Revision 59814
Added by Konstantina Galouni over 3 years ago
modules/uoa-monitor-service/trunk/src/main/java/eu/dnetlib/uoamonitorservice/handlers/utils/RolesUtils.java | ||
---|---|---|
1 |
package eu.dnetlib.uoamonitorservice.handlers.utils; |
|
2 |
|
|
3 |
import eu.dnetlib.uoaauthorizationlibrary.security.AuthorizationService; |
|
4 |
import org.apache.log4j.Logger; |
|
5 |
|
|
6 |
import java.util.List; |
|
7 |
|
|
8 |
import org.springframework.beans.factory.annotation.Autowired; |
|
9 |
import org.springframework.stereotype.Component; |
|
10 |
|
|
11 |
@Component |
|
12 |
public class RolesUtils { |
|
13 |
@Autowired |
|
14 |
private AuthorizationService authorizationService; |
|
15 |
|
|
16 |
private final Logger log = Logger.getLogger(this.getClass()); |
|
17 |
|
|
18 |
public List<String> getRoles() { |
|
19 |
return authorizationService.getRoles(); |
|
20 |
} |
|
21 |
|
|
22 |
public boolean isPortalAdmin(List<String> roles) { |
|
23 |
if(roles == null) { |
|
24 |
return false; |
|
25 |
} |
|
26 |
// log.debug(authorizationService.PORTAL_ADMIN); |
|
27 |
// log.debug("PortalAdmin: "+roles.contains(authorizationService.PORTAL_ADMIN)); |
|
28 |
return roles.contains(authorizationService.PORTAL_ADMIN); |
|
29 |
} |
|
30 |
|
|
31 |
public boolean isCurator(List<String> roles, String type) { |
|
32 |
if(roles == null) { |
|
33 |
return false; |
|
34 |
} |
|
35 |
// log.debug(authorizationService.curator(type)); |
|
36 |
// log.debug("Curator in "+type+": "+roles.contains(authorizationService.curator(type))); |
|
37 |
return roles.contains(authorizationService.curator(type)); |
|
38 |
} |
|
39 |
|
|
40 |
public boolean isManager(List<String> roles, String type, String id) { |
|
41 |
if(roles == null) { |
|
42 |
return false; |
|
43 |
} |
|
44 |
// log.debug(authorizationService.manager(type, id)); |
|
45 |
// log.debug("Manager in "+type+" - "+id+": "+roles.contains(authorizationService.manager(type, id))); |
|
46 |
return roles.contains(authorizationService.manager(type, id)); |
|
47 |
} |
|
48 |
|
|
49 |
public boolean isMember(List<String> roles, String type, String id) { |
|
50 |
if(roles == null) { |
|
51 |
return false; |
|
52 |
} |
|
53 |
// log.debug(authorizationService.member(type, id)); |
|
54 |
// log.debug("Member in "+type+" - "+id+": "+roles.contains(authorizationService.member(type, id))); |
|
55 |
return roles.contains(authorizationService.member(type, id)); |
|
56 |
} |
|
57 |
|
|
58 |
public boolean hasUpdateAuthority(List<String> roles, String type, String id) { |
|
59 |
return isPortalAdmin(roles) || isCurator(roles, type) || isManager(roles, type, id); |
|
60 |
} |
|
61 |
|
|
62 |
public boolean hasCreateAndDeleteAuthority(List<String> roles, String type) { |
|
63 |
return isPortalAdmin(roles) || isCurator(roles, type); |
|
64 |
} |
|
65 |
} |
modules/uoa-monitor-service/trunk/src/main/java/eu/dnetlib/uoamonitorservice/controllers/IndicatorController.java | ||
---|---|---|
5 | 5 |
import eu.dnetlib.uoamonitorservice.entities.*; |
6 | 6 |
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; |
7 | 7 |
import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException; |
8 |
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils; |
|
8 | 9 |
import org.apache.log4j.Logger; |
9 | 10 |
import org.springframework.beans.factory.annotation.Autowired; |
11 |
import org.springframework.security.access.AccessDeniedException; |
|
12 |
import org.springframework.security.access.prepost.PreAuthorize; |
|
10 | 13 |
import org.springframework.web.bind.annotation.*; |
11 | 14 |
|
12 | 15 |
import java.io.UnsupportedEncodingException; |
... | ... | |
19 | 22 |
private final Logger log = Logger.getLogger(this.getClass()); |
20 | 23 |
|
21 | 24 |
@Autowired |
25 |
private RolesUtils rolesUtils; |
|
26 |
|
|
27 |
@Autowired |
|
22 | 28 |
private StakeholderDAO stakeholderDAO; |
23 | 29 |
|
24 | 30 |
@Autowired |
... | ... | |
37 | 43 |
private IndicatorDAO indicatorDAO; |
38 | 44 |
|
39 | 45 |
|
46 |
@PreAuthorize("isAuthenticated()") |
|
40 | 47 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/save", method = RequestMethod.POST) |
41 | 48 |
public Indicator saveIndicator(@PathVariable("stakeholderId") String stakeholderId, |
42 | 49 |
@PathVariable("topicId") String topicId, |
... | ... | |
49 | 56 |
|
50 | 57 |
Section<String> section = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId, sectionId, indicator.getType()); |
51 | 58 |
|
59 |
Date date = new Date(); |
|
60 |
indicator.setUpdateDate(date); |
|
61 |
|
|
52 | 62 |
Indicator oldIndicator = null; |
53 | 63 |
if(indicator.getId() != null) { |
54 | 64 |
oldIndicator = indicatorDAO.findById(indicator.getId()); |
65 |
} else { // indicator does not exist in DB |
|
66 |
indicator.setCreationDate(date); |
|
55 | 67 |
} |
56 | 68 |
|
57 | 69 |
String indicatorId = indicator.getId(); |
58 |
indicatorDAO.save(indicator); |
|
59 | 70 |
|
60 | 71 |
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId); |
61 | 72 |
// this indicator belongs in default profile and it is new or it is updated |
62 | 73 |
if(stakeholder.getDefaultId() == null) { |
63 | 74 |
if(indicatorId == null) { |
75 |
indicatorDAO.save(indicator); |
|
64 | 76 |
onSaveDefaultIndicator(indicator, sectionId); |
65 | 77 |
} |
66 | 78 |
else { |
67 | 79 |
onUpdateDefaultIndicator(indicator, stakeholder, oldIndicator); |
80 |
indicatorDAO.save(indicator); |
|
68 | 81 |
} |
82 |
} else { |
|
83 |
indicatorDAO.save(indicator); |
|
69 | 84 |
} |
70 | 85 |
|
71 | 86 |
List<String> indicators = section.getIndicators(); |
... | ... | |
86 | 101 |
// new indicator in default profile - add it on profiles of the same type |
87 | 102 |
List<Section> sections = sectionDAO.findByDefaultId(defaultSectionId); |
88 | 103 |
|
89 |
for (Section section : sections) {
|
|
104 |
for (Section section : sections) { |
|
90 | 105 |
Indicator indicatorNew = new Indicator(); |
91 | 106 |
indicatorNew.copyFromDefault(indicator); |
92 | 107 |
for (IndicatorPath indicatorPath : indicatorNew.getIndicatorPaths()) { |
... | ... | |
108 | 123 |
|
109 | 124 |
// indicator already exists - check if changed and update all indicators based on it |
110 | 125 |
|
111 |
boolean changed = false;
|
|
126 |
boolean changed; |
|
112 | 127 |
List<Indicator> indicators = indicatorDAO.findByDefaultId(indicator.getId()); |
113 | 128 |
|
114 | 129 |
for(Indicator indicatorBasedOnDefault : indicators) { |
130 |
changed = false; |
|
131 |
|
|
115 | 132 |
if(indicator.getName() != null && !indicator.getName().equals(indicatorBasedOnDefault.getName()) |
116 | 133 |
&& (oldIndicator.getName() == null || oldIndicator.getName().equals(indicatorBasedOnDefault.getName()))) { |
117 | 134 |
|
... | ... | |
119 | 136 |
changed = true; |
120 | 137 |
} |
121 | 138 |
|
122 |
if(indicator.getDescription() != null && !indicator.getDescription().equals(indicatorBasedOnDefault.getDescription()) |
|
123 |
&& (oldIndicator.getDescription() == null || oldIndicator.getDescription().equals(indicatorBasedOnDefault.getDescription()))) { |
|
139 |
if(indicator.getDescription() != null && !indicator.getDescription().equals(indicatorBasedOnDefault.getDescription())) { |
|
124 | 140 |
|
125 | 141 |
indicatorBasedOnDefault.setDescription(indicator.getDescription()); |
126 | 142 |
changed = true; |
127 | 143 |
} |
128 | 144 |
|
145 |
if(indicator.getAdditionalDescription() != null && !indicator.getAdditionalDescription().equals(indicatorBasedOnDefault.getAdditionalDescription()) |
|
146 |
&& (oldIndicator.getAdditionalDescription() == null || oldIndicator.getAdditionalDescription().equals(indicatorBasedOnDefault.getAdditionalDescription()))) { |
|
147 |
|
|
148 |
indicatorBasedOnDefault.setAdditionalDescription(indicator.getAdditionalDescription()); |
|
149 |
changed = true; |
|
150 |
} |
|
151 |
|
|
129 | 152 |
int i = 0; |
130 | 153 |
List<IndicatorPath> indicatorPaths = indicatorBasedOnDefault.getIndicatorPaths(); |
154 |
if(indicatorPaths == null && indicator.getIndicatorPaths() != null) { |
|
155 |
indicatorPaths = new ArrayList<>(); |
|
156 |
} |
|
131 | 157 |
|
132 | 158 |
for (IndicatorPath indicatorPath : indicator.getIndicatorPaths()) { |
133 |
IndicatorPath indicatorPathBasedOnDefault = indicatorBasedOnDefault.getIndicatorPaths().get(i); |
|
159 |
IndicatorPath indicatorPathBasedOnDefault = null; |
|
160 |
if(i < indicatorPaths.size()) { |
|
161 |
indicatorPathBasedOnDefault = indicatorPaths.get(i); |
|
162 |
} |
|
134 | 163 |
|
135 | 164 |
if(indicatorPathBasedOnDefault == null) { |
136 | 165 |
// Add new indicator path in existing indicators |
... | ... | |
142 | 171 |
IndicatorPath oldIndicatorPath = oldIndicator.getIndicatorPaths().get(i); |
143 | 172 |
|
144 | 173 |
// Check if there are changes in indicator path and update existing indicators if needed |
