MaDgIK
/
uoa-monitor-service
13
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Trunk | Monitor Service]: 

1. StakeholderController.java & TopicController.java & CategoryController.java & SubCategoryController.java && SectionController.java && IndicatorController.java:
	a. Comment logs for get requests.
	b. Use "ForbiddenException" instead of "AccessDeniedException"
	c. On /save, if full entity has id (already in DB), if not found in DB throw EntityNotFoundException.
	d. Get children (e.g. when saving a Topic, get its categories) from DB.
2. TopicController.java & CategoryController.java & SubCategoryController.java & SectionController.java:
	In /reorder, if there are in DB, ids that are missing from reordered list, do reordering and add in the end of list the missing ids.
3. ReorderEvent.java: [NEW] Added class ReorderEvent with fields "action" (String), "target" (String), "ids" (List<String>) (used in IndicatorController.java).
4. IndicatorController.java: 
	a. In /reorder, @RequestBody changed from List<String> indicators to  ReorderEvent reorderEvent.
	b. If there are in DB, ids that are missing from reordered list AND missing id is not moved to other section (action = removed and target = missing id), do reordering and add in the end of list the missing ids.
5. ExceptionsHandler.java: exception handler methods "invalidInput()", "nullPointerException()", "notFoundException()" moved to "Admin Tools Library" - "accessDeniedException()" is removed.
6. responses/ExceptionResponse.java: File and folder deleted (moved to "Admin Tools Library").
7. RolesUtils.java: Added method "isLoggedIn()" (checks if no roles for user, or user has role "ROLE_ANONYMOUS").
This commit is contained in:
Konstantina Galouni 2020-12-09 14:24:27 +00:00
parent 479e2c0aeb
commit 38a5a09d8a
10 changed files with 349 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
src/main/java/eu/dnetlib/uoamonitorservice/controllers/CategoryController.java
View File

@ -3,6 +3,7 @@ package eu.dnetlib.uoamonitorservice.controllers;
import eu.dnetlib.uoamonitorservice.dao.*;
import eu.dnetlib.uoamonitorservice.entities.*;
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException;
import eu.dnetlib.uoaadmintoolslibrary.handlers.ForbiddenException;
import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException;
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils;
import org.apache.log4j.Logger;
@ -80,12 +81,16 @@ public class CategoryController {
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Save Category: You are not authorized to update stakeholder with id: "+stakeholderId);
throw new ForbiddenException("Save Category: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Category<String> oldCategory = null;
if(categoryFull.getId() != null) {
oldCategory = categoryDAO.findById(categoryFull.getId());
if(oldCategory == null) {
// EXCEPTION - Category not found
throw new EntityNotFoundException("save category: Category with id: " + categoryFull.getId() + " not found");
}
}
Topic<String> topic = topicDAO.findById(topicId);
@ -97,6 +102,8 @@ public class CategoryController {
category.setUpdateDate(date);
categoryFull.setUpdateDate(date);
List<String> subCategories = new ArrayList<>();
// if category not exists (no id), create a new default subcategory, identical to category
if(categoryFull.getId() == null) {
category.setCreationDate(date);
@ -106,14 +113,24 @@ public class CategoryController {
subCategory.createOverviewSubCategory(categoryFull);
subCategoryDAO.save(subCategory);
List<SubCategory> subCategories = categoryFull.getSubCategories();
subCategories.add(subCategory);
List<SubCategory> subCategoriesFull = categoryFull.getSubCategories();
subCategoriesFull.add(subCategory);
for(SubCategory oldSubCategory : subCategoriesFull) {
subCategories.add(oldSubCategory.getId());
}
} else {
for(String subCategoryId : oldCategory.getSubCategories()) {
SubCategory subCategory = subCategoryDAO.findById(subCategoryId);
if (subCategory == null) {
// EXCEPTION - SubCategory not found
throw new EntityNotFoundException("Save category: SubCategory with id: "+subCategoryId+" not found (subcategory exists in category: "+category.getId()+")");
}
subCategories.add(subCategory.getId());
}
}
List<String> subCategories = new ArrayList<>();
for(SubCategory subCategory : categoryFull.getSubCategories()) {
subCategories.add(subCategory.getId());
}
category.setSubCategories(subCategories);
if(stakeholder.getDefaultId() == null) {
@ -223,7 +240,7 @@ public class CategoryController {
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Delete category: You are not authorized to update stakeholder with id: "+stakeholderId);
throw new ForbiddenException("Delete category: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Topic<String> topic = topicDAO.findById(topicId);
@ -235,7 +252,7 @@ public class CategoryController {
if(category.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Delete category: You are not authorized to delete a default Category in stakeholder with id: "+stakeholderId);
throw new ForbiddenException("Delete category: You are not authorized to delete a default Category in stakeholder with id: "+stakeholderId);
}
@ -369,15 +386,27 @@ public class CategoryController {
Topic<String> topic = checkForExceptions(stakeholderId, topicId);
List<String> oldCategories = topic.getCategories();
for (String categoryId : oldCategories) {
if (!categories.contains(categoryId)) {
categories.add(categoryId);
}
}
topic.setCategories(categories);
List<Category> categoriesFull = new ArrayList<>();
for(String categoryId : categories) {
Category category = categoryDAO.findById(categoryId);
if(category == null) {
// EXCEPTION - Category not found
throw new EntityNotFoundException("Reorder Categories: Category with id: " + categoryId + " not found");
}
categoriesFull.add(category);
}
topicDAO.save(topic);
log.debug("Categories reordered!");
List<Category> categoriesFull = new ArrayList<>();
for(String categoryId : categories) {
categoriesFull.add(categoryDAO.findById(categoryId));
}
return categoriesFull;
}
@ -448,7 +477,7 @@ public class CategoryController {
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Toggle category: You are not authorized to update stakeholder with id: "+stakeholderId);
throw new ForbiddenException("Toggle category: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Topic<String> topic = topicDAO.findById(topicId);
@ -488,7 +517,7 @@ public class CategoryController {
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("checkForExceptions category: You are not authorized to update stakeholder with id: "+stakeholderId);
throw new ForbiddenException("checkForExceptions category: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Topic<String> topic = topicDAO.findById(topicId);

