MaDgIK
/
uoa-monitor-service
13
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Trunk | Monitor Service]: 

1. RolesUtils.java: New class connected to "AuthorizationService" and returns helper methods for roles and authorities.
2. StakeholderController.java & TopicController.java & CategoryController.java & SubCategoryController.java & SectionController.java & IndicatorController.java:
	a. Add authorization checks according to user roles (authorization library).
	b. Handle new fields "createDate" and "updateDate" (StakeholderController.java already had these fields).
	c. [Bug fix] On save method, if it is default entity, add it before "onSaveDefault...()" or after "onUpdateDefault...()".
	d. (not in SectionController) Comment methods for toggling status and access and add method for changing visibility.
		e.g. "changeIndicatorVisibility()" (/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{indicatorId}/change-visibility).
3. StakeholderController.java: Method "getAllRealStakeholders()" (/stakeholder) returns now basic Stakeholder info (topicIds, not full entities).
4. IndicatorController.java:
	a. [Bug fix] On "onUpdateDefaultIndicator()", "changed" is set to false for each indicatorBasedOnDefault.
	b. On "onUpdateDefaultIndicator()" handle update policy for "description" and "additionalDescription".
	c. [Bug fix] On "onUpdateDefaultIndicator()", bug fixes when updating "jsonPath".
This commit is contained in:
Konstantina Galouni 2020-11-11 12:45:59 +00:00
parent b7a4471385
commit 1a784f29bd
7 changed files with 854 additions and 215 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

148
src/main/java/eu/dnetlib/uoamonitorservice/controllers/CategoryController.java
View File

@ -4,11 +4,15 @@ import eu.dnetlib.uoamonitorservice.dao.*;
import eu.dnetlib.uoamonitorservice.entities.*; import eu.dnetlib.uoamonitorservice.entities.*;
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException;
import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException; import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException;
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator; import java.util.Iterator;
import java.util.List; import java.util.List;
@ -17,6 +21,9 @@ import java.util.List;
public class CategoryController { public class CategoryController {
private final Logger log = Logger.getLogger(this.getClass()); private final Logger log = Logger.getLogger(this.getClass());
@Autowired
private RolesUtils rolesUtils;
@Autowired @Autowired
private StakeholderDAO stakeholderDAO; private StakeholderDAO stakeholderDAO;
@ -29,12 +36,6 @@ public class CategoryController {
@Autowired @Autowired
private SubCategoryDAO subCategoryDAO; private SubCategoryDAO subCategoryDAO;
@Autowired
private SectionDAO sectionDAO;
@Autowired
private IndicatorDAO indicatorDAO;
@Autowired @Autowired
private SubCategoryController subCategoryController; private SubCategoryController subCategoryController;
@ -51,12 +52,20 @@ public class CategoryController {
categoryFull.setSubCategories(subCategoriesFull); categoryFull.setSubCategories(subCategoriesFull);
category.setSubCategories(subCategories); category.setSubCategories(subCategories);
Date date = new Date();
category.setCreationDate(date);
category.setUpdateDate(date);
categoryFull.setCreationDate(date);
categoryFull.setUpdateDate(date);
categoryDAO.save(category); categoryDAO.save(category);
categoryFull.setId(category.getId()); categoryFull.setId(category.getId());
return categoryFull; return categoryFull;
} }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/save", method = RequestMethod.POST) @RequestMapping(value = "/{stakeholderId}/{topicId}/save", method = RequestMethod.POST)
public Category<SubCategory> saveCategory(@PathVariable("stakeholderId") String stakeholderId, public Category<SubCategory> saveCategory(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId, @PathVariable("topicId") String topicId,
@ -67,6 +76,13 @@ public class CategoryController {
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId); Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId);
if(stakeholder != null) { if(stakeholder != null) {
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Save Category: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Category<String> oldCategory = null; Category<String> oldCategory = null;
if(categoryFull.getId() != null) { if(categoryFull.getId() != null) {
oldCategory = categoryDAO.findById(categoryFull.getId()); oldCategory = categoryDAO.findById(categoryFull.getId());
@ -75,8 +91,17 @@ public class CategoryController {
Topic<String> topic = topicDAO.findById(topicId); Topic<String> topic = topicDAO.findById(topicId);
if(topic != null) { if(topic != null) {
if(stakeholder.getTopics().contains(topicId)) { if(stakeholder.getTopics().contains(topicId)) {
Category<String> category = new Category<>(categoryFull);
Date date = new Date();
category.setUpdateDate(date);
categoryFull.setUpdateDate(date);
// if category not exists (no id), create a new default subcategory, identical to category // if category not exists (no id), create a new default subcategory, identical to category
if(categoryFull.getId() == null) { if(categoryFull.getId() == null) {
category.setCreationDate(date);
categoryFull.setCreationDate(date);
SubCategory<String> subCategory = new SubCategory<>(); SubCategory<String> subCategory = new SubCategory<>();
subCategory.createOverviewSubCategory(categoryFull); subCategory.createOverviewSubCategory(categoryFull);
@ -85,23 +110,22 @@ public class CategoryController {
subCategories.add(subCategory); subCategories.add(subCategory);
} }
Category<String> category = new Category<>(categoryFull);
List<String> subCategories = new ArrayList<>(); List<String> subCategories = new ArrayList<>();
for(SubCategory subCategory : categoryFull.getSubCategories()) { for(SubCategory subCategory : categoryFull.getSubCategories()) {
subCategories.add(subCategory.getId()); subCategories.add(subCategory.getId());
} }
category.setSubCategories(subCategories); category.setSubCategories(subCategories);
categoryDAO.save(category);
if(stakeholder.getDefaultId() == null) { if(stakeholder.getDefaultId() == null) {
if(categoryFull.getId() == null) { if(categoryFull.getId() == null) {
categoryDAO.save(category);
onSaveDefaultCategory(category, topicId); onSaveDefaultCategory(category, topicId);
} else { } else {
onUpdateDefaultCategory(category, oldCategory); onUpdateDefaultCategory(category, oldCategory);
categoryDAO.save(category);
} }
} else {
categoryDAO.save(category);
} }
List<String> categories = topic.getCategories(); List<String> categories = topic.getCategories();
@ -178,10 +202,12 @@ public class CategoryController {
// categoryBasedOnDefault.setName(category.getName()); // categoryBasedOnDefault.setName(category.getName());
// categoryBasedOnDefault.setDescription(category.getDescription()); // categoryBasedOnDefault.setDescription(category.getDescription());
categoryBasedOnDefault.setUpdateDate(category.getUpdateDate());
categoryDAO.save(categoryBasedOnDefault); categoryDAO.save(categoryBasedOnDefault);
} }
} }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/delete", method = RequestMethod.DELETE) @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/delete", method = RequestMethod.DELETE)
public boolean deleteCategory(@PathVariable("stakeholderId") String stakeholderId, public boolean deleteCategory(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId, @PathVariable("topicId") String topicId,
@ -194,6 +220,12 @@ public class CategoryController {
if(stakeholder != null) { if(stakeholder != null) {
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Delete category: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Topic<String> topic = topicDAO.findById(topicId); Topic<String> topic = topicDAO.findById(topicId);
if(topic != null) { if(topic != null) {
if(stakeholder.getTopics().contains(topicId)) { if(stakeholder.getTopics().contains(topicId)) {
@ -201,6 +233,12 @@ public class CategoryController {
Category<String> category = categoryDAO.findById(categoryId); Category<String> category = categoryDAO.findById(categoryId);
if(category != null) { if(category != null) {
if(category.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Delete category: You are not authorized to delete a default Category in stakeholder with id: "+stakeholderId);
}
List<String> categories = topic.getCategories(); List<String> categories = topic.getCategories();
int index = categories.indexOf(categoryId); int index = categories.indexOf(categoryId);
if(index != -1) { if(index != -1) {
@ -321,6 +359,7 @@ public class CategoryController {
return true; return true;
} }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/reorder", method = RequestMethod.POST) @RequestMapping(value = "/{stakeholderId}/{topicId}/reorder", method = RequestMethod.POST)
public List<Category> reorderCategories(@PathVariable("stakeholderId") String stakeholderId, public List<Category> reorderCategories(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId, @PathVariable("topicId") String topicId,
@ -342,42 +381,63 @@ public class CategoryController {
return categoriesFull; return categoriesFull;
} }
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/toggle-status", method = RequestMethod.POST) // @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/toggle-status", method = RequestMethod.POST)
public Boolean toggleCategoryStatus(@PathVariable("stakeholderId") String stakeholderId, // public Boolean toggleCategoryStatus(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId, // @PathVariable("topicId") String topicId,
@PathVariable("categoryId") String categoryId) { // @PathVariable("categoryId") String categoryId) {
log.debug("toggle category status (isActive)"); // log.debug("toggle category status (isActive)");
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId);
//
// Category category = categoryDAO.findById(categoryId);
// if (category == null) {
// // EXCEPTION - Category not found
// throw new EntityNotFoundException("Toggle category status: Category with id: "+categoryId+" not found");
// }
// category.setIsActive(!category.getIsActive());
//
// this.toggleCategory(stakeholderId, topicId, category);
//
// return category.getIsActive();
// }
//
// @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/toggle-access", method = RequestMethod.POST)
// public Boolean toggleCategoryAccess(@PathVariable("stakeholderId") String stakeholderId,
// @PathVariable("topicId") String topicId,
// @PathVariable("categoryId") String categoryId) {
// log.debug("toggle category access (isPublic)");
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId);
//
// Category category = categoryDAO.findById(categoryId);
// if (category == null) {
// // EXCEPTION - Category not found
// throw new EntityNotFoundException("Toggle category access: Category with id: "+categoryId+" not found");
// }
// category.setIsPublic(!category.getIsPublic());
//
// this.toggleCategory(stakeholderId, topicId, category);
//
// return category.getIsPublic();
// }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/change-visibility", method = RequestMethod.POST)
public Visibility changeCategoryVisibility(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@PathVariable("categoryId") String categoryId,
@RequestParam("visibility") Visibility visibility) {
log.debug("change category visibility: "+visibility);
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId); log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId);
Category category = categoryDAO.findById(categoryId); Category category = categoryDAO.findById(categoryId);
if (category == null) { if (category == null) {
// EXCEPTION - Category not found // EXCEPTION - Category not found
throw new EntityNotFoundException("Toggle category status: Category with id: "+categoryId+" not found"); throw new EntityNotFoundException("Change topic visibility: Category with id: "+categoryId+" not found");
} }
category.setIsActive(!category.getIsActive()); category.setVisibility(visibility);
this.toggleCategory(stakeholderId, topicId, category); this.toggleCategory(stakeholderId, topicId, category);
return category.getIsActive(); return category.getVisibility();
}
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/toggle-access", method = RequestMethod.POST)
public Boolean toggleCategoryAccess(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@PathVariable("categoryId") String categoryId) {
log.debug("toggle category access (isPublic)");
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId);
Category category = categoryDAO.findById(categoryId);
if (category == null) {
// EXCEPTION - Category not found
throw new EntityNotFoundException("Toggle category access: Category with id: "+categoryId+" not found");
}
category.setIsPublic(!category.getIsPublic());
this.toggleCategory(stakeholderId, topicId, category);
return category.getIsPublic();
} }
public void toggleCategory(String stakeholderId, String topicId, Category category) { public void toggleCategory(String stakeholderId, String topicId, Category category) {
@ -385,6 +445,12 @@ public class CategoryController {
if (stakeholder != null) { if (stakeholder != null) {
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Toggle category: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Topic<String> topic = topicDAO.findById(topicId); Topic<String> topic = topicDAO.findById(topicId);
if (topic != null) { if (topic != null) {
if (stakeholder.getTopics().contains(topicId)) { if (stakeholder.getTopics().contains(topicId)) {
@ -419,6 +485,12 @@ public class CategoryController {
throw new EntityNotFoundException("checkForExceptions category: Stakeholder with id: " + stakeholderId + " not found"); throw new EntityNotFoundException("checkForExceptions category: Stakeholder with id: " + stakeholderId + " not found");
} }
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("checkForExceptions category: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Topic<String> topic = topicDAO.findById(topicId); Topic<String> topic = topicDAO.findById(topicId);
if(topic == null) { if(topic == null) {
// EXCEPTION - Topic not found // EXCEPTION - Topic not found

