12 @@ public class StakeholderController {
// EXCEPTION - Category not found
throw new EntityNotFoundException("Get stakeholder: Category with id: "+categoryId+" not found (category exists in topic: "+topicId+")");
}
if((!addAll && category.getVisibility() == Visibility.PRIVATE)
|| (!addPublicAndRestricted && category.getVisibility() == Visibility.RESTRICTED)) {
continue;
}
Category<SubCategory> categoryFull = new Category<SubCategory>(category);
List<SubCategory> subCategories = new ArrayList<>();
@ -101,19 +143,25 @@ public class StakeholderController {
// EXCEPTION - SubCategory not found
throw new EntityNotFoundException("Get stakeholder: SubCategory with id: "+subCategoryId+" not found (subCategory exists in category: "+categoryId+")");
}
if((!addAll && subCategory.getVisibility() == Visibility.PRIVATE)
|| (!addPublicAndRestricted && subCategory.getVisibility() == Visibility.RESTRICTED)) {
continue;
}
SubCategory subCategoryFull = new SubCategory<Section<Indicator>>(subCategory);
List<Section> sectionsCharts = new ArrayList<>();
for(String sectionId : subCategory.getCharts()) {
sectionsCharts.add(getSectionFull(sectionId, subCategoryId));
sectionsCharts.add(getSectionFull(sectionId, subCategoryId, addAll, addPublicAndRestricted));
}
subCategoryFull.setCharts(sectionsCharts);
List<Section> sectionsNumbers = new ArrayList<>();
for(String sectionId : subCategory.getNumbers()) {
sectionsNumbers.add(getSectionFull(sectionId, subCategoryId));
sectionsNumbers.add(getSectionFull(sectionId, subCategoryId, addAll, addPublicAndRestricted));
}
subCategoryFull.setNumbers(sectionsNumbers);
@ -154,12 +202,13 @@ public class StakeholderController {
return stakeholderFull;
}
private Section getSectionFull(String sectionId, String subCategoryId) {
private Section getSectionFull(String sectionId, String subCategoryId, boolean addAll, boolean addPublicAndRestricted) {
Section<String> section = sectionDAO.findById(sectionId);
if (section == null) {
// EXCEPTION - Section not found
throw new EntityNotFoundException("Get stakeholder: Section with id: " + sectionId + " not found (section exists in subCategory: " + subCategoryId + ")");
}
Section sectionFull = new Section<Indicator>(section);
List<Indicator> indicators = new ArrayList<>();
@ -169,6 +218,12 @@ public class StakeholderController {
// EXCEPTION - Indicator not found
throw new EntityNotFoundException("Get stakeholder: Indicator with id: " + indicatorId + " not found (indicator exists in section: " + sectionId + ")");
}
if((!addAll && indicator.getVisibility() == Visibility.PRIVATE)
|| (!addPublicAndRestricted && indicator.getVisibility() == Visibility.RESTRICTED)) {
continue;
}
indicators.add(indicator);
}
sectionFull.setIndicators(indicators);
@ -176,6 +231,8 @@ public class StakeholderController {
return sectionFull;
}
@PreAuthorize("hasAnyAuthority(" +
"@AuthorizationService.PORTAL_ADMIN)")
@RequestMapping(value = "/stakeholder/all", method = RequestMethod.GET)
public List<Stakeholder> getAllStakeholders(@RequestParam(required = false) String type) {
log.debug("get all stakeholders" + (type != null ? " with type: "+type : ""));
@ -189,12 +246,14 @@ public class StakeholderController {
List<Stakeholder> stakeholdersFull = new ArrayList<>();
for(Stakeholder stakeholder : stakeholders) {
stakeholdersFull.add(this.setFullEntities(stakeholder));
List<String> roles = rolesUtils.getRoles();
stakeholdersFull.add(this.setFullEntities(stakeholder, roles));
}
return stakeholdersFull;
}
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/stakeholder/default", method = RequestMethod.GET)
public List<Stakeholder> getAllDefaultStakeholders(@RequestParam(required = false) String type) {
log.debug("get all default stakeholders" + (type != null ? " with type: "+type : ""));
@ -207,9 +266,34 @@ public class StakeholderController {
}
List<Stakeholder> stakeholdersFull = new ArrayList<>();
for(Stakeholder stakeholder : stakeholders) {
stakeholdersFull.add(this.setFullEntities(stakeholder));
// Remove stakeholders for which i do not have authority
if(stakeholders != null && stakeholders.size() > 0) {
List<String> roles = rolesUtils.getRoles();
// log.debug("ROLES: ");