36
src/main/java/eu/dnetlib/uoamonitorservice/controllers/IndicatorController.java
View File

@ -4,6 +4,7 @@ package eu.dnetlib.uoamonitorservice.controllers;
import eu.dnetlib.uoamonitorservice.dao.*;
import eu.dnetlib.uoamonitorservice.entities.*;
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException;
import eu.dnetlib.uoaadmintoolslibrary.handlers.ForbiddenException;
import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException;
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils;
import org.apache.log4j.Logger;
@ -13,6 +14,7 @@ import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.Field;
import java.net.URLEncoder;
import java.util.*;
@ -62,6 +64,10 @@ public class IndicatorController {
Indicator oldIndicator = null;
if(indicator.getId() != null) {
oldIndicator = indicatorDAO.findById(indicator.getId());
if(oldIndicator == null) {
// EXCEPTION - Indicator not found
throw new EntityNotFoundException("save indicator: Indicator with id: " + indicator.getId() + " not found");
}
} else { // indicator does not exist in DB
indicator.setCreationDate(date);
}
@ -387,7 +393,7 @@ public class IndicatorController {
List<String> roles = rolesUtils.getRoles();
if(indicator.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Delete indicator: You are not authorized to delete a default Indicator in stakeholder with id: "+stakeholderId);
throw new ForbiddenException("Delete indicator: You are not authorized to delete a default Indicator in stakeholder with id: "+stakeholderId);
}
List<String> indicators = section.getIndicators();
@ -568,21 +574,37 @@ public class IndicatorController {
@PathVariable("subcategoryId") String subcategoryId,
@PathVariable("sectionId") String sectionId,
@PathVariable("type") String type,
@RequestBody List<String> indicators) {
@RequestBody ReorderEvent reorderEvent) {
log.debug("reorder indicators of type: "+type);
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId+ " - SubCategory: "+subcategoryId + " - Section: "+sectionId);
List<String> indicators = reorderEvent.getIds();
String actionType = reorderEvent.getAction();
String targetId = reorderEvent.getTarget();
Section<String> section = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId, sectionId, type);
List<String> oldIndicators = section.getIndicators();
for (String indicatorId : oldIndicators) {
if ((!actionType.equals("removed") || !targetId.equals(indicatorId)) && !indicators.contains(indicatorId)) {
indicators.add(indicatorId);
}
}
section.setIndicators(indicators);
List<Indicator> indicatorsFull = new ArrayList<>();
for(String indicatorId : indicators) {
Indicator indicator = indicatorDAO.findById(indicatorId);
if(indicator == null) {
// EXCEPTION - Indicator not found
throw new EntityNotFoundException("Reorder indicators: Indicator with id: " + indicatorId + " not found");
}
indicatorsFull.add(indicator);
}
sectionDAO.save(section);
log.debug("Indicators reordered!");
List<Indicator> indicatorsFull = new ArrayList<>();
for(String indicatorId : indicators) {
indicatorsFull.add(indicatorDAO.findById(indicatorId));
}
return indicatorsFull;
}
@ -680,7 +702,7 @@ public class IndicatorController {
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("CheckForExceptions Indicator: You are not authorized to update stakeholder with id: "+stakeholderId);
throw new ForbiddenException("CheckForExceptions Indicator: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Topic<String> topic = topicDAO.findById(topicId);