223
src/main/java/eu/dnetlib/uoamonitorservice/controllers/IndicatorController.java
View File

@ -5,8 +5,11 @@ import eu.dnetlib.uoamonitorservice.dao.*;
import eu.dnetlib.uoamonitorservice.entities.*; import eu.dnetlib.uoamonitorservice.entities.*;
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException;
import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException; import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException;
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
@ -18,6 +21,9 @@ import java.util.*;
public class IndicatorController { public class IndicatorController {
private final Logger log = Logger.getLogger(this.getClass()); private final Logger log = Logger.getLogger(this.getClass());
@Autowired
private RolesUtils rolesUtils;
@Autowired @Autowired
private StakeholderDAO stakeholderDAO; private StakeholderDAO stakeholderDAO;
@ -37,6 +43,7 @@ public class IndicatorController {
private IndicatorDAO indicatorDAO; private IndicatorDAO indicatorDAO;
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/save", method = RequestMethod.POST) @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/save", method = RequestMethod.POST)
public Indicator saveIndicator(@PathVariable("stakeholderId") String stakeholderId, public Indicator saveIndicator(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId, @PathVariable("topicId") String topicId,
@ -49,23 +56,31 @@ public class IndicatorController {
Section<String> section = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId, sectionId, indicator.getType()); Section<String> section = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId, sectionId, indicator.getType());
Date date = new Date();
indicator.setUpdateDate(date);
Indicator oldIndicator = null; Indicator oldIndicator = null;
if(indicator.getId() != null) { if(indicator.getId() != null) {
oldIndicator = indicatorDAO.findById(indicator.getId()); oldIndicator = indicatorDAO.findById(indicator.getId());
} else { // indicator does not exist in DB
indicator.setCreationDate(date);
} }
String indicatorId = indicator.getId(); String indicatorId = indicator.getId();
indicatorDAO.save(indicator);
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId); Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId);
// this indicator belongs in default profile and it is new or it is updated // this indicator belongs in default profile and it is new or it is updated
if(stakeholder.getDefaultId() == null) { if(stakeholder.getDefaultId() == null) {
if(indicatorId == null) { if(indicatorId == null) {
indicatorDAO.save(indicator);
onSaveDefaultIndicator(indicator, sectionId); onSaveDefaultIndicator(indicator, sectionId);
} }
else { else {
onUpdateDefaultIndicator(indicator, stakeholder, oldIndicator); onUpdateDefaultIndicator(indicator, stakeholder, oldIndicator);
indicatorDAO.save(indicator);
} }
} else {
indicatorDAO.save(indicator);
} }
List<String> indicators = section.getIndicators(); List<String> indicators = section.getIndicators();
@ -86,7 +101,7 @@ public class IndicatorController {
// new indicator in default profile - add it on profiles of the same type // new indicator in default profile - add it on profiles of the same type
List<Section> sections = sectionDAO.findByDefaultId(defaultSectionId); List<Section> sections = sectionDAO.findByDefaultId(defaultSectionId);
for (Section section : sections) { for (Section section : sections) {
Indicator indicatorNew = new Indicator(); Indicator indicatorNew = new Indicator();
indicatorNew.copyFromDefault(indicator); indicatorNew.copyFromDefault(indicator);
for (IndicatorPath indicatorPath : indicatorNew.getIndicatorPaths()) { for (IndicatorPath indicatorPath : indicatorNew.getIndicatorPaths()) {
@ -108,10 +123,12 @@ public class IndicatorController {
// indicator already exists - check if changed and update all indicators based on it // indicator already exists - check if changed and update all indicators based on it
boolean changed = false; boolean changed;
List<Indicator> indicators = indicatorDAO.findByDefaultId(indicator.getId()); List<Indicator> indicators = indicatorDAO.findByDefaultId(indicator.getId());
for(Indicator indicatorBasedOnDefault : indicators) { for(Indicator indicatorBasedOnDefault : indicators) {
changed = false;
if(indicator.getName() != null && !indicator.getName().equals(indicatorBasedOnDefault.getName()) if(indicator.getName() != null && !indicator.getName().equals(indicatorBasedOnDefault.getName())
&& (oldIndicator.getName() == null || oldIndicator.getName().equals(indicatorBasedOnDefault.getName()))) { && (oldIndicator.getName() == null || oldIndicator.getName().equals(indicatorBasedOnDefault.getName()))) {
@ -119,18 +136,30 @@ public class IndicatorController {
changed = true; changed = true;
} }
if(indicator.getDescription() != null && !indicator.getDescription().equals(indicatorBasedOnDefault.getDescription()) if(indicator.getDescription() != null && !indicator.getDescription().equals(indicatorBasedOnDefault.getDescription())) {
&& (oldIndicator.getDescription() == null || oldIndicator.getDescription().equals(indicatorBasedOnDefault.getDescription()))) {
indicatorBasedOnDefault.setDescription(indicator.getDescription()); indicatorBasedOnDefault.setDescription(indicator.getDescription());
changed = true; changed = true;
} }
if(indicator.getAdditionalDescription() != null && !indicator.getAdditionalDescription().equals(indicatorBasedOnDefault.getAdditionalDescription())
&& (oldIndicator.getAdditionalDescription() == null || oldIndicator.getAdditionalDescription().equals(indicatorBasedOnDefault.getAdditionalDescription()))) {
indicatorBasedOnDefault.setAdditionalDescription(indicator.getAdditionalDescription());
changed = true;
}
int i = 0; int i = 0;
List<IndicatorPath> indicatorPaths = indicatorBasedOnDefault.getIndicatorPaths(); List<IndicatorPath> indicatorPaths = indicatorBasedOnDefault.getIndicatorPaths();
if(indicatorPaths == null && indicator.getIndicatorPaths() != null) {
indicatorPaths = new ArrayList<>();
}
for (IndicatorPath indicatorPath : indicator.getIndicatorPaths()) { for (IndicatorPath indicatorPath : indicator.getIndicatorPaths()) {
IndicatorPath indicatorPathBasedOnDefault = indicatorBasedOnDefault.getIndicatorPaths().get(i); IndicatorPath indicatorPathBasedOnDefault = null;
if(i < indicatorPaths.size()) {
indicatorPathBasedOnDefault = indicatorPaths.get(i);
}
if(indicatorPathBasedOnDefault == null) { if(indicatorPathBasedOnDefault == null) {
// Add new indicator path in existing indicators // Add new indicator path in existing indicators
@ -142,7 +171,7 @@ public class IndicatorController {
IndicatorPath oldIndicatorPath = oldIndicator.getIndicatorPaths().get(i); IndicatorPath oldIndicatorPath = oldIndicator.getIndicatorPaths().get(i);
// Check if there are changes in indicator path and update existing indicators if needed // Check if there are changes in indicator path and update existing indicators if needed
log.debug("update indicator path: "+i); log.debug("update indicator path: "+i + " (indicator id: "+indicatorBasedOnDefault.getId()+")");
if(indicatorPath.getType() != null if(indicatorPath.getType() != null
&& !indicatorPath.getType().equals(indicatorPathBasedOnDefault.getType()) && !indicatorPath.getType().equals(indicatorPathBasedOnDefault.getType())
@ -189,7 +218,7 @@ public class IndicatorController {
for (Map.Entry<String, String> parameter : indicatorPath.getParameters().entrySet()) { for (Map.Entry<String, String> parameter : indicatorPath.getParameters().entrySet()) {
log.debug("\nindicatorPath: parameter.getKey(): "+parameter.getKey()+" - value: "+parameter.getValue() log.debug("\nindicatorPath: parameter.getKey(): "+parameter.getKey()+" - value: "+parameter.getValue()
+"\nindicatorPathBasedOnDefault:parameters:key: "+ indicatorPathBasedOnDefault.getParameters().get(parameter.getKey()) +"\nindicatorPathBasedOnDefault:parameters:key: "+ indicatorPathBasedOnDefault.getParameters().get(parameter.getKey())
+"\noldIndicatorPath:parameters:key: "+ oldIndicatorPath.getParameters().get(parameter.getKey())); +"\noldIndicatorPath:parameters:key: "+ (oldIndicatorPath.getParameters() == null ? "null" : oldIndicatorPath.getParameters().get(parameter.getKey())));
if (!indicatorPathBasedOnDefault.getParameters().containsKey(parameter.getKey()) if (!indicatorPathBasedOnDefault.getParameters().containsKey(parameter.getKey())
|| (oldIndicatorPath.getParameters() == null || (oldIndicatorPath.getParameters() == null
|| (oldIndicatorPath.getParameters().get(parameter.getKey()).equals(indicatorPathBasedOnDefault.getParameters().get(parameter.getKey())) || (oldIndicatorPath.getParameters().get(parameter.getKey()).equals(indicatorPathBasedOnDefault.getParameters().get(parameter.getKey()))
@ -203,43 +232,82 @@ public class IndicatorController {
// changed = true; // changed = true;
// } // }
} }
parameterMapping(indicatorPathBasedOnDefault, stakeholder); // TODO when deleting indicator path parameters... ???
parameterMapping(indicatorPathBasedOnDefault, stakeholder);
//} //}
log.debug("After parameters check: " + changed);
} }
log.debug("After parameters check: " + changed);
if(indicatorPath.getJsonPath() != null) { if(indicatorPath.getJsonPath() != null) {
int j = 0; boolean jsonPathChanged = false;
for (String jsonString : indicatorPath.getJsonPath()) { boolean breaked = false;
log.debug("indicatorPath.getJsonPath(): " + jsonString);
String jsonStringBasedOnDefault = null; int oldJsonPathSize = 0;
if(indicatorPathBasedOnDefault.getJsonPath() != null ) { if(oldIndicatorPath.getJsonPath() != null) {
jsonStringBasedOnDefault = indicatorPathBasedOnDefault.getJsonPath().get(j); oldJsonPathSize = oldIndicatorPath.getJsonPath().size();
} else { }
int basedOnDefaultJsonPathSize = 0;
if(indicatorPathBasedOnDefault.getJsonPath() != null) {
basedOnDefaultJsonPathSize = indicatorPathBasedOnDefault.getJsonPath().size();
}
log.debug("old: "+oldJsonPathSize+" - based on default: "+basedOnDefaultJsonPathSize+" - new: "+indicatorPath.getJsonPath().size());
if(oldJsonPathSize == basedOnDefaultJsonPathSize) {
if(indicatorPathBasedOnDefault.getJsonPath() == null && indicatorPath.getJsonPath().size() > 0) {
indicatorPathBasedOnDefault.setJsonPath(new ArrayList<>()); indicatorPathBasedOnDefault.setJsonPath(new ArrayList<>());