145 |
log.debug("update indicator path: "+i); |
|
174 |
log.debug("update indicator path: "+i + " (indicator id: "+indicatorBasedOnDefault.getId()+")");
|
|
146 | 175 |
|
147 | 176 |
if(indicatorPath.getType() != null |
148 | 177 |
&& !indicatorPath.getType().equals(indicatorPathBasedOnDefault.getType()) |
... | ... | |
189 | 218 |
for (Map.Entry<String, String> parameter : indicatorPath.getParameters().entrySet()) { |
190 | 219 |
log.debug("\nindicatorPath: parameter.getKey(): "+parameter.getKey()+" - value: "+parameter.getValue() |
191 | 220 |
+"\nindicatorPathBasedOnDefault:parameters:key: "+ indicatorPathBasedOnDefault.getParameters().get(parameter.getKey()) |
192 |
+"\noldIndicatorPath:parameters:key: "+ oldIndicatorPath.getParameters().get(parameter.getKey()));
|
|
221 |
+"\noldIndicatorPath:parameters:key: "+ (oldIndicatorPath.getParameters() == null ? "null" : oldIndicatorPath.getParameters().get(parameter.getKey())));
|
|
193 | 222 |
if (!indicatorPathBasedOnDefault.getParameters().containsKey(parameter.getKey()) |
194 | 223 |
|| (oldIndicatorPath.getParameters() == null |
195 | 224 |
|| (oldIndicatorPath.getParameters().get(parameter.getKey()).equals(indicatorPathBasedOnDefault.getParameters().get(parameter.getKey())) |
... | ... | |
203 | 232 |
// changed = true; |
204 | 233 |
// } |
205 | 234 |
} |
206 |
parameterMapping(indicatorPathBasedOnDefault, stakeholder); |
|
235 |
// TODO when deleting indicator path parameters... ??? |
|
236 |
parameterMapping(indicatorPathBasedOnDefault, stakeholder); |
|
207 | 237 |
//} |
208 |
log.debug("After parameters check: " + changed); |
|
209 | 238 |
} |
239 |
log.debug("After parameters check: " + changed); |
|
210 | 240 |
|
211 | 241 |
if(indicatorPath.getJsonPath() != null) { |
212 |
int j = 0; |
|
213 |
for (String jsonString : indicatorPath.getJsonPath()) { |
|
214 |
log.debug("indicatorPath.getJsonPath(): " + jsonString); |
|
215 |
String jsonStringBasedOnDefault = null; |
|
216 |
if(indicatorPathBasedOnDefault.getJsonPath() != null ) { |
|
217 |
jsonStringBasedOnDefault = indicatorPathBasedOnDefault.getJsonPath().get(j); |
|
218 |
} else { |
|
242 |
boolean jsonPathChanged = false; |
|
243 |
boolean breaked = false; |
|
244 |
|
|
245 |
int oldJsonPathSize = 0; |
|
246 |
if(oldIndicatorPath.getJsonPath() != null) { |
|
247 |
oldJsonPathSize = oldIndicatorPath.getJsonPath().size(); |
|
248 |
} |
|
249 |
int basedOnDefaultJsonPathSize = 0; |
|
250 |
if(indicatorPathBasedOnDefault.getJsonPath() != null) { |
|
251 |
basedOnDefaultJsonPathSize = indicatorPathBasedOnDefault.getJsonPath().size(); |
|
252 |
} |
|
253 |
log.debug("old: "+oldJsonPathSize+" - based on default: "+basedOnDefaultJsonPathSize+" - new: "+indicatorPath.getJsonPath().size()); |
|
254 |
if(oldJsonPathSize == basedOnDefaultJsonPathSize) { |
|
255 |
if(indicatorPathBasedOnDefault.getJsonPath() == null && indicatorPath.getJsonPath().size() > 0) { |
|
219 | 256 |
indicatorPathBasedOnDefault.setJsonPath(new ArrayList<>()); |
220 | 257 |
} |
221 |
log.debug("indicatorPathBasedOnDefault.getJsonPath().get(" + j + "): " + jsonStringBasedOnDefault); |
|
222 | 258 |
|
223 |
if (!jsonString.equals(jsonStringBasedOnDefault) |
|
224 |
&& (oldIndicatorPath.getJsonPath() == null |
|
225 |
|| oldIndicatorPath.getJsonPath().get(i).equals(jsonStringBasedOnDefault)) |
|
226 |
) { |
|
227 |
indicatorPathBasedOnDefault.getJsonPath().set(j, jsonString); |
|
259 |
int basedOnDefaultIndex = 0; |
|
260 |
int oldIndex = 0; |
|
261 |
|
|
262 |
Iterator<String> jsonStringBasedOnDefaultIterator = indicatorPathBasedOnDefault.getJsonPath().iterator(); |
|
263 |
while (jsonStringBasedOnDefaultIterator.hasNext()) { |
|
264 |
String jsonStringBasedOnDefault = jsonStringBasedOnDefaultIterator.next(); |
|
265 |
if(oldIndicatorPath.getJsonPath().get(oldIndex).equals(jsonStringBasedOnDefault)) { |
|
266 |
if(basedOnDefaultIndex >= indicatorPath.getJsonPath().size()) { // string deleted |
|
267 |
jsonStringBasedOnDefaultIterator.remove(); |
|
268 |
jsonPathChanged = true; |
|
269 |
} else { // check if string changed |
|
270 |
if(!indicatorPath.getJsonPath().get(basedOnDefaultIndex).equals(jsonStringBasedOnDefault)) { |
|
271 |
indicatorPathBasedOnDefault.getJsonPath().set(basedOnDefaultIndex, indicatorPath.getJsonPath().get(basedOnDefaultIndex)); |
|
272 |
jsonPathChanged = true; |
|
273 |
} |
|
274 |
basedOnDefaultIndex++; |
|
275 |
} |
|
276 |
oldIndex++; |
|
277 |
} else { |
|
278 |
breaked = true; |
|
279 |
jsonPathChanged = false; |
|
280 |
log.debug("not the same: "+oldIndex); |
|
281 |
break; |
|
282 |
} |
|
283 |
} |
|
284 |
|
|
285 |
int index=0; |
|
286 |
if(!breaked && indicatorPath.getJsonPath().size() > indicatorPathBasedOnDefault.getJsonPath().size()) { // strings added |
|
287 |
jsonPathChanged = true; |
|
288 |
for(index=indicatorPathBasedOnDefault.getJsonPath().size(); index < indicatorPath.getJsonPath().size(); index++) { |
|
289 |
indicatorPathBasedOnDefault.getJsonPath().add(indicatorPath.getJsonPath().get(index)); |
|
290 |
} |
|
291 |
} |
|
292 |
|
|
293 |
if(jsonPathChanged) { |
|
228 | 294 |
changed = true; |
229 | 295 |
} |
230 |
j++; |
|
231 | 296 |
} |
232 |
log.debug("After jsonPath check: " + changed);
|
|
297 |
// TODO when deleting indicator path json path strings...
|
|
233 | 298 |
} |
299 |
log.debug("After jsonPath check: " + changed); |
|
234 | 300 |
} |
235 | 301 |
i++; |
236 | 302 |
} |
303 |
// TODO when deleting indicator paths... |
|
237 | 304 |
|
238 | 305 |
if(!changed) { |
239 | 306 |
// break; |
240 | 307 |
continue; |
241 | 308 |
} |
242 | 309 |
|
310 |
indicatorBasedOnDefault.setUpdateDate(indicator.getUpdateDate()); |
|
243 | 311 |
indicatorDAO.save(indicatorBasedOnDefault); |
244 | 312 |
} |
245 | 313 |
} |
... | ... | |
299 | 367 |
return indicatorPathField; |
300 | 368 |
} |
301 | 369 |
|
370 |
@PreAuthorize("isAuthenticated()") |
|
302 | 371 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{indicatorId}/delete", method = RequestMethod.DELETE) |
303 | 372 |
public boolean deleteIndicator(@PathVariable("stakeholderId") String stakeholderId, |
304 | 373 |
@PathVariable("topicId") String topicId, |
... | ... | |
314 | 383 |
if(indicator != null) { |
315 | 384 |
Section<String> section = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId, sectionId, indicator.getType()); |
316 | 385 |
|
386 |
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId); |
|
387 |
List<String> roles = rolesUtils.getRoles(); |
|
388 |
if(indicator.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) { |
|
389 |
// EXCEPTION - Access denied |
|
390 |
throw new AccessDeniedException("Delete indicator: You are not authorized to delete a default Indicator in stakeholder with id: "+stakeholderId); |
|
391 |
} |
|
392 |
|
|
317 | 393 |
List<String> indicators = section.getIndicators(); |
318 | 394 |
|
319 | 395 |
int index = indicators.indexOf(indicatorId); |
... | ... | |
484 | 560 |
// return true; |
485 | 561 |
// } |
486 | 562 |
|
563 |
@PreAuthorize("isAuthenticated()") |
|
487 | 564 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{type}/reorder", method = RequestMethod.POST) |
488 | 565 |
public List<Indicator> reorderIndicators(@PathVariable("stakeholderId") String stakeholderId, |
489 | 566 |
@PathVariable("topicId") String topicId, |
... | ... | |
509 | 586 |
return indicatorsFull; |
510 | 587 |
} |
511 | 588 |
|
512 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{indicatorId}/toggle-status", method = RequestMethod.POST) |
|
513 |
public Boolean toggleIndicatorStatus(@PathVariable("stakeholderId") String stakeholderId, |
|
514 |
@PathVariable("topicId") String topicId, |
|
515 |
@PathVariable("categoryId") String categoryId, |
|
516 |
@PathVariable("subcategoryId") String subcategoryId, |
|
517 |
@PathVariable("sectionId") String sectionId, |
|
518 |
@PathVariable("indicatorId") String indicatorId) { |
|
519 |
log.debug("toggle indicator status (isActive)"); |
|
520 |
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId+ " - SubCategory: "+subcategoryId + " - Section: "+sectionId+ " - Indicator: "+indicatorId); |
|
589 |
// @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{indicatorId}/toggle-status", method = RequestMethod.POST) |
|
590 |
// public Boolean toggleIndicatorStatus(@PathVariable("stakeholderId") String stakeholderId, |
|
591 |
// @PathVariable("topicId") String topicId, |
|
592 |
// @PathVariable("categoryId") String categoryId, |
|
593 |
// @PathVariable("subcategoryId") String subcategoryId, |
|
594 |
// @PathVariable("sectionId") String sectionId, |
|
595 |
// @PathVariable("indicatorId") String indicatorId) { |
|
596 |
// log.debug("toggle indicator status (isActive)"); |
|
597 |
