From 38a5a09d8a978c083e7f304de95a4baafa2f5e8a Mon Sep 17 00:00:00 2001 From: "konstantina.galouni" Date: Wed, 9 Dec 2020 14:24:27 +0000 Subject: [PATCH] [Trunk | Monitor Service]: 1. StakeholderController.java & TopicController.java & CategoryController.java & SubCategoryController.java && SectionController.java && IndicatorController.java: a. Comment logs for get requests. b. Use "ForbiddenException" instead of "AccessDeniedException" c. On /save, if full entity has id (already in DB), if not found in DB throw EntityNotFoundException. d. Get children (e.g. when saving a Topic, get its categories) from DB. 2. TopicController.java & CategoryController.java & SubCategoryController.java & SectionController.java: In /reorder, if there are in DB, ids that are missing from reordered list, do reordering and add in the end of list the missing ids. 3. ReorderEvent.java: [NEW] Added class ReorderEvent with fields "action" (String), "target" (String), "ids" (List) (used in IndicatorController.java). 4. IndicatorController.java: a. In /reorder, @RequestBody changed from List indicators to ReorderEvent reorderEvent. b. If there are in DB, ids that are missing from reordered list AND missing id is not moved to other section (action = removed and target = missing id), do reordering and add in the end of list the missing ids. 5. ExceptionsHandler.java: exception handler methods "invalidInput()", "nullPointerException()", "notFoundException()" moved to "Admin Tools Library" - "accessDeniedException()" is removed. 6. responses/ExceptionResponse.java: File and folder deleted (moved to "Admin Tools Library"). 7. RolesUtils.java: Added method "isLoggedIn()" (checks if no roles for user, or user has role "ROLE_ANONYMOUS"). --- .../controllers/CategoryController.java | 59 ++++++++--- .../controllers/IndicatorController.java | 36 +++++-- .../controllers/SectionController.java | 55 ++++++++-- .../controllers/StakeholderController.java | 100 +++++++++++++++--- .../controllers/SubCategoryController.java | 68 +++++++++--- .../controllers/TopicController.java | 60 ++++++++--- .../entities/ReorderEvent.java | 42 ++++++++ .../handlers/ExceptionsHandler.java | 49 +-------- .../handlers/utils/RolesUtils.java | 7 ++ .../responses/ExceptionResponse.java | 40 ------- 10 files changed, 349 insertions(+), 167 deletions(-) create mode 100644 src/main/java/eu/dnetlib/uoamonitorservice/entities/ReorderEvent.java delete mode 100644 src/main/java/eu/dnetlib/uoamonitorservice/responses/ExceptionResponse.java diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/controllers/CategoryController.java b/src/main/java/eu/dnetlib/uoamonitorservice/controllers/CategoryController.java index 119a53f..7641678 100644 --- a/src/main/java/eu/dnetlib/uoamonitorservice/controllers/CategoryController.java +++ b/src/main/java/eu/dnetlib/uoamonitorservice/controllers/CategoryController.java @@ -3,6 +3,7 @@ package eu.dnetlib.uoamonitorservice.controllers; import eu.dnetlib.uoamonitorservice.dao.*; import eu.dnetlib.uoamonitorservice.entities.*; import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; +import eu.dnetlib.uoaadmintoolslibrary.handlers.ForbiddenException; import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException; import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils; import org.apache.log4j.Logger; @@ -80,12 +81,16 @@ public class CategoryController { List roles = rolesUtils.getRoles(); if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Save Category: You are not authorized to update stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Save Category: You are not authorized to update stakeholder with id: "+stakeholderId); } Category oldCategory = null; if(categoryFull.getId() != null) { oldCategory = categoryDAO.findById(categoryFull.getId()); + if(oldCategory == null) { + // EXCEPTION - Category not found + throw new EntityNotFoundException("save category: Category with id: " + categoryFull.getId() + " not found"); + } } Topic topic = topicDAO.findById(topicId); @@ -97,6 +102,8 @@ public class CategoryController { category.setUpdateDate(date); categoryFull.setUpdateDate(date); + List subCategories = new ArrayList<>(); + // if category not exists (no id), create a new default subcategory, identical to category if(categoryFull.getId() == null) { category.setCreationDate(date); @@ -106,14 +113,24 @@ public class CategoryController { subCategory.createOverviewSubCategory(categoryFull); subCategoryDAO.save(subCategory); - List subCategories = categoryFull.getSubCategories(); - subCategories.add(subCategory); + + List subCategoriesFull = categoryFull.getSubCategories(); + subCategoriesFull.add(subCategory); + + for(SubCategory oldSubCategory : subCategoriesFull) { + subCategories.add(oldSubCategory.getId()); + } + } else { + for(String subCategoryId : oldCategory.getSubCategories()) { + SubCategory subCategory = subCategoryDAO.findById(subCategoryId); + if (subCategory == null) { + // EXCEPTION - SubCategory not found + throw new EntityNotFoundException("Save category: SubCategory with id: "+subCategoryId+" not found (subcategory exists in category: "+category.getId()+")"); + } + subCategories.add(subCategory.getId()); + } } - List subCategories = new ArrayList<>(); - for(SubCategory subCategory : categoryFull.getSubCategories()) { - subCategories.add(subCategory.getId()); - } category.setSubCategories(subCategories); if(stakeholder.getDefaultId() == null) { @@ -223,7 +240,7 @@ public class CategoryController { List roles = rolesUtils.getRoles(); if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Delete category: You are not authorized to update stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Delete category: You are not authorized to update stakeholder with id: "+stakeholderId); } Topic topic = topicDAO.findById(topicId); @@ -235,7 +252,7 @@ public class CategoryController { if(category.