} }
log.debug("indicatorPathBasedOnDefault.getJsonPath().get(" + j + "): " + jsonStringBasedOnDefault);
if (!jsonString.equals(jsonStringBasedOnDefault) int basedOnDefaultIndex = 0;
&& (oldIndicatorPath.getJsonPath() == null int oldIndex = 0;
|| oldIndicatorPath.getJsonPath().get(i).equals(jsonStringBasedOnDefault))
) { Iterator<String> jsonStringBasedOnDefaultIterator = indicatorPathBasedOnDefault.getJsonPath().iterator();
indicatorPathBasedOnDefault.getJsonPath().set(j, jsonString); while (jsonStringBasedOnDefaultIterator.hasNext()) {
String jsonStringBasedOnDefault = jsonStringBasedOnDefaultIterator.next();
if(oldIndicatorPath.getJsonPath().get(oldIndex).equals(jsonStringBasedOnDefault)) {
if(basedOnDefaultIndex >= indicatorPath.getJsonPath().size()) { // string deleted
jsonStringBasedOnDefaultIterator.remove();
jsonPathChanged = true;
} else { // check if string changed
if(!indicatorPath.getJsonPath().get(basedOnDefaultIndex).equals(jsonStringBasedOnDefault)) {
indicatorPathBasedOnDefault.getJsonPath().set(basedOnDefaultIndex, indicatorPath.getJsonPath().get(basedOnDefaultIndex));
jsonPathChanged = true;
}
basedOnDefaultIndex++;
}
oldIndex++;
} else {
breaked = true;
jsonPathChanged = false;
log.debug("not the same: "+oldIndex);
break;
}
}
int index=0;
if(!breaked && indicatorPath.getJsonPath().size() > indicatorPathBasedOnDefault.getJsonPath().size()) { // strings added
jsonPathChanged = true;
for(index=indicatorPathBasedOnDefault.getJsonPath().size(); index < indicatorPath.getJsonPath().size(); index++) {
indicatorPathBasedOnDefault.getJsonPath().add(indicatorPath.getJsonPath().get(index));
}
}
if(jsonPathChanged) {
changed = true; changed = true;
} }
j++;
} }
log.debug("After jsonPath check: " + changed); // TODO when deleting indicator path json path strings...
} }
log.debug("After jsonPath check: " + changed);
} }
i++; i++;
} }
// TODO when deleting indicator paths...
if(!changed) { if(!changed) {
// break; // break;
continue; continue;
} }
indicatorBasedOnDefault.setUpdateDate(indicator.getUpdateDate());
indicatorDAO.save(indicatorBasedOnDefault); indicatorDAO.save(indicatorBasedOnDefault);
} }
} }
@ -299,6 +367,7 @@ public class IndicatorController {
return indicatorPathField; return indicatorPathField;
} }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{indicatorId}/delete", method = RequestMethod.DELETE) @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{indicatorId}/delete", method = RequestMethod.DELETE)
public boolean deleteIndicator(@PathVariable("stakeholderId") String stakeholderId, public boolean deleteIndicator(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId, @PathVariable("topicId") String topicId,
@ -314,6 +383,13 @@ public class IndicatorController {
if(indicator != null) { if(indicator != null) {
Section<String> section = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId, sectionId, indicator.getType()); Section<String> section = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId, sectionId, indicator.getType());
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId);
List<String> roles = rolesUtils.getRoles();
if(indicator.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Delete indicator: You are not authorized to delete a default Indicator in stakeholder with id: "+stakeholderId);
}
List<String> indicators = section.getIndicators(); List<String> indicators = section.getIndicators();
int index = indicators.indexOf(indicatorId); int index = indicators.indexOf(indicatorId);
@ -484,6 +560,7 @@ public class IndicatorController {
// return true; // return true;
// } // }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{type}/reorder", method = RequestMethod.POST) @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{type}/reorder", method = RequestMethod.POST)
public List<Indicator> reorderIndicators(@PathVariable("stakeholderId") String stakeholderId, public List<Indicator> reorderIndicators(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId, @PathVariable("topicId") String topicId,
@ -509,48 +586,72 @@ public class IndicatorController {
return indicatorsFull; return indicatorsFull;
} }
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{indicatorId}/toggle-status", method = RequestMethod.POST) // @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{indicatorId}/toggle-status", method = RequestMethod.POST)
public Boolean toggleIndicatorStatus(@PathVariable("stakeholderId") String stakeholderId, // public Boolean toggleIndicatorStatus(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId, // @PathVariable("topicId") String topicId,
@PathVariable("categoryId") String categoryId, // @PathVariable("categoryId") String categoryId,
@PathVariable("subcategoryId") String subcategoryId, // @PathVariable("subcategoryId") String subcategoryId,
@PathVariable("sectionId") String sectionId, // @PathVariable("sectionId") String sectionId,
@PathVariable("indicatorId") String indicatorId) { // @PathVariable("indicatorId") String indicatorId) {
log.debug("toggle indicator status (isActive)"); // log.debug("toggle indicator status (isActive)");
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId+ " - SubCategory: "+subcategoryId + " - Section: "+sectionId+ " - Indicator: "+indicatorId);
//
// Indicator indicator = indicatorDAO.findById(indicatorId);
// if (indicator == null) {
// // EXCEPTION - Indicator not found
// throw new EntityNotFoundException("Toggle indicator status: Indicator with id: "+indicatorId+" not found");
// }
// indicator.setIsActive(!indicator.getIsActive());
//
// this.toggleIndicator(stakeholderId, topicId, categoryId, subcategoryId, sectionId, indicator);
//
// return indicator.getIsActive();
// }
//
// @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{indicatorId}/toggle-access", method = RequestMethod.POST)
// public Boolean toggleIndicatorAccess(@PathVariable("stakeholderId") String stakeholderId,
// @PathVariable("topicId") String topicId,
// @PathVariable("categoryId") String categoryId,
// @PathVariable("subcategoryId") String subcategoryId,
// @PathVariable("sectionId") String sectionId,
// @PathVariable("indicatorId") String indicatorId) {
// log.debug("toggle indicator access (isPublic)");
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId+ " - SubCategory: "+subcategoryId + " - Section: "+sectionId+ " - Indicator: "+indicatorId);
//
// Indicator indicator = indicatorDAO.findById(indicatorId);
// if (indicator == null) {
// // EXCEPTION - Indicator not found
// throw new EntityNotFoundException("Toggle indicator access: Indicator with id: "+indicatorId+" not found");
// }
// indicator.setIsPublic(!indicator.getIsPublic());
//
// this.toggleIndicator(stakeholderId, topicId, categoryId, subcategoryId, sectionId, indicator);
//
// return indicator.getIsPublic();
// }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{indicatorId}/change-visibility", method = RequestMethod.POST)
public Visibility changeTopicVisibility(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@PathVariable("categoryId") String categoryId,
@PathVariable("subcategoryId") String subcategoryId,
@PathVariable("sectionId") String sectionId,
@PathVariable("indicatorId") String indicatorId,
@RequestParam("visibility") Visibility visibility) {
log.debug("change indicator visibility: "+visibility);
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId+ " - SubCategory: "+subcategoryId + " - Section: "+sectionId+ " - Indicator: "+indicatorId); log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId+ " - SubCategory: "+subcategoryId + " - Section: "+sectionId+ " - Indicator: "+indicatorId);
Indicator indicator = indicatorDAO.findById(indicatorId); Indicator indicator = indicatorDAO.findById(indicatorId);
if (indicator == null) { if (indicator == null) {
// EXCEPTION - Indicator not found // EXCEPTION - Indicator not found
throw new EntityNotFoundException("Toggle indicator status: Indicator with id: "+indicatorId+" not found"); throw new EntityNotFoundException("Change indicator visibility: Indicator with id: "+indicatorId+" not found");
} }
indicator.setIsActive(!indicator.getIsActive()); indicator.setVisibility(visibility);
this.toggleIndicator(stakeholderId, topicId, categoryId, subcategoryId, sectionId, indicator); this.toggleIndicator(stakeholderId, topicId, categoryId, subcategoryId, sectionId, indicator);
return indicator.getIsActive(); return indicator.getVisibility();
}
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{indicatorId}/toggle-access", method = RequestMethod.POST)
public Boolean toggleIndicatorAccess(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@PathVariable("categoryId") String categoryId,
@PathVariable("subcategoryId") String subcategoryId,
@PathVariable("sectionId") String sectionId,
@PathVariable("indicatorId") String indicatorId) {
log.debug("toggle indicator access (isPublic)");
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId+ " - SubCategory: "+subcategoryId + " - Section: "+sectionId+ " - Indicator: "+indicatorId);
Indicator indicator = indicatorDAO.findById(indicatorId);
if (indicator == null) {
// EXCEPTION - Indicator not found
throw new EntityNotFoundException("Toggle indicator access: Indicator with id: "+indicatorId+" not found");
}
indicator.setIsPublic(!indicator.getIsPublic());
this.toggleIndicator(stakeholderId, topicId, categoryId, subcategoryId, sectionId, indicator);
return indicator.getIsPublic();
} }
public void toggleIndicator(String stakeholderId, String topicId, String categoryId, String subcategoryId, String sectionId, Indicator indicator) { public void toggleIndicator(String stakeholderId, String topicId, String categoryId, String subcategoryId, String sectionId, Indicator indicator) {
@ -576,6 +677,12 @@ public class IndicatorController {
throw new EntityNotFoundException("Save indicator: Stakeholder with id: " + stakeholderId + " not found"); throw new EntityNotFoundException("Save indicator: Stakeholder with id: " + stakeholderId + " not found");
} }
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("CheckForExceptions Indicator: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Topic<String> topic = topicDAO.findById(topicId); Topic<String> topic = topicDAO.findById(topicId);
if(topic == null) { if(topic == null) {
// EXCEPTION - Topic not found // EXCEPTION - Topic not found