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId+ " - SubCategory: "+subcategoryId + " - Section: "+sectionId+ " - Indicator: "+indicatorId); |
|
598 |
// |
|
599 |
// Indicator indicator = indicatorDAO.findById(indicatorId); |
|
600 |
// if (indicator == null) { |
|
601 |
// // EXCEPTION - Indicator not found |
|
602 |
// throw new EntityNotFoundException("Toggle indicator status: Indicator with id: "+indicatorId+" not found"); |
|
603 |
// } |
|
604 |
// indicator.setIsActive(!indicator.getIsActive()); |
|
605 |
// |
|
606 |
// this.toggleIndicator(stakeholderId, topicId, categoryId, subcategoryId, sectionId, indicator); |
|
607 |
// |
|
608 |
// return indicator.getIsActive(); |
|
609 |
// } |
|
610 |
// |
|
611 |
// @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{indicatorId}/toggle-access", method = RequestMethod.POST) |
|
612 |
// public Boolean toggleIndicatorAccess(@PathVariable("stakeholderId") String stakeholderId, |
|
613 |
// @PathVariable("topicId") String topicId, |
|
614 |
// @PathVariable("categoryId") String categoryId, |
|
615 |
// @PathVariable("subcategoryId") String subcategoryId, |
|
616 |
// @PathVariable("sectionId") String sectionId, |
|
617 |
// @PathVariable("indicatorId") String indicatorId) { |
|
618 |
// log.debug("toggle indicator access (isPublic)"); |
|
619 |
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId+ " - SubCategory: "+subcategoryId + " - Section: "+sectionId+ " - Indicator: "+indicatorId); |
|
620 |
// |
|
621 |
// Indicator indicator = indicatorDAO.findById(indicatorId); |
|
622 |
// if (indicator == null) { |
|
623 |
// // EXCEPTION - Indicator not found |
|
624 |
// throw new EntityNotFoundException("Toggle indicator access: Indicator with id: "+indicatorId+" not found"); |
|
625 |
// } |
|
626 |
// indicator.setIsPublic(!indicator.getIsPublic()); |
|
627 |
// |
|
628 |
// this.toggleIndicator(stakeholderId, topicId, categoryId, subcategoryId, sectionId, indicator); |
|
629 |
// |
|
630 |
// return indicator.getIsPublic(); |
|
631 |
// } |
|
521 | 632 |
|
522 |
Indicator indicator = indicatorDAO.findById(indicatorId); |
|
523 |
if (indicator == null) { |
|
524 |
// EXCEPTION - Indicator not found |
|
525 |
throw new EntityNotFoundException("Toggle indicator status: Indicator with id: "+indicatorId+" not found"); |
|
526 |
} |
|
527 |
indicator.setIsActive(!indicator.getIsActive()); |
|
528 |
|
|
529 |
this.toggleIndicator(stakeholderId, topicId, categoryId, subcategoryId, sectionId, indicator); |
|
530 |
|
|
531 |
return indicator.getIsActive(); |
|
532 |
} |
|
533 |
|
|
534 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{indicatorId}/toggle-access", method = RequestMethod.POST) |
|
535 |
public Boolean toggleIndicatorAccess(@PathVariable("stakeholderId") String stakeholderId, |
|
536 |
@PathVariable("topicId") String topicId, |
|
537 |
@PathVariable("categoryId") String categoryId, |
|
538 |
@PathVariable("subcategoryId") String subcategoryId, |
|
539 |
@PathVariable("sectionId") String sectionId, |
|
540 |
@PathVariable("indicatorId") String indicatorId) { |
|
541 |
log.debug("toggle indicator access (isPublic)"); |
|
633 |
@PreAuthorize("isAuthenticated()") |
|
634 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{indicatorId}/change-visibility", method = RequestMethod.POST) |
|
635 |
public Visibility changeTopicVisibility(@PathVariable("stakeholderId") String stakeholderId, |
|
636 |
@PathVariable("topicId") String topicId, |
|
637 |
@PathVariable("categoryId") String categoryId, |
|
638 |
@PathVariable("subcategoryId") String subcategoryId, |
|
639 |
@PathVariable("sectionId") String sectionId, |
|
640 |
@PathVariable("indicatorId") String indicatorId, |
|
641 |
@RequestParam("visibility") Visibility visibility) { |
|
642 |
log.debug("change indicator visibility: "+visibility); |
|
542 | 643 |
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId+ " - SubCategory: "+subcategoryId + " - Section: "+sectionId+ " - Indicator: "+indicatorId); |
543 | 644 |
|
544 | 645 |
Indicator indicator = indicatorDAO.findById(indicatorId); |
545 | 646 |
if (indicator == null) { |
546 | 647 |
// EXCEPTION - Indicator not found |
547 |
throw new EntityNotFoundException("Toggle indicator access: Indicator with id: "+indicatorId+" not found");
|
|
648 |
throw new EntityNotFoundException("Change indicator visibility: Indicator with id: "+indicatorId+" not found");
|
|
548 | 649 |
} |
549 |
indicator.setIsPublic(!indicator.getIsPublic());
|
|
650 |
indicator.setVisibility(visibility);
|
|
550 | 651 |
|
551 | 652 |
this.toggleIndicator(stakeholderId, topicId, categoryId, subcategoryId, sectionId, indicator); |
552 | 653 |
|
553 |
return indicator.getIsPublic();
|
|
654 |
return indicator.getVisibility();
|
|
554 | 655 |
} |
555 | 656 |
|
556 | 657 |
public void toggleIndicator(String stakeholderId, String topicId, String categoryId, String subcategoryId, String sectionId, Indicator indicator) { |
... | ... | |
576 | 677 |
throw new EntityNotFoundException("Save indicator: Stakeholder with id: " + stakeholderId + " not found"); |
577 | 678 |
} |
578 | 679 |
|
680 |
List<String> roles = rolesUtils.getRoles(); |
|
681 |
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { |
|
682 |
// EXCEPTION - Access denied |
|
683 |
throw new AccessDeniedException("CheckForExceptions Indicator: You are not authorized to update stakeholder with id: "+stakeholderId); |
|
684 |
} |
|
685 |
|
|
579 | 686 |
Topic<String> topic = topicDAO.findById(topicId); |
580 | 687 |
if(topic == null) { |
581 | 688 |
// EXCEPTION - Topic not found |
modules/uoa-monitor-service/trunk/src/main/java/eu/dnetlib/uoamonitorservice/controllers/CategoryController.java | ||
---|---|---|
4 | 4 |
import eu.dnetlib.uoamonitorservice.entities.*; |
5 | 5 |
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; |
6 | 6 |
import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException; |
7 |
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils; |
|
7 | 8 |
import org.apache.log4j.Logger; |
8 | 9 |
import org.springframework.beans.factory.annotation.Autowired; |
10 |
import org.springframework.security.access.AccessDeniedException; |
|
11 |
import org.springframework.security.access.prepost.PreAuthorize; |
|
9 | 12 |
import org.springframework.web.bind.annotation.*; |
10 | 13 |
|
11 | 14 |
import java.util.ArrayList; |
15 |
import java.util.Date; |
|
12 | 16 |
import java.util.Iterator; |
13 | 17 |
import java.util.List; |
14 | 18 |
|
... | ... | |
18 | 22 |
private final Logger log = Logger.getLogger(this.getClass()); |
19 | 23 |
|
20 | 24 |
@Autowired |
25 |
private RolesUtils rolesUtils; |
|
26 |
|
|
27 |
@Autowired |
|
21 | 28 |
private StakeholderDAO stakeholderDAO; |
22 | 29 |
|
23 | 30 |
@Autowired |
... | ... | |
30 | 37 |
private SubCategoryDAO subCategoryDAO; |
31 | 38 |
|
32 | 39 |
@Autowired |
33 |
private SectionDAO sectionDAO; |
|
34 |
|
|
35 |
@Autowired |
|
36 |
private IndicatorDAO indicatorDAO; |
|
37 |
|
|
38 |
@Autowired |
|
39 | 40 |
private SubCategoryController subCategoryController; |
40 | 41 |
|
41 | 42 |
public Category<SubCategory> buildCategory(Category<SubCategory> categoryFull) { |
... | ... | |
51 | 52 |
categoryFull.setSubCategories(subCategoriesFull); |
52 | 53 |
category.setSubCategories(subCategories); |
53 | 54 |
|
55 |
Date date = new Date(); |
|
56 |
category.setCreationDate(date); |
|
57 |
category.setUpdateDate(date); |
|
58 |
|
|
59 |
categoryFull.setCreationDate(date); |
|
60 |
categoryFull.setUpdateDate(date); |
|
61 |
|
|
54 | 62 |
categoryDAO.save(category); |
55 | 63 |
|
56 | 64 |
categoryFull.setId(category.getId()); |
57 | 65 |
return categoryFull; |
58 | 66 |
} |
59 | 67 |
|
68 |
@PreAuthorize("isAuthenticated()") |
|
60 | 69 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/save", method = RequestMethod.POST) |
61 | 70 |
public Category<SubCategory> saveCategory(@PathVariable("stakeholderId") String stakeholderId, |
62 | 71 |
@PathVariable("topicId") String topicId, |
... | ... | |
67 | 76 |
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId); |
68 | 77 |
|
69 | 78 |
if(stakeholder != null) { |
79 |
|
|
80 |
List<String> roles = rolesUtils.getRoles(); |
|
81 |
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { |
|
82 |
// EXCEPTION - Access denied |
|
83 |
throw new AccessDeniedException("Save Category: You are not authorized to update stakeholder with id: "+stakeholderId); |
|
84 |
} |
|
85 |
|
|
70 | 86 |
Category<String> oldCategory = null; |
71 | 87 |
if(categoryFull.getId() != null) { |
72 | 88 |
oldCategory = categoryDAO.findById(categoryFull.getId()); |
... | ... | |
75 | 91 |
Topic<String> topic = topicDAO.findById(topicId); |
76 | 92 |
if(topic != null) { |
77 | 93 |
if(stakeholder.getTopics().contains(topicId)) { |
94 |
