diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/controllers/CategoryController.java b/src/main/java/eu/dnetlib/uoamonitorservice/controllers/CategoryController.java index 119a53f..7641678 100644 --- a/src/main/java/eu/dnetlib/uoamonitorservice/controllers/CategoryController.java +++ b/src/main/java/eu/dnetlib/uoamonitorservice/controllers/CategoryController.java @@ -3,6 +3,7 @@ package eu.dnetlib.uoamonitorservice.controllers; import eu.dnetlib.uoamonitorservice.dao.*; import eu.dnetlib.uoamonitorservice.entities.*; import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; +import eu.dnetlib.uoaadmintoolslibrary.handlers.ForbiddenException; import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException; import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils; import org.apache.log4j.Logger; @@ -80,12 +81,16 @@ public class CategoryController { List roles = rolesUtils.getRoles(); if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Save Category: You are not authorized to update stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Save Category: You are not authorized to update stakeholder with id: "+stakeholderId); } Category oldCategory = null; if(categoryFull.getId() != null) { oldCategory = categoryDAO.findById(categoryFull.getId()); + if(oldCategory == null) { + // EXCEPTION - Category not found + throw new EntityNotFoundException("save category: Category with id: " + categoryFull.getId() + " not found"); + } } Topic topic = topicDAO.findById(topicId); @@ -97,6 +102,8 @@ public class CategoryController { category.setUpdateDate(date); categoryFull.setUpdateDate(date); + List subCategories = new ArrayList<>(); + // if category not exists (no id), create a new default subcategory, identical to category if(categoryFull.getId() == null) { category.setCreationDate(date); @@ -106,14 +113,24 @@ public class CategoryController { subCategory.createOverviewSubCategory(categoryFull); subCategoryDAO.save(subCategory); - List subCategories = categoryFull.getSubCategories(); - subCategories.add(subCategory); + + List subCategoriesFull = categoryFull.getSubCategories(); + subCategoriesFull.add(subCategory); + + for(SubCategory oldSubCategory : subCategoriesFull) { + subCategories.add(oldSubCategory.getId()); + } + } else { + for(String subCategoryId : oldCategory.getSubCategories()) { + SubCategory subCategory = subCategoryDAO.findById(subCategoryId); + if (subCategory == null) { + // EXCEPTION - SubCategory not found + throw new EntityNotFoundException("Save category: SubCategory with id: "+subCategoryId+" not found (subcategory exists in category: "+category.getId()+")"); + } + subCategories.add(subCategory.getId()); + } } - List subCategories = new ArrayList<>(); - for(SubCategory subCategory : categoryFull.getSubCategories()) { - subCategories.add(subCategory.getId()); - } category.setSubCategories(subCategories); if(stakeholder.getDefaultId() == null) { @@ -223,7 +240,7 @@ public class CategoryController { List roles = rolesUtils.getRoles(); if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Delete category: You are not authorized to update stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Delete category: You are not authorized to update stakeholder with id: "+stakeholderId); } Topic topic = topicDAO.findById(topicId); @@ -235,7 +252,7 @@ public class CategoryController { if(category.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Delete category: You are not authorized to delete a default Category in stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Delete category: You are not authorized to delete a default Category in stakeholder with id: "+stakeholderId); } @@ -369,15 +386,27 @@ public class CategoryController { Topic topic = checkForExceptions(stakeholderId, topicId); + List oldCategories = topic.getCategories(); + for (String categoryId : oldCategories) { + if (!categories.contains(categoryId)) { + categories.add(categoryId); + } + } topic.setCategories(categories); + List categoriesFull = new ArrayList<>(); + for(String categoryId : categories) { + Category category = categoryDAO.findById(categoryId); + if(category == null) { + // EXCEPTION - Category not found + throw new EntityNotFoundException("Reorder Categories: Category with id: " + categoryId + " not found"); + } + categoriesFull.add(category); + } + topicDAO.save(topic); log.debug("Categories reordered!"); - List categoriesFull = new ArrayList<>(); - for(String categoryId : categories) { - categoriesFull.add(categoryDAO.findById(categoryId)); - } return categoriesFull; } @@ -448,7 +477,7 @@ public class CategoryController { List roles = rolesUtils.getRoles(); if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Toggle category: You are not authorized to update stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Toggle category: You are not authorized to update stakeholder with id: "+stakeholderId); } Topic topic = topicDAO.findById(topicId); @@ -488,7 +517,7 @@ public class CategoryController { List roles = rolesUtils.getRoles(); if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { // EXCEPTION - Access denied - throw new AccessDeniedException("checkForExceptions category: You are not authorized to update stakeholder with id: "+stakeholderId); + throw new ForbiddenException("checkForExceptions category: You are not authorized to update stakeholder with id: "+stakeholderId); } Topic topic = topicDAO.findById(topicId); diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/controllers/IndicatorController.java b/src/main/java/eu/dnetlib/uoamonitorservice/controllers/IndicatorController.java index 6c718a2..1a325d8 100644 --- a/src/main/java/eu/dnetlib/uoamonitorservice/controllers/IndicatorController.java +++ b/src/main/java/eu/dnetlib/uoamonitorservice/controllers/IndicatorController.java @@ -4,6 +4,7 @@ package eu.dnetlib.uoamonitorservice.controllers; import eu.dnetlib.uoamonitorservice.dao.*; import eu.dnetlib.uoamonitorservice.entities.*; import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; +import eu.dnetlib.uoaadmintoolslibrary.handlers.ForbiddenException; import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException; import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils; import org.apache.log4j.Logger; @@ -13,6 +14,7 @@ import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; import java.io.UnsupportedEncodingException; +import java.lang.reflect.Field; import java.net.URLEncoder; import java.util.*; @@ -62,6 +64,10 @@ public class IndicatorController { Indicator oldIndicator = null; if(indicator.getId() != null) { oldIndicator = indicatorDAO.findById(indicator.getId()); + if(oldIndicator == null) { + // EXCEPTION - Indicator not found + throw new EntityNotFoundException("save indicator: Indicator with id: " + indicator.getId() + " not found"); + } } else { // indicator does not exist in DB indicator.setCreationDate(date); } @@ -387,7 +393,7 @@ public class IndicatorController { List roles = rolesUtils.getRoles(); if(indicator.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Delete indicator: You are not authorized to delete a default Indicator in stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Delete indicator: You are not authorized to delete a default Indicator in stakeholder with id: "+stakeholderId); } List indicators = section.getIndicators(); @@ -568,21 +574,37 @@ public class IndicatorController { @PathVariable("subcategoryId") String subcategoryId, @PathVariable("sectionId") String sectionId, @PathVariable("type") String type, - @RequestBody List indicators) { + @RequestBody ReorderEvent reorderEvent) { log.debug("reorder indicators of type: "+type); log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId+ " - SubCategory: "+subcategoryId + " - Section: "+sectionId); + List indicators = reorderEvent.getIds(); + String actionType = reorderEvent.getAction(); + String targetId = reorderEvent.getTarget(); + Section section = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId, sectionId, type); + List oldIndicators = section.getIndicators(); + for (String indicatorId : oldIndicators) { + if ((!actionType.equals("removed") || !targetId.equals(indicatorId)) && !indicators.contains(indicatorId)) { + indicators.add(indicatorId); + } + } section.setIndicators(indicators); + List indicatorsFull = new ArrayList<>(); + for(String indicatorId : indicators) { + Indicator indicator = indicatorDAO.findById(indicatorId); + if(indicator == null) { + // EXCEPTION - Indicator not found + throw new EntityNotFoundException("Reorder indicators: Indicator with id: " + indicatorId + " not found"); + } + indicatorsFull.add(indicator); + } + sectionDAO.save(section); log.debug("Indicators reordered!"); - List indicatorsFull = new ArrayList<>(); - for(String indicatorId : indicators) { - indicatorsFull.add(indicatorDAO.findById(indicatorId)); - } return indicatorsFull; } @@ -680,7 +702,7 @@ public class IndicatorController { List roles = rolesUtils.getRoles(); if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { // EXCEPTION - Access denied - throw new AccessDeniedException("CheckForExceptions Indicator: You are not authorized to update stakeholder with id: "+stakeholderId); + throw new ForbiddenException("CheckForExceptions Indicator: You are not authorized to update stakeholder with id: "+stakeholderId); } Topic topic = topicDAO.findById(topicId); diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/controllers/SectionController.java b/src/main/java/eu/dnetlib/uoamonitorservice/controllers/SectionController.java index b02f7a3..4b67873 100644 --- a/src/main/java/eu/dnetlib/uoamonitorservice/controllers/SectionController.java +++ b/src/main/java/eu/dnetlib/uoamonitorservice/controllers/SectionController.java @@ -3,6 +3,7 @@ package eu.dnetlib.uoamonitorservice.controllers; import eu.dnetlib.uoamonitorservice.dao.*; import eu.dnetlib.uoamonitorservice.entities.