48
src/main/java/eu/dnetlib/uoamonitorservice/controllers/SectionController.java
View File

@ -4,11 +4,15 @@ import eu.dnetlib.uoamonitorservice.dao.*;
import eu.dnetlib.uoamonitorservice.entities.*; import eu.dnetlib.uoamonitorservice.entities.*;
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException;
import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException; import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException;
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator; import java.util.Iterator;
import java.util.List; import java.util.List;
@ -17,6 +21,9 @@ import java.util.List;
public class SectionController { public class SectionController {
private final Logger log = Logger.getLogger(this.getClass()); private final Logger log = Logger.getLogger(this.getClass());
@Autowired
private RolesUtils rolesUtils;
@Autowired @Autowired
private StakeholderDAO stakeholderDAO; private StakeholderDAO stakeholderDAO;
@ -52,12 +59,20 @@ public class SectionController {
sectionFull.setIndicators(indicatorsFull); sectionFull.setIndicators(indicatorsFull);
section.setIndicators(indicators); section.setIndicators(indicators);
Date date = new Date();
section.setCreationDate(date);
section.setUpdateDate(date);
sectionFull.setCreationDate(date);
sectionFull.setUpdateDate(date);
sectionDAO.save(section); sectionDAO.save(section);
sectionFull.setId(section.getId()); sectionFull.setId(section.getId());
return sectionFull; return sectionFull;
} }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/save/{index}", method = RequestMethod.POST) @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/save/{index}", method = RequestMethod.POST)
public Section saveSection(@PathVariable("stakeholderId") String stakeholderId, public Section saveSection(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId, @PathVariable("topicId") String topicId,
@ -70,30 +85,40 @@ public class SectionController {
SubCategory<String> subCategory = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId); SubCategory<String> subCategory = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId);
Section<String> section = new Section<>(sectionFull);
Date date = new Date();
section.setUpdateDate(date);
sectionFull.setUpdateDate(date);
Section<String> oldSection = null; Section<String> oldSection = null;
if(sectionFull.getId() != null) { if(sectionFull.getId() != null) {
oldSection = sectionDAO.findById(sectionFull.getId()); oldSection = sectionDAO.findById(sectionFull.getId());
} else { // section does not exist in DB
section.setCreationDate(date);
sectionFull.setCreationDate(date);
} }
Section<String> section = new Section<>(sectionFull);
String sectionId = sectionFull.getId(); String sectionId = sectionFull.getId();
List<String> indicators = new ArrayList<>(); List<String> indicators = new ArrayList<>();
for(Indicator indicator : sectionFull.getIndicators()) { for(Indicator indicator : sectionFull.getIndicators()) {
indicators.add(indicator.getId()); indicators.add(indicator.getId());
} }
section.setIndicators(indicators); section.setIndicators(indicators);
sectionDAO.save(section);
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId); Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId);
// this section belongs in default profile and it is new or it is updated // this section belongs in default profile and it is new or it is updated
if(stakeholder.getDefaultId() == null) { if(stakeholder.getDefaultId() == null) {
if(sectionId == null) { if(sectionId == null) {
sectionDAO.save(section);
onSaveDefaultSection(section, topicId, categoryId, subcategoryId, stakeholder); onSaveDefaultSection(section, topicId, categoryId, subcategoryId, stakeholder);
} }
else { else {
onUpdateDefaultSection(section, stakeholder, oldSection); onUpdateDefaultSection(section, stakeholder, oldSection);
sectionDAO.save(section);
} }
} else {
sectionDAO.save(section);
} }
List<String> sections = null; List<String> sections = null;
@ -174,10 +199,12 @@ public class SectionController {
} }
// sectionBasedOnDefault.setTitle(section.getTitle()); // sectionBasedOnDefault.setTitle(section.getTitle());
sectionBasedOnDefault.setUpdateDate(section.getUpdateDate());
sectionDAO.save(sectionBasedOnDefault); sectionDAO.save(sectionBasedOnDefault);
} }
} }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/delete", method = RequestMethod.DELETE) @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/delete", method = RequestMethod.DELETE)
public boolean deleteSection(@PathVariable("stakeholderId") String stakeholderId, public boolean deleteSection(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId, @PathVariable("topicId") String topicId,
@ -192,6 +219,13 @@ public class SectionController {
if(section != null) { if(section != null) {
SubCategory<String> subCategory = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId); SubCategory<String> subCategory = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId);
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId);
List<String> roles = rolesUtils.getRoles();
if(section.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Delete section: You are not authorized to delete a default Section in stakeholder with id: "+stakeholderId);
}
String type = ""; String type = "";
List<String> sections = null; List<String> sections = null;
if (section.getType().equals("chart")) { if (section.getType().equals("chart")) {
@ -273,6 +307,7 @@ public class SectionController {
return true; return true;
} }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{type}/reorder", method = RequestMethod.POST) @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{type}/reorder", method = RequestMethod.POST)
public List<Section> reorderSections(@PathVariable("stakeholderId") String stakeholderId, public List<Section> reorderSections(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId, @PathVariable("topicId") String topicId,
@ -343,6 +378,7 @@ public class SectionController {
// return section.getIsPublic(); // return section.getIsPublic();
// } // }
public void toggleSection(String stakeholderId, String topicId, String categoryId, String subcategoryId, Section section) { public void toggleSection(String stakeholderId, String topicId, String categoryId, String subcategoryId, Section section) {
SubCategory<String> subCategory = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId); SubCategory<String> subCategory = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId);
@ -372,6 +408,12 @@ public class SectionController {
throw new EntityNotFoundException("Save indicator: Stakeholder with id: " + stakeholderId + " not found"); throw new EntityNotFoundException("Save indicator: Stakeholder with id: " + stakeholderId + " not found");
} }
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("CheckForExceptions Section: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Topic<String> topic = topicDAO.findById(topicId); Topic<String> topic = topicDAO.findById(topicId);
if(topic == null) { if(topic == null) {
// EXCEPTION - Topic not found // EXCEPTION - Topic not found

306
src/main/java/eu/dnetlib/uoamonitorservice/controllers/StakeholderController.java
View File