55
src/main/java/eu/dnetlib/uoamonitorservice/controllers/SectionController.java
View File

@ -3,6 +3,7 @@ package eu.dnetlib.uoamonitorservice.controllers;
import eu.dnetlib.uoamonitorservice.dao.*;
import eu.dnetlib.uoamonitorservice.entities.*;
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException;
import eu.dnetlib.uoaadmintoolslibrary.handlers.ForbiddenException;
import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException;
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils;
import org.apache.log4j.Logger;
@ -91,19 +92,35 @@ public class SectionController {
section.setUpdateDate(date);
sectionFull.setUpdateDate(date);
List<String> indicators = new ArrayList<>();
Section<String> oldSection = null;
if(sectionFull.getId() != null) {
oldSection = sectionDAO.findById(sectionFull.getId());
if(oldSection == null) {
// EXCEPTION - Section not found
throw new EntityNotFoundException("save section: Section with id: " + sectionFull.getId() + " not found");
}
for(String indicatorId : oldSection.getIndicators()) {
Indicator indicator = indicatorDAO.findById(indicatorId);
if (indicator == null) {
// EXCEPTION - Indicator not found
throw new EntityNotFoundException("Save section: Indicator with id: "+indicatorId+" not found (indicator exists in section: "+section.getId()+")");
}
indicators.add(indicator.getId());
}
} else { // section does not exist in DB
section.setCreationDate(date);
sectionFull.setCreationDate(date);
for(Indicator indicator : sectionFull.getIndicators()) {
indicators.add(indicator.getId());
}
}
String sectionId = sectionFull.getId();
List<String> indicators = new ArrayList<>();
for(Indicator indicator : sectionFull.getIndicators()) {
indicators.add(indicator.getId());
}
section.setIndicators(indicators);
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId);
@ -223,7 +240,7 @@ public class SectionController {
List<String> roles = rolesUtils.getRoles();
if(section.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Delete section: You are not authorized to delete a default Section in stakeholder with id: "+stakeholderId);
throw new ForbiddenException("Delete section: You are not authorized to delete a default Section in stakeholder with id: "+stakeholderId);
}
String type = "";
@ -321,18 +338,36 @@ public class SectionController {
SubCategory<String> subCategory = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId);
if (type.equals("chart")) {
List<String> oldSections = subCategory.getCharts();
for (String sectionId : oldSections) {
if (!sections.contains(sectionId)) {
sections.add(sectionId);
}
}
subCategory.setCharts(sections);
} else if (type.equals("number")) {
List<String> oldSections = subCategory.getNumbers();
for (String sectionId : oldSections) {
if (!sections.contains(sectionId)) {
sections.add(sectionId);
}
}
subCategory.setNumbers(sections);
}
List<Section> sectionsFull = new ArrayList<>();
for(String sectionId : sections) {
Section section = sectionDAO.findById(sectionId);
if(section == null) {
// EXCEPTION - Section not found
throw new EntityNotFoundException("Reorder sections: Section with id: " + sectionId + " not found");
}
sectionsFull.add(section);
}
subCategoryDAO.save(subCategory);
log.debug("Sections reordered!");
List<Section> sectionsFull = new ArrayList<>();
for(String sectionId : sections) {
sectionsFull.add(sectionDAO.findById(sectionId));
}
return sectionsFull;
}
@ -411,7 +446,7 @@ public class SectionController {
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("CheckForExceptions Section: You are not authorized to update stakeholder with id: "+stakeholderId);
throw new ForbiddenException("CheckForExceptions Section: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Topic<String> topic = topicDAO.findById(topicId);

100
src/main/java/eu/dnetlib/uoamonitorservice/controllers/StakeholderController.java
View File