// roles.forEach(role -> log.debug(role));
//
// if (roles.contains(authorizationService.PORTAL_ADMIN)) {
if (rolesUtils.isPortalAdmin(roles)) {
for(Stakeholder stakeholder : stakeholders) {
stakeholdersFull.add(this.setFullEntities(stakeholder, roles));
}
return stakeholdersFull;
}
Iterator<Stakeholder> stakeholderIterator = stakeholders.iterator();
while(stakeholderIterator.hasNext()) {
Stakeholder stakeholder = stakeholderIterator.next();
// if(roles.contains(authorizationService.curator(stakeholder.getType()))) {
if(rolesUtils.isCurator(roles, stakeholder.getType())) {
stakeholdersFull.add(this.setFullEntities(stakeholder, roles));
continue;
}
stakeholderIterator.remove();
}
}
return stakeholdersFull;
}
@ -224,11 +308,90 @@ public class StakeholderController {
stakeholders = stakeholderDAO.findByDefaultIdNotAndType(null, type);
}
List<Stakeholder> stakeholdersFull = new ArrayList<>();
for(Stakeholder stakeholder : stakeholders) {
stakeholdersFull.add(this.setFullEntities(stakeholder));
//List<Stakeholder> stakeholdersFull = new ArrayList<>();
if(stakeholders != null && stakeholders.size() > 0) {
// List<String> roles = authorizationService.getRoles();
List<String> roles = rolesUtils.getRoles();
// if (roles.contains(authorizationService.PORTAL_ADMIN)) {
if (rolesUtils.isPortalAdmin(roles)) {
// for(Stakeholder stakeholder : stakeholders) {
// stakeholdersFull.add(this.setFullEntities(stakeholder));
// }
// return stakeholdersFull;
return stakeholders;
}
Iterator<Stakeholder> stakeholderIterator = stakeholders.iterator();
while(stakeholderIterator.hasNext()) {
Stakeholder stakeholder = stakeholderIterator.next();
// if(roles.contains(authorizationService.curator(stakeholder.getType()))
// || roles.contains(authorizationService.manager(stakeholder.getType(), stakeholder.getAlias()))
// || stakeholder.getVisibility() == Visibility.PUBLIC
// || (stakeholder.getVisibility() == Visibility.RESTRICTED && roles.contains(authorizationService.member(stakeholder.getType(), stakeholder.getAlias())))) {
if(rolesUtils.isCurator(roles, stakeholder.getType())
|| rolesUtils.isManager(roles, stakeholder.getType(), stakeholder.getAlias())
|| stakeholder.getVisibility() == Visibility.PUBLIC
|| (stakeholder.getVisibility() == Visibility.RESTRICTED && rolesUtils.isMember(roles, stakeholder.getType(), stakeholder.getAlias()))) {
//stakeholdersFull.add(this.setFullEntities(stakeholder));
continue;
}
stakeholderIterator.remove();
}
}
log.debug(new Date());
// log.debug(new Date());
// return stakeholdersFull;
return stakeholders;
}
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/my-stakeholder", method = RequestMethod.GET)
public List<Stakeholder> getMyRealStakeholders(@RequestParam(required = false) String type) {
log.debug("get my NOT default stakeholders" + (type != null ? " with type: "+type : ""));
List<Stakeholder> stakeholders;
if(type == null) {
stakeholders = stakeholderDAO.findByDefaultIdNot(null);
} else {
stakeholders = stakeholderDAO.findByDefaultIdNotAndType(null, type);
}
List<Stakeholder> stakeholdersFull = new ArrayList<>();
if(stakeholders != null && stakeholders.size() > 0) {
// List<String> roles = authorizationService.getRoles();
List<String> roles = rolesUtils.getRoles();
// log.debug("ROLES: ");
// roles.forEach(role -> log.debug(role));
// if (roles.contains(authorizationService.PORTAL_ADMIN)) {
if (rolesUtils.isPortalAdmin(roles)) {
for(Stakeholder stakeholder : stakeholders) {
stakeholdersFull.add(this.setFullEntities(stakeholder, roles));
}
return stakeholdersFull;
}
Iterator<Stakeholder> stakeholderIterator = stakeholders.iterator();
while(stakeholderIterator.hasNext()) {
Stakeholder stakeholder = stakeholderIterator.next();
// if(roles.contains(authorizationService.curator(stakeholder.getType()))
// || roles.contains(authorizationService.manager(stakeholder.getType(), stakeholder.getAlias()))) {
if(rolesUtils.isCurator(roles, stakeholder.getType())
|| rolesUtils.isManager(roles, stakeholder.getType(), stakeholder.getAlias())) {
stakeholdersFull.add(this.setFullEntities(stakeholder, roles));
continue;
}
stakeholderIterator.remove();
}
}
// log.debug(new Date());