@ -1,17 +1,19 @@
package eu.dnetlib.uoamonitorservice.controllers; package eu.dnetlib.uoamonitorservice.controllers;
//import com.fasterxml.jackson.core.type.TypeReference;
//import com.fasterxml.jackson.databind.ObjectMapper;
import eu.dnetlib.uoamonitorservice.dao.*; import eu.dnetlib.uoamonitorservice.dao.*;
import eu.dnetlib.uoamonitorservice.entities.*; import eu.dnetlib.uoamonitorservice.entities.*;
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException;
import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException; import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Date; import java.util.Date;
import java.util.Iterator;
import java.util.List; import java.util.List;
@RestController @RestController
@ -19,6 +21,9 @@ import java.util.List;
public class StakeholderController { public class StakeholderController {
private final Logger log = Logger.getLogger(this.getClass()); private final Logger log = Logger.getLogger(this.getClass());
@Autowired
private RolesUtils rolesUtils;
@Autowired @Autowired
private StakeholderDAO stakeholderDAO; private StakeholderDAO stakeholderDAO;
@ -40,6 +45,10 @@ public class StakeholderController {
@Autowired @Autowired
private TopicController topicController; private TopicController topicController;
// @PreAuthorize("isAuthenticated()")
@PreAuthorize("hasAnyAuthority(" +
"@AuthorizationService.PORTAL_ADMIN, " +
"@AuthorizationService.curator(#stakeholderFull.getType()))")
@RequestMapping(value = "/build-stakeholder", method = RequestMethod.POST) @RequestMapping(value = "/build-stakeholder", method = RequestMethod.POST)
public Stakeholder<Topic<Category<SubCategory<Section<Indicator>>>>> buildFullStakeholder(@RequestBody Stakeholder<Topic<Category<SubCategory<Section<Indicator>>>>> stakeholderFull) { public Stakeholder<Topic<Category<SubCategory<Section<Indicator>>>>> buildFullStakeholder(@RequestBody Stakeholder<Topic<Category<SubCategory<Section<Indicator>>>>> stakeholderFull) {
log.debug("build stakeholder"); log.debug("build stakeholder");
@ -70,7 +79,28 @@ public class StakeholderController {
//return null; //return null;
} }
public Stakeholder setFullEntities(Stakeholder<String> stakeholder) { public Stakeholder setFullEntities(Stakeholder<String> stakeholder, List<String> roles) {
boolean addAll = false;
boolean addPublicAndRestricted = false;
// if(roles == null
// || roles.contains(authorizationService.PORTAL_ADMIN)
// || roles.contains(authorizationService.curator(stakeholder.getType()))
// || roles.contains(authorizationService.manager(stakeholder.getType(), stakeholder.getAlias()))) {
if(rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
//if(visibility == null || visibility == (Visibility.PRIVATE)) {
addAll = true;
//}
//if(visibility == null || visibility == (Visibility.PRIVATE) || visibility == (Visibility.RESTRICTED)) {
addPublicAndRestricted = true;
//}
// } else if(roles != null && roles.contains(authorizationService.member(stakeholder.getType(), stakeholder.getAlias()))) {
} else if(rolesUtils.isMember(roles, stakeholder.getType(), stakeholder.getAlias())) {
//if(visibility == null || visibility == (Visibility.PRIVATE) || visibility == (Visibility.RESTRICTED)) {
addPublicAndRestricted = true;
//}
}
Stakeholder<Topic> stakeholderFull = new Stakeholder<>(stakeholder); Stakeholder<Topic> stakeholderFull = new Stakeholder<>(stakeholder);
List<Topic> topics = new ArrayList<>(); List<Topic> topics = new ArrayList<>();
@ -81,6 +111,12 @@ public class StakeholderController {
// EXCEPTION - Topic not found // EXCEPTION - Topic not found
throw new EntityNotFoundException("Get stakeholder: Topic with id: "+topicId+" not found (topic exists in stakeholder: "+stakeholder.getId()+")"); throw new EntityNotFoundException("Get stakeholder: Topic with id: "+topicId+" not found (topic exists in stakeholder: "+stakeholder.getId()+")");
} }
if((!addAll && topic.getVisibility() == Visibility.PRIVATE)
|| (!addPublicAndRestricted && topic.getVisibility() == Visibility.RESTRICTED)) {
continue;
}
Topic<Category> topicFull = new Topic<Category>(topic); Topic<Category> topicFull = new Topic<Category>(topic);
List<Category> categories = new ArrayList<>(); List<Category> categories = new ArrayList<>();
@ -91,6 +127,12 @@ public class StakeholderController {
// EXCEPTION - Category not found // EXCEPTION - Category not found
throw new EntityNotFoundException("Get stakeholder: Category with id: "+categoryId+" not found (category exists in topic: "+topicId+")"); throw new EntityNotFoundException("Get stakeholder: Category with id: "+categoryId+" not found (category exists in topic: "+topicId+")");
} }
if((!addAll && category.getVisibility() == Visibility.PRIVATE)
|| (!addPublicAndRestricted && category.getVisibility() == Visibility.RESTRICTED)) {
continue;
}
Category<SubCategory> categoryFull = new Category<SubCategory>(category); Category<SubCategory> categoryFull = new Category<SubCategory>(category);
List<SubCategory> subCategories = new ArrayList<>(); List<SubCategory> subCategories = new ArrayList<>();
@ -101,19 +143,25 @@ public class StakeholderController {
// EXCEPTION - SubCategory not found // EXCEPTION - SubCategory not found
throw new EntityNotFoundException("Get stakeholder: SubCategory with id: "+subCategoryId+" not found (subCategory exists in category: "+categoryId+")"); throw new EntityNotFoundException("Get stakeholder: SubCategory with id: "+subCategoryId+" not found (subCategory exists in category: "+categoryId+")");
} }
if((!addAll && subCategory.getVisibility() == Visibility.PRIVATE)
|| (!addPublicAndRestricted && subCategory.getVisibility() == Visibility.RESTRICTED)) {
continue;
}
SubCategory subCategoryFull = new SubCategory<Section<Indicator>>(subCategory); SubCategory subCategoryFull = new SubCategory<Section<Indicator>>(subCategory);
List<Section> sectionsCharts = new ArrayList<>(); List<Section> sectionsCharts = new ArrayList<>();
for(String sectionId : subCategory.getCharts()) { for(String sectionId : subCategory.getCharts()) {
sectionsCharts.add(getSectionFull(sectionId, subCategoryId)); sectionsCharts.add(getSectionFull(sectionId, subCategoryId, addAll, addPublicAndRestricted));
} }
subCategoryFull.setCharts(sectionsCharts); subCategoryFull.setCharts(sectionsCharts);
List<Section> sectionsNumbers = new ArrayList<>(); List<Section> sectionsNumbers = new ArrayList<>();
for(String sectionId : subCategory.getNumbers()) { for(String sectionId : subCategory.getNumbers()) {
sectionsNumbers.add(getSectionFull(sectionId, subCategoryId)); sectionsNumbers.add(getSectionFull(sectionId, subCategoryId, addAll, addPublicAndRestricted));
} }
subCategoryFull.setNumbers(sectionsNumbers); subCategoryFull.setNumbers(sectionsNumbers);
@ -154,12 +202,13 @@ public class StakeholderController {
return stakeholderFull; return stakeholderFull;
} }
private Section getSectionFull(String sectionId, String subCategoryId) { private Section getSectionFull(String sectionId, String subCategoryId, boolean addAll, boolean addPublicAndRestricted) {
Section<String> section = sectionDAO.findById(sectionId); Section<String> section = sectionDAO.findById(sectionId);
if (section == null) { if (section == null) {
// EXCEPTION - Section not found // EXCEPTION - Section not found
throw new EntityNotFoundException("Get stakeholder: Section with id: " + sectionId + " not found (section exists in subCategory: " + subCategoryId + ")"); throw new EntityNotFoundException("Get stakeholder: Section with id: " + sectionId + " not found (section exists in subCategory: " + subCategoryId + ")");
} }
Section sectionFull = new Section<Indicator>(section); Section sectionFull = new Section<Indicator>(section);
List<Indicator> indicators = new ArrayList<>(); List<Indicator> indicators = new ArrayList<>();
@ -169,6 +218,12 @@ public class StakeholderController {
// EXCEPTION - Indicator not found // EXCEPTION - Indicator not found
throw new EntityNotFoundException("Get stakeholder: Indicator with id: " + indicatorId + " not found (indicator exists in section: " + sectionId + ")"); throw new EntityNotFoundException("Get stakeholder: Indicator with id: " + indicatorId + " not found (indicator exists in section: " + sectionId + ")");
} }
if((!addAll && indicator.getVisibility() == Visibility.PRIVATE)
|| (!addPublicAndRestricted && indicator.getVisibility() == Visibility.RESTRICTED)) {
continue;
}
indicators.add(indicator); indicators.add(indicator);
} }
sectionFull.setIndicators(indicators); sectionFull.setIndicators(indicators);
@ -176,6 +231,8 @@ public class StakeholderController {
return sectionFull; return sectionFull;
} }
@PreAuthorize("hasAnyAuthority(" +
"@AuthorizationService.PORTAL_ADMIN)")
@RequestMapping(value = "/stakeholder/all", method = RequestMethod.GET) @RequestMapping(value = "/stakeholder/all", method = RequestMethod.GET)
public List<Stakeholder> getAllStakeholders(@RequestParam(required = false) String type) { public List<Stakeholder> getAllStakeholders(@RequestParam(required = false) String type) {
log.debug("get all stakeholders" + (type != null ? " with type: "+type : "")); log.debug("get all stakeholders" + (type != null ? " with type: "+type : ""));
@ -189,12 +246,14 @@ public class StakeholderController {
List<Stakeholder> stakeholdersFull = new ArrayList<>(); List<Stakeholder> stakeholdersFull = new ArrayList<>();
for(Stakeholder stakeholder : stakeholders) { for(Stakeholder stakeholder : stakeholders) {
stakeholdersFull.add(this.setFullEntities(stakeholder)); List<String> roles = rolesUtils.getRoles();
stakeholdersFull.add(this.setFullEntities(stakeholder, roles));
} }
return stakeholdersFull; return stakeholdersFull;
} }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/stakeholder/default", method = RequestMethod.GET) @RequestMapping(value = "/stakeholder/default", method = RequestMethod.GET)
public List<Stakeholder> getAllDefaultStakeholders(@RequestParam(required = false) String type) { public List<Stakeholder> getAllDefaultStakeholders(@RequestParam(required = false) String type) {
log.debug("get all default stakeholders" + (type != null ? " with type: "+type : "")); log.debug("get all default stakeholders" + (type != null ? " with type: "+type : ""));
@ -207,9 +266,34 @@ public class StakeholderController {
} }
List<Stakeholder> stakeholdersFull = new ArrayList<>(); List<Stakeholder> stakeholdersFull = new ArrayList<>();
for(Stakeholder stakeholder : stakeholders) {
stakeholdersFull.add(this.setFullEntities(stakeholder)); // Remove stakeholders for which i do not have authority
if(stakeholders != null && stakeholders.size() > 0) {
List<String> roles = rolesUtils.getRoles();
// log.debug("ROLES: ");
// roles.forEach(role -> log.debug(role));
//
// if (roles.contains(authorizationService.PORTAL_ADMIN)) {
if (rolesUtils.isPortalAdmin(roles)) {
for(Stakeholder stakeholder : stakeholders) {
stakeholdersFull.add(this.setFullEntities(stakeholder, roles));
}
return stakeholdersFull;
}
Iterator<Stakeholder> stakeholderIterator = stakeholders.iterator();
while(stakeholderIterator.hasNext()) {
Stakeholder stakeholder = stakeholderIterator.next();
// if(roles.contains(authorizationService.curator(stakeholder.getType()))) {
if(rolesUtils.isCurator(roles, stakeholder.getType())) {
stakeholdersFull.add(this.setFullEntities(stakeholder, roles));