Category<String> category = new Category<>(categoryFull); |
|
95 |
|
|
96 |
Date date = new Date(); |
|
97 |
category.setUpdateDate(date); |
|
98 |
categoryFull.setUpdateDate(date); |
|
99 |
|
|
78 | 100 |
// if category not exists (no id), create a new default subcategory, identical to category |
79 | 101 |
if(categoryFull.getId() == null) { |
102 |
category.setCreationDate(date); |
|
103 |
categoryFull.setCreationDate(date); |
|
104 |
|
|
80 | 105 |
SubCategory<String> subCategory = new SubCategory<>(); |
81 | 106 |
subCategory.createOverviewSubCategory(categoryFull); |
82 | 107 |
|
... | ... | |
85 | 110 |
subCategories.add(subCategory); |
86 | 111 |
} |
87 | 112 |
|
88 |
|
|
89 |
Category<String> category = new Category<>(categoryFull); |
|
90 |
|
|
91 | 113 |
List<String> subCategories = new ArrayList<>(); |
92 | 114 |
for(SubCategory subCategory : categoryFull.getSubCategories()) { |
93 | 115 |
subCategories.add(subCategory.getId()); |
94 | 116 |
} |
95 | 117 |
category.setSubCategories(subCategories); |
96 | 118 |
|
97 |
categoryDAO.save(category); |
|
98 |
|
|
99 | 119 |
if(stakeholder.getDefaultId() == null) { |
100 | 120 |
if(categoryFull.getId() == null) { |
121 |
categoryDAO.save(category); |
|
101 | 122 |
onSaveDefaultCategory(category, topicId); |
102 | 123 |
} else { |
103 | 124 |
onUpdateDefaultCategory(category, oldCategory); |
125 |
categoryDAO.save(category); |
|
104 | 126 |
} |
127 |
} else { |
|
128 |
categoryDAO.save(category); |
|
105 | 129 |
} |
106 | 130 |
|
107 | 131 |
List<String> categories = topic.getCategories(); |
... | ... | |
178 | 202 |
|
179 | 203 |
// categoryBasedOnDefault.setName(category.getName()); |
180 | 204 |
// categoryBasedOnDefault.setDescription(category.getDescription()); |
205 |
categoryBasedOnDefault.setUpdateDate(category.getUpdateDate()); |
|
181 | 206 |
categoryDAO.save(categoryBasedOnDefault); |
182 | 207 |
} |
183 | 208 |
} |
184 | 209 |
|
210 |
@PreAuthorize("isAuthenticated()") |
|
185 | 211 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/delete", method = RequestMethod.DELETE) |
186 | 212 |
public boolean deleteCategory(@PathVariable("stakeholderId") String stakeholderId, |
187 | 213 |
@PathVariable("topicId") String topicId, |
... | ... | |
194 | 220 |
|
195 | 221 |
if(stakeholder != null) { |
196 | 222 |
|
223 |
List<String> roles = rolesUtils.getRoles(); |
|
224 |
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { |
|
225 |
// EXCEPTION - Access denied |
|
226 |
throw new AccessDeniedException("Delete category: You are not authorized to update stakeholder with id: "+stakeholderId); |
|
227 |
} |
|
228 |
|
|
197 | 229 |
Topic<String> topic = topicDAO.findById(topicId); |
198 | 230 |
if(topic != null) { |
199 | 231 |
if(stakeholder.getTopics().contains(topicId)) { |
... | ... | |
201 | 233 |
Category<String> category = categoryDAO.findById(categoryId); |
202 | 234 |
if(category != null) { |
203 | 235 |
|
236 |
if(category.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) { |
|
237 |
// EXCEPTION - Access denied |
|
238 |
throw new AccessDeniedException("Delete category: You are not authorized to delete a default Category in stakeholder with id: "+stakeholderId); |
|
239 |
} |
|
240 |
|
|
241 |
|
|
204 | 242 |
List<String> categories = topic.getCategories(); |
205 | 243 |
int index = categories.indexOf(categoryId); |
206 | 244 |
if(index != -1) { |
... | ... | |
321 | 359 |
return true; |
322 | 360 |
} |
323 | 361 |
|
362 |
@PreAuthorize("isAuthenticated()") |
|
324 | 363 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/reorder", method = RequestMethod.POST) |
325 | 364 |
public List<Category> reorderCategories(@PathVariable("stakeholderId") String stakeholderId, |
326 | 365 |
@PathVariable("topicId") String topicId, |
... | ... | |
342 | 381 |
return categoriesFull; |
343 | 382 |
} |
344 | 383 |
|
345 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/toggle-status", method = RequestMethod.POST) |
|
346 |
public Boolean toggleCategoryStatus(@PathVariable("stakeholderId") String stakeholderId, |
|
347 |
@PathVariable("topicId") String topicId, |
|
348 |
@PathVariable("categoryId") String categoryId) { |
|
349 |
log.debug("toggle category status (isActive)"); |
|
350 |
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId); |
|
384 |
// @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/toggle-status", method = RequestMethod.POST) |
|
385 |
// public Boolean toggleCategoryStatus(@PathVariable("stakeholderId") String stakeholderId, |
|
386 |
// @PathVariable("topicId") String topicId, |
|
387 |
// @PathVariable("categoryId") String categoryId) { |
|
388 |
// log.debug("toggle category status (isActive)"); |
|
389 |
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId); |
|
390 |
// |
|
391 |
// Category category = categoryDAO.findById(categoryId); |
|
392 |
// if (category == null) { |
|
393 |
// // EXCEPTION - Category not found |
|
394 |
// throw new EntityNotFoundException("Toggle category status: Category with id: "+categoryId+" not found"); |
|
395 |
// } |
|
396 |
// category.setIsActive(!category.getIsActive()); |
|
397 |
// |
|
398 |
// this.toggleCategory(stakeholderId, topicId, category); |
|
399 |
// |
|
400 |
// return category.getIsActive(); |
|
401 |
// } |
|
402 |
// |
|
403 |
// @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/toggle-access", method = RequestMethod.POST) |
|
404 |
// public Boolean toggleCategoryAccess(@PathVariable("stakeholderId") String stakeholderId, |
|
405 |
// @PathVariable("topicId") String topicId, |
|
406 |
// @PathVariable("categoryId") String categoryId) { |
|
407 |
// log.debug("toggle category access (isPublic)"); |
|
408 |
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId); |
|
409 |
// |
|
410 |
// Category category = categoryDAO.findById(categoryId); |
|
411 |
// if (category == null) { |
|
412 |
// // EXCEPTION - Category not found |
|
413 |
// throw new EntityNotFoundException("Toggle category access: Category with id: "+categoryId+" not found"); |
|
414 |
// } |
|
415 |
// category.setIsPublic(!category.getIsPublic()); |
|
416 |
// |
|
417 |
// this.toggleCategory(stakeholderId, topicId, category); |
|
418 |
// |
|
419 |
// return category.getIsPublic(); |
|
420 |
// } |
|
351 | 421 |
|
352 |
Category category = categoryDAO.findById(categoryId); |
|
353 |
if (category == null) { |
|
354 |
// EXCEPTION - Category not found |
|
355 |
throw new EntityNotFoundException("Toggle category status: Category with id: "+categoryId+" not found"); |
|
356 |
} |
|
357 |
category.setIsActive(!category.getIsActive()); |
|
358 |
|
|
359 |
this.toggleCategory(stakeholderId, topicId, category); |
|
360 |
|
|
361 |
return category.getIsActive(); |
|
362 |
} |
|
363 |
|
|
364 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/toggle-access", method = RequestMethod.POST) |
|
365 |
public Boolean toggleCategoryAccess(@PathVariable("stakeholderId") String stakeholderId, |
|
366 |
@PathVariable("topicId") String topicId, |
|
367 |
@PathVariable("categoryId") String categoryId) { |
|
368 |
log.debug("toggle category access (isPublic)"); |
|
422 |
@PreAuthorize("isAuthenticated()") |
|
423 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/change-visibility", method = RequestMethod.POST) |
|
424 |
public Visibility changeCategoryVisibility(@PathVariable("stakeholderId") String stakeholderId, |
|
425 |
@PathVariable("topicId") String topicId, |
|
426 |
@PathVariable("categoryId") String categoryId, |
|
427 |
@RequestParam("visibility") Visibility visibility) { |
|
428 |
log.debug("change category visibility: "+visibility); |
|
369 | 429 |
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId); |
370 | 430 |
|
371 | 431 |
Category category = categoryDAO.findById(categoryId); |
372 | 432 |
if (category == null) { |
373 | 433 |
// EXCEPTION - Category not found |
374 |
throw new EntityNotFoundException("Toggle category access: Category with id: "+categoryId+" not found");
|
|
434 |
throw new EntityNotFoundException("Change topic visibility: Category with id: "+categoryId+" not found");
|
|
375 | 435 |
} |
376 |
category.setIsPublic(!category.getIsPublic());
|
|
436 |
category.setVisibility(visibility);
|
|
377 | 437 |
|
378 | 438 |
this.toggleCategory(stakeholderId, topicId, category); |
379 | 439 |
|
380 |
return category.getIsPublic();
|
|
440 |
return category.getVisibility();
|
|
381 | 441 |
} |
382 | 442 |
|
383 | 443 |
public void toggleCategory(String stakeholderId, String topicId, Category category) { |
... | ... | |
385 | 445 |
|
386 | 446 |
if (stakeholder != null) { |
387 | 447 |
|
448 |
List<String> roles = rolesUtils.getRoles(); |
|
449 |
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { |
|
450 |
// EXCEPTION - Access denied |
|
451 |