@ -3,11 +3,13 @@ package eu.dnetlib.uoamonitorservice.controllers;
import eu.dnetlib.uoamonitorservice.dao.*;
import eu.dnetlib.uoamonitorservice.entities.*;
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException;
import eu.dnetlib.uoaadmintoolslibrary.handlers.ForbiddenException;
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.AuthorizationServiceException;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
@ -45,6 +47,25 @@ public class StakeholderController {
@Autowired
private TopicController topicController;
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/stakeholder/alias", method = RequestMethod.GET)
public List<String> getAllReservedStakeholderAlias() {
// log.debug("get all stakeholder reserved alias-es");
List<String> stakeholderAlias = new ArrayList<>();
List<Stakeholder> stakeholders = stakeholderDAO.findAll();
if(stakeholders != null) {
stakeholders.forEach(stakeholder -> {
stakeholderAlias.add(stakeholder.getAlias());
});
}
stakeholderAlias.add( "all");
stakeholderAlias.add("default");
stakeholderAlias.add("alias");
return stakeholderAlias;
}
// @PreAuthorize("isAuthenticated()")
@PreAuthorize("hasAnyAuthority(" +
"@AuthorizationService.PORTAL_ADMIN, " +
@ -202,6 +223,24 @@ public class StakeholderController {
return stakeholderFull;
}
// private SubCategory setFullSubcategory(SubCategory subCategory) {
// SubCategory subCategoryFull = new SubCategory<Section<Indicator>>(subCategory);
//
// List<Section> sectionsCharts = new ArrayList<>();
//
// for(String sectionId : subCategory.getCharts()) {
// sectionsCharts.add(getSectionFull(sectionId, subCategoryId, addAll, addPublicAndRestricted));
// }
// subCategoryFull.setCharts(sectionsCharts);
//
// List<Section> sectionsNumbers = new ArrayList<>();
//
// for(String sectionId : subCategory.getNumbers()) {
// sectionsNumbers.add(getSectionFull(sectionId, subCategoryId, addAll, addPublicAndRestricted));
// }
// subCategoryFull.setNumbers(sectionsNumbers);
// }
private Section getSectionFull(String sectionId, String subCategoryId, boolean addAll, boolean addPublicAndRestricted) {
Section<String> section = sectionDAO.findById(sectionId);
if (section == null) {
@ -235,7 +274,7 @@ public class StakeholderController {
"@AuthorizationService.PORTAL_ADMIN)")
@RequestMapping(value = "/stakeholder/all", method = RequestMethod.GET)
public List<Stakeholder> getAllStakeholders(@RequestParam(required = false) String type) {
log.debug("get all stakeholders" + (type != null ? " with type: "+type : ""));
// log.debug("get all stakeholders" + (type != null ? " with type: "+type : ""));
List<Stakeholder> stakeholders;
if(type == null) {
@ -256,7 +295,7 @@ public class StakeholderController {
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/stakeholder/default", method = RequestMethod.GET)
public List<Stakeholder> getAllDefaultStakeholders(@RequestParam(required = false) String type) {
log.debug("get all default stakeholders" + (type != null ? " with type: "+type : ""));
// log.debug("get all default stakeholders" + (type != null ? " with type: "+type : ""));
List<Stakeholder> stakeholders;
if(type == null) {
@ -299,7 +338,7 @@ public class StakeholderController {
@RequestMapping(value = "/stakeholder", method = RequestMethod.GET)
public List<Stakeholder> getAllRealStakeholders(@RequestParam(required = false) String type) {
log.debug("get all NOT default stakeholders" + (type != null ? " with type: "+type : ""));
// log.debug("get all NOT default stakeholders" + (type != null ? " with type: "+type : ""));
List<Stakeholder> stakeholders;
if(type == null) {
@ -351,7 +390,7 @@ public class StakeholderController {
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/my-stakeholder", method = RequestMethod.GET)
public List<Stakeholder> getMyRealStakeholders(@RequestParam(required = false) String type) {
log.debug("get my NOT default stakeholders" + (type != null ? " with type: "+type : ""));
// log.debug("get my NOT default stakeholders" + (type != null ? " with type: "+type : ""));
List<Stakeholder> stakeholders;
if(type == null) {
@ -398,7 +437,7 @@ public class StakeholderController {
@RequestMapping(value = "/stakeholder/{alias}", method = RequestMethod.GET)
public Stakeholder getStakeholder(@PathVariable("alias") String alias) {
log.debug("get stakeholder: "+alias);
// log.debug("get stakeholder: "+alias);