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Delete category: You are not authorized to delete a default Category in stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Delete category: You are not authorized to delete a default Category in stakeholder with id: "+stakeholderId); } @@ -369,15 +386,27 @@ public class CategoryController { Topic topic = checkForExceptions(stakeholderId, topicId); + List oldCategories = topic.getCategories(); + for (String categoryId : oldCategories) { + if (!categories.contains(categoryId)) { + categories.add(categoryId); + } + } topic.setCategories(categories); + List categoriesFull = new ArrayList<>(); + for(String categoryId : categories) { + Category category = categoryDAO.findById(categoryId); + if(category == null) { + // EXCEPTION - Category not found + throw new EntityNotFoundException("Reorder Categories: Category with id: " + categoryId + " not found"); + } + categoriesFull.add(category); + } + topicDAO.save(topic); log.debug("Categories reordered!"); - List categoriesFull = new ArrayList<>(); - for(String categoryId : categories) { - categoriesFull.add(categoryDAO.findById(categoryId)); - } return categoriesFull; } @@ -448,7 +477,7 @@ public class CategoryController { List roles = rolesUtils.getRoles(); if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Toggle category: You are not authorized to update stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Toggle category: You are not authorized to update stakeholder with id: "+stakeholderId); } Topic topic = topicDAO.findById(topicId); @@ -488,7 +517,7 @@ public class CategoryController { List roles = rolesUtils.getRoles(); if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { // EXCEPTION - Access denied - throw new AccessDeniedException("checkForExceptions category: You are not authorized to update stakeholder with id: "+stakeholderId); + throw new ForbiddenException("checkForExceptions category: You are not authorized to update stakeholder with id: "+stakeholderId); } Topic topic = topicDAO.findById(topicId); diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/controllers/IndicatorController.java b/src/main/java/eu/dnetlib/uoamonitorservice/controllers/IndicatorController.java index 6c718a2..1a325d8 100644 --- a/src/main/java/eu/dnetlib/uoamonitorservice/controllers/IndicatorController.java +++ b/src/main/java/eu/dnetlib/uoamonitorservice/controllers/IndicatorController.java @@ -4,6 +4,7 @@ package eu.dnetlib.uoamonitorservice.controllers; import eu.dnetlib.uoamonitorservice.dao.*; import eu.dnetlib.uoamonitorservice.entities.*; import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; +import eu.dnetlib.uoaadmintoolslibrary.handlers.ForbiddenException; import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException; import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils; import org.apache.log4j.Logger; @@ -13,6 +14,7 @@ import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; import java.io.UnsupportedEncodingException; +import java.lang.reflect.Field; import java.net.URLEncoder; import java.util.*; @@ -62,6 +64,10 @@ public class IndicatorController { Indicator oldIndicator = null; if(indicator.getId() != null) { oldIndicator = indicatorDAO.findById(indicator.getId()); + if(oldIndicator == null) { + // EXCEPTION - Indicator not found + throw new EntityNotFoundException("save indicator: Indicator with id: " + indicator.getId() + " not found"); + } } else { // indicator does not exist in DB indicator.setCreationDate(date); } @@ -387,7 +393,7 @@ public class IndicatorController { List roles = rolesUtils.getRoles(); if(indicator.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Delete indicator: You are not authorized to delete a default Indicator in stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Delete indicator: You are not authorized to delete a default Indicator in stakeholder with id: "+stakeholderId); } List indicators = section.getIndicators(); @@ -568,21 +574,37 @@ public class IndicatorController { @PathVariable("subcategoryId") String subcategoryId, @PathVariable("sectionId") String sectionId, @PathVariable("type") String type, - @RequestBody List indicators) { + @RequestBody ReorderEvent reorderEvent) { log.debug("reorder indicators of type: "+type); log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId+ " - SubCategory: "+subcategoryId + " - Section: "+sectionId); + List indicators = reorderEvent.getIds(); + String actionType = reorderEvent.getAction(); + String targetId = reorderEvent.getTarget(); + Section section = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId, sectionId, type); + List oldIndicators = section.getIndicators(); + for (String indicatorId : oldIndicators) { + if ((!actionType.equals("removed") || !targetId.equals(indicatorId)) && !indicators.contains(indicatorId)) { + indicators.add(indicatorId); + } + } section.setIndicators(indicators); + List indicatorsFull = new ArrayList<>(); + for(String indicatorId : indicators) { + Indicator indicator = indicatorDAO.findById(indicatorId); + if(indicator == null) { + // EXCEPTION - Indicator not found + throw new EntityNotFoundException("Reorder indicators: Indicator with id: " + indicatorId + " not found"); + } + indicatorsFull.add(indicator); + } + sectionDAO.save(section); log.debug("Indicators reordered!"); - List indicatorsFull = new ArrayList<>(); - for(String indicatorId : indicators) { - indicatorsFull.add(indicatorDAO.findById(indicatorId)); - } return indicatorsFull; } @@ -680,7 +702,7 @@ public class IndicatorController { List roles = rolesUtils.getRoles(); if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { // EXCEPTION - Access denied - throw new AccessDeniedException("CheckForExceptions Indicator: You are not authorized to update stakeholder with id: "+stakeholderId); + throw new ForbiddenException("CheckForExceptions Indicator: You are not authorized to update stakeholder with id: "+stakeholderId); } Topic topic = topicDAO.findById(topicId); diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/controllers/SectionController.java b/src/main/java/eu/dnetlib/uoamonitorservice/controllers/SectionController.java index b02f7a3..4b67873 100644 --- a/src/main/java/eu/dnetlib/uoamonitorservice/controllers/SectionController.java +++ b/src/main/java/eu/dnetlib/uoamonitorservice/controllers/SectionController.java @@ -3,6 +3,7 @@ package eu.dnetlib.uoamonitorservice.controllers; import eu.dnetlib.uoamonitorservice.dao.*; import eu.dnetlib.uoamonitorservice.entities.*; import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; +import eu.dnetlib.uoaadmintoolslibrary.handlers.ForbiddenException; import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException; import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils; import org.apache.log4j.Logger; @@ -91,19 +92,35 @@ public class SectionController { section.setUpdateDate(date); sectionFull.setUpdateDate(date); + List indicators = new ArrayList<>(); + Section oldSection = null; if(sectionFull.getId() != null) { oldSection = sectionDAO.findById(sectionFull.getId()); + if(oldSection == null) { + // EXCEPTION - Section not found + throw new EntityNotFoundException("save section: Section with id: " + sectionFull.getId() + " not found"); + } + + for(String indicatorId : oldSection.getIndicators()) { + Indicator indicator = indicatorDAO.findById(indicatorId); + if (indicator == null) { + // EXCEPTION - Indicator not found + throw new EntityNotFoundException("Save section: Indicator with id: "+indicatorId+" not found (indicator exists in section: "+section.getId()+")"); + } + indicators.add(indicator.getId()); + } } else { // section does not exist in DB section.setCreationDate(date); sectionFull.setCreationDate(date); + + for(Indicator indicator : sectionFull.getIndicators()) { + indicators.add(indicator.getId()); + } } String sectionId = sectionFull.getId(); - List indicators = new ArrayList<>(); - for(Indicator indicator : sectionFull.getIndicators()) { - indicators.add(indicator.getId()); - } + section.setIndicators(indicators); Stakeholder stakeholder = stakeholderDAO.findById(stakeholderId); @@ -223,7 +240,7 @@ public class SectionController { List roles = rolesUtils.getRoles(); if(section.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Delete section: You are not authorized to delete a default Section in stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Delete section: You are not authorized to delete a default Section in stakeholder with id: "+stakeholderId); } String type = ""; @@ -321,18 +338,36 @@ public class SectionController { SubCategory subCategory = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId); if (type.equals("chart")) { + List oldSections = subCategory.getCharts(); + for (String sectionId : oldSections) { + if (!sections.contains(sectionId)) { + sections.add(sectionId); + } + } subCategory.setCharts(sections); } else if (type.equals("number")) { + List oldSections = subCategory.getNumbers(); + for (String sectionId : oldSections) { + if (!sections.contains(sectionId)) { + sections.add(sectionId); + } + } subCategory.setNumbers(sections); } + List
sectionsFull = new ArrayList<>(); + for(String sectionId : sections) { + Section section = sectionDAO.findById(sectionId); + if(section == null) { + // EXCEPTION - Section not found + throw new EntityNotFoundException("Reorder sections: Section with id: " + sectionId + " not found"); + } + sectionsFull.add(section); + } + subCategoryDAO.save(subCategory); log.debug("Sections reordered!"); - List