return stakeholdersFull;
}
@ -242,9 +405,30 @@ public class StakeholderController {
// EXCEPTION - Stakeholder not found
throw new EntityNotFoundException("Get stakeholder: Stakeholder with alias: "+alias+" not found");
}
return this.setFullEntities(stakeholder);
// List<String> roles = authorizationService.getRoles();
List<String> roles = rolesUtils.getRoles();
if((stakeholder.getVisibility() == Visibility.PRIVATE && !rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())
|| (stakeholder.getVisibility() == Visibility.RESTRICTED && !rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias()) && !rolesUtils.isMember(roles, stakeholder.getType(), stakeholder.getAlias())))) {
// // EXCEPTION - Access denied
// throw new AccessDeniedException("Get stakeholder: You are not authorized to get stakeholder with alias: "+alias);
List<String> topicsEmpty = stakeholder.getTopics();
topicsEmpty.clear();
stakeholder.setTopics(topicsEmpty);
stakeholder.setVisibility(Visibility.PRIVATE);
return stakeholder;
}
return this.setFullEntities(stakeholder, roles);
}
// @PreAuthorize("isAuthenticated()")
@PreAuthorize("hasAnyAuthority(" +
"@AuthorizationService.PORTAL_ADMIN, " +
"@AuthorizationService.curator(#stakeholderFull.getType()), " +
"@AuthorizationService.manager(#stakeholderFull.getType(), #stakeholderFull.getAlias()) " +
")")
@RequestMapping(value = "/save", method = RequestMethod.POST)
public Stakeholder<Topic> saveStakeholder(@RequestBody Stakeholder<Topic> stakeholderFull) {
log.debug("save stakeholder");
@ -283,7 +467,7 @@ public class StakeholderController {
return stakeholderFull;
}
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/delete", method = RequestMethod.DELETE)
public boolean deleteStakeholder(@PathVariable("stakeholderId") String stakeholderId) {
log.debug("delete stakeholder");
@ -292,6 +476,15 @@ public class StakeholderController {
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId);
if(stakeholder != null) {
// List<String> roles = authorizationService.getRoles();
List<String> roles = rolesUtils.getRoles();
// if(!roles.contains(authorizationService.PORTAL_ADMIN)
// && !roles.contains(authorizationService.curator(stakeholder.getType()))) {
if(!rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Delete stakeholder: You are not authorized to delete stakeholder with id: "+stakeholderId);
}
// for(String topicId : stakeholder.getTopics()) {
// Topic<String> topic = topicDAO.findById(topicId);
@ -364,43 +557,74 @@ public class StakeholderController {
}
@RequestMapping(value = "/{stakeholderId}/toggle-status", method = RequestMethod.POST)
public Boolean toggleStakeholderStatus(@PathVariable("stakeholderId") String stakeholderId) {
log.debug("toggle stakeholder status (isActive)");
// @RequestMapping(value = "/{stakeholderId}/toggle-status", method = RequestMethod.POST)
// public Boolean toggleStakeholderStatus(@PathVariable("stakeholderId") String stakeholderId) {
// log.debug("toggle stakeholder status (isActive)");
// log.debug("Stakeholder: "+stakeholderId);
//
// Stakeholder stakeholder = stakeholderDAO.findById(stakeholderId);
// if (stakeholder == null) {
// // EXCEPTION - Stakeholder not found
// throw new EntityNotFoundException("Toggle stakeholder status: Stakeholder with id: "+stakeholderId+" not found");
// }
// stakeholder.setIsActive(!stakeholder.getIsActive());
//
// stakeholderDAO.save(stakeholder);
// log.debug("Stakeholder toggled!");
//
// return stakeholder.getIsActive();
// }
//
// @RequestMapping(value = "/{stakeholderId}/toggle-access", method = RequestMethod.POST)
// public Boolean toggleStakeholderAccess(@PathVariable("stakeholderId") String stakeholderId) {
// log.debug("toggle stakeholder access (isPublic)");
// log.debug("Stakeholder: "+stakeholderId);
//
// Stakeholder stakeholder = stakeholderDAO.findById(stakeholderId);
// if (stakeholder == null) {
// // EXCEPTION - Stakeholder not found
// throw new EntityNotFoundException("Toggle stakeholder access: Stakeholder with id: "+stakeholderId+" not found");
// }
// stakeholder.setIsPublic(!stakeholder.getIsPublic());
//
// stakeholderDAO.save(stakeholder);
// log.debug("Stakeholder toggled!");