Stakeholder<String> stakeholder = stakeholderDAO.findByAlias(alias);
if(stakeholder == null) {
@ -409,10 +448,19 @@ public class StakeholderController {
// List<String> roles = authorizationService.getRoles();
List<String> roles = rolesUtils.getRoles();
if(stakeholder.getDefaultId() == null && !rolesUtils.isLoggedIn(roles)) {
// EXCEPTION - Unauthorized
throw new AccessDeniedException("Get stakeholder: You are not authorized (not logged in) to access stakeholder with alias: "+alias);
}
if(stakeholder.getDefaultId() == null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) {
// EXCEPTION - Access denied
throw new ForbiddenException("Get stakeholder: You are not authorized to access stakeholder with alias: "+alias);
}
if((stakeholder.getVisibility() == Visibility.PRIVATE && !rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())
|| (stakeholder.getVisibility() == Visibility.RESTRICTED && !rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias()) && !rolesUtils.isMember(roles, stakeholder.getType(), stakeholder.getAlias())))) {
// // EXCEPTION - Access denied
// throw new AccessDeniedException("Get stakeholder: You are not authorized to get stakeholder with alias: "+alias);
// throw new ForbiddenException("Get stakeholder: You are not authorized to get stakeholder with alias: "+alias);
List<String> topicsEmpty = stakeholder.getTopics();
topicsEmpty.clear();
stakeholder.setTopics(topicsEmpty);
@ -424,11 +472,11 @@ public class StakeholderController {
}
// @PreAuthorize("isAuthenticated()")
@PreAuthorize("hasAnyAuthority(" +
"@AuthorizationService.PORTAL_ADMIN, " +
"@AuthorizationService.curator(#stakeholderFull.getType()), " +
"@AuthorizationService.manager(#stakeholderFull.getType(), #stakeholderFull.getAlias()) " +
")")
@PreAuthorize("hasAnyAuthority("
+ "@AuthorizationService.PORTAL_ADMIN, "
+ "@AuthorizationService.curator(#stakeholderFull.getType()), "
+ "@AuthorizationService.manager(#stakeholderFull.getType(), #stakeholderFull.getAlias()) "
+ ")")
@RequestMapping(value = "/save", method = RequestMethod.POST)
public Stakeholder<Topic> saveStakeholder(@RequestBody Stakeholder<Topic> stakeholderFull) {
log.debug("save stakeholder");
@ -444,15 +492,33 @@ public class StakeholderController {
Date date = new Date();
stakeholder.setUpdateDate(date);
List<String> topics = new ArrayList<>();
// stakeholder does not exist in DB
if(stakeholderFull.getId() == null) {
stakeholder.setCreationDate(date);
for(Topic topic : stakeholderFull.getTopics()) {
topics.add(topic.getId());
}
} else {
Stakeholder<String> oldStakeholder = stakeholderDAO.findById(stakeholderFull.getId());
if(oldStakeholder == null) {
// EXCEPTION - Stakeholder not found
throw new EntityNotFoundException("save stakeholder: Stakeholder with id: "+stakeholderFull.getId()+" not found");
}
for(String topicId : oldStakeholder.getTopics()) {
Topic topic = topicDAO.findById(topicId);
if (topic == null) {
// EXCEPTION - Topic not found
throw new EntityNotFoundException("Save stakeholder: Topic with id: "+topicId+" not found (topic exists in stakeholder: "+stakeholder.getId()+")");
}
topics.add(topic.getId());
}
// stakeholder.setTopics(topics);
// stakeholderFull = this.setFullEntities(stakeholder, rolesUtils.getRoles());
}
List<String> topics = new ArrayList<>();
for(Topic topic : stakeholderFull.getTopics()) {
topics.add(topic.getId());
}
stakeholder.setTopics(topics);
Stakeholder<String> stakeholderSaved = stakeholderDAO.save(stakeholder);
@ -483,7 +549,7 @@ public class StakeholderController {
// && !roles.contains(authorizationService.curator(stakeholder.getType()))) {
if(!rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Delete stakeholder: You are not authorized to delete stakeholder with id: "+stakeholderId);
throw new ForbiddenException("Delete stakeholder: You are not authorized to delete stakeholder with id: "+stakeholderId);
}
// for(String topicId : stakeholder.getTopics()) {
@ -615,7 +681,7 @@ public class StakeholderController {
// && !roles.contains(authorizationService.manager(stakeholder.getType(), stakeholder.getAlias()))) {
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Change stakeholder visibility: You are not authorized to update stakeholder with id: "+stakeholderId);
throw new ForbiddenException("Change stakeholder visibility: You are not authorized to update stakeholder with id: "+stakeholderId);
}
stakeholder.setVisibility(visibility);