*; import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; +import eu.dnetlib.uoaadmintoolslibrary.handlers.ForbiddenException; import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException; import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils; import org.apache.log4j.Logger; @@ -91,19 +92,35 @@ public class SectionController { section.setUpdateDate(date); sectionFull.setUpdateDate(date); + List indicators = new ArrayList<>(); + Section oldSection = null; if(sectionFull.getId() != null) { oldSection = sectionDAO.findById(sectionFull.getId()); + if(oldSection == null) { + // EXCEPTION - Section not found + throw new EntityNotFoundException("save section: Section with id: " + sectionFull.getId() + " not found"); + } + + for(String indicatorId : oldSection.getIndicators()) { + Indicator indicator = indicatorDAO.findById(indicatorId); + if (indicator == null) { + // EXCEPTION - Indicator not found + throw new EntityNotFoundException("Save section: Indicator with id: "+indicatorId+" not found (indicator exists in section: "+section.getId()+")"); + } + indicators.add(indicator.getId()); + } } else { // section does not exist in DB section.setCreationDate(date); sectionFull.setCreationDate(date); + + for(Indicator indicator : sectionFull.getIndicators()) { + indicators.add(indicator.getId()); + } } String sectionId = sectionFull.getId(); - List indicators = new ArrayList<>(); - for(Indicator indicator : sectionFull.getIndicators()) { - indicators.add(indicator.getId()); - } + section.setIndicators(indicators); Stakeholder stakeholder = stakeholderDAO.findById(stakeholderId); @@ -223,7 +240,7 @@ public class SectionController { List roles = rolesUtils.getRoles(); if(section.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Delete section: You are not authorized to delete a default Section in stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Delete section: You are not authorized to delete a default Section in stakeholder with id: "+stakeholderId); } String type = ""; @@ -321,18 +338,36 @@ public class SectionController { SubCategory subCategory = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId); if (type.equals("chart")) { + List oldSections = subCategory.getCharts(); + for (String sectionId : oldSections) { + if (!sections.contains(sectionId)) { + sections.add(sectionId); + } + } subCategory.setCharts(sections); } else if (type.equals("number")) { + List oldSections = subCategory.getNumbers(); + for (String sectionId : oldSections) { + if (!sections.contains(sectionId)) { + sections.add(sectionId); + } + } subCategory.setNumbers(sections); } + List
sectionsFull = new ArrayList<>(); + for(String sectionId : sections) { + Section section = sectionDAO.findById(sectionId); + if(section == null) { + // EXCEPTION - Section not found + throw new EntityNotFoundException("Reorder sections: Section with id: " + sectionId + " not found"); + } + sectionsFull.add(section); + } + subCategoryDAO.save(subCategory); log.debug("Sections reordered!"); - List
sectionsFull = new ArrayList<>(); - for(String sectionId : sections) { - sectionsFull.add(sectionDAO.findById(sectionId)); - } return sectionsFull; } @@ -411,7 +446,7 @@ public class SectionController { List roles = rolesUtils.getRoles(); if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { // EXCEPTION - Access denied - throw new AccessDeniedException("CheckForExceptions Section: You are not authorized to update stakeholder with id: "+stakeholderId); + throw new ForbiddenException("CheckForExceptions Section: You are not authorized to update stakeholder with id: "+stakeholderId); } Topic topic = topicDAO.findById(topicId); diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/controllers/StakeholderController.java b/src/main/java/eu/dnetlib/uoamonitorservice/controllers/StakeholderController.java index dbdb6aa..9547f07 100644 --- a/src/main/java/eu/dnetlib/uoamonitorservice/controllers/StakeholderController.java +++ b/src/main/java/eu/dnetlib/uoamonitorservice/controllers/StakeholderController.java @@ -3,11 +3,13 @@ package eu.dnetlib.uoamonitorservice.controllers; import eu.dnetlib.uoamonitorservice.dao.*; import eu.dnetlib.uoamonitorservice.entities.*; import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; +import eu.dnetlib.uoaadmintoolslibrary.handlers.ForbiddenException; import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils; import org.apache.log4j.Logger; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.access.AccessDeniedException; +import org.springframework.security.access.AuthorizationServiceException; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; @@ -45,6 +47,25 @@ public class StakeholderController { @Autowired private TopicController topicController; + @PreAuthorize("isAuthenticated()") + @RequestMapping(value = "/stakeholder/alias", method = RequestMethod.GET) + public List getAllReservedStakeholderAlias() { +// log.debug("get all stakeholder reserved alias-es"); + List stakeholderAlias = new ArrayList<>(); + + List stakeholders = stakeholderDAO.findAll(); + if(stakeholders != null) { + stakeholders.forEach(stakeholder -> { + stakeholderAlias.add(stakeholder.getAlias()); + }); + } + stakeholderAlias.add( "all"); + stakeholderAlias.add("default"); + stakeholderAlias.add("alias"); + + return stakeholderAlias; + } + // @PreAuthorize("isAuthenticated()") @PreAuthorize("hasAnyAuthority(" + "@AuthorizationService.PORTAL_ADMIN, " + @@ -202,6 +223,24 @@ public class StakeholderController { return stakeholderFull; } +// private SubCategory setFullSubcategory(SubCategory subCategory) { +// SubCategory subCategoryFull = new SubCategory>(subCategory); +// +// List