throw new AccessDeniedException("Toggle category: You are not authorized to update stakeholder with id: "+stakeholderId); |
|
452 |
} |
|
453 |
|
|
388 | 454 |
Topic<String> topic = topicDAO.findById(topicId); |
389 | 455 |
if (topic != null) { |
390 | 456 |
if (stakeholder.getTopics().contains(topicId)) { |
... | ... | |
419 | 485 |
throw new EntityNotFoundException("checkForExceptions category: Stakeholder with id: " + stakeholderId + " not found"); |
420 | 486 |
} |
421 | 487 |
|
488 |
List<String> roles = rolesUtils.getRoles(); |
|
489 |
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { |
|
490 |
// EXCEPTION - Access denied |
|
491 |
throw new AccessDeniedException("checkForExceptions category: You are not authorized to update stakeholder with id: "+stakeholderId); |
|
492 |
} |
|
493 |
|
|
422 | 494 |
Topic<String> topic = topicDAO.findById(topicId); |
423 | 495 |
if(topic == null) { |
424 | 496 |
// EXCEPTION - Topic not found |
modules/uoa-monitor-service/trunk/src/main/java/eu/dnetlib/uoamonitorservice/controllers/TopicController.java | ||
---|---|---|
4 | 4 |
import eu.dnetlib.uoamonitorservice.entities.*; |
5 | 5 |
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; |
6 | 6 |
import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException; |
7 |
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils; |
|
7 | 8 |
import org.apache.log4j.Logger; |
8 | 9 |
import org.springframework.beans.factory.annotation.Autowired; |
10 |
import org.springframework.security.access.AccessDeniedException; |
|
11 |
import org.springframework.security.access.prepost.PreAuthorize; |
|
9 | 12 |
import org.springframework.web.bind.annotation.*; |
10 | 13 |
|
11 | 14 |
import java.util.ArrayList; |
15 |
import java.util.Date; |
|
12 | 16 |
import java.util.Iterator; |
13 | 17 |
import java.util.List; |
14 | 18 |
|
... | ... | |
18 | 22 |
private final Logger log = Logger.getLogger(this.getClass()); |
19 | 23 |
|
20 | 24 |
@Autowired |
25 |
private RolesUtils rolesUtils; |
|
26 |
|
|
27 |
@Autowired |
|
21 | 28 |
private StakeholderDAO stakeholderDAO; |
22 | 29 |
|
23 | 30 |
@Autowired |
24 | 31 |
private TopicDAO topicDAO; |
25 | 32 |
|
26 | 33 |
@Autowired |
27 |
private CategoryDAO categoryDAO; |
|
28 |
|
|
29 |
@Autowired |
|
30 |
private SubCategoryDAO subCategoryDAO; |
|
31 |
|
|
32 |
@Autowired |
|
33 |
private SectionDAO sectionDAO; |
|
34 |
|
|
35 |
@Autowired |
|
36 |
private IndicatorDAO indicatorDAO; |
|
37 |
|
|
38 |
@Autowired |
|
39 | 34 |
private CategoryController categoryController; |
40 | 35 |
|
41 | 36 |
public Topic<Category> buildTopic(Topic<Category> topicFull) { |
... | ... | |
51 | 46 |
topicFull.setCategories(categoriesFull); |
52 | 47 |
topic.setCategories(categories); |
53 | 48 |
|
49 |
Date date = new Date(); |
|
50 |
topic.setCreationDate(date); |
|
51 |
topic.setUpdateDate(date); |
|
52 |
|
|
53 |
topicFull.setCreationDate(date); |
|
54 |
topicFull.setUpdateDate(date); |
|
55 |
|
|
54 | 56 |
topicDAO.save(topic); |
55 | 57 |
|
56 | 58 |
topicFull.setId(topic.getId()); |
57 | 59 |
return topicFull; |
58 | 60 |
} |
59 | 61 |
|
62 |
@PreAuthorize("isAuthenticated()") |
|
60 | 63 |
@RequestMapping(value = "/{stakeholderId}/save", method = RequestMethod.POST) |
61 | 64 |
public Topic<Category> saveTopic(@PathVariable("stakeholderId") String stakeholderId, |
62 | 65 |
@RequestBody Topic<Category> topicFull) { |
... | ... | |
66 | 69 |
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId); |
67 | 70 |
|
68 | 71 |
if(stakeholder != null) { |
72 |
List<String> roles = rolesUtils.getRoles(); |
|
73 |
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { |
|
74 |
// EXCEPTION - Access denied |
|
75 |
throw new AccessDeniedException("Save Topic: You are not authorized to update stakeholder with id: "+stakeholderId); |
|
76 |
} |
|
77 |
|
|
78 |
Topic<String> topic = new Topic<>(topicFull); |
|
79 |
Date date = new Date(); |
|
80 |
topic.setUpdateDate(date); |
|
81 |
topicFull.setUpdateDate(date); |
|
82 |
|
|
69 | 83 |
Topic<String> oldTopic = null; |
70 | 84 |
if(topicFull.getId() != null) { |
71 | 85 |
oldTopic = topicDAO.findById(topicFull.getId()); |
86 |
} else { // topic does not exist in DB |
|
87 |
topic.setCreationDate(date); |
|
88 |
topicFull.setCreationDate(date); |
|
72 | 89 |
} |
73 | 90 |
|
74 |
Topic<String> topic = new Topic<>(topicFull); |
|
75 |
|
|
76 | 91 |
List<String> categories = new ArrayList<>(); |
77 | 92 |
for(Category category : topicFull.getCategories()) { |
78 | 93 |
categories.add(category.getId()); |
79 | 94 |
} |
80 | 95 |
topic.setCategories(categories); |
81 | 96 |
|
82 |
topicDAO.save(topic); |
|
83 |
|
|
84 | 97 |
if(stakeholder.getDefaultId() == null) { |
85 | 98 |
if(topicFull.getId() == null) { |
99 |
topicDAO.save(topic); |
|
86 | 100 |
onSaveDefaultTopic(topic, stakeholderId); |
87 | 101 |
} else { |
88 | 102 |
onUpdateDefaultTopic(topic, oldTopic); |
103 |
topicDAO.save(topic); |
|
89 | 104 |
} |
105 |
} else { |
|
106 |
topicDAO.save(topic); |
|
90 | 107 |
} |
91 | 108 |
|
92 | 109 |
List<String> topics = stakeholder.getTopics(); |
... | ... | |
158 | 175 |
|
159 | 176 |
// topicBasedOnDefault.setName(topic.getName()); |
160 | 177 |
// topicBasedOnDefault.setDescription(topic.getDescription()); |
178 |
topicBasedOnDefault.setUpdateDate(topic.getUpdateDate()); |
|
161 | 179 |
topicDAO.save(topicBasedOnDefault); |
162 | 180 |
} |
163 | 181 |
} |
164 | 182 |
|
183 |
@PreAuthorize("isAuthenticated()") |
|
165 | 184 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/delete", method = RequestMethod.DELETE) |
166 | 185 |
public boolean deleteTopic(@PathVariable("stakeholderId") String stakeholderId, |
167 | 186 |
@PathVariable("topicId") String topicId, |
... | ... | |
173 | 192 |
|
174 | 193 |
if(stakeholder != null) { |
175 | 194 |
|
195 |
List<String> roles = rolesUtils.getRoles(); |
|
196 |
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { |
|
197 |
// EXCEPTION - Access denied |
|
198 |
throw new AccessDeniedException("Delete topic: You are not authorized to update stakeholder with id: "+stakeholderId); |
|
199 |
} |
|
200 |
|
|
176 | 201 |
Topic<String> topic = topicDAO.findById(topicId); |
177 | 202 |
if(topic != null) { |
178 | 203 |
|
204 |
if(topic.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) { |
|
205 |
// EXCEPTION - Access denied |
|
206 |
throw new AccessDeniedException("Delete topic: You are not authorized to delete a default Topic in stakeholder with id: "+stakeholderId); |
|
207 |
} |
|
208 |
|
|
179 | 209 |
List<String> topics = stakeholder.getTopics(); |
180 | 210 |
int index = topics.indexOf(topicId); |
181 | 211 |
if(index != -1) { |
... | ... | |
298 | 328 |
return true; |
299 | 329 |
} |
300 | 330 |
|
331 |
@PreAuthorize("isAuthenticated()") |
|
301 | 332 |
@RequestMapping(value = "/{stakeholderId}/reorder", method = RequestMethod.POST) |
302 | 333 |
public List<Topic> reorderTopics(@PathVariable("stakeholderId") String stakeholderId, |
303 | 334 |
@RequestBody List<String> topics) { |
... | ... | |
307 | 338 |
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId); |
308 | 339 |
|
309 | 340 |
if(stakeholder != null) { |
341 |
|
|
342 |
List<String> roles = rolesUtils.getRoles(); |
|
343 |
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { |
|
344 |
// EXCEPTION - Access denied |
|
345 |
throw new AccessDeniedException("Reorder topics: You are not authorized to update stakeholder with id: "+stakeholderId); |
|
346 |
} |
|
347 |
|
|
310 | 348 |
stakeholder.setTopics(topics); |
311 | 349 |
|
312 | 350 |
stakeholderDAO.save(stakeholder); |
... | ... | |
323 | 361 |
} |
324 | 362 |
} |
325 | 363 |
|
326 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/toggle-status", method = RequestMethod.POST) |
|
327 |
public Boolean toggleTopicStatus(@PathVariable("stakeholderId") String stakeholderId, |
|
328 |
@PathVariable("topicId") String topicId) { |
|
329 |
log.debug("toggle topic status (isActive)"); |
|
330 |
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId); |
|
364 |
// @RequestMapping(value = "/{stakeholderId}/{topicId}/toggle-status", method = RequestMethod.POST) |
|
365 |
// public Boolean toggleTopicStatus(@PathVariable("stakeholderId") String stakeholderId, |
|
366 |
// @PathVariable("topicId") String topicId) { |
|
367 |
// log.debug("toggle topic status (isActive)"); |
|
368 |
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId); |
|
369 |
// |
|
370 |
// Topic topic = topicDAO.findById(topicId); |
|
371 |
// if (topic == null) { |
|
372 |
// // EXCEPTION - Topic not found |
|
373 |
// throw new EntityNotFoundException("Toggle topic status: Topic with id: "+topicId+" not found"); |
|
374 |
// } |
|
375 |
// topic.setIsActive(!topic.getIsActive()); |
|
376 |
// |
|
377 |