continue;
}
stakeholderIterator.remove();
}
} }
return stakeholdersFull; return stakeholdersFull;
} }
@ -224,11 +308,90 @@ public class StakeholderController {
stakeholders = stakeholderDAO.findByDefaultIdNotAndType(null, type); stakeholders = stakeholderDAO.findByDefaultIdNotAndType(null, type);
} }
List<Stakeholder> stakeholdersFull = new ArrayList<>(); //List<Stakeholder> stakeholdersFull = new ArrayList<>();
for(Stakeholder stakeholder : stakeholders) {
stakeholdersFull.add(this.setFullEntities(stakeholder)); if(stakeholders != null && stakeholders.size() > 0) {
// List<String> roles = authorizationService.getRoles();
List<String> roles = rolesUtils.getRoles();
// if (roles.contains(authorizationService.PORTAL_ADMIN)) {
if (rolesUtils.isPortalAdmin(roles)) {
// for(Stakeholder stakeholder : stakeholders) {
// stakeholdersFull.add(this.setFullEntities(stakeholder));
// }
// return stakeholdersFull;
return stakeholders;
}
Iterator<Stakeholder> stakeholderIterator = stakeholders.iterator();
while(stakeholderIterator.hasNext()) {
Stakeholder stakeholder = stakeholderIterator.next();
// if(roles.contains(authorizationService.curator(stakeholder.getType()))
// || roles.contains(authorizationService.manager(stakeholder.getType(), stakeholder.getAlias()))
// || stakeholder.getVisibility() == Visibility.PUBLIC
// || (stakeholder.getVisibility() == Visibility.RESTRICTED && roles.contains(authorizationService.member(stakeholder.getType(), stakeholder.getAlias())))) {
if(rolesUtils.isCurator(roles, stakeholder.getType())
|| rolesUtils.isManager(roles, stakeholder.getType(), stakeholder.getAlias())
|| stakeholder.getVisibility() == Visibility.PUBLIC
|| (stakeholder.getVisibility() == Visibility.RESTRICTED && rolesUtils.isMember(roles, stakeholder.getType(), stakeholder.getAlias()))) {
//stakeholdersFull.add(this.setFullEntities(stakeholder));
continue;
}
stakeholderIterator.remove();
}
} }
log.debug(new Date());
// log.debug(new Date());
// return stakeholdersFull;
return stakeholders;
}
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/my-stakeholder", method = RequestMethod.GET)
public List<Stakeholder> getMyRealStakeholders(@RequestParam(required = false) String type) {
log.debug("get my NOT default stakeholders" + (type != null ? " with type: "+type : ""));
List<Stakeholder> stakeholders;
if(type == null) {
stakeholders = stakeholderDAO.findByDefaultIdNot(null);
} else {
stakeholders = stakeholderDAO.findByDefaultIdNotAndType(null, type);
}
List<Stakeholder> stakeholdersFull = new ArrayList<>();
if(stakeholders != null && stakeholders.size() > 0) {
// List<String> roles = authorizationService.getRoles();
List<String> roles = rolesUtils.getRoles();
// log.debug("ROLES: ");
// roles.forEach(role -> log.debug(role));
// if (roles.contains(authorizationService.PORTAL_ADMIN)) {
if (rolesUtils.isPortalAdmin(roles)) {
for(Stakeholder stakeholder : stakeholders) {
stakeholdersFull.add(this.setFullEntities(stakeholder, roles));
}
return stakeholdersFull;
}
Iterator<Stakeholder> stakeholderIterator = stakeholders.iterator();
while(stakeholderIterator.hasNext()) {
Stakeholder stakeholder = stakeholderIterator.next();
// if(roles.contains(authorizationService.curator(stakeholder.getType()))
// || roles.contains(authorizationService.manager(stakeholder.getType(), stakeholder.getAlias()))) {
if(rolesUtils.isCurator(roles, stakeholder.getType())
|| rolesUtils.isManager(roles, stakeholder.getType(), stakeholder.getAlias())) {
stakeholdersFull.add(this.setFullEntities(stakeholder, roles));
continue;
}
stakeholderIterator.remove();
}
}
// log.debug(new Date());
return stakeholdersFull; return stakeholdersFull;
} }
@ -242,9 +405,30 @@ public class StakeholderController {
// EXCEPTION - Stakeholder not found // EXCEPTION - Stakeholder not found
throw new EntityNotFoundException("Get stakeholder: Stakeholder with alias: "+alias+" not found"); throw new EntityNotFoundException("Get stakeholder: Stakeholder with alias: "+alias+" not found");
} }
return this.setFullEntities(stakeholder);
// List<String> roles = authorizationService.getRoles();
List<String> roles = rolesUtils.getRoles();
if((stakeholder.getVisibility() == Visibility.PRIVATE && !rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())
|| (stakeholder.getVisibility() == Visibility.RESTRICTED && !rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias()) && !rolesUtils.isMember(roles, stakeholder.getType(), stakeholder.getAlias())))) {
// // EXCEPTION - Access denied
// throw new AccessDeniedException("Get stakeholder: You are not authorized to get stakeholder with alias: "+alias);
List<String> topicsEmpty = stakeholder.getTopics();
topicsEmpty.clear();
stakeholder.setTopics(topicsEmpty);
stakeholder.setVisibility(Visibility.PRIVATE);
return stakeholder;
}
return this.setFullEntities(stakeholder, roles);
} }
// @PreAuthorize("isAuthenticated()")
@PreAuthorize("hasAnyAuthority(" +
"@AuthorizationService.PORTAL_ADMIN, " +
"@AuthorizationService.curator(#stakeholderFull.getType()), " +
"@AuthorizationService.manager(#stakeholderFull.getType(), #stakeholderFull.getAlias()) " +
")")
@RequestMapping(value = "/save", method = RequestMethod.POST) @RequestMapping(value = "/save", method = RequestMethod.POST)
public Stakeholder<Topic> saveStakeholder(@RequestBody Stakeholder<Topic> stakeholderFull) { public Stakeholder<Topic> saveStakeholder(@RequestBody Stakeholder<Topic> stakeholderFull) {
log.debug("save stakeholder"); log.debug("save stakeholder");
@ -283,7 +467,7 @@ public class StakeholderController {
return stakeholderFull; return stakeholderFull;
} }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/delete", method = RequestMethod.DELETE) @RequestMapping(value = "/{stakeholderId}/delete", method = RequestMethod.DELETE)
public boolean deleteStakeholder(@PathVariable("stakeholderId") String stakeholderId) { public boolean deleteStakeholder(@PathVariable("stakeholderId") String stakeholderId) {
log.debug("delete stakeholder"); log.debug("delete stakeholder");
@ -292,6 +476,15 @@ public class StakeholderController {
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId); Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId);
if(stakeholder != null) { if(stakeholder != null) {
// List<String> roles = authorizationService.getRoles();
List<String> roles = rolesUtils.getRoles();
// if(!roles.contains(authorizationService.PORTAL_ADMIN)
// && !roles.contains(authorizationService.curator(stakeholder.getType()))) {
if(!rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Delete stakeholder: You are not authorized to delete stakeholder with id: "+stakeholderId);
}
// for(String topicId : stakeholder.getTopics()) { // for(String topicId : stakeholder.getTopics()) {
// Topic<String> topic = topicDAO.findById(topicId); // Topic<String> topic = topicDAO.findById(topicId);
@ -364,43 +557,74 @@ public class StakeholderController {
} }
@RequestMapping(value = "/{stakeholderId}/toggle-status", method = RequestMethod.POST) // @RequestMapping(value = "/{stakeholderId}/toggle-status", method = RequestMethod.POST)
public Boolean toggleStakeholderStatus(@PathVariable("stakeholderId") String stakeholderId) { // public Boolean toggleStakeholderStatus(@PathVariable("stakeholderId") String stakeholderId) {
log.debug("toggle stakeholder status (isActive)"); // log.debug("toggle stakeholder status (isActive)");
// log.debug("Stakeholder: "+stakeholderId);
//
// Stakeholder stakeholder = stakeholderDAO.findById(stakeholderId);
// if (stakeholder == null) {
// // EXCEPTION - Stakeholder not found
// throw new EntityNotFoundException("Toggle stakeholder status: Stakeholder with id: "+stakeholderId+" not found");
// }
// stakeholder.setIsActive(!stakeholder.getIsActive());
//
// stakeholderDAO.save(stakeholder);
// log.debug("Stakeholder toggled!");
//
// return stakeholder.getIsActive();
// }
//
// @RequestMapping(value = "/{stakeholderId}/toggle-access", method = RequestMethod.POST)
// public Boolean toggleStakeholderAccess(@PathVariable("stakeholderId") String stakeholderId) {
// log.debug("toggle stakeholder access (isPublic)");
// log.debug("Stakeholder: "+stakeholderId);
//
// Stakeholder stakeholder = stakeholderDAO.findById(stakeholderId);
// if (stakeholder == null) {
// // EXCEPTION - Stakeholder not found
// throw new EntityNotFoundException("Toggle stakeholder access: Stakeholder with id: "+stakeholderId+" not found");
// }
// stakeholder.setIsPublic(!stakeholder.getIsPublic());
//
// stakeholderDAO.save(stakeholder);
// log.debug("Stakeholder toggled!");
//
// return stakeholder.getIsPublic();
// }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/change-visibility", method = RequestMethod.POST)
public Visibility toggleStakeholderAccess(@PathVariable("stakeholderId") String stakeholderId,
@RequestParam("visibility") Visibility visibility) {
log.debug("change stakeholder visibility: "+visibility);
log.debug("Stakeholder: "+stakeholderId); log.debug("Stakeholder: "+stakeholderId);
Stakeholder stakeholder = stakeholderDAO.findById(stakeholderId); Stakeholder stakeholder = stakeholderDAO.findById(stakeholderId);
if (stakeholder == null) { if (stakeholder == null) {
// EXCEPTION - Stakeholder not found // EXCEPTION - Stakeholder not found
throw new EntityNotFoundException("Toggle stakeholder status: Stakeholder with id: "+stakeholderId+" not found"); throw new EntityNotFoundException("Change stakeholder visibility: Stakeholder with id: "+stakeholderId+" not found");
} }
stakeholder.setIsActive(!stakeholder.getIsActive());
// List<String> roles = authorizationService.getRoles();
List<String> roles = rolesUtils.getRoles();
// if(!roles.contains(authorizationService.PORTAL_ADMIN)
// && !roles.contains(authorizationService.curator(stakeholder.getType()))
// && !roles.contains(authorizationService.manager(stakeholder.getType(), stakeholder.getAlias()))) {
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Change stakeholder visibility: You are not authorized to update stakeholder with id: "+stakeholderId);
}
stakeholder.setVisibility(visibility);
stakeholderDAO.save(stakeholder); stakeholderDAO.save(stakeholder);
log.debug("Stakeholder toggled!"); log.debug("Stakeholder toggled!");
return stakeholder.getIsActive(); return stakeholder.getVisibility();
} }
@RequestMapping(value = "/{stakeholderId}/toggle-access", method = RequestMethod.POST)
public Boolean toggleStakeholderAccess(@PathVariable("stakeholderId") String stakeholderId) {
log.debug("toggle stakeholder access (isPublic)");
log.debug("Stakeholder: "+stakeholderId);
Stakeholder stakeholder = stakeholderDAO.findById(stakeholderId);
if (stakeholder == null) {
// EXCEPTION - Stakeholder not found
throw new EntityNotFoundException("Toggle stakeholder access: Stakeholder with id: "+stakeholderId+" not found");
}
stakeholder.setIsPublic(!stakeholder.getIsPublic());
stakeholderDAO.save(stakeholder);
log.debug("Stakeholder toggled!");
return stakeholder.getIsPublic();
}
// The following are not supposed to be used // The following are not supposed to be used
// @RequestMapping(value = "/stakeholder/dates", method = RequestMethod.GET) // @RequestMapping(value = "/stakeholder/dates", method = RequestMethod.GET)
// public List<Date> getAllStakeholderDates() { // public List<Date> getAllStakeholderDates() {