//
// return stakeholder.getIsPublic();
// }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/change-visibility", method = RequestMethod.POST)
public Visibility toggleStakeholderAccess(@PathVariable("stakeholderId") String stakeholderId,
@RequestParam("visibility") Visibility visibility) {
log.debug("change stakeholder visibility: "+visibility);
log.debug("Stakeholder: "+stakeholderId);
Stakeholder stakeholder = stakeholderDAO.findById(stakeholderId);
if (stakeholder == null) {
// EXCEPTION - Stakeholder not found
throw new EntityNotFoundException("Toggle stakeholder status: Stakeholder with id: "+stakeholderId+" not found");
throw new EntityNotFoundException("Change stakeholder visibility: Stakeholder with id: "+stakeholderId+" not found");
}
stakeholder.setIsActive(!stakeholder.getIsActive());
// List<String> roles = authorizationService.getRoles();
List<String> roles = rolesUtils.getRoles();
// if(!roles.contains(authorizationService.PORTAL_ADMIN)
// && !roles.contains(authorizationService.curator(stakeholder.getType()))
// && !roles.contains(authorizationService.manager(stakeholder.getType(), stakeholder.getAlias()))) {
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Change stakeholder visibility: You are not authorized to update stakeholder with id: "+stakeholderId);
}
stakeholder.setVisibility(visibility);
stakeholderDAO.save(stakeholder);
log.debug("Stakeholder toggled!");
return stakeholder.getIsActive();
return stakeholder.getVisibility();
}
@RequestMapping(value = "/{stakeholderId}/toggle-access", method = RequestMethod.POST)
public Boolean toggleStakeholderAccess(@PathVariable("stakeholderId") String stakeholderId) {
log.debug("toggle stakeholder access (isPublic)");
log.debug("Stakeholder: "+stakeholderId);
Stakeholder stakeholder = stakeholderDAO.findById(stakeholderId);
if (stakeholder == null) {
// EXCEPTION - Stakeholder not found
throw new EntityNotFoundException("Toggle stakeholder access: Stakeholder with id: "+stakeholderId+" not found");
}
stakeholder.setIsPublic(!stakeholder.getIsPublic());
stakeholderDAO.save(stakeholder);
log.debug("Stakeholder toggled!");
return stakeholder.getIsPublic();
}
// The following are not supposed to be used
// @RequestMapping(value = "/stakeholder/dates", method = RequestMethod.GET)
// public List<Date> getAllStakeholderDates() {

130
src/main/java/eu/dnetlib/uoamonitorservice/controllers/SubCategoryController.java
View File

@ -4,11 +4,15 @@ import eu.dnetlib.uoamonitorservice.dao.*;
import eu.dnetlib.uoamonitorservice.entities.*;
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException;
import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException;
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
@ -17,6 +21,9 @@ import java.util.List;
public class SubCategoryController {
private final Logger log = Logger.getLogger(this.getClass());
@Autowired
private RolesUtils rolesUtils;
@Autowired
private StakeholderDAO stakeholderDAO;
@ -63,12 +70,21 @@ public class SubCategoryController {
subcategoryFull.setNumbers(sectionNumbersFull);
subCategory.setNumbers(sectionNumbers);
Date date = new Date();
subCategory.setCreationDate(date);
subCategory.setUpdateDate(date);
subcategoryFull.setCreationDate(date);
subcategoryFull.setUpdateDate(date);
subCategoryDAO.save(subCategory);
subcategoryFull.setId(subCategory.getId());
return subcategoryFull;
}
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/save", method = RequestMethod.POST)
public SubCategory<Section<Indicator>> saveSubCategory(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@ -79,13 +95,20 @@ public class SubCategoryController {
Category category = checkForExceptions(stakeholderId, topicId, categoryId);
SubCategory<String> subCategory = new SubCategory<>(subcategoryFull);
Date date = new Date();
subCategory.setUpdateDate(date);
subcategoryFull.setUpdateDate(date);
SubCategory<String> oldSubcategory = null;
if(subcategoryFull.getId() != null) {
oldSubcategory = subCategoryDAO.findById(subcategoryFull.getId());
} else { // subcategory does not exist in DB
subCategory.setCreationDate(date);
subcategoryFull.setCreationDate(date);
}