68
src/main/java/eu/dnetlib/uoamonitorservice/controllers/SubCategoryController.java
View File

@ -3,6 +3,7 @@ package eu.dnetlib.uoamonitorservice.controllers;
import eu.dnetlib.uoamonitorservice.dao.*;
import eu.dnetlib.uoamonitorservice.entities.*;
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException;
import eu.dnetlib.uoaadmintoolslibrary.handlers.ForbiddenException;
import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException;
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils;
import org.apache.log4j.Logger;
@ -101,12 +102,45 @@ public class SubCategoryController {
subCategory.setUpdateDate(date);
subcategoryFull.setUpdateDate(date);
List<String> chartSections = new ArrayList<>();
List<String> numberSections = new ArrayList<>();
SubCategory<String> oldSubcategory = null;
if(subcategoryFull.getId() != null) {
oldSubcategory = subCategoryDAO.findById(subcategoryFull.getId());
if(oldSubcategory == null) {
// EXCEPTION - SubCategory not found
throw new EntityNotFoundException("save subcategory: SubCategory with id: " + subcategoryFull.getId() + " not found");
}
for(String chartSectionId : oldSubcategory.getCharts()) {
Section section = sectionDAO.findById(chartSectionId);
if (section == null) {
// EXCEPTION - Section not found
throw new EntityNotFoundException("Save subcategory: Chart section with id: "+chartSectionId+" not found (section exists in subcategory: "+subCategory.getId()+")");
}
chartSections.add(section.getId());
}
for(String numberSectionId : oldSubcategory.getNumbers()) {
Section section = sectionDAO.findById(numberSectionId);
if (section == null) {
// EXCEPTION - Section not found
throw new EntityNotFoundException("Save subcategory: Number section with id: "+numberSectionId+" not found (section exists in subcategory: "+subCategory.getId()+")");
}
numberSections.add(section.getId());
}
} else { // subcategory does not exist in DB
subCategory.setCreationDate(date);
subcategoryFull.setCreationDate(date);
for(Section chartSection : subcategoryFull.getCharts()) {
chartSections.add(chartSection.getId());
}
for(Section numberSection : subcategoryFull.getNumbers()) {
numberSections.add(numberSection.getId());
}
}
// List<String> charts = new ArrayList<>();
@ -121,16 +155,8 @@ public class SubCategoryController {
// }
// subCategory.setNumbers(numbers);
List<String> chartSections = new ArrayList<>();
for(Section chartSection : subcategoryFull.getCharts()) {
chartSections.add(chartSection.getId());
}
subCategory.setCharts(chartSections);
List<String> numberSections = new ArrayList<>();
for(Section numberSection : subcategoryFull.getNumbers()) {
numberSections.add(numberSection.getId());
}
subCategory.setCharts(chartSections);
subCategory.setNumbers(numberSections);
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId);
@ -231,7 +257,7 @@ public class SubCategoryController {
List<String> roles = rolesUtils.getRoles();
if(subcategory.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Delete subcategory: You are not authorized to delete a default SubCategory in stakeholder with id: "+stakeholderId);
throw new ForbiddenException("Delete subcategory: You are not authorized to delete a default SubCategory in stakeholder with id: "+stakeholderId);
}
List<String> subcategories = category.getSubCategories();
@ -344,15 +370,27 @@ public class SubCategoryController {
Category<String> category = checkForExceptions(stakeholderId, topicId, categoryId);
List<String> oldSubcategories = category.getSubCategories();
for (String subcategoryId : oldSubcategories) {
if (!subCategories.contains(subcategoryId)) {
subCategories.add(subcategoryId);
}
}
category.setSubCategories(subCategories);
List<SubCategory> subCategoriesFull = new ArrayList<>();
for(String subCategoryId : subCategories) {
SubCategory subCategory = subCategoryDAO.findById(subCategoryId);
if(subCategory == null) {
// EXCEPTION - SubCategory not found
throw new EntityNotFoundException("Reorder subCategories: subCategory with id: " + subCategoryId + " not found");
}
subCategoriesFull.add(subCategory);
}
categoryDAO.save(category);
log.debug("SubCategories reordered!");
List<SubCategory> subCategoriesFull = new ArrayList<>();
for(String subCategoryId : subCategories) {
subCategoriesFull.add(subCategoryDAO.findById(subCategoryId));
}
return subCategoriesFull;
}
@ -443,7 +481,7 @@ public class SubCategoryController {
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("CheckForExceptions SubCategory: You are not authorized to update stakeholder with id: "+stakeholderId);
throw new ForbiddenException("CheckForExceptions SubCategory: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Topic<String> topic = topicDAO.findById(topicId);

60
src/main/java/eu/dnetlib/uoamonitorservice/controllers/TopicController.java
View File