130
src/main/java/eu/dnetlib/uoamonitorservice/controllers/SubCategoryController.java
View File

@ -4,11 +4,15 @@ import eu.dnetlib.uoamonitorservice.dao.*;
import eu.dnetlib.uoamonitorservice.entities.*; import eu.dnetlib.uoamonitorservice.entities.*;
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException;
import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException; import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException;
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator; import java.util.Iterator;
import java.util.List; import java.util.List;
@ -17,6 +21,9 @@ import java.util.List;
public class SubCategoryController { public class SubCategoryController {
private final Logger log = Logger.getLogger(this.getClass()); private final Logger log = Logger.getLogger(this.getClass());
@Autowired
private RolesUtils rolesUtils;
@Autowired @Autowired
private StakeholderDAO stakeholderDAO; private StakeholderDAO stakeholderDAO;
@ -63,12 +70,21 @@ public class SubCategoryController {
subcategoryFull.setNumbers(sectionNumbersFull); subcategoryFull.setNumbers(sectionNumbersFull);
subCategory.setNumbers(sectionNumbers); subCategory.setNumbers(sectionNumbers);
Date date = new Date();
subCategory.setCreationDate(date);
subCategory.setUpdateDate(date);
subcategoryFull.setCreationDate(date);
subcategoryFull.setUpdateDate(date);
subCategoryDAO.save(subCategory); subCategoryDAO.save(subCategory);
subcategoryFull.setId(subCategory.getId()); subcategoryFull.setId(subCategory.getId());
return subcategoryFull; return subcategoryFull;
} }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/save", method = RequestMethod.POST) @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/save", method = RequestMethod.POST)
public SubCategory<Section<Indicator>> saveSubCategory(@PathVariable("stakeholderId") String stakeholderId, public SubCategory<Section<Indicator>> saveSubCategory(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId, @PathVariable("topicId") String topicId,
@ -79,13 +95,20 @@ public class SubCategoryController {
Category category = checkForExceptions(stakeholderId, topicId, categoryId); Category category = checkForExceptions(stakeholderId, topicId, categoryId);
SubCategory<String> subCategory = new SubCategory<>(subcategoryFull);
Date date = new Date();
subCategory.setUpdateDate(date);
subcategoryFull.setUpdateDate(date);
SubCategory<String> oldSubcategory = null; SubCategory<String> oldSubcategory = null;
if(subcategoryFull.getId() != null) { if(subcategoryFull.getId() != null) {
oldSubcategory = subCategoryDAO.findById(subcategoryFull.getId()); oldSubcategory = subCategoryDAO.findById(subcategoryFull.getId());
} else { // subcategory does not exist in DB
subCategory.setCreationDate(date);
subcategoryFull.setCreationDate(date);
} }
SubCategory<String> subCategory = new SubCategory<>(subcategoryFull);
// List<String> charts = new ArrayList<>(); // List<String> charts = new ArrayList<>();
// for(Indicator chart : subcategoryFull.getCharts()) { // for(Indicator chart : subcategoryFull.getCharts()) {
// charts.add(chart.getId()); // charts.add(chart.getId());
@ -110,15 +133,17 @@ public class SubCategoryController {
} }
subCategory.setNumbers(numberSections); subCategory.setNumbers(numberSections);
subCategoryDAO.save(subCategory);
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId); Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId);
if(stakeholder.getDefaultId() == null) { if(stakeholder.getDefaultId() == null) {
if(subcategoryFull.getId() == null) { if(subcategoryFull.getId() == null) {
subCategoryDAO.save(subCategory);
onSaveDefaultSubCategory(subCategory, categoryId); onSaveDefaultSubCategory(subCategory, categoryId);
} else { } else {
onUpdateDefaultSubCategory(subCategory, oldSubcategory); onUpdateDefaultSubCategory(subCategory, oldSubcategory);
subCategoryDAO.save(subCategory);
} }
} else {
subCategoryDAO.save(subCategory);
} }
List<String> subcategories = category.getSubCategories(); List<String> subcategories = category.getSubCategories();
@ -182,10 +207,12 @@ public class SubCategoryController {
// subCategoryBasedOnDefault.setName(subCategory.getName()); // subCategoryBasedOnDefault.setName(subCategory.getName());
// subCategoryBasedOnDefault.setDescription(subCategory.getDescription()); // subCategoryBasedOnDefault.setDescription(subCategory.getDescription());
subCategoryBasedOnDefault.setUpdateDate(subCategory.getUpdateDate());
subCategoryDAO.save(subCategoryBasedOnDefault); subCategoryDAO.save(subCategoryBasedOnDefault);
} }
} }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/delete", method = RequestMethod.DELETE) @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/delete", method = RequestMethod.DELETE)
public boolean deleteSubCategory(@PathVariable("stakeholderId") String stakeholderId, public boolean deleteSubCategory(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId, @PathVariable("topicId") String topicId,
@ -199,6 +226,14 @@ public class SubCategoryController {
SubCategory<String> subcategory = subCategoryDAO.findById(subcategoryId); SubCategory<String> subcategory = subCategoryDAO.findById(subcategoryId);
if(subcategory != null) { if(subcategory != null) {
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId);
List<String> roles = rolesUtils.getRoles();
if(subcategory.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Delete subcategory: You are not authorized to delete a default SubCategory in stakeholder with id: "+stakeholderId);
}
List<String> subcategories = category.getSubCategories(); List<String> subcategories = category.getSubCategories();
int index = subcategories.indexOf(subcategoryId); int index = subcategories.indexOf(subcategoryId);
if(index != -1) { if(index != -1) {
@ -298,6 +333,7 @@ public class SubCategoryController {
return true; return true;
} }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/reorder", method = RequestMethod.POST) @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/reorder", method = RequestMethod.POST)
public List<SubCategory> reorderSubCategories(@PathVariable("stakeholderId") String stakeholderId, public List<SubCategory> reorderSubCategories(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId, @PathVariable("topicId") String topicId,
@ -320,44 +356,66 @@ public class SubCategoryController {
return subCategoriesFull; return subCategoriesFull;
} }
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/toggle-status", method = RequestMethod.POST) // @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/toggle-status", method = RequestMethod.POST)
public Boolean toggleSubCategoryStatus(@PathVariable("stakeholderId") String stakeholderId, // public Boolean toggleSubCategoryStatus(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId, // @PathVariable("topicId") String topicId,
@PathVariable("categoryId") String categoryId, // @PathVariable("categoryId") String categoryId,
@PathVariable("subcategoryId") String subcategoryId) { // @PathVariable("subcategoryId") String subcategoryId) {
log.debug("toggle subCategory status (isActive)"); // log.debug("toggle subCategory status (isActive)");
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId+ " - SubCategory: "+subcategoryId);
//
// SubCategory subCategory = subCategoryDAO.findById(subcategoryId);
// if (subCategory == null) {
// // EXCEPTION - SubCategory not found
// throw new EntityNotFoundException("Toggle subCategory status: SubCategory with id: "+subcategoryId+" not found");
// }
// subCategory.setIsActive(!subCategory.getIsActive());
//
// this.toggleSubCategory(stakeholderId, topicId, categoryId, subCategory);
//
// return subCategory.getIsActive();
// }
//
// @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/toggle-access", method = RequestMethod.POST)
// public Boolean toggleSubCategoryAccess(@PathVariable("stakeholderId") String stakeholderId,
// @PathVariable("topicId") String topicId,
// @PathVariable("categoryId") String categoryId,
// @PathVariable("subcategoryId") String subcategoryId) {
// log.debug("toggle subCategory access (isPublic)");
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId+ " - SubCategory: "+subcategoryId);
//
// SubCategory subCategory = subCategoryDAO.findById(subcategoryId);
// if (subCategory == null) {
// // EXCEPTION - SubCategory not found
// throw new EntityNotFoundException("Toggle subCategory access: SubCategory with id: "+subcategoryId+" not found");
// }
// subCategory.setIsPublic(!subCategory.getIsPublic());
//
// this.toggleSubCategory(stakeholderId, topicId, categoryId, subCategory);
//
// return subCategory.getIsPublic();
// }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/change-visibility", method = RequestMethod.POST)
public Visibility changeTopicVisibility(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@PathVariable("categoryId") String categoryId,
@PathVariable("subcategoryId") String subcategoryId,
@RequestParam("visibility") Visibility visibility) {
log.debug("change subCategory visibility: "+visibility);
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId+ " - SubCategory: "+subcategoryId); log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId+ " - SubCategory: "+subcategoryId);
SubCategory subCategory = subCategoryDAO.findById(subcategoryId); SubCategory subCategory = subCategoryDAO.findById(subcategoryId);
if (subCategory == null) { if (subCategory == null) {
// EXCEPTION - SubCategory not found // EXCEPTION - SubCategory not found
throw new EntityNotFoundException("Toggle subCategory status: SubCategory with id: "+subcategoryId+" not found"); throw new EntityNotFoundException("Change subCategory visibility: SubCategory with id: "+subcategoryId+" not found");
} }
subCategory.setIsActive(!subCategory.getIsActive()); subCategory.setVisibility(visibility);
this.toggleSubCategory(stakeholderId, topicId, categoryId, subCategory); this.toggleSubCategory(stakeholderId, topicId, categoryId, subCategory);
return subCategory.getIsActive(); return subCategory.getVisibility();
}
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/toggle-access", method = RequestMethod.POST)
public Boolean toggleSubCategoryAccess(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@PathVariable("categoryId") String categoryId,
@PathVariable("subcategoryId") String subcategoryId) {
log.debug("toggle subCategory access (isPublic)");
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId+ " - SubCategory: "+subcategoryId);
SubCategory subCategory = subCategoryDAO.findById(subcategoryId);
if (subCategory == null) {
// EXCEPTION - SubCategory not found
throw new EntityNotFoundException("Toggle subCategory access: SubCategory with id: "+subcategoryId+" not found");
}
subCategory.setIsPublic(!subCategory.getIsPublic());
this.toggleSubCategory(stakeholderId, topicId, categoryId, subCategory);
return subCategory.getIsPublic();
} }
public void toggleSubCategory(String stakeholderId, String topicId, String categoryId, SubCategory subcategory) { public void toggleSubCategory(String stakeholderId, String topicId, String categoryId, SubCategory subcategory) {
@ -382,6 +440,12 @@ public class SubCategoryController {
throw new EntityNotFoundException("Save indicator: Stakeholder with id: " + stakeholderId + " not found"); throw new EntityNotFoundException("Save indicator: Stakeholder with id: " + stakeholderId + " not found");
} }
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("CheckForExceptions SubCategory: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Topic<String> topic = topicDAO.findById(topicId); Topic<String> topic = topicDAO.findById(topicId);
if(topic == null) { if(topic == null) {
// EXCEPTION - Topic not found // EXCEPTION - Topic not found

149
src/main/java/eu/dnetlib/uoamonitorservice/controllers/TopicController.java
View File