SubCategory<String> subCategory = new SubCategory<>(subcategoryFull);
// List<String> charts = new ArrayList<>();
// for(Indicator chart : subcategoryFull.getCharts()) {
// charts.add(chart.getId());
@ -110,15 +133,17 @@ public class SubCategoryController {
}
subCategory.setNumbers(numberSections);
subCategoryDAO.save(subCategory);
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId);
if(stakeholder.getDefaultId() == null) {
if(subcategoryFull.getId() == null) {
subCategoryDAO.save(subCategory);
onSaveDefaultSubCategory(subCategory, categoryId);
} else {
onUpdateDefaultSubCategory(subCategory, oldSubcategory);
subCategoryDAO.save(subCategory);
}
} else {
subCategoryDAO.save(subCategory);
}
List<String> subcategories = category.getSubCategories();
@ -182,10 +207,12 @@ public class SubCategoryController {
// subCategoryBasedOnDefault.setName(subCategory.getName());
// subCategoryBasedOnDefault.setDescription(subCategory.getDescription());
subCategoryBasedOnDefault.setUpdateDate(subCategory.getUpdateDate());
subCategoryDAO.save(subCategoryBasedOnDefault);
}
}
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/delete", method = RequestMethod.DELETE)
public boolean deleteSubCategory(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@ -199,6 +226,14 @@ public class SubCategoryController {
SubCategory<String> subcategory = subCategoryDAO.findById(subcategoryId);
if(subcategory != null) {
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId);
List<String> roles = rolesUtils.getRoles();
if(subcategory.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Delete subcategory: You are not authorized to delete a default SubCategory in stakeholder with id: "+stakeholderId);
}
List<String> subcategories = category.getSubCategories();
int index = subcategories.indexOf(subcategoryId);
if(index != -1) {
@ -298,6 +333,7 @@ public class SubCategoryController {
return true;
}
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/reorder", method = RequestMethod.POST)
public List<SubCategory> reorderSubCategories(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@ -320,44 +356,66 @@ public class SubCategoryController {
return subCategoriesFull;
}
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/toggle-status", method = RequestMethod.POST)
public Boolean toggleSubCategoryStatus(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@PathVariable("categoryId") String categoryId,
@PathVariable("subcategoryId") String subcategoryId) {
log.debug("toggle subCategory status (isActive)");
// @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/toggle-status", method = RequestMethod.POST)
// public Boolean toggleSubCategoryStatus(@PathVariable("stakeholderId") String stakeholderId,
// @PathVariable("topicId") String topicId,
// @PathVariable("categoryId") String categoryId,
// @PathVariable("subcategoryId") String subcategoryId) {
// log.debug("toggle subCategory status (isActive)");
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId+ " - SubCategory: "+subcategoryId);
//
// SubCategory subCategory = subCategoryDAO.findById(subcategoryId);
// if (subCategory == null) {
// // EXCEPTION - SubCategory not found
// throw new EntityNotFoundException("Toggle subCategory status: SubCategory with id: "+subcategoryId+" not found");
// }
// subCategory.setIsActive(!subCategory.getIsActive());
//
// this.toggleSubCategory(stakeholderId, topicId, categoryId, subCategory);
//
// return subCategory.getIsActive();
// }
//
// @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/toggle-access", method = RequestMethod.POST)
// public Boolean toggleSubCategoryAccess(@PathVariable("stakeholderId") String stakeholderId,
// @PathVariable("topicId") String topicId,
// @PathVariable("categoryId") String categoryId,
// @PathVariable("subcategoryId") String subcategoryId) {
// log.debug("toggle subCategory access (isPublic)");
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId+ " - SubCategory: "+subcategoryId);
//
// SubCategory subCategory = subCategoryDAO.findById(subcategoryId);
// if (subCategory == null) {
// // EXCEPTION - SubCategory not found
// throw new EntityNotFoundException("Toggle subCategory access: SubCategory with id: "+subcategoryId+" not found");