sectionsFull = new ArrayList<>(); - for(String sectionId : sections) { - sectionsFull.add(sectionDAO.findById(sectionId)); - } return sectionsFull; } @@ -411,7 +446,7 @@ public class SectionController { List roles = rolesUtils.getRoles(); if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { // EXCEPTION - Access denied - throw new AccessDeniedException("CheckForExceptions Section: You are not authorized to update stakeholder with id: "+stakeholderId); + throw new ForbiddenException("CheckForExceptions Section: You are not authorized to update stakeholder with id: "+stakeholderId); } Topic topic = topicDAO.findById(topicId); diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/controllers/StakeholderController.java b/src/main/java/eu/dnetlib/uoamonitorservice/controllers/StakeholderController.java index dbdb6aa..9547f07 100644 --- a/src/main/java/eu/dnetlib/uoamonitorservice/controllers/StakeholderController.java +++ b/src/main/java/eu/dnetlib/uoamonitorservice/controllers/StakeholderController.java @@ -3,11 +3,13 @@ package eu.dnetlib.uoamonitorservice.controllers; import eu.dnetlib.uoamonitorservice.dao.*; import eu.dnetlib.uoamonitorservice.entities.*; import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; +import eu.dnetlib.uoaadmintoolslibrary.handlers.ForbiddenException; import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils; import org.apache.log4j.Logger; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.access.AccessDeniedException; +import org.springframework.security.access.AuthorizationServiceException; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; @@ -45,6 +47,25 @@ public class StakeholderController { @Autowired private TopicController topicController; + @PreAuthorize("isAuthenticated()") + @RequestMapping(value = "/stakeholder/alias", method = RequestMethod.GET) + public List getAllReservedStakeholderAlias() { +// log.debug("get all stakeholder reserved alias-es"); + List stakeholderAlias = new ArrayList<>(); + + List stakeholders = stakeholderDAO.findAll(); + if(stakeholders != null) { + stakeholders.forEach(stakeholder -> { + stakeholderAlias.add(stakeholder.getAlias()); + }); + } + stakeholderAlias.add( "all"); + stakeholderAlias.add("default"); + stakeholderAlias.add("alias"); + + return stakeholderAlias; + } + // @PreAuthorize("isAuthenticated()") @PreAuthorize("hasAnyAuthority(" + "@AuthorizationService.PORTAL_ADMIN, " + @@ -202,6 +223,24 @@ public class StakeholderController { return stakeholderFull; } +// private SubCategory setFullSubcategory(SubCategory subCategory) { +// SubCategory subCategoryFull = new SubCategory>(subCategory); +// +// List
sectionsCharts = new ArrayList<>(); +// +// for(String sectionId : subCategory.getCharts()) { +// sectionsCharts.add(getSectionFull(sectionId, subCategoryId, addAll, addPublicAndRestricted)); +// } +// subCategoryFull.setCharts(sectionsCharts); +// +// List
sectionsNumbers = new ArrayList<>(); +// +// for(String sectionId : subCategory.getNumbers()) { +// sectionsNumbers.add(getSectionFull(sectionId, subCategoryId, addAll, addPublicAndRestricted)); +// } +// subCategoryFull.setNumbers(sectionsNumbers); +// } + private Section getSectionFull(String sectionId, String subCategoryId, boolean addAll, boolean addPublicAndRestricted) { Section section = sectionDAO.findById(sectionId); if (section == null) { @@ -235,7 +274,7 @@ public class StakeholderController { "@AuthorizationService.PORTAL_ADMIN)") @RequestMapping(value = "/stakeholder/all", method = RequestMethod.GET) public List getAllStakeholders(@RequestParam(required = false) String type) { - log.debug("get all stakeholders" + (type != null ? " with type: "+type : "")); +// log.debug("get all stakeholders" + (type != null ? " with type: "+type : "")); List stakeholders; if(type == null) { @@ -256,7 +295,7 @@ public class StakeholderController { @PreAuthorize("isAuthenticated()") @RequestMapping(value = "/stakeholder/default", method = RequestMethod.GET) public List getAllDefaultStakeholders(@RequestParam(required = false) String type) { - log.debug("get all default stakeholders" + (type != null ? " with type: "+type : "")); +// log.debug("get all default stakeholders" + (type != null ? " with type: "+type : "")); List stakeholders; if(type == null) { @@ -299,7 +338,7 @@ public class StakeholderController { @RequestMapping(value = "/stakeholder", method = RequestMethod.GET) public List getAllRealStakeholders(@RequestParam(required = false) String type) { - log.debug("get all NOT default stakeholders" + (type != null ? " with type: "+type : "")); +// log.debug("get all NOT default stakeholders" + (type != null ? " with type: "+type : "")); List stakeholders; if(type == null) { @@ -351,7 +390,7 @@ public class StakeholderController { @PreAuthorize("isAuthenticated()") @RequestMapping(value = "/my-stakeholder", method = RequestMethod.GET) public List getMyRealStakeholders(@RequestParam(required = false) String type) { - log.debug("get my NOT default stakeholders" + (type != null ? " with type: "+type : "")); +// log.debug("get my NOT default stakeholders" + (type != null ? " with type: "+type : "")); List stakeholders; if(type == null) { @@ -398,7 +437,7 @@ public class StakeholderController { @RequestMapping(value = "/stakeholder/{alias}", method = RequestMethod.GET) public Stakeholder getStakeholder(@PathVariable("alias") String alias) { - log.debug("get stakeholder: "+alias); +// log.debug("get stakeholder: "+alias); Stakeholder stakeholder = stakeholderDAO.findByAlias(alias); if(stakeholder == null) { @@ -409,10 +448,19 @@ public class StakeholderController { // List roles = authorizationService.getRoles(); List roles = rolesUtils.getRoles(); + if(stakeholder.getDefaultId() == null && !rolesUtils.isLoggedIn(roles)) { + // EXCEPTION - Unauthorized + throw new AccessDeniedException("Get stakeholder: You are not authorized (not logged in) to access stakeholder with alias: "+alias); + } + if(stakeholder.getDefaultId() == null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) { + // EXCEPTION - Access denied + throw new ForbiddenException("Get stakeholder: You are not authorized to access stakeholder with alias: "+alias); + } + if((stakeholder.getVisibility() == Visibility.PRIVATE && !rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias()) || (stakeholder.getVisibility() == Visibility.RESTRICTED && !rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias()) && !rolesUtils.isMember(roles, stakeholder.getType(), stakeholder.getAlias())))) { // // EXCEPTION - Access denied -// throw new AccessDeniedException("Get stakeholder: You are not authorized to get stakeholder with alias: "+alias); +// throw new ForbiddenException("Get stakeholder: You are not authorized to get stakeholder with alias: "+alias); List topicsEmpty = stakeholder.getTopics(); topicsEmpty.clear(); stakeholder.setTopics(topicsEmpty); @@ -424,11 +472,11 @@ public class StakeholderController { } // @PreAuthorize("isAuthenticated()") - @PreAuthorize("hasAnyAuthority(" + - "@AuthorizationService.PORTAL_ADMIN, " + - "@AuthorizationService.curator(#stakeholderFull.getType()), " + - "@AuthorizationService.manager(#stakeholderFull.getType(), #stakeholderFull.getAlias()) " + - ")") + @PreAuthorize("hasAnyAuthority(" + + "@AuthorizationService.PORTAL_ADMIN, " + + "@AuthorizationService.curator(#stakeholderFull.getType()), " + + "@AuthorizationService.manager(#stakeholderFull.getType(), #stakeholderFull.getAlias()) " + + ")") @RequestMapping(value = "/save", method = RequestMethod.POST) public Stakeholder saveStakeholder(@RequestBody Stakeholder stakeholderFull) { log.debug("save stakeholder"); @@ -444,15 +492,33 @@ public class StakeholderController { Date date = new Date(); stakeholder.setUpdateDate(date); + List topics = new ArrayList<>(); + // stakeholder does not exist in DB if(stakeholderFull.getId() == null) { stakeholder.setCreationDate(date); + + for(Topic topic : stakeholderFull.getTopics()) { + topics.add(topic.getId()); + } + } else { + Stakeholder oldStakeholder = stakeholderDAO.findById(stakeholderFull.getId()); + if(oldStakeholder == null) { + // EXCEPTION - Stakeholder not found + throw new EntityNotFoundException("save stakeholder: Stakeholder with id: "+stakeholderFull.getId()+" not found"); + } + for(String topicId : oldStakeholder.getTopics()) { + Topic topic = topicDAO.findById(topicId); + if (topic == null) { + // EXCEPTION - Topic not found + throw new EntityNotFoundException("Save stakeholder: Topic with id: "+topicId+" not found (topic exists in stakeholder: "+stakeholder.getId()+")"); + } + topics.add(topic.getId()); + } +// stakeholder.setTopics(topics); +// stakeholderFull = this.setFullEntities(stakeholder, rolesUtils.getRoles()); } - List topics = new ArrayList<>(); - for(Topic topic : stakeholderFull.getTopics()) { - topics.add(topic.getId()); - } stakeholder.setTopics(topics); Stakeholder stakeholderSaved = stakeholderDAO.save(stakeholder); @@ -483,7 +549,7 @@ public class StakeholderController { // && !roles.contains(authorizationService.curator(stakeholder.getType()))) { if(!rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Delete stakeholder: You are not authorized to delete stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Delete stakeholder: You are not authorized to delete stakeholder with id: "+stakeholderId); } // for(String topicId : stakeholder.getTopics()) { @@ -615,7 +681,7 @@ public class StakeholderController { // && !roles.contains(authorizationService.manager(stakeholder.getType(), stakeholder.getAlias()))) { if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Change stakeholder visibility: You are not authorized to update stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Change stakeholder visibility: You are not authorized to update stakeholder with id: "+stakeholderId); } stakeholder.setVisibility(visibility); diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/controllers/SubCategoryController.java b/src/main/java/eu/dnetlib/uoamonitorservice/controllers/SubCategoryController.java index 854f448..fd2e18a 100644 --- a/src/main/java/eu/dnetlib/uoamonitorservice/controllers/SubCategoryController.java +++ b/src/main/java/eu/dnetlib/uoamonitorservice/controllers/SubCategoryController.java @@ -3,6 +3,7 @@ package eu.dnetlib.uoamonitorservice.controllers; import eu.dnetlib.uoamonitorservice.dao.*; import eu.dnetlib.uoamonitorservice.entities.