// this.toggleTopic(stakeholderId, topic); |
|
378 |
// |
|
379 |
// return topic.getIsActive(); |
|
380 |
// } |
|
381 |
// |
|
382 |
// @RequestMapping(value = "/{stakeholderId}/{topicId}/toggle-access", method = RequestMethod.POST) |
|
383 |
// public Boolean toggleTopicAccess(@PathVariable("stakeholderId") String stakeholderId, |
|
384 |
// @PathVariable("topicId") String topicId) { |
|
385 |
// log.debug("toggle topic access (isPublic)"); |
|
386 |
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId); |
|
387 |
// |
|
388 |
// Topic topic = topicDAO.findById(topicId); |
|
389 |
// if (topic == null) { |
|
390 |
// // EXCEPTION - Topic not found |
|
391 |
// throw new EntityNotFoundException("Toggle topic access: Topic with id: "+topicId+" not found"); |
|
392 |
// } |
|
393 |
// topic.setIsPublic(!topic.getIsPublic()); |
|
394 |
// |
|
395 |
// this.toggleTopic(stakeholderId, topic); |
|
396 |
// |
|
397 |
// return topic.getIsPublic(); |
|
398 |
// } |
|
331 | 399 |
|
332 |
Topic topic = topicDAO.findById(topicId); |
|
333 |
if (topic == null) { |
|
334 |
// EXCEPTION - Topic not found |
|
335 |
throw new EntityNotFoundException("Toggle topic status: Topic with id: "+topicId+" not found"); |
|
336 |
} |
|
337 |
topic.setIsActive(!topic.getIsActive()); |
|
338 |
|
|
339 |
this.toggleTopic(stakeholderId, topic); |
|
340 |
|
|
341 |
return topic.getIsActive(); |
|
342 |
} |
|
343 |
|
|
344 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/toggle-access", method = RequestMethod.POST) |
|
345 |
public Boolean toggleTopicAccess(@PathVariable("stakeholderId") String stakeholderId, |
|
346 |
@PathVariable("topicId") String topicId) { |
|
347 |
log.debug("toggle topic access (isPublic)"); |
|
400 |
@PreAuthorize("isAuthenticated()") |
|
401 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/change-visibility", method = RequestMethod.POST) |
|
402 |
public Visibility changeTopicVisibility(@PathVariable("stakeholderId") String stakeholderId, |
|
403 |
@PathVariable("topicId") String topicId, |
|
404 |
@RequestParam("visibility") Visibility visibility) { |
|
405 |
log.debug("change topic visibility: "+visibility); |
|
348 | 406 |
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId); |
349 | 407 |
|
350 | 408 |
Topic topic = topicDAO.findById(topicId); |
351 | 409 |
if (topic == null) { |
352 | 410 |
// EXCEPTION - Topic not found |
353 |
throw new EntityNotFoundException("Toggle topic access: Topic with id: "+topicId+" not found");
|
|
411 |
throw new EntityNotFoundException("Change topic visibility: Topic with id: "+topicId+" not found");
|
|
354 | 412 |
} |
355 |
topic.setIsPublic(!topic.getIsPublic());
|
|
413 |
topic.setVisibility(visibility);
|
|
356 | 414 |
|
357 | 415 |
this.toggleTopic(stakeholderId, topic); |
358 | 416 |
|
359 |
return topic.getIsPublic();
|
|
417 |
return topic.getVisibility();
|
|
360 | 418 |
} |
361 | 419 |
|
362 | 420 |
public void toggleTopic(String stakeholderId, Topic topic) { |
363 | 421 |
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId); |
364 | 422 |
|
365 | 423 |
if (stakeholder != null) { |
424 |
|
|
425 |
List<String> roles = rolesUtils.getRoles(); |
|
426 |
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { |
|
427 |
// EXCEPTION - Access denied |
|
428 |
throw new AccessDeniedException("Toggle topic: You are not authorized to update stakeholder with id: "+stakeholderId); |
|
429 |
} |
|
430 |
|
|
366 | 431 |
if (stakeholder.getTopics().contains(topic.getId())) { |
367 | 432 |
topicDAO.save(topic); |
368 | 433 |
log.debug("Topic toggled!"); |
modules/uoa-monitor-service/trunk/src/main/java/eu/dnetlib/uoamonitorservice/controllers/SectionController.java | ||
---|---|---|
4 | 4 |
import eu.dnetlib.uoamonitorservice.entities.*; |
5 | 5 |
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; |
6 | 6 |
import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException; |
7 |
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils; |
|
7 | 8 |
import org.apache.log4j.Logger; |
8 | 9 |
import org.springframework.beans.factory.annotation.Autowired; |
10 |
import org.springframework.security.access.AccessDeniedException; |
|
11 |
import org.springframework.security.access.prepost.PreAuthorize; |
|
9 | 12 |
import org.springframework.web.bind.annotation.*; |
10 | 13 |
|
11 | 14 |
import java.util.ArrayList; |
15 |
import java.util.Date; |
|
12 | 16 |
import java.util.Iterator; |
13 | 17 |
import java.util.List; |
14 | 18 |
|
... | ... | |
18 | 22 |
private final Logger log = Logger.getLogger(this.getClass()); |
19 | 23 |
|
20 | 24 |
@Autowired |
25 |
private RolesUtils rolesUtils; |
|
26 |
|
|
27 |
@Autowired |
|
21 | 28 |
private StakeholderDAO stakeholderDAO; |
22 | 29 |
|
23 | 30 |
@Autowired |
... | ... | |
52 | 59 |
sectionFull.setIndicators(indicatorsFull); |
53 | 60 |
section.setIndicators(indicators); |
54 | 61 |
|
62 |
Date date = new Date(); |
|
63 |
section.setCreationDate(date); |
|
64 |
section.setUpdateDate(date); |
|
65 |
|
|
66 |
sectionFull.setCreationDate(date); |
|
67 |
sectionFull.setUpdateDate(date); |
|
68 |
|
|
55 | 69 |
sectionDAO.save(section); |
56 | 70 |
|
57 | 71 |
sectionFull.setId(section.getId()); |
58 | 72 |
return sectionFull; |
59 | 73 |
} |
60 | 74 |
|
75 |
@PreAuthorize("isAuthenticated()") |
|
61 | 76 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/save/{index}", method = RequestMethod.POST) |
62 | 77 |
public Section saveSection(@PathVariable("stakeholderId") String stakeholderId, |
63 | 78 |
@PathVariable("topicId") String topicId, |
... | ... | |
70 | 85 |
|
71 | 86 |
SubCategory<String> subCategory = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId); |
72 | 87 |
|
88 |
Section<String> section = new Section<>(sectionFull); |
|
89 |
|
|
90 |
Date date = new Date(); |
|
91 |
section.setUpdateDate(date); |
|
92 |
sectionFull.setUpdateDate(date); |
|
93 |
|
|
73 | 94 |
Section<String> oldSection = null; |
74 | 95 |
if(sectionFull.getId() != null) { |
75 | 96 |
oldSection = sectionDAO.findById(sectionFull.getId()); |
97 |
} else { // section does not exist in DB |
|
98 |
section.setCreationDate(date); |
|
99 |
sectionFull.setCreationDate(date); |
|
76 | 100 |
} |
77 | 101 |
|
78 |
Section<String> section = new Section<>(sectionFull); |
|
79 |
|
|
80 | 102 |
String sectionId = sectionFull.getId(); |
81 | 103 |
List<String> indicators = new ArrayList<>(); |
82 | 104 |
for(Indicator indicator : sectionFull.getIndicators()) { |
83 | 105 |
indicators.add(indicator.getId()); |
84 | 106 |
} |
85 | 107 |
section.setIndicators(indicators); |
86 |
sectionDAO.save(section); |
|
87 | 108 |
|
88 | 109 |
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId); |
89 | 110 |
// this section belongs in default profile and it is new or it is updated |
90 | 111 |
if(stakeholder.getDefaultId() == null) { |
91 | 112 |
if(sectionId == null) { |
113 |
sectionDAO.save(section); |
|
92 | 114 |
onSaveDefaultSection(section, topicId, categoryId, subcategoryId, stakeholder); |
93 | 115 |
} |
94 | 116 |
else { |
95 | 117 |
onUpdateDefaultSection(section, stakeholder, oldSection); |
118 |
sectionDAO.save(section); |
|
96 | 119 |
} |
120 |
} else { |
|
121 |
sectionDAO.save(section); |
|
97 | 122 |
} |
98 | 123 |
|
99 | 124 |
List<String> sections = null; |
... | ... | |
174 | 199 |
} |
175 | 200 |
|
176 | 201 |
// sectionBasedOnDefault.setTitle(section.getTitle()); |
202 |
sectionBasedOnDefault.setUpdateDate(section.getUpdateDate()); |
|
177 | 203 |
sectionDAO.save(sectionBasedOnDefault); |
178 | 204 |
} |
179 | 205 |
} |
180 | 206 |
|
207 |
@PreAuthorize("isAuthenticated()") |
|
181 | 208 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/delete", method = RequestMethod.DELETE) |
182 | 209 |
public boolean deleteSection(@PathVariable("stakeholderId") String stakeholderId, |
183 | 210 |
@PathVariable("topicId") String topicId, |
... | ... | |
192 | 219 |
if(section != null) { |
193 | 220 |
SubCategory<String> subCategory = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId); |
194 | 221 |
|
222 |
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId); |
|
223 |
List<String> roles = rolesUtils.getRoles(); |
|
224 |
if(section.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) { |
|
225 |
// EXCEPTION - Access denied |
|
226 |
throw new AccessDeniedException("Delete section: You are not authorized to delete a default Section in stakeholder with id: "+stakeholderId); |
|
227 |
} |
|
228 |
|
|
195 | 229 |
String type = ""; |
196 | 230 |
List<String> sections = null; |
197 | 231 |
if (section.getType().equals("chart")) { |
... | ... | |
273 | 307 |
return true; |
274 | 308 |
} |
275 | 309 |
|
310 |
@PreAuthorize("isAuthenticated()") |
|
276 | 311 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{type}/reorder", method = RequestMethod.POST) |