// }
// subCategory.setIsPublic(!subCategory.getIsPublic());
//
// this.toggleSubCategory(stakeholderId, topicId, categoryId, subCategory);
//
// return subCategory.getIsPublic();
// }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/change-visibility", method = RequestMethod.POST)
public Visibility changeTopicVisibility(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@PathVariable("categoryId") String categoryId,
@PathVariable("subcategoryId") String subcategoryId,
@RequestParam("visibility") Visibility visibility) {
log.debug("change subCategory visibility: "+visibility);
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId+ " - SubCategory: "+subcategoryId);
SubCategory subCategory = subCategoryDAO.findById(subcategoryId);
if (subCategory == null) {
// EXCEPTION - SubCategory not found
throw new EntityNotFoundException("Toggle subCategory status: SubCategory with id: "+subcategoryId+" not found");
throw new EntityNotFoundException("Change subCategory visibility: SubCategory with id: "+subcategoryId+" not found");
}
subCategory.setIsActive(!subCategory.getIsActive());
subCategory.setVisibility(visibility);
this.toggleSubCategory(stakeholderId, topicId, categoryId, subCategory);
return subCategory.getIsActive();
}
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/toggle-access", method = RequestMethod.POST)
public Boolean toggleSubCategoryAccess(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@PathVariable("categoryId") String categoryId,
@PathVariable("subcategoryId") String subcategoryId) {
log.debug("toggle subCategory access (isPublic)");
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId+ " - SubCategory: "+subcategoryId);
SubCategory subCategory = subCategoryDAO.findById(subcategoryId);
if (subCategory == null) {
// EXCEPTION - SubCategory not found
throw new EntityNotFoundException("Toggle subCategory access: SubCategory with id: "+subcategoryId+" not found");
}
subCategory.setIsPublic(!subCategory.getIsPublic());
this.toggleSubCategory(stakeholderId, topicId, categoryId, subCategory);
return subCategory.getIsPublic();
return subCategory.getVisibility();
}
public void toggleSubCategory(String stakeholderId, String topicId, String categoryId, SubCategory subcategory) {
@ -382,6 +440,12 @@ public class SubCategoryController {
throw new EntityNotFoundException("Save indicator: Stakeholder with id: " + stakeholderId + " not found");
}
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("CheckForExceptions SubCategory: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Topic<String> topic = topicDAO.findById(topicId);
if(topic == null) {
// EXCEPTION - Topic not found

149
src/main/java/eu/dnetlib/uoamonitorservice/controllers/TopicController.java
View File

@ -4,11 +4,15 @@ import eu.dnetlib.uoamonitorservice.dao.*;
import eu.dnetlib.uoamonitorservice.entities.*;
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException;
import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException;
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
@ -17,24 +21,15 @@ import java.util.List;
public class TopicController {
private final Logger log = Logger.getLogger(this.getClass());
@Autowired
private RolesUtils rolesUtils;
@Autowired
private StakeholderDAO stakeholderDAO;
@Autowired
private TopicDAO topicDAO;
@Autowired
private CategoryDAO categoryDAO;
@Autowired
private SubCategoryDAO subCategoryDAO;
@Autowired
private SectionDAO sectionDAO;
@Autowired
private IndicatorDAO indicatorDAO;
@Autowired
private CategoryController categoryController;
@ -51,12 +46,20 @@ public class TopicController {
topicFull.setCategories(categoriesFull);
topic.setCategories(categories);
Date date = new Date();
topic.setCreationDate(date);
topic.setUpdateDate(date);
topicFull.setCreationDate(date);
topicFull.setUpdateDate(date);
topicDAO.save(topic);
topicFull.setId(topic.getId());
return topicFull;
}
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/save", method = RequestMethod.POST)
public Topic<Category> saveTopic(@PathVariable("stakeholderId") String stakeholderId,
@RequestBody Topic<Category> topicFull) {
@ -66,12 +69,24 @@ public class TopicController {