@ -4,11 +4,15 @@ import eu.dnetlib.uoamonitorservice.dao.*;
import eu.dnetlib.uoamonitorservice.entities.*; import eu.dnetlib.uoamonitorservice.entities.*;
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException;
import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException; import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException;
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator; import java.util.Iterator;
import java.util.List; import java.util.List;
@ -17,24 +21,15 @@ import java.util.List;
public class TopicController { public class TopicController {
private final Logger log = Logger.getLogger(this.getClass()); private final Logger log = Logger.getLogger(this.getClass());
@Autowired
private RolesUtils rolesUtils;
@Autowired @Autowired
private StakeholderDAO stakeholderDAO; private StakeholderDAO stakeholderDAO;
@Autowired @Autowired
private TopicDAO topicDAO; private TopicDAO topicDAO;
@Autowired
private CategoryDAO categoryDAO;
@Autowired
private SubCategoryDAO subCategoryDAO;
@Autowired
private SectionDAO sectionDAO;
@Autowired
private IndicatorDAO indicatorDAO;
@Autowired @Autowired
private CategoryController categoryController; private CategoryController categoryController;
@ -51,12 +46,20 @@ public class TopicController {
topicFull.setCategories(categoriesFull); topicFull.setCategories(categoriesFull);
topic.setCategories(categories); topic.setCategories(categories);
Date date = new Date();
topic.setCreationDate(date);
topic.setUpdateDate(date);
topicFull.setCreationDate(date);
topicFull.setUpdateDate(date);
topicDAO.save(topic); topicDAO.save(topic);
topicFull.setId(topic.getId()); topicFull.setId(topic.getId());
return topicFull; return topicFull;
} }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/save", method = RequestMethod.POST) @RequestMapping(value = "/{stakeholderId}/save", method = RequestMethod.POST)
public Topic<Category> saveTopic(@PathVariable("stakeholderId") String stakeholderId, public Topic<Category> saveTopic(@PathVariable("stakeholderId") String stakeholderId,
@RequestBody Topic<Category> topicFull) { @RequestBody Topic<Category> topicFull) {
@ -66,12 +69,24 @@ public class TopicController {
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId); Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId);
if(stakeholder != null) { if(stakeholder != null) {
Topic<String> oldTopic = null; List<String> roles = rolesUtils.getRoles();
if(topicFull.getId() != null) { if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
oldTopic = topicDAO.findById(topicFull.getId()); // EXCEPTION - Access denied
throw new AccessDeniedException("Save Topic: You are not authorized to update stakeholder with id: "+stakeholderId);
} }
Topic<String> topic = new Topic<>(topicFull); Topic<String> topic = new Topic<>(topicFull);
Date date = new Date();
topic.setUpdateDate(date);
topicFull.setUpdateDate(date);
Topic<String> oldTopic = null;
if(topicFull.getId() != null) {
oldTopic = topicDAO.findById(topicFull.getId());
} else { // topic does not exist in DB
topic.setCreationDate(date);
topicFull.setCreationDate(date);
}
List<String> categories = new ArrayList<>(); List<String> categories = new ArrayList<>();
for(Category category : topicFull.getCategories()) { for(Category category : topicFull.getCategories()) {
@ -79,14 +94,16 @@ public class TopicController {
} }
topic.setCategories(categories); topic.setCategories(categories);
topicDAO.save(topic);
if(stakeholder.getDefaultId() == null) { if(stakeholder.getDefaultId() == null) {
if(topicFull.getId() == null) { if(topicFull.getId() == null) {
topicDAO.save(topic);
onSaveDefaultTopic(topic, stakeholderId); onSaveDefaultTopic(topic, stakeholderId);
} else { } else {
onUpdateDefaultTopic(topic, oldTopic); onUpdateDefaultTopic(topic, oldTopic);
topicDAO.save(topic);
} }
} else {
topicDAO.save(topic);
} }
List<String> topics = stakeholder.getTopics(); List<String> topics = stakeholder.getTopics();
@ -158,10 +175,12 @@ public class TopicController {
// topicBasedOnDefault.setName(topic.getName()); // topicBasedOnDefault.setName(topic.getName());
// topicBasedOnDefault.setDescription(topic.getDescription()); // topicBasedOnDefault.setDescription(topic.getDescription());
topicBasedOnDefault.setUpdateDate(topic.getUpdateDate());
topicDAO.save(topicBasedOnDefault); topicDAO.save(topicBasedOnDefault);
} }
} }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/delete", method = RequestMethod.DELETE) @RequestMapping(value = "/{stakeholderId}/{topicId}/delete", method = RequestMethod.DELETE)
public boolean deleteTopic(@PathVariable("stakeholderId") String stakeholderId, public boolean deleteTopic(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId, @PathVariable("topicId") String topicId,
@ -173,9 +192,20 @@ public class TopicController {
if(stakeholder != null) { if(stakeholder != null) {
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Delete topic: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Topic<String> topic = topicDAO.findById(topicId); Topic<String> topic = topicDAO.findById(topicId);
if(topic != null) { if(topic != null) {
if(topic.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Delete topic: You are not authorized to delete a default Topic in stakeholder with id: "+stakeholderId);
}
List<String> topics = stakeholder.getTopics(); List<String> topics = stakeholder.getTopics();
int index = topics.indexOf(topicId); int index = topics.indexOf(topicId);
if(index != -1) { if(index != -1) {
@ -298,6 +328,7 @@ public class TopicController {
return true; return true;
} }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/reorder", method = RequestMethod.POST) @RequestMapping(value = "/{stakeholderId}/reorder", method = RequestMethod.POST)
public List<Topic> reorderTopics(@PathVariable("stakeholderId") String stakeholderId, public List<Topic> reorderTopics(@PathVariable("stakeholderId") String stakeholderId,
@RequestBody List<String> topics) { @RequestBody List<String> topics) {
@ -307,6 +338,13 @@ public class TopicController {
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId); Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId);
if(stakeholder != null) { if(stakeholder != null) {
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Reorder topics: You are not authorized to update stakeholder with id: "+stakeholderId);
}
stakeholder.setTopics(topics); stakeholder.setTopics(topics);
stakeholderDAO.save(stakeholder); stakeholderDAO.save(stakeholder);
@ -323,46 +361,73 @@ public class TopicController {
} }
} }
@RequestMapping(value = "/{stakeholderId}/{topicId}/toggle-status", method = RequestMethod.POST) // @RequestMapping(value = "/{stakeholderId}/{topicId}/toggle-status", method = RequestMethod.POST)
public Boolean toggleTopicStatus(@PathVariable("stakeholderId") String stakeholderId, // public Boolean toggleTopicStatus(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId) { // @PathVariable("topicId") String topicId) {
log.debug("toggle topic status (isActive)"); // log.debug("toggle topic status (isActive)");
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId);
//
// Topic topic = topicDAO.findById(topicId);
// if (topic == null) {
// // EXCEPTION - Topic not found
// throw new EntityNotFoundException("Toggle topic status: Topic with id: "+topicId+" not found");
// }
// topic.setIsActive(!topic.getIsActive());
//
// this.toggleTopic(stakeholderId, topic);
//
// return topic.getIsActive();
// }
//
// @RequestMapping(value = "/{stakeholderId}/{topicId}/toggle-access", method = RequestMethod.POST)
// public Boolean toggleTopicAccess(@PathVariable("stakeholderId") String stakeholderId,
// @PathVariable("topicId") String topicId) {
// log.debug("toggle topic access (isPublic)");
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId);
//
// Topic topic = topicDAO.findById(topicId);
// if (topic == null) {
// // EXCEPTION - Topic not found
// throw new EntityNotFoundException("Toggle topic access: Topic with id: "+topicId+" not found");
// }
// topic.setIsPublic(!topic.getIsPublic());
//
// this.toggleTopic(stakeholderId, topic);
//
// return topic.getIsPublic();
// }
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/{stakeholderId}/{topicId}/change-visibility", method = RequestMethod.POST)
public Visibility changeTopicVisibility(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId,
@RequestParam("visibility") Visibility visibility) {
log.debug("change topic visibility: "+visibility);
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId); log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId);
Topic topic = topicDAO.findById(topicId); Topic topic = topicDAO.findById(topicId);
if (topic == null) { if (topic == null) {
// EXCEPTION - Topic not found // EXCEPTION - Topic not found
throw new EntityNotFoundException("Toggle topic status: Topic with id: "+topicId+" not found"); throw new EntityNotFoundException("Change topic visibility: Topic with id: "+topicId+" not found");
} }
topic.setIsActive(!topic.getIsActive()); topic.setVisibility(visibility);
this.toggleTopic(stakeholderId, topic); this.toggleTopic(stakeholderId, topic);
return topic.getIsActive(); return topic.getVisibility();
}
@RequestMapping(value = "/{stakeholderId}/{topicId}/toggle-access", method = RequestMethod.POST)
public Boolean toggleTopicAccess(@PathVariable("stakeholderId") String stakeholderId,
@PathVariable("topicId") String topicId) {
log.debug("toggle topic access (isPublic)");
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId);
Topic topic = topicDAO.findById(topicId);
if (topic == null) {
// EXCEPTION - Topic not found
throw new EntityNotFoundException("Toggle topic access: Topic with id: "+topicId+" not found");
}
topic.setIsPublic(!topic.getIsPublic());
this.toggleTopic(stakeholderId, topic);
return topic.getIsPublic();
} }
public void toggleTopic(String stakeholderId, Topic topic) { public void toggleTopic(String stakeholderId, Topic topic) {
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId); Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId);
if (stakeholder != null) { if (stakeholder != null) {
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Toggle topic: You are not authorized to update stakeholder with id: "+stakeholderId);
}
if (stakeholder.getTopics().contains(topic.getId())) { if (stakeholder.getTopics().contains(topic.getId())) {
topicDAO.save(topic); topicDAO.save(topic);
log.debug("Topic toggled!"); log.debug("Topic toggled!");

65
src/main/java/eu/dnetlib/uoamonitorservice/handlers/utils/RolesUtils.java Normal file
View File

@ -0,0 +1,65 @@
package eu.dnetlib.uoamonitorservice.handlers.utils;
import eu.dnetlib.uoaauthorizationlibrary.security.AuthorizationService;
import org.apache.log4j.Logger;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@Component
public class RolesUtils {
@Autowired
private AuthorizationService authorizationService;
private final Logger log = Logger.getLogger(this.getClass());
public List<String> getRoles() {
return authorizationService.getRoles();
}
public boolean isPortalAdmin(List<String> roles) {
if(roles == null) {
return false;
}
// log.debug(authorizationService.PORTAL_ADMIN);
// log.debug("PortalAdmin: "+roles.contains(authorizationService.PORTAL_ADMIN));
return roles.contains(authorizationService.PORTAL_ADMIN);
}
public boolean isCurator(List<String> roles, String type) {
if(roles == null) {
return false;
}
// log.debug(authorizationService.curator(type));
// log.debug("Curator in "+type+": "+roles.contains(authorizationService.curator(type)));
return roles.contains(authorizationService.curator(type));
}
public boolean isManager(List<String> roles, String type, String id) {
if(roles == null) {
return false;
}
// log.debug(authorizationService.manager(type, id));
// log.debug("Manager in "+type+" - "+id+": "+roles.contains(authorizationService.manager(type, id)));
return roles.contains(authorizationService.manager(type, id));
}
public boolean isMember(List<String> roles, String type, String id) {
if(roles == null) {
return false;
}
// log.debug(authorizationService.member(type, id));
// log.debug("Member in "+type+" - "+id+": "+roles.contains(authorizationService.member(type, id)));
return roles.contains(authorizationService.member(type, id));
}
public boolean hasUpdateAuthority(List<String> roles, String type, String id) {
return isPortalAdmin(roles) || isCurator(roles, type) || isManager(roles, type, id);
}
public boolean hasCreateAndDeleteAuthority(List<String> roles, String type) {
return isPortalAdmin(roles) || isCurator(roles, type);
}
}