277 | 312 |
public List<Section> reorderSections(@PathVariable("stakeholderId") String stakeholderId, |
278 | 313 |
@PathVariable("topicId") String topicId, |
... | ... | |
343 | 378 |
// return section.getIsPublic(); |
344 | 379 |
// } |
345 | 380 |
|
381 |
|
|
346 | 382 |
public void toggleSection(String stakeholderId, String topicId, String categoryId, String subcategoryId, Section section) { |
347 | 383 |
SubCategory<String> subCategory = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId); |
348 | 384 |
|
... | ... | |
372 | 408 |
throw new EntityNotFoundException("Save indicator: Stakeholder with id: " + stakeholderId + " not found"); |
373 | 409 |
} |
374 | 410 |
|
411 |
List<String> roles = rolesUtils.getRoles(); |
|
412 |
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { |
|
413 |
// EXCEPTION - Access denied |
|
414 |
throw new AccessDeniedException("CheckForExceptions Section: You are not authorized to update stakeholder with id: "+stakeholderId); |
|
415 |
} |
|
416 |
|
|
375 | 417 |
Topic<String> topic = topicDAO.findById(topicId); |
376 | 418 |
if(topic == null) { |
377 | 419 |
// EXCEPTION - Topic not found |
modules/uoa-monitor-service/trunk/src/main/java/eu/dnetlib/uoamonitorservice/controllers/StakeholderController.java | ||
---|---|---|
1 | 1 |
package eu.dnetlib.uoamonitorservice.controllers; |
2 | 2 |
|
3 |
//import com.fasterxml.jackson.core.type.TypeReference; |
|
4 |
//import com.fasterxml.jackson.databind.ObjectMapper; |
|
5 | 3 |
import eu.dnetlib.uoamonitorservice.dao.*; |
6 | 4 |
import eu.dnetlib.uoamonitorservice.entities.*; |
7 | 5 |
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; |
8 |
import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException;
|
|
6 |
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils;
|
|
9 | 7 |
import org.apache.log4j.Logger; |
10 | 8 |
import org.springframework.beans.factory.annotation.Autowired; |
9 |
|
|
10 |
import org.springframework.security.access.AccessDeniedException; |
|
11 |
import org.springframework.security.access.prepost.PreAuthorize; |
|
11 | 12 |
import org.springframework.web.bind.annotation.*; |
12 | 13 |
|
13 | 14 |
import java.util.ArrayList; |
14 | 15 |
import java.util.Date; |
16 |
import java.util.Iterator; |
|
15 | 17 |
import java.util.List; |
16 | 18 |
|
17 | 19 |
@RestController |
... | ... | |
20 | 22 |
private final Logger log = Logger.getLogger(this.getClass()); |
21 | 23 |
|
22 | 24 |
@Autowired |
25 |
private RolesUtils rolesUtils; |
|
26 |
|
|
27 |
@Autowired |
|
23 | 28 |
private StakeholderDAO stakeholderDAO; |
24 | 29 |
|
25 | 30 |
@Autowired |
... | ... | |
40 | 45 |
@Autowired |
41 | 46 |
private TopicController topicController; |
42 | 47 |
|
48 |
// @PreAuthorize("isAuthenticated()") |
|
49 |
@PreAuthorize("hasAnyAuthority(" + |
|
50 |
"@AuthorizationService.PORTAL_ADMIN, " + |
|
51 |
"@AuthorizationService.curator(#stakeholderFull.getType()))") |
|
43 | 52 |
@RequestMapping(value = "/build-stakeholder", method = RequestMethod.POST) |
44 | 53 |
public Stakeholder<Topic<Category<SubCategory<Section<Indicator>>>>> buildFullStakeholder(@RequestBody Stakeholder<Topic<Category<SubCategory<Section<Indicator>>>>> stakeholderFull) { |
45 | 54 |
log.debug("build stakeholder"); |
... | ... | |
70 | 79 |
//return null; |
71 | 80 |
} |
72 | 81 |
|
73 |
public Stakeholder setFullEntities(Stakeholder<String> stakeholder) { |
|
82 |
public Stakeholder setFullEntities(Stakeholder<String> stakeholder, List<String> roles) { |
|
83 |
boolean addAll = false; |
|
84 |
boolean addPublicAndRestricted = false; |
|
85 |
|
|
86 |
// if(roles == null |
|
87 |
// || roles.contains(authorizationService.PORTAL_ADMIN) |
|
88 |
// || roles.contains(authorizationService.curator(stakeholder.getType())) |
|
89 |
// || roles.contains(authorizationService.manager(stakeholder.getType(), stakeholder.getAlias()))) { |
|
90 |
if(rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { |
|
91 |
//if(visibility == null || visibility == (Visibility.PRIVATE)) { |
|
92 |
addAll = true; |
|
93 |
//} |
|
94 |
//if(visibility == null || visibility == (Visibility.PRIVATE) || visibility == (Visibility.RESTRICTED)) { |
|
95 |
addPublicAndRestricted = true; |
|
96 |
//} |
|
97 |
// } else if(roles != null && roles.contains(authorizationService.member(stakeholder.getType(), stakeholder.getAlias()))) { |
|
98 |
} else if(rolesUtils.isMember(roles, stakeholder.getType(), stakeholder.getAlias())) { |
|
99 |
//if(visibility == null || visibility == (Visibility.PRIVATE) || visibility == (Visibility.RESTRICTED)) { |
|
100 |
addPublicAndRestricted = true; |
|
101 |
//} |
|
102 |
} |
|
103 |
|
|
74 | 104 |
Stakeholder<Topic> stakeholderFull = new Stakeholder<>(stakeholder); |
75 | 105 |
|
76 | 106 |
List<Topic> topics = new ArrayList<>(); |
... | ... | |
81 | 111 |
// EXCEPTION - Topic not found |
82 | 112 |
throw new EntityNotFoundException("Get stakeholder: Topic with id: "+topicId+" not found (topic exists in stakeholder: "+stakeholder.getId()+")"); |
83 | 113 |
} |
114 |
|
|
115 |
if((!addAll && topic.getVisibility() == Visibility.PRIVATE) |
|
116 |
|| (!addPublicAndRestricted && topic.getVisibility() == Visibility.RESTRICTED)) { |
|
117 |
continue; |
|
118 |
} |
|
119 |
|
|
84 | 120 |
Topic<Category> topicFull = new Topic<Category>(topic); |
85 | 121 |
|
86 | 122 |
List<Category> categories = new ArrayList<>(); |
... | ... | |
91 | 127 |
// EXCEPTION - Category not found |
92 | 128 |
throw new EntityNotFoundException("Get stakeholder: Category with id: "+categoryId+" not found (category exists in topic: "+topicId+")"); |
93 | 129 |
} |
130 |
|
|
131 |
if((!addAll && category.getVisibility() == Visibility.PRIVATE) |
|
132 |
|| (!addPublicAndRestricted && category.getVisibility() == Visibility.RESTRICTED)) { |
|
133 |
continue; |
|
134 |
} |
|
135 |
|
|
94 | 136 |
Category<SubCategory> categoryFull = new Category<SubCategory>(category); |
95 | 137 |
|
96 | 138 |
List<SubCategory> subCategories = new ArrayList<>(); |
... | ... | |
101 | 143 |
// EXCEPTION - SubCategory not found |
102 | 144 |
throw new EntityNotFoundException("Get stakeholder: SubCategory with id: "+subCategoryId+" not found (subCategory exists in category: "+categoryId+")"); |
103 | 145 |
} |
146 |
|
|
147 |
if((!addAll && subCategory.getVisibility() == Visibility.PRIVATE) |
|
148 |
|| (!addPublicAndRestricted && subCategory.getVisibility() == Visibility.RESTRICTED)) { |
|
149 |
continue; |
|
150 |
} |
|
151 |
|
|
104 | 152 |
SubCategory subCategoryFull = new SubCategory<Section<Indicator>>(subCategory); |
105 | 153 |
|
106 | 154 |
List<Section> sectionsCharts = new ArrayList<>(); |
107 | 155 |
|
108 | 156 |
for(String sectionId : subCategory.getCharts()) { |
109 |
sectionsCharts.add(getSectionFull(sectionId, subCategoryId)); |
|
157 |
sectionsCharts.add(getSectionFull(sectionId, subCategoryId, addAll, addPublicAndRestricted));
|
|
110 | 158 |
} |
111 | 159 |
subCategoryFull.setCharts(sectionsCharts); |
112 | 160 |
|
113 | 161 |
List<Section> sectionsNumbers = new ArrayList<>(); |
114 | 162 |
|
115 | 163 |
for(String sectionId : subCategory.getNumbers()) { |
116 |
sectionsNumbers.add(getSectionFull(sectionId, subCategoryId)); |
|
164 |
sectionsNumbers.add(getSectionFull(sectionId, subCategoryId, addAll, addPublicAndRestricted));
|
|
117 | 165 |
} |
118 | 166 |
subCategoryFull.setNumbers(sectionsNumbers); |
119 | 167 |
|
... | ... | |
154 | 202 |
return stakeholderFull; |
155 | 203 |
} |
156 | 204 |
|
157 |
private Section getSectionFull(String sectionId, String subCategoryId) { |
|
205 |
private Section getSectionFull(String sectionId, String subCategoryId, boolean addAll, boolean addPublicAndRestricted) {
|
|
158 | 206 |
Section<String> section = sectionDAO.findById(sectionId); |
159 | 207 |
if (section == null) { |
160 | 208 |
// EXCEPTION - Section not found |
161 | 209 |
throw new EntityNotFoundException("Get stakeholder: Section with id: " + sectionId + " not found (section exists in subCategory: " + subCategoryId + ")"); |
162 | 210 |
} |
211 |
|
|
163 | 212 |
Section sectionFull = new Section<Indicator>(section); |
164 | 213 |
|
165 | 214 |
List<Indicator> indicators = new ArrayList<>(); |
... | ... | |
169 | 218 |
// EXCEPTION - Indicator not found |
170 | 219 |
throw new EntityNotFoundException("Get stakeholder: Indicator with id: " + indicatorId + " not found (indicator exists in section: " + sectionId + ")"); |
171 | 220 |
} |
221 |
|
|
222 |
if((!addAll && indicator.getVisibility() == Visibility.PRIVATE) |
|
223 |
|| (!addPublicAndRestricted && indicator.getVisibility() == Visibility.RESTRICTED)) { |
|
224 |
continue; |
|
225 |
} |
|
226 |
|
|
172 | 227 |
indicators.add(indicator); |
173 | 228 |
} |
174 | 229 |