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId);
if(stakeholder != null) {
Topic<String> oldTopic = null;
if(topicFull.getId() != null) {
oldTopic = topicDAO.findById(topicFull.getId());
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Save Topic: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Topic<String> topic = new Topic<>(topicFull);
Date date = new Date();
topic.setUpdateDate(date);
topicFull.setUpdateDate(date);
Topic<String> oldTopic = null;
if(topicFull.getId() != null) {
oldTopic = topicDAO.findById(topicFull.getId());
} else { // topic does not exist in DB
topic.setCreationDate(date);
topicFull.setCreationDate(date);
}
List<String> categories = new ArrayList<>();
for(Category category : topicFull.getCategories()) {
@ -79,14 +94,16 @@ public class TopicController {
}
topic.setCategories(categories);
topicDAO.save(topic);
if(stakeholder.getDefaultId() == null) {
if(topicFull.getId() == null) {
topicDAO.save(topic);
onSaveDefaultTopic(topic, stakeholderId);
} else {
onUpdateDefaultTopic(topic, oldTopic);
topicDAO.save(topic);
}
} else {
topicDAO.save(topic);
}
List<String> topics = stakeholder.getTopics();
@ -158,10 +175,12 @@ public class TopicController {
// topicBasedOnDefault.setName(topic.getName());
// topicBasedOnDefault.setDescription(topic.getDescription());
topicBasedOnDefault.setUpdateDate(topic.getUpdateDate());
topicDAO.save(topicBasedOnDefault);
}
}
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/delete", method = RequestMethod.DELETE)
public boolean deleteTopic(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@ -173,9 +192,20 @@ public class TopicController {
if(stakeholder != null) {
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Delete topic: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Topic<String> topic = topicDAO.findById(topicId);
if(topic != null) {
if(topic.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Delete topic: You are not authorized to delete a default Topic in stakeholder with id: "+stakeholderId);
}
List<String> topics = stakeholder.getTopics();
int index = topics.indexOf(topicId);
if(index != -1) {
@ -298,6 +328,7 @@ public class TopicController {
return true;
}
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/reorder", method = RequestMethod.POST)
public List<Topic> reorderTopics(@PathVariable("stakeholderId") String stakeholderId,
@RequestBody List<String> topics) {
@ -307,6 +338,13 @@ public class TopicController {
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId);
if(stakeholder != null) {
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Reorder topics: You are not authorized to update stakeholder with id: "+stakeholderId);
}
stakeholder.setTopics(topics);
stakeholderDAO.save(stakeholder);
@ -323,46 +361,73 @@ public class TopicController {
}
}
@RequestMapping(value = "/{stakeholderId}/{topicId}/toggle-status", method = RequestMethod.POST)
public Boolean toggleTopicStatus(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId) {
log.debug("toggle topic status (isActive)");
// @RequestMapping(value = "/{stakeholderId}/{topicId}/toggle-status", method = RequestMethod.POST)
// public Boolean toggleTopicStatus(@PathVariable("stakeholderId") String stakeholderId,
// @PathVariable("topicId") String topicId) {
// log.debug("toggle topic status (isActive)");
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId);
//
// Topic topic = topicDAO.findById(topicId);
// if (topic == null) {
// // EXCEPTION - Topic not found
// throw new EntityNotFoundException("Toggle topic status: Topic with id: "+topicId+" not found");
// }
// topic.setIsActive(!topic.getIsActive());
//
// this.toggleTopic(stakeholderId, topic);
//
// return topic.getIsActive();
// }
//
// @RequestMapping(value = "/{stakeholderId}/{topicId}/toggle-access", method = RequestMethod.POST)
// public Boolean toggleTopicAccess(@PathVariable("stakeholderId") String stakeholderId,
// @PathVariable("topicId") String topicId) {
// log.debug("toggle topic access (isPublic)");
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId);
//
// Topic topic = topicDAO.findById(topicId);
// if (topic == null) {