@ -3,6 +3,7 @@ package eu.dnetlib.uoamonitorservice.controllers;
import eu.dnetlib.uoamonitorservice.dao.*;
import eu.dnetlib.uoamonitorservice.entities.*;
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException;
import eu.dnetlib.uoaadmintoolslibrary.handlers.ForbiddenException;
import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException;
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils;
import org.apache.log4j.Logger;
@ -33,6 +34,9 @@ public class TopicController {
@Autowired
private CategoryController categoryController;
@Autowired
private CategoryDAO categoryDAO;
public Topic<Category> buildTopic(Topic<Category> topicFull) {
Topic<String> topic = new Topic<>(topicFull);
@ -72,7 +76,7 @@ public class TopicController {
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Save Topic: You are not authorized to update stakeholder with id: "+stakeholderId);
throw new ForbiddenException("Save Topic: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Topic<String> topic = new Topic<>(topicFull);
@ -80,18 +84,32 @@ public class TopicController {
topic.setUpdateDate(date);
topicFull.setUpdateDate(date);
List<String> categories = new ArrayList<>();
Topic<String> oldTopic = null;
if(topicFull.getId() != null) {
oldTopic = topicDAO.findById(topicFull.getId());
if(oldTopic == null) {
// EXCEPTION - Topic not found
throw new EntityNotFoundException("save topic: Topic with id: "+topicFull.getId()+" not found");
}
for(String categoryId : oldTopic.getCategories()) {
Category category = categoryDAO.findById(categoryId);
if (category == null) {
// EXCEPTION - Category not found
throw new EntityNotFoundException("Save topic: Category with id: "+categoryId+" not found (category exists in topic: "+topic.getId()+")");
}
categories.add(category.getId());
}
} else { // topic does not exist in DB
topic.setCreationDate(date);
topicFull.setCreationDate(date);
for(Category category : topicFull.getCategories()) {
categories.add(category.getId());
}
}
List<String> categories = new ArrayList<>();
for(Category category : topicFull.getCategories()) {
categories.add(category.getId());
}
topic.setCategories(categories);
if(stakeholder.getDefaultId() == null) {
@ -195,7 +213,7 @@ public class TopicController {
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Delete topic: You are not authorized to update stakeholder with id: "+stakeholderId);
throw new ForbiddenException("Delete topic: You are not authorized to update stakeholder with id: "+stakeholderId);
}
Topic<String> topic = topicDAO.findById(topicId);
@ -203,7 +221,7 @@ public class TopicController {
if(topic.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Delete topic: You are not authorized to delete a default Topic in stakeholder with id: "+stakeholderId);
throw new ForbiddenException("Delete topic: You are not authorized to delete a default Topic in stakeholder with id: "+stakeholderId);
}
List<String> topics = stakeholder.getTopics();
@ -269,7 +287,7 @@ public class TopicController {
stakeholderDAO.save(stakeholder);
topicDAO.delete(topicId);
log.debug("Category deleted!");
log.debug("Topic deleted!");
} else {
// EXCEPTION - Topic not found in Stakeholder: stakeholder.getAlias();
throw new PathNotValidException("Delete topic: Topic with id: "+topicId+" not found in Stakeholder: "+stakeholderId);
@ -322,7 +340,7 @@ public class TopicController {
topic.setDefaultId(null);
topicDAO.save(topic);
log.debug("DefaultId for Topic with id: "+topic.getId()+" empty!");
log.debug("DefaultId for Topic with id: "+topic.getId()+" cleared!");
}
}
return true;
@ -342,18 +360,30 @@ public class TopicController {
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Reorder topics: You are not authorized to update stakeholder with id: "+stakeholderId);
throw new ForbiddenException("Reorder topics: You are not authorized to update stakeholder with id: "+stakeholderId);
}
List<String> oldTopics = stakeholder.getTopics();
for (String topicId : oldTopics) {
if (!topics.contains(topicId)) {
topics.add(topicId);
}
}
stakeholder.setTopics(topics);
List<Topic> topicsFull = new ArrayList<>();
for (String topicId : topics) {
Topic topic = topicDAO.findById(topicId);
if(topic == null) {
// EXCEPTION - Topic not found
throw new EntityNotFoundException("Reorder Topics: Topic with id: " + topicId + " not found");
}
topicsFull.add(topic);
}
stakeholderDAO.save(stakeholder);
log.debug("Topics reordered!");
List<Topic> topicsFull = new ArrayList<>();
for (String topicId : topics) {
topicsFull.add(topicDAO.findById(topicId));
}
return topicsFull;
} else {
// EXCEPTION - Stakeholder not found
@ -425,7 +455,7 @@ public class TopicController {
List<String> roles = rolesUtils.getRoles();
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
// EXCEPTION - Access denied
throw new AccessDeniedException("Toggle topic: You are not authorized to update stakeholder with id: "+stakeholderId);
throw new ForbiddenException("Toggle topic: You are not authorized to update stakeholder with id: "+stakeholderId);
}
if (stakeholder.getTopics().contains(topic.getId())) {

42
src/main/java/eu/dnetlib/uoamonitorservice/entities/ReorderEvent.java Normal file
View File

@ -0,0 +1,42 @@
package eu.dnetlib.uoamonitorservice.entities;
import java.util.List;
public class ReorderEvent {
private String action; // "moved", "added", "removed"
private String target;
private List<String> ids;
public String getAction() {
return action;
}
public void setAction(String action) {
this.action = action;
}
public String getTarget() {
return target;
}
public void setTarget(String target) {
this.target = target;
}
public List<String> getIds() {
return ids;
}
public void setIds(List<String> ids) {
this.ids = ids;
}
@Override
public String toString() {
return "ReorderEvent{" +
"action='" + action + '\'' +
", target='" + target + '\'' +
", ids=" + ids +
'}';
}
}