sectionsCharts = new ArrayList<>(); +// +// for(String sectionId : subCategory.getCharts()) { +// sectionsCharts.add(getSectionFull(sectionId, subCategoryId, addAll, addPublicAndRestricted)); +// } +// subCategoryFull.setCharts(sectionsCharts); +// +// List
sectionsNumbers = new ArrayList<>(); +// +// for(String sectionId : subCategory.getNumbers()) { +// sectionsNumbers.add(getSectionFull(sectionId, subCategoryId, addAll, addPublicAndRestricted)); +// } +// subCategoryFull.setNumbers(sectionsNumbers); +// } + private Section getSectionFull(String sectionId, String subCategoryId, boolean addAll, boolean addPublicAndRestricted) { Section section = sectionDAO.findById(sectionId); if (section == null) { @@ -235,7 +274,7 @@ public class StakeholderController { "@AuthorizationService.PORTAL_ADMIN)") @RequestMapping(value = "/stakeholder/all", method = RequestMethod.GET) public List getAllStakeholders(@RequestParam(required = false) String type) { - log.debug("get all stakeholders" + (type != null ? " with type: "+type : "")); +// log.debug("get all stakeholders" + (type != null ? " with type: "+type : "")); List stakeholders; if(type == null) { @@ -256,7 +295,7 @@ public class StakeholderController { @PreAuthorize("isAuthenticated()") @RequestMapping(value = "/stakeholder/default", method = RequestMethod.GET) public List getAllDefaultStakeholders(@RequestParam(required = false) String type) { - log.debug("get all default stakeholders" + (type != null ? " with type: "+type : "")); +// log.debug("get all default stakeholders" + (type != null ? " with type: "+type : "")); List stakeholders; if(type == null) { @@ -299,7 +338,7 @@ public class StakeholderController { @RequestMapping(value = "/stakeholder", method = RequestMethod.GET) public List getAllRealStakeholders(@RequestParam(required = false) String type) { - log.debug("get all NOT default stakeholders" + (type != null ? " with type: "+type : "")); +// log.debug("get all NOT default stakeholders" + (type != null ? " with type: "+type : "")); List stakeholders; if(type == null) { @@ -351,7 +390,7 @@ public class StakeholderController { @PreAuthorize("isAuthenticated()") @RequestMapping(value = "/my-stakeholder", method = RequestMethod.GET) public List getMyRealStakeholders(@RequestParam(required = false) String type) { - log.debug("get my NOT default stakeholders" + (type != null ? " with type: "+type : "")); +// log.debug("get my NOT default stakeholders" + (type != null ? " with type: "+type : "")); List stakeholders; if(type == null) { @@ -398,7 +437,7 @@ public class StakeholderController { @RequestMapping(value = "/stakeholder/{alias}", method = RequestMethod.GET) public Stakeholder getStakeholder(@PathVariable("alias") String alias) { - log.debug("get stakeholder: "+alias); +// log.debug("get stakeholder: "+alias); Stakeholder stakeholder = stakeholderDAO.findByAlias(alias); if(stakeholder == null) { @@ -409,10 +448,19 @@ public class StakeholderController { // List roles = authorizationService.getRoles(); List roles = rolesUtils.getRoles(); + if(stakeholder.getDefaultId() == null && !rolesUtils.isLoggedIn(roles)) { + // EXCEPTION - Unauthorized + throw new AccessDeniedException("Get stakeholder: You are not authorized (not logged in) to access stakeholder with alias: "+alias); + } + if(stakeholder.getDefaultId() == null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) { + // EXCEPTION - Access denied + throw new ForbiddenException("Get stakeholder: You are not authorized to access stakeholder with alias: "+alias); + } + if((stakeholder.getVisibility() == Visibility.PRIVATE && !rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias()) || (stakeholder.getVisibility() == Visibility.RESTRICTED && !rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias()) && !rolesUtils.isMember(roles, stakeholder.getType(), stakeholder.getAlias())))) { // // EXCEPTION - Access denied -// throw new AccessDeniedException("Get stakeholder: You are not authorized to get stakeholder with alias: "+alias); +// throw new ForbiddenException("Get stakeholder: You are not authorized to get stakeholder with alias: "+alias); List topicsEmpty = stakeholder.getTopics(); topicsEmpty.clear(); stakeholder.setTopics(topicsEmpty); @@ -424,11 +472,11 @@ public class