*; import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; +import eu.dnetlib.uoaadmintoolslibrary.handlers.ForbiddenException; import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException; import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils; import org.apache.log4j.Logger; @@ -101,12 +102,45 @@ public class SubCategoryController { subCategory.setUpdateDate(date); subcategoryFull.setUpdateDate(date); + List chartSections = new ArrayList<>(); + List numberSections = new ArrayList<>(); + SubCategory oldSubcategory = null; if(subcategoryFull.getId() != null) { oldSubcategory = subCategoryDAO.findById(subcategoryFull.getId()); + if(oldSubcategory == null) { + // EXCEPTION - SubCategory not found + throw new EntityNotFoundException("save subcategory: SubCategory with id: " + subcategoryFull.getId() + " not found"); + } + + for(String chartSectionId : oldSubcategory.getCharts()) { + Section section = sectionDAO.findById(chartSectionId); + if (section == null) { + // EXCEPTION - Section not found + throw new EntityNotFoundException("Save subcategory: Chart section with id: "+chartSectionId+" not found (section exists in subcategory: "+subCategory.getId()+")"); + } + chartSections.add(section.getId()); + } + + for(String numberSectionId : oldSubcategory.getNumbers()) { + Section section = sectionDAO.findById(numberSectionId); + if (section == null) { + // EXCEPTION - Section not found + throw new EntityNotFoundException("Save subcategory: Number section with id: "+numberSectionId+" not found (section exists in subcategory: "+subCategory.getId()+")"); + } + numberSections.add(section.getId()); + } } else { // subcategory does not exist in DB subCategory.setCreationDate(date); subcategoryFull.setCreationDate(date); + + for(Section chartSection : subcategoryFull.getCharts()) { + chartSections.add(chartSection.getId()); + } + + for(Section numberSection : subcategoryFull.getNumbers()) { + numberSections.add(numberSection.getId()); + } } // List charts = new ArrayList<>(); @@ -121,16 +155,8 @@ public class SubCategoryController { // } // subCategory.setNumbers(numbers); - List chartSections = new ArrayList<>(); - for(Section chartSection : subcategoryFull.getCharts()) { - chartSections.add(chartSection.getId()); - } - subCategory.setCharts(chartSections); - List numberSections = new ArrayList<>(); - for(Section numberSection : subcategoryFull.getNumbers()) { - numberSections.add(numberSection.getId()); - } + subCategory.setCharts(chartSections); subCategory.setNumbers(numberSections); Stakeholder stakeholder = stakeholderDAO.findById(stakeholderId); @@ -231,7 +257,7 @@ public class SubCategoryController { List roles = rolesUtils.getRoles(); if(subcategory.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Delete subcategory: You are not authorized to delete a default SubCategory in stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Delete subcategory: You are not authorized to delete a default SubCategory in stakeholder with id: "+stakeholderId); } List subcategories = category.getSubCategories(); @@ -344,15 +370,27 @@ public class SubCategoryController { Category category = checkForExceptions(stakeholderId, topicId, categoryId); + List oldSubcategories = category.getSubCategories(); + for (String subcategoryId : oldSubcategories) { + if (!subCategories.contains(subcategoryId)) { + subCategories.add(subcategoryId); + } + } category.setSubCategories(subCategories); + List subCategoriesFull = new ArrayList<>(); + for(String subCategoryId : subCategories) { + SubCategory subCategory = subCategoryDAO.findById(subCategoryId); + if(subCategory == null) { + // EXCEPTION - SubCategory not found + throw new EntityNotFoundException("Reorder subCategories: subCategory with id: " + subCategoryId + " not found"); + } + subCategoriesFull.add(subCategory); + } + categoryDAO.save(category); log.debug("SubCategories reordered!"); - List subCategoriesFull = new ArrayList<>(); - for(String subCategoryId : subCategories) { - subCategoriesFull.add(subCategoryDAO.findById(subCategoryId)); - } return subCategoriesFull; } @@ -443,7 +481,7 @@ public class SubCategoryController { List roles = rolesUtils.getRoles(); if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { // EXCEPTION - Access denied - throw new AccessDeniedException("CheckForExceptions SubCategory: You are not authorized to update stakeholder with id: "+stakeholderId); + throw new ForbiddenException("CheckForExceptions SubCategory: You are not authorized to update stakeholder with id: "+stakeholderId); } Topic topic = topicDAO.findById(topicId); diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/controllers/TopicController.java b/src/main/java/eu/dnetlib/uoamonitorservice/controllers/TopicController.java index 9442415..748c579 100644 --- a/src/main/java/eu/dnetlib/uoamonitorservice/controllers/TopicController.java +++ b/src/main/java/eu/dnetlib/uoamonitorservice/controllers/TopicController.java @@ -3,6 +3,7 @@ package eu.dnetlib.uoamonitorservice.controllers; import eu.dnetlib.uoamonitorservice.dao.*; import eu.dnetlib.uoamonitorservice.entities.