sectionFull.setIndicators(indicators); |
... | ... | |
176 | 231 |
return sectionFull; |
177 | 232 |
} |
178 | 233 |
|
234 |
@PreAuthorize("hasAnyAuthority(" + |
|
235 |
"@AuthorizationService.PORTAL_ADMIN)") |
|
179 | 236 |
@RequestMapping(value = "/stakeholder/all", method = RequestMethod.GET) |
180 | 237 |
public List<Stakeholder> getAllStakeholders(@RequestParam(required = false) String type) { |
181 | 238 |
log.debug("get all stakeholders" + (type != null ? " with type: "+type : "")); |
... | ... | |
189 | 246 |
|
190 | 247 |
List<Stakeholder> stakeholdersFull = new ArrayList<>(); |
191 | 248 |
for(Stakeholder stakeholder : stakeholders) { |
192 |
stakeholdersFull.add(this.setFullEntities(stakeholder)); |
|
249 |
List<String> roles = rolesUtils.getRoles(); |
|
250 |
stakeholdersFull.add(this.setFullEntities(stakeholder, roles)); |
|
193 | 251 |
} |
194 | 252 |
|
195 | 253 |
return stakeholdersFull; |
196 | 254 |
} |
197 | 255 |
|
256 |
@PreAuthorize("isAuthenticated()") |
|
198 | 257 |
@RequestMapping(value = "/stakeholder/default", method = RequestMethod.GET) |
199 | 258 |
public List<Stakeholder> getAllDefaultStakeholders(@RequestParam(required = false) String type) { |
200 | 259 |
log.debug("get all default stakeholders" + (type != null ? " with type: "+type : "")); |
... | ... | |
207 | 266 |
} |
208 | 267 |
|
209 | 268 |
List<Stakeholder> stakeholdersFull = new ArrayList<>(); |
210 |
for(Stakeholder stakeholder : stakeholders) { |
|
211 |
stakeholdersFull.add(this.setFullEntities(stakeholder)); |
|
269 |
|
|
270 |
// Remove stakeholders for which i do not have authority |
|
271 |
if(stakeholders != null && stakeholders.size() > 0) { |
|
272 |
List<String> roles = rolesUtils.getRoles(); |
|
273 |
// log.debug("ROLES: "); |
|
274 |
// roles.forEach(role -> log.debug(role)); |
|
275 |
// |
|
276 |
// if (roles.contains(authorizationService.PORTAL_ADMIN)) { |
|
277 |
if (rolesUtils.isPortalAdmin(roles)) { |
|
278 |
for(Stakeholder stakeholder : stakeholders) { |
|
279 |
stakeholdersFull.add(this.setFullEntities(stakeholder, roles)); |
|
280 |
} |
|
281 |
return stakeholdersFull; |
|
282 |
} |
|
283 |
|
|
284 |
Iterator<Stakeholder> stakeholderIterator = stakeholders.iterator(); |
|
285 |
while(stakeholderIterator.hasNext()) { |
|
286 |
Stakeholder stakeholder = stakeholderIterator.next(); |
|
287 |
|
|
288 |
// if(roles.contains(authorizationService.curator(stakeholder.getType()))) { |
|
289 |
if(rolesUtils.isCurator(roles, stakeholder.getType())) { |
|
290 |
stakeholdersFull.add(this.setFullEntities(stakeholder, roles)); |
|
291 |
continue; |
|
292 |
} |
|
293 |
stakeholderIterator.remove(); |
|
294 |
} |
|
212 | 295 |
} |
296 |
|
|
213 | 297 |
return stakeholdersFull; |
214 | 298 |
} |
215 | 299 |
|
... | ... | |
224 | 308 |
stakeholders = stakeholderDAO.findByDefaultIdNotAndType(null, type); |
225 | 309 |
} |
226 | 310 |
|
311 |
//List<Stakeholder> stakeholdersFull = new ArrayList<>(); |
|
312 |
|
|
313 |
if(stakeholders != null && stakeholders.size() > 0) { |
|
314 |
// List<String> roles = authorizationService.getRoles(); |
|
315 |
List<String> roles = rolesUtils.getRoles(); |
|
316 |
|
|
317 |
// if (roles.contains(authorizationService.PORTAL_ADMIN)) { |
|
318 |
if (rolesUtils.isPortalAdmin(roles)) { |
|
319 |
// for(Stakeholder stakeholder : stakeholders) { |
|
320 |
// stakeholdersFull.add(this.setFullEntities(stakeholder)); |
|
321 |
// } |
|
322 |
// return stakeholdersFull; |
|
323 |
return stakeholders; |
|
324 |
} |
|
325 |
|
|
326 |
Iterator<Stakeholder> stakeholderIterator = stakeholders.iterator(); |
|
327 |
while(stakeholderIterator.hasNext()) { |
|
328 |
Stakeholder stakeholder = stakeholderIterator.next(); |
|
329 |
|
|
330 |
// if(roles.contains(authorizationService.curator(stakeholder.getType())) |
|
331 |
// || roles.contains(authorizationService.manager(stakeholder.getType(), stakeholder.getAlias())) |
|
332 |
// || stakeholder.getVisibility() == Visibility.PUBLIC |
|
333 |
// || (stakeholder.getVisibility() == Visibility.RESTRICTED && roles.contains(authorizationService.member(stakeholder.getType(), stakeholder.getAlias())))) { |
|
334 |
if(rolesUtils.isCurator(roles, stakeholder.getType()) |
|
335 |
|| rolesUtils.isManager(roles, stakeholder.getType(), stakeholder.getAlias()) |
|
336 |
|| stakeholder.getVisibility() == Visibility.PUBLIC |
|
337 |
|| (stakeholder.getVisibility() == Visibility.RESTRICTED && rolesUtils.isMember(roles, stakeholder.getType(), stakeholder.getAlias()))) { |
|
338 |
//stakeholdersFull.add(this.setFullEntities(stakeholder)); |
|
339 |
continue; |
|
340 |
} |
|
341 |
stakeholderIterator.remove(); |
|
342 |
} |
|
343 |
} |
|
344 |
|
|
345 |
// log.debug(new Date()); |
|
346 |
|
|
347 |
// return stakeholdersFull; |
|
348 |
return stakeholders; |
|
349 |
} |
|
350 |
|
|
351 |
@PreAuthorize("isAuthenticated()") |
|
352 |
@RequestMapping(value = "/my-stakeholder", method = RequestMethod.GET) |
|
353 |
public List<Stakeholder> getMyRealStakeholders(@RequestParam(required = false) String type) { |
|
354 |
log.debug("get my NOT default stakeholders" + (type != null ? " with type: "+type : "")); |
|
355 |
|
|
356 |
List<Stakeholder> stakeholders; |
|
357 |
if(type == null) { |
|
358 |
stakeholders = stakeholderDAO.findByDefaultIdNot(null); |
|
359 |
} else { |
|
360 |
stakeholders = stakeholderDAO.findByDefaultIdNotAndType(null, type); |
|
361 |
} |
|
362 |
|
|
227 | 363 |
List<Stakeholder> stakeholdersFull = new ArrayList<>(); |
228 |
for(Stakeholder stakeholder : stakeholders) { |
|
229 |
stakeholdersFull.add(this.setFullEntities(stakeholder)); |
|
364 |
|
|
365 |
if(stakeholders != null && stakeholders.size() > 0) { |
|
366 |
// List<String> roles = authorizationService.getRoles(); |
|
367 |
List<String> roles = rolesUtils.getRoles(); |
|
368 |
// log.debug("ROLES: "); |
|
369 |
// roles.forEach(role -> log.debug(role)); |
|
370 |
|
|
371 |
// if (roles.contains(authorizationService.PORTAL_ADMIN)) { |
|
372 |
if (rolesUtils.isPortalAdmin(roles)) { |
|
373 |
for(Stakeholder stakeholder : stakeholders) { |
|
374 |
stakeholdersFull.add(this.setFullEntities(stakeholder, roles)); |
|
375 |
} |
|
376 |
return stakeholdersFull; |
|
377 |
} |
|
378 |
|
|
379 |
Iterator<Stakeholder> stakeholderIterator = stakeholders.iterator(); |
|
380 |
while(stakeholderIterator.hasNext()) { |
|
381 |
Stakeholder stakeholder = stakeholderIterator.next(); |
|
382 |
|
|
383 |
// if(roles.contains(authorizationService.curator(stakeholder.getType())) |
|
384 |
// || roles.contains(authorizationService.manager(stakeholder.getType(), stakeholder.getAlias()))) { |
|
385 |
if(rolesUtils.isCurator(roles, stakeholder.getType()) |
|
386 |
|| rolesUtils.isManager(roles, stakeholder.getType(), stakeholder.getAlias())) { |
|
387 |
stakeholdersFull.add(this.setFullEntities(stakeholder, roles)); |
|
388 |
continue; |
|
389 |
} |
|
390 |
stakeholderIterator.remove(); |
|
391 |
} |
|
230 | 392 |
} |
231 |
log.debug(new Date()); |
|
232 | 393 |
|
394 |
// log.debug(new Date()); |
|
395 |
|
|
233 | 396 |
return stakeholdersFull; |
234 | 397 |
} |
235 | 398 |
|
... | ... | |
242 | 405 |
// EXCEPTION - Stakeholder not found |
243 | 406 |
throw new EntityNotFoundException("Get stakeholder: Stakeholder with alias: "+alias+" not found"); |
244 | 407 |
} |
245 |
return this.setFullEntities(stakeholder); |
|
408 |
|
|
409 |
// List<String> roles = authorizationService.getRoles(); |
Also available in: Unified diff
[Trunk | Monitor Service]:
1. RolesUtils.java: New class connected to "AuthorizationService" and returns helper methods for roles and authorities.
2. StakeholderController.java & TopicController.java & CategoryController.java & SubCategoryController.java & SectionController.java & IndicatorController.java:
a. Add authorization checks according to user roles (authorization library).
b. Handle new fields "createDate" and "updateDate" (StakeholderController.java already had these fields).
c. [Bug fix] On save method, if it is default entity, add it before "onSaveDefault...()" or after "onUpdateDefault...()".
d. (not in SectionController) Comment methods for toggling status and access and add method for changing visibility.
e.g. "changeIndicatorVisibility()" (/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{indicatorId}/change-visibility).
3. StakeholderController.java: Method "getAllRealStakeholders()" (/stakeholder) returns now basic Stakeholder info (topicIds, not full entities).
4. IndicatorController.java:
a. [Bug fix] On "onUpdateDefaultIndicator()", "changed" is set to false for each indicatorBasedOnDefault.
b. On "onUpdateDefaultIndicator()" handle update policy for "description" and "additionalDescription".
c. [Bug fix] On "onUpdateDefaultIndicator()", bug fixes when updating "jsonPath".