StakeholderController { } // @PreAuthorize("isAuthenticated()") - @PreAuthorize("hasAnyAuthority(" + - "@AuthorizationService.PORTAL_ADMIN, " + - "@AuthorizationService.curator(#stakeholderFull.getType()), " + - "@AuthorizationService.manager(#stakeholderFull.getType(), #stakeholderFull.getAlias()) " + - ")") + @PreAuthorize("hasAnyAuthority(" + + "@AuthorizationService.PORTAL_ADMIN, " + + "@AuthorizationService.curator(#stakeholderFull.getType()), " + + "@AuthorizationService.manager(#stakeholderFull.getType(), #stakeholderFull.getAlias()) " + + ")") @RequestMapping(value = "/save", method = RequestMethod.POST) public Stakeholder saveStakeholder(@RequestBody Stakeholder stakeholderFull) { log.debug("save stakeholder"); @@ -444,15 +492,33 @@ public class StakeholderController { Date date = new Date(); stakeholder.setUpdateDate(date); + List topics = new ArrayList<>(); + // stakeholder does not exist in DB if(stakeholderFull.getId() == null) { stakeholder.setCreationDate(date); + + for(Topic topic : stakeholderFull.getTopics()) { + topics.add(topic.getId()); + } + } else { + Stakeholder oldStakeholder = stakeholderDAO.findById(stakeholderFull.getId()); + if(oldStakeholder == null) { + // EXCEPTION - Stakeholder not found + throw new EntityNotFoundException("save stakeholder: Stakeholder with id: "+stakeholderFull.getId()+" not found"); + } + for(String topicId : oldStakeholder.getTopics()) { + Topic topic = topicDAO.findById(topicId); + if (topic == null) { + // EXCEPTION - Topic not found + throw new EntityNotFoundException("Save stakeholder: Topic with id: "+topicId+" not found (topic exists in stakeholder: "+stakeholder.getId()+")"); + } + topics.add(topic.getId()); + } +// stakeholder.setTopics(topics); +// stakeholderFull = this.setFullEntities(stakeholder, rolesUtils.getRoles()); } - List topics = new ArrayList<>(); - for(Topic topic : stakeholderFull.getTopics()) { - topics.add(topic.getId()); - } stakeholder.setTopics(topics); Stakeholder stakeholderSaved = stakeholderDAO.save(stakeholder); @@ -483,7 +549,7 @@ public class StakeholderController { // && !roles.contains(authorizationService.curator(stakeholder.getType()))) { if(!rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Delete stakeholder: You are not authorized to delete stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Delete stakeholder: You are not authorized to delete stakeholder with id: "+stakeholderId); } // for(String topicId : stakeholder.getTopics()) { @@ -615,7 +681,7 @@ public class StakeholderController { // && !roles.contains(authorizationService.manager(stakeholder.getType(), stakeholder.getAlias()))) { if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Change stakeholder visibility: You are not authorized to update stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Change stakeholder visibility: You are not authorized to update stakeholder with id: "+stakeholderId); } stakeholder.setVisibility(visibility); diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/controllers/SubCategoryController.java b/src/main/java/eu/dnetlib/uoamonitorservice/controllers/SubCategoryController.java index 854f448..fd2e18a 100644 --- a/src/main/java/eu/dnetlib/uoamonitorservice/controllers/SubCategoryController.java +++ b/src/main/java/eu/dnetlib/uoamonitorservice/controllers/SubCategoryController.java @@ -3,6 +3,7 @@ package eu.dnetlib.uoamonitorservice.controllers; import eu.dnetlib.uoamonitorservice.dao.*; import eu.dnetlib.uoamonitorservice.entities.*; import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; +import eu.dnetlib.uoaadmintoolslibrary.handlers.ForbiddenException; import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException; import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils; import org.apache.log4j.Logger; @@ -101,12 +102,45 @@ public class SubCategoryController { subCategory.setUpdateDate(date); subcategoryFull.setUpdateDate(date); + List chartSections = new ArrayList<>(); + List numberSections = new ArrayList<>(); + SubCategory oldSubcategory = null; if(subcategoryFull.getId() != null) { oldSubcategory = subCategoryDAO.findById(subcategoryFull.getId()); + if(oldSubcategory == null) { + // EXCEPTION - SubCategory not found + throw new EntityNotFoundException("save subcategory: SubCategory with id: " + subcategoryFull.getId() + " not found"); + } + + for(String chartSectionId : oldSubcategory.getCharts()) { + Section section = sectionDAO.findById(chartSectionId); + if (section == null) { + // EXCEPTION - Section not found + throw new EntityNotFoundException("Save subcategory: Chart section with id: "+chartSectionId+" not found (section exists in subcategory: "+subCategory.getId()+")"); + } + chartSections.add(section.getId()); + } + + for(String numberSectionId : oldSubcategory.getNumbers()) { + Section section = sectionDAO.findById(numberSectionId); + if (section == null) { + // EXCEPTION - Section not found + throw new EntityNotFoundException("Save subcategory: Number section with id: "+numberSectionId+" not found (section exists in subcategory: "+subCategory.getId()+")"); + } + numberSections.add(section.getId()); + } } else { // subcategory does not exist in DB subCategory.setCreationDate(date); subcategoryFull.setCreationDate(date); + + for(Section chartSection : subcategoryFull.getCharts()) { + chartSections.add(chartSection.getId()); + } + + for(Section numberSection : subcategoryFull.getNumbers()) { + numberSections.add(numberSection.getId()); + } } // List charts = new ArrayList<>(); @@ -121,16 +155,8 @@ public class SubCategoryController { // } // subCategory.setNumbers(numbers); - List chartSections = new ArrayList<>(); - for(Section chartSection : subcategoryFull.getCharts()) { - chartSections.add(chartSection.getId()); - } - subCategory.setCharts(chartSections); - List numberSections = new ArrayList<>(); - for(Section numberSection : subcategoryFull.getNumbers()) { - numberSections.add(numberSection.getId()); - } + subCategory.setCharts(chartSections); subCategory.setNumbers(numberSections); Stakeholder stakeholder = stakeholderDAO.findById(stakeholderId); @@ -231,7 +257,7 @@ public class SubCategoryController { List roles = rolesUtils.getRoles(); if(subcategory.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Delete subcategory: You are not authorized to delete a default SubCategory in stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Delete subcategory: You are not authorized to delete a default SubCategory in stakeholder with id: "+stakeholderId); } List subcategories = category.getSubCategories(); @@ -344,15 +370,27 @@ public class SubCategoryController { Category category = checkForExceptions(stakeholderId, topicId, categoryId); + List oldSubcategories = category.getSubCategories(); + for (String subcategoryId : oldSubcategories) { + if (!subCategories.contains(subcategoryId)) { + subCategories.add(subcategoryId); + } + } category.setSubCategories(subCategories); + List subCategoriesFull = new ArrayList<>(); + for(String subCategoryId : subCategories) { + SubCategory subCategory = subCategoryDAO.findById(subCategoryId); + if(subCategory == null) { + // EXCEPTION - SubCategory not found + throw new EntityNotFoundException("Reorder subCategories: subCategory with id: " + subCategoryId + " not found"); + } + subCategoriesFull.add(subCategory); + } + categoryDAO.save(category); log.debug("SubCategories reordered!"); - List subCategoriesFull = new ArrayList<>(); - for(String subCategoryId : subCategories) { - subCategoriesFull.add(subCategoryDAO.findById(subCategoryId)); - } return subCategoriesFull; } @@ -443,7 +481,7 @@ public class SubCategoryController { List roles = rolesUtils.getRoles(); if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { // EXCEPTION - Access denied - throw new AccessDeniedException("CheckForExceptions SubCategory: You are not authorized to update stakeholder with id: "+stakeholderId); + throw new ForbiddenException("CheckForExceptions SubCategory: You are not authorized to update stakeholder with id: "+stakeholderId); } Topic topic = topicDAO.findById(topicId); diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/controllers/TopicController.java b/src/main/java/eu/dnetlib/uoamonitorservice/controllers/TopicController.java index 9442415..748c579 100644 --- a/src/main/java/eu/dnetlib/uoamonitorservice/controllers/TopicController.java +++ b/src/main/java/eu/dnetlib/uoamonitorservice/controllers/TopicController.java @@ -3,6 +3,7 @@ package eu.dnetlib.uoamonitorservice.controllers; import eu.dnetlib.uoamonitorservice.dao.*; import eu.dnetlib.uoamonitorservice.entities.*; import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; +import eu.dnetlib.uoaadmintoolslibrary.handlers.ForbiddenException; import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException; import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils; import org.apache.log4j.Logger; @@ -33,6 +34,9 @@ public class TopicController { @Autowired private CategoryController categoryController; + @Autowired + private CategoryDAO categoryDAO; + public Topic buildTopic(Topic topicFull) { Topic topic = new Topic<>(topicFull); @@ -72,7 +76,7 @@ public class TopicController { List roles = rolesUtils.getRoles(); if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Save Topic: You are not authorized to update stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Save Topic: You are not authorized to update stakeholder with id: "+stakeholderId); } Topic topic = new Topic<>(topicFull); @@ -80,18 +84,32 @@ public class TopicController { topic.setUpdateDate(date); topicFull.setUpdateDate(date); + List categories = new ArrayList<>(); + Topic oldTopic = null; if(topicFull.getId() != null) { oldTopic = topicDAO.findById(topicFull.getId()); + if(oldTopic == null) { + // EXCEPTION - Topic not found + throw new EntityNotFoundException("save topic: Topic with id: "+topicFull.getId()+" not found"); + } + for(String categoryId : oldTopic.getCategories()) { + Category category = categoryDAO.findById(categoryId); + if (category == null) { + // EXCEPTION - Category not found + throw new EntityNotFoundException("Save topic: Category with id: "+categoryId+" not found (category exists in topic: "+topic.getId()+")"); + } + categories.add(category.getId()); + } } else { // topic does not exist in DB topic.setCreationDate(date); topicFull.setCreationDate(date); + + for(Category category : topicFull.getCategories()) { + categories.add(category.getId()); + } } - List categories = new ArrayList<>(); - for(Category category : topicFull.getCategories()) { - categories.add(category.getId()); - } topic.setCategories(categories); if(stakeholder.getDefaultId() == null) { @@ -195,7 +213,7 @@ public class TopicController { List roles = rolesUtils.getRoles(); if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Delete topic: You are not authorized to update stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Delete topic: You are not authorized to update stakeholder with id: "+stakeholderId); } Topic topic = topicDAO.findById(topicId); @@ -203,7 +221,7 @@ public class TopicController { if(topic.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Delete topic: You are not authorized to delete a default Topic in stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Delete topic: You are not authorized to delete a default Topic in stakeholder with id: "+stakeholderId); } List topics = stakeholder.getTopics(); @@ -269,7 +287,7 @@ public class TopicController { stakeholderDAO.save(stakeholder); topicDAO.delete(topicId); - log.debug("Category deleted!"); + log.debug("Topic deleted!"); } else { // EXCEPTION - Topic not found in Stakeholder: stakeholder.getAlias(); throw new PathNotValidException("Delete topic: Topic with id: "+topicId+" not found in Stakeholder: "+stakeholderId); @@ -322,7 +340,7 @@ public class TopicController { topic.setDefaultId(null); topicDAO.save(topic); - log.debug("DefaultId for Topic with id: "+topic.getId()+" empty!"); + log.debug("DefaultId for Topic with id: "+topic.getId()+" cleared!"); } } return true; @@ -342,18 +360,30 @@ public class TopicController { List roles = rolesUtils.getRoles(); if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Reorder topics: You are not authorized to update stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Reorder topics: You are not authorized to update stakeholder with id: "+stakeholderId); } + List oldTopics = stakeholder.getTopics(); + for (String topicId : oldTopics) { + if (!topics.contains(topicId)) { + topics.add(topicId); + } + } stakeholder.setTopics(topics); + List topicsFull = new ArrayList<>(); + for (String topicId : topics) { + Topic topic = topicDAO.findById(topicId); + if(topic == null) { + // EXCEPTION - Topic not found + throw new EntityNotFoundException("Reorder Topics: Topic with id: " + topicId + " not found"); + } + topicsFull.add(topic); + } + stakeholderDAO.save(stakeholder); log.debug("Topics reordered!"); - List topicsFull = new ArrayList<>(); - for (String topicId : topics) { - topicsFull.add(topicDAO.findById(topicId)); - } return topicsFull; } else { // EXCEPTION - Stakeholder not found @@ -425,7 +455,7 @@ public class TopicController { List roles = rolesUtils.getRoles(); if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Toggle topic: You are not authorized to update stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Toggle topic: You are not authorized to update stakeholder with id: "+stakeholderId); } if (stakeholder.getTopics().contains(topic.getId())) { diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/entities/ReorderEvent.java b/src/main/java/eu/dnetlib/uoamonitorservice/entities/ReorderEvent.java new file mode 100644 index 0000000..9818c8f --- /dev/null +++ b/src/main/java/eu/dnetlib/uoamonitorservice/entities/ReorderEvent.java @@ -0,0 +1,42 @@ +package eu.dnetlib.uoamonitorservice.entities; + +import java.util.List; + +public class ReorderEvent { + private String action; // "moved", "added", "removed" + private String target; + private List ids; + + public String getAction() { + return action; + } + + public void setAction(String action) { + this.action = action; + } + + public String getTarget() { + return target; + } + + public void setTarget(String target) { + this.target = target; + } + + public List getIds() { + return ids; + } + + public void setIds(List ids) { + this.ids = ids; + } + + @Override + public String toString() { + return "ReorderEvent{" + + "action='" + action + '\'' + + ", target='" + target + '\'' + + ", ids=" + ids + + '}'; + } +} diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/handlers/ExceptionsHandler.java b/src/main/java/eu/dnetlib/uoamonitorservice/handlers/ExceptionsHandler.java index 8f4b4cf..3ac814b 100644 --- a/src/main/java/eu/dnetlib/uoamonitorservice/handlers/ExceptionsHandler.java +++ b/src/main/java/eu/dnetlib/uoamonitorservice/handlers/ExceptionsHandler.java @@ -1,55 +1,18 @@ package eu.dnetlib.uoamonitorservice.handlers; -import eu.dnetlib.uoamonitorservice.responses.ExceptionResponse; +import eu.dnetlib.uoaadmintoolslibrary.responses.ExceptionResponse; import org.apache.log4j.Logger; -import org.springframework.data.crossstore.ChangeSetPersister; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; -import org.springframework.security.access.AccessDeniedException; -import org.springframework.web.bind.MissingServletRequestParameterException; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.RestController; -import org.springframework.web.multipart.support.MissingServletRequestPartException; @ControllerAdvice @RestController public class ExceptionsHandler { private final Logger log = Logger.getLogger(this.getClass()); - @ExceptionHandler(MissingServletRequestParameterException.class) - public ResponseEntity invalidInput(Exception ex) { - ExceptionResponse response = new ExceptionResponse(); - response.setErrorCode("Validation Error"); - response.setErrorMessage("Invalid inputs"); - response.setErrors(ex.getMessage()); - response.setStatus(HttpStatus.BAD_REQUEST); - log.error("invalidInput exception : "+ ex.getMessage()); - return new ResponseEntity(response, HttpStatus.BAD_REQUEST); - } - - @ExceptionHandler(NullPointerException.class) - public ResponseEntity nullPointerException(Exception ex) { - ExceptionResponse response = new ExceptionResponse(); - response.setErrorCode("Null pointer Exception"); - response.setErrorMessage("Null pointer Exception"); - response.setErrors(ex.getMessage()); - response.setStatus(HttpStatus.BAD_REQUEST); - log.error("nullPointerException exception : "+ ex.getMessage()); - return new ResponseEntity(response, HttpStatus.BAD_REQUEST); - } - - @ExceptionHandler(ChangeSetPersister.NotFoundException.class) - public ResponseEntity notFoundException(Exception ex) { - ExceptionResponse response = new ExceptionResponse(); - response.setErrorCode("Not found Exception"); - response.setErrorMessage("Not found Exception"); - response.setErrors(ex.getMessage()); - response.setStatus(HttpStatus.NOT_FOUND); - log.error("notFoundException exception : "+ ex.getMessage()); - return new ResponseEntity(response, HttpStatus.NOT_FOUND); - } - @ExceptionHandler(EntityNotFoundException.class) public ResponseEntity entityNotFoundException(Exception ex) { ExceptionResponse response = new ExceptionResponse(); @@ -72,14 +35,4 @@ public class ExceptionsHandler { return new ResponseEntity(response, HttpStatus.NOT_FOUND); } - @ExceptionHandler(AccessDeniedException.class) - public ResponseEntity accessDeniedException(Exception ex) { - ExceptionResponse response = new ExceptionResponse(); - response.setErrorCode("Forbidden Exception"); - response.setErrorMessage("Access Denied Exception"); - response.setErrors(ex.getMessage()); - response.setStatus(HttpStatus.FORBIDDEN); - log.error("accessDeniedException exception : "+ ex.getMessage()); - return new ResponseEntity(response, HttpStatus.FORBIDDEN); - } } diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/handlers/utils/RolesUtils.java b/src/main/java/eu/dnetlib/uoamonitorservice/handlers/utils/RolesUtils.java index 43a449e..c675a29 100644 --- a/src/main/java/eu/dnetlib/uoamonitorservice/handlers/utils/RolesUtils.java +++ b/src/main/java/eu/dnetlib/uoamonitorservice/handlers/utils/RolesUtils.java @@ -55,6 +55,13 @@ public class RolesUtils { return roles.contains(authorizationService.member(type, id)); } + public boolean isLoggedIn(List roles) { + if(roles == null || roles.contains(authorizationService.ANONYMOUS_USER)) { + return false; + } + return true; + } + public boolean hasUpdateAuthority(List roles, String type, String id) { return isPortalAdmin(roles) || isCurator(roles, type) || isManager(roles, type, id); } diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/responses/ExceptionResponse.java b/src/main/java/eu/dnetlib/uoamonitorservice/responses/ExceptionResponse.java deleted file mode 100644 index 076ba63..0000000 --- a/src/main/java/eu/dnetlib/uoamonitorservice/responses/ExceptionResponse.java +++ /dev/null @@ -1,40 +0,0 @@ -package eu.dnetlib.uoamonitorservice.responses; - -import org.springframework.http.HttpStatus; - -public class ExceptionResponse { - private HttpStatus status; - private String errorCode; - private String errorMessage; - private String errors; - - public ExceptionResponse() {} - - public HttpStatus getStatus() { return status; } - - public void setStatus(HttpStatus status) { this.status = status; } - - public String getErrorCode() { - return errorCode; - } - - public void setErrorCode(String errorCode) { - this.errorCode = errorCode; - } - - public String getErrorMessage() { - return errorMessage; - } - - public void setErrorMessage(String errorMessage) { - this.errorMessage = errorMessage; - } - - public String getErrors() { - return errors; - } - - public void setErrors(String errors) { - this.errors = errors; - } -}