49
src/main/java/eu/dnetlib/uoamonitorservice/handlers/ExceptionsHandler.java
View File

@ -1,55 +1,18 @@
package eu.dnetlib.uoamonitorservice.handlers;
import eu.dnetlib.uoamonitorservice.responses.ExceptionResponse;
import eu.dnetlib.uoaadmintoolslibrary.responses.ExceptionResponse;
import org.apache.log4j.Logger;
import org.springframework.data.crossstore.ChangeSetPersister;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.web.bind.MissingServletRequestParameterException;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.multipart.support.MissingServletRequestPartException;
@ControllerAdvice
@RestController
public class ExceptionsHandler {
private final Logger log = Logger.getLogger(this.getClass());
@ExceptionHandler(MissingServletRequestParameterException.class)
public ResponseEntity<ExceptionResponse> invalidInput(Exception ex) {
ExceptionResponse response = new ExceptionResponse();
response.setErrorCode("Validation Error");
response.setErrorMessage("Invalid inputs");
response.setErrors(ex.getMessage());
response.setStatus(HttpStatus.BAD_REQUEST);
log.error("invalidInput exception : "+ ex.getMessage());
return new ResponseEntity<ExceptionResponse>(response, HttpStatus.BAD_REQUEST);
}
@ExceptionHandler(NullPointerException.class)
public ResponseEntity<ExceptionResponse> nullPointerException(Exception ex) {
ExceptionResponse response = new ExceptionResponse();
response.setErrorCode("Null pointer Exception");
response.setErrorMessage("Null pointer Exception");
response.setErrors(ex.getMessage());
response.setStatus(HttpStatus.BAD_REQUEST);
log.error("nullPointerException exception : "+ ex.getMessage());
return new ResponseEntity<ExceptionResponse>(response, HttpStatus.BAD_REQUEST);
}
@ExceptionHandler(ChangeSetPersister.NotFoundException.class)
public ResponseEntity<ExceptionResponse> notFoundException(Exception ex) {
ExceptionResponse response = new ExceptionResponse();
response.setErrorCode("Not found Exception");
response.setErrorMessage("Not found Exception");
response.setErrors(ex.getMessage());
response.setStatus(HttpStatus.NOT_FOUND);
log.error("notFoundException exception : "+ ex.getMessage());
return new ResponseEntity<ExceptionResponse>(response, HttpStatus.NOT_FOUND);
}
@ExceptionHandler(EntityNotFoundException.class)
public ResponseEntity<ExceptionResponse> entityNotFoundException(Exception ex) {
ExceptionResponse response = new ExceptionResponse();
@ -72,14 +35,4 @@ public class ExceptionsHandler {
return new ResponseEntity<ExceptionResponse>(response, HttpStatus.NOT_FOUND);
}
@ExceptionHandler(AccessDeniedException.class)
public ResponseEntity<ExceptionResponse> accessDeniedException(Exception ex) {
ExceptionResponse response = new ExceptionResponse();
response.setErrorCode("Forbidden Exception");
response.setErrorMessage("Access Denied Exception");
response.setErrors(ex.getMessage());
response.setStatus(HttpStatus.FORBIDDEN);
log.error("accessDeniedException exception : "+ ex.getMessage());
return new ResponseEntity<ExceptionResponse>(response, HttpStatus.FORBIDDEN);
}
}

7
src/main/java/eu/dnetlib/uoamonitorservice/handlers/utils/RolesUtils.java
View File

@ -55,6 +55,13 @@ public class RolesUtils {
return roles.contains(authorizationService.member(type, id));
}
public boolean isLoggedIn(List<String> roles) {
if(roles == null || roles.contains(authorizationService.ANONYMOUS_USER)) {
return false;
}
return true;
}
public boolean hasUpdateAuthority(List<String> roles, String type, String id) {
return isPortalAdmin(roles) || isCurator(roles, type) || isManager(roles, type, id);
}

40
src/main/java/eu/dnetlib/uoamonitorservice/responses/ExceptionResponse.java
View File

@ -1,40 +0,0 @@
package eu.dnetlib.uoamonitorservice.responses;
import org.springframework.http.HttpStatus;
public class ExceptionResponse {
private HttpStatus status;
private String errorCode;
private String errorMessage;
private String errors;
public ExceptionResponse() {}
public HttpStatus getStatus() { return status; }
public void setStatus(HttpStatus status) { this.status = status; }
public String getErrorCode() {
return errorCode;
}
public void setErrorCode(String errorCode) {
this.errorCode = errorCode;
}
public String getErrorMessage() {
return errorMessage;
}
public void setErrorMessage(String errorMessage) {
this.errorMessage = errorMessage;
}
public String getErrors() {
return errors;
}
public void setErrors(String errors) {
this.errors = errors;
}
}