*; import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; +import eu.dnetlib.uoaadmintoolslibrary.handlers.ForbiddenException; import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException; import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils; import org.apache.log4j.Logger; @@ -33,6 +34,9 @@ public class TopicController { @Autowired private CategoryController categoryController; + @Autowired + private CategoryDAO categoryDAO; + public Topic buildTopic(Topic topicFull) { Topic topic = new Topic<>(topicFull); @@ -72,7 +76,7 @@ public class TopicController { List roles = rolesUtils.getRoles(); if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Save Topic: You are not authorized to update stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Save Topic: You are not authorized to update stakeholder with id: "+stakeholderId); } Topic topic = new Topic<>(topicFull); @@ -80,18 +84,32 @@ public class TopicController { topic.setUpdateDate(date); topicFull.setUpdateDate(date); + List categories = new ArrayList<>(); + Topic oldTopic = null; if(topicFull.getId() != null) { oldTopic = topicDAO.findById(topicFull.getId()); + if(oldTopic == null) { + // EXCEPTION - Topic not found + throw new EntityNotFoundException("save topic: Topic with id: "+topicFull.getId()+" not found"); + } + for(String categoryId : oldTopic.getCategories()) { + Category category = categoryDAO.findById(categoryId); + if (category == null) { + // EXCEPTION - Category not found + throw new EntityNotFoundException("Save topic: Category with id: "+categoryId+" not found (category exists in topic: "+topic.getId()+")"); + } + categories.add(category.getId()); + } } else { // topic does not exist in DB topic.setCreationDate(date); topicFull.setCreationDate(date); + + for(Category category : topicFull.getCategories()) { + categories.add(category.getId()); + } } - List categories = new ArrayList<>(); - for(Category category : topicFull.getCategories()) { - categories.add(category.getId()); - } topic.setCategories(categories); if(stakeholder.getDefaultId() == null) { @@ -195,7 +213,7 @@ public class TopicController { List roles = rolesUtils.getRoles(); if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Delete topic: You are not authorized to update stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Delete topic: You are not authorized to update stakeholder with id: "+stakeholderId); } Topic topic = topicDAO.findById(topicId); @@ -203,7 +221,7 @@ public class TopicController { if(topic.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Delete topic: You are not authorized to delete a default Topic in stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Delete topic: You are not authorized to delete a default Topic in stakeholder with id: "+stakeholderId); } List topics = stakeholder.getTopics(); @@ -269,7 +287,7 @@ public class TopicController { stakeholderDAO.save(stakeholder); topicDAO.delete(topicId); - log.debug("Category deleted!"); + log.debug("Topic deleted!"); } else { // EXCEPTION - Topic not found in Stakeholder: stakeholder.getAlias(); throw new PathNotValidException("Delete topic: Topic with id: "+topicId+" not found in Stakeholder: "+stakeholderId); @@ -322,7 +340,7 @@ public class TopicController { topic.setDefaultId(null); topicDAO.save(topic); - log.debug("DefaultId for Topic with id: "+topic.getId()+" empty!"); + log.debug("DefaultId for Topic with id: "+topic.getId()+" cleared!"); } } return true; @@ -342,18 +360,30 @@ public class TopicController { List roles = rolesUtils.getRoles(); if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Reorder topics: You are not authorized to update stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Reorder topics: You are not authorized to update stakeholder with id: "+stakeholderId); } + List oldTopics = stakeholder.getTopics(); + for (String topicId : oldTopics) { + if (!topics.contains(topicId)) { + topics.add(topicId); + } + } stakeholder.setTopics(topics); + List topicsFull = new ArrayList<>(); + for (String topicId : topics) { + Topic topic = topicDAO.findById(topicId); + if(topic == null) { + // EXCEPTION - Topic not found + throw new EntityNotFoundException("Reorder Topics: Topic with id: " + topicId + " not found"); + } + topicsFull.add(topic); + } + stakeholderDAO.save(stakeholder); log.debug("Topics reordered!"); - List topicsFull = new ArrayList<>(); - for (String topicId : topics) { - topicsFull.add(topicDAO.findById(topicId)); - } return topicsFull; } else { // EXCEPTION - Stakeholder not found @@ -425,7 +455,7 @@ public class TopicController { List roles = rolesUtils.getRoles(); if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { // EXCEPTION - Access denied - throw new AccessDeniedException("Toggle topic: You are not authorized to update stakeholder with id: "+stakeholderId); + throw new ForbiddenException("Toggle topic: You are not authorized to update stakeholder with id: "+stakeholderId); } if (stakeholder.getTopics().contains(topic.getId())) { diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/entities/ReorderEvent.java b/src/main/java/eu/dnetlib/uoamonitorservice/entities/ReorderEvent.java new file mode 100644 index 0000000..9818c8f --- /dev/null +++ b/src/main/java/eu/dnetlib/uoamonitorservice/entities/ReorderEvent.java @@ -0,0 +1,42 @@ +package eu.dnetlib.uoamonitorservice.entities; + +import java.util.List; + +public class ReorderEvent { + private String action; // "moved", "added", "removed" + private String target; + private List ids; + + public String getAction() { + return action; + } + + public void setAction(String action) { + this.action = action; + } + + public String getTarget() { + return target; + } + + public void setTarget(String target) { + this.target = target; + } + + public List getIds() { + return ids; + } + + public void setIds(List ids) { + this.ids = ids; + } + + @Override + public String toString() { + return "ReorderEvent{" + + "action='" + action + '\'' + + ", target='" + target + '\'' + + ", ids=" + ids + + '}'; + } +} diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/handlers/ExceptionsHandler.java b/src/main/java/eu/dnetlib/uoamonitorservice/handlers/ExceptionsHandler.java index 8f4b4cf..3ac814b 100644 --- a/src/main/java/eu/dnetlib/uoamonitorservice/handlers/ExceptionsHandler.java +++ b/src/main/java/eu/dnetlib/uoamonitorservice/handlers/ExceptionsHandler.java @@ -1,55 +1,18 @@ package eu.dnetlib.uoamonitorservice.handlers; -import eu.dnetlib.uoamonitorservice.responses.ExceptionResponse; +import eu.dnetlib.uoaadmintoolslibrary.responses.ExceptionResponse; import org.apache.log4j.Logger; -import org.springframework.data.crossstore.ChangeSetPersister; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; -import org.springframework.security.access.AccessDeniedException; -import org.springframework.web.bind.MissingServletRequestParameterException; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.RestController; -import org.springframework.web.multipart.support.MissingServletRequestPartException; @ControllerAdvice @RestController public class ExceptionsHandler { private final Logger log = Logger.getLogger(this.getClass()); - @ExceptionHandler(MissingServletRequestParameterException.class) - public ResponseEntity invalidInput(Exception ex) { - ExceptionResponse response = new ExceptionResponse(); - response.setErrorCode("Validation Error"); - response.setErrorMessage("Invalid inputs"); - response.setErrors(ex.getMessage()); - response.setStatus(HttpStatus.BAD_REQUEST); - log.error("invalidInput exception : "+ ex.getMessage()); - return new ResponseEntity(response, HttpStatus.BAD_REQUEST); - } - - @ExceptionHandler(NullPointerException.class) - public ResponseEntity nullPointerException(Exception ex) { - ExceptionResponse response = new ExceptionResponse(); - response.setErrorCode("Null pointer Exception"); - response.setErrorMessage("Null pointer Exception"); - response.setErrors(ex.getMessage()); - response.setStatus(HttpStatus.BAD_REQUEST); - log.error("nullPointerException exception : "+ ex.getMessage()); - return new ResponseEntity(response, HttpStatus.BAD_REQUEST); - } - - @ExceptionHandler(ChangeSetPersister.NotFoundException.class) - public ResponseEntity notFoundException(Exception ex) { - ExceptionResponse response = new ExceptionResponse(); - response.setErrorCode("Not found Exception"); - response.setErrorMessage("Not found Exception"); - response.setErrors(ex.getMessage()); - response.setStatus(HttpStatus.NOT_FOUND); - log.error("notFoundException exception : "+ ex.getMessage()); - return new ResponseEntity(response, HttpStatus.NOT_FOUND); - } - @ExceptionHandler(EntityNotFoundException.class) public ResponseEntity entityNotFoundException(Exception ex) { ExceptionResponse response = new ExceptionResponse(); @@ -72,14 +35,4 @@ public class ExceptionsHandler { return new ResponseEntity(response, HttpStatus.NOT_FOUND); } - @ExceptionHandler(AccessDeniedException.class) - public ResponseEntity accessDeniedException(Exception ex) { - ExceptionResponse response = new ExceptionResponse(); - response.setErrorCode("Forbidden Exception"); - response.setErrorMessage("Access Denied Exception"); - response.setErrors(ex.getMessage()); - response.setStatus(HttpStatus.FORBIDDEN); - log.error("accessDeniedException exception : "+ ex.getMessage()); - return new ResponseEntity(response, HttpStatus.FORBIDDEN); - } } diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/handlers/utils/RolesUtils.java b/src/main/java/eu/dnetlib/uoamonitorservice/handlers/utils/RolesUtils.java index 43a449e..c675a29 100644 --- a/src/main/java/eu/dnetlib/uoamonitorservice/handlers/utils/RolesUtils.java +++ b/src/main/java/eu/dnetlib/uoamonitorservice/handlers/utils/RolesUtils.java @@ -55,6 +55,13 @@ public class RolesUtils { return roles.contains(authorizationService.member(type, id)); } + public boolean isLoggedIn(List roles) { + if(roles == null || roles.contains(authorizationService.ANONYMOUS_USER)) { + return false; + } + return true; + } + public boolean hasUpdateAuthority(List roles, String type, String id) { return isPortalAdmin(roles) || isCurator(roles, type) || isManager(roles, type, id); } diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/responses/ExceptionResponse.java b/src/main/java/eu/dnetlib/uoamonitorservice/responses/ExceptionResponse.java deleted file mode 100644 index 076ba63..0000000 --- a/src/main/java/eu/dnetlib/uoamonitorservice/responses/ExceptionResponse.java +++ /dev/null @@ -1,40 +0,0 @@ -package eu.dnetlib.uoamonitorservice.responses; - -import org.springframework.http.HttpStatus; - -public class ExceptionResponse { - private HttpStatus status; - private String errorCode; - private String errorMessage; - private String errors; - - public ExceptionResponse() {} - - public HttpStatus getStatus() { return status; } - - public void setStatus(HttpStatus status) { this.status = status; } - - public String getErrorCode() { - return errorCode; - } - - public void setErrorCode(String errorCode) { - this.errorCode = errorCode; - } - - public String getErrorMessage() { - return errorMessage; - } - - public void setErrorMessage(String errorMessage) { - this.errorMessage = errorMessage; - } - - public String getErrors() { - return errors; - } - - public void setErrors(String errors) { - this.errors = errors; - } -}