// // EXCEPTION - Topic not found
// throw new EntityNotFoundException("Toggle topic access: Topic with id: "+topicId+" not found");
// }
// topic.setIsPublic(!topic.getIsPublic());
//
// this.toggleTopic(stakeholderId, topic);
//
// return topic.getIsPublic();
// }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/change-visibility", method = RequestMethod.POST)
public Visibility changeTopicVisibility(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@RequestParam("visibility") Visibility visibility) {
log.debug("change topic visibility: "+visibility);
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId);
Topic topic = topicDAO.findById(topicId);
if (topic == null) {
// EXCEPTION - Topic not found
throw new EntityNotFoundException("Toggle topic status: Topic with id: "+topicId+" not found");
throw new EntityNotFoundException("Change topic visibility: Topic with id: "+topicId+" not found");
}
topic.setIsActive(!topic.getIsActive());
topic.setVisibility(visibility);
this.toggleTopic(stakeholderId, topic);
return topic.getIsActive();
}
@RequestMapping(value = "/{stakeholderId}/{topicId}/toggle-access", method = RequestMethod.POST)
public Boolean toggleTopicAccess(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId) {
log.debug("toggle topic access (isPublic)");
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId);
Topic topic = topicDAO.findById(topicId);
if (topic == null) {
// EXCEPTION - Topic not found
throw new EntityNotFoundException("Toggle topic access: Topic with id: "+topicId+" not found");
}
topic.setIsPublic(!topic.getIsPublic());
this.toggleTopic(stakeholderId, topic);
return topic.getIsPublic();
return topic.getVisibility();
}
public void toggleTopic(String stakeholderId, Topic topic) {
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId);
if (stakeholder != null) {
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Toggle topic: You are not authorized to update stakeholder with id: "+stakeholderId);
}
if (stakeholder.getTopics().contains(topic.getId())) {
topicDAO.save(topic);
log.debug("Topic toggled!");

65
src/main/java/eu/dnetlib/uoamonitorservice/handlers/utils/RolesUtils.java Normal file
View File

@ -0,0 +1,65 @@
package eu.dnetlib.uoamonitorservice.handlers.utils;
import eu.dnetlib.uoaauthorizationlibrary.security.AuthorizationService;
import org.apache.log4j.Logger;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@Component
public class RolesUtils {
@Autowired
private AuthorizationService authorizationService;
private final Logger log = Logger.getLogger(this.getClass());
public List<String> getRoles() {
return authorizationService.getRoles();
}
public boolean isPortalAdmin(List<String> roles) {
if(roles == null) {
return false;
}
// log.debug(authorizationService.PORTAL_ADMIN);
// log.debug("PortalAdmin: "+roles.contains(authorizationService.PORTAL_ADMIN));
return roles.contains(authorizationService.PORTAL_ADMIN);
}
public boolean isCurator(List<String> roles, String type) {
if(roles == null) {
return false;
}
// log.debug(authorizationService.curator(type));
// log.debug("Curator in "+type+": "+roles.contains(authorizationService.curator(type)));
return roles.contains(authorizationService.curator(type));
}
public boolean isManager(List<String> roles, String type, String id) {
if(roles == null) {
return false;
}
// log.debug(authorizationService.manager(type, id));
// log.debug("Manager in "+type+" - "+id+": "+roles.contains(authorizationService.manager(type, id)));
return roles.contains(authorizationService.manager(type, id));
}
public boolean isMember(List<String> roles, String type, String id) {
if(roles == null) {
return false;
}
// log.debug(authorizationService.member(type, id));
// log.debug("Member in "+type+" - "+id+": "+roles.contains(authorizationService.member(type, id)));
return roles.contains(authorizationService.member(type, id));
}
public boolean hasUpdateAuthority(List<String> roles, String type, String id) {
return isPortalAdmin(roles) || isCurator(roles, type) || isManager(roles, type, id);
}
public boolean hasCreateAndDeleteAuthority(List<String> roles, String type) {
return isPortalAdmin(roles) || isCurator(roles, type);
}
}