Revision 59814
Added by Konstantina Galouni over 3 years ago
CategoryController.java | ||
---|---|---|
4 | 4 |
import eu.dnetlib.uoamonitorservice.entities.*; |
5 | 5 |
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; |
6 | 6 |
import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException; |
7 |
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils; |
|
7 | 8 |
import org.apache.log4j.Logger; |
8 | 9 |
import org.springframework.beans.factory.annotation.Autowired; |
10 |
import org.springframework.security.access.AccessDeniedException; |
|
11 |
import org.springframework.security.access.prepost.PreAuthorize; |
|
9 | 12 |
import org.springframework.web.bind.annotation.*; |
10 | 13 |
|
11 | 14 |
import java.util.ArrayList; |
15 |
import java.util.Date; |
|
12 | 16 |
import java.util.Iterator; |
13 | 17 |
import java.util.List; |
14 | 18 |
|
... | ... | |
18 | 22 |
private final Logger log = Logger.getLogger(this.getClass()); |
19 | 23 |
|
20 | 24 |
@Autowired |
25 |
private RolesUtils rolesUtils; |
|
26 |
|
|
27 |
@Autowired |
|
21 | 28 |
private StakeholderDAO stakeholderDAO; |
22 | 29 |
|
23 | 30 |
@Autowired |
... | ... | |
30 | 37 |
private SubCategoryDAO subCategoryDAO; |
31 | 38 |
|
32 | 39 |
@Autowired |
33 |
private SectionDAO sectionDAO; |
|
34 |
|
|
35 |
@Autowired |
|
36 |
private IndicatorDAO indicatorDAO; |
|
37 |
|
|
38 |
@Autowired |
|
39 | 40 |
private SubCategoryController subCategoryController; |
40 | 41 |
|
41 | 42 |
public Category<SubCategory> buildCategory(Category<SubCategory> categoryFull) { |
... | ... | |
51 | 52 |
categoryFull.setSubCategories(subCategoriesFull); |
52 | 53 |
category.setSubCategories(subCategories); |
53 | 54 |
|
55 |
Date date = new Date(); |
|
56 |
category.setCreationDate(date); |
|
57 |
category.setUpdateDate(date); |
|
58 |
|
|
59 |
categoryFull.setCreationDate(date); |
|
60 |
categoryFull.setUpdateDate(date); |
|
61 |
|
|
54 | 62 |
categoryDAO.save(category); |
55 | 63 |
|
56 | 64 |
categoryFull.setId(category.getId()); |
57 | 65 |
return categoryFull; |
58 | 66 |
} |
59 | 67 |
|
68 |
@PreAuthorize("isAuthenticated()") |
|
60 | 69 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/save", method = RequestMethod.POST) |
61 | 70 |
public Category<SubCategory> saveCategory(@PathVariable("stakeholderId") String stakeholderId, |
62 | 71 |
@PathVariable("topicId") String topicId, |
... | ... | |
67 | 76 |
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId); |
68 | 77 |
|
69 | 78 |
if(stakeholder != null) { |
79 |
|
|
80 |
List<String> roles = rolesUtils.getRoles(); |
|
81 |
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { |
|
82 |
// EXCEPTION - Access denied |
|
83 |
throw new AccessDeniedException("Save Category: You are not authorized to update stakeholder with id: "+stakeholderId); |
|
84 |
} |
|
85 |
|
|
70 | 86 |
Category<String> oldCategory = null; |
71 | 87 |
if(categoryFull.getId() != null) { |
72 | 88 |
oldCategory = categoryDAO.findById(categoryFull.getId()); |
... | ... | |
75 | 91 |
Topic<String> topic = topicDAO.findById(topicId); |
76 | 92 |
if(topic != null) { |
77 | 93 |
if(stakeholder.getTopics().contains(topicId)) { |
94 |
Category<String> category = new Category<>(categoryFull); |
|
95 |
|
|
96 |
Date date = new Date(); |
|
97 |
category.setUpdateDate(date); |
|
98 |
categoryFull.setUpdateDate(date); |
|
99 |
|
|
78 | 100 |
// if category not exists (no id), create a new default subcategory, identical to category |
79 | 101 |
if(categoryFull.getId() == null) { |
102 |
category.setCreationDate(date); |
|
103 |
categoryFull.setCreationDate(date); |
|
104 |
|
|
80 | 105 |
SubCategory<String> subCategory = new SubCategory<>(); |
81 | 106 |
subCategory.createOverviewSubCategory(categoryFull); |
82 | 107 |
|
... | ... | |
85 | 110 |
subCategories.add(subCategory); |
86 | 111 |
} |
87 | 112 |
|
88 |
|
|
89 |
Category<String> category = new Category<>(categoryFull); |
|
90 |
|
|
91 | 113 |
List<String> subCategories = new ArrayList<>(); |
92 | 114 |
for(SubCategory subCategory : categoryFull.getSubCategories()) { |
93 | 115 |
subCategories.add(subCategory.getId()); |
94 | 116 |
} |
95 | 117 |
category.setSubCategories(subCategories); |
96 | 118 |
|
97 |
categoryDAO.save(category); |
|
98 |
|
|
99 | 119 |
if(stakeholder.getDefaultId() == null) { |
100 | 120 |
if(categoryFull.getId() == null) { |
121 |
categoryDAO.save(category); |
|
101 | 122 |
onSaveDefaultCategory(category, topicId); |
102 | 123 |
} else { |
103 | 124 |
onUpdateDefaultCategory(category, oldCategory); |
125 |
categoryDAO.save(category); |
|
104 | 126 |
} |
127 |
} else { |
|
128 |
categoryDAO.save(category); |
|
105 | 129 |
} |
106 | 130 |
|
107 | 131 |
List<String> categories = topic.getCategories(); |
... | ... | |
178 | 202 |
|
179 | 203 |
// categoryBasedOnDefault.setName(category.getName()); |
180 | 204 |
// categoryBasedOnDefault.setDescription(category.getDescription()); |
205 |
categoryBasedOnDefault.setUpdateDate(category.getUpdateDate()); |
|
181 | 206 |
categoryDAO.save(categoryBasedOnDefault); |
182 | 207 |
} |
183 | 208 |
} |
184 | 209 |
|
210 |
@PreAuthorize("isAuthenticated()") |
|
185 | 211 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/delete", method = RequestMethod.DELETE) |
186 | 212 |
public boolean deleteCategory(@PathVariable("stakeholderId") String stakeholderId, |
187 | 213 |
@PathVariable("topicId") String topicId, |
... | ... | |
194 | 220 |
|
195 | 221 |
if(stakeholder != null) { |
196 | 222 |
|
223 |
List<String> roles = rolesUtils.getRoles(); |
|
224 |
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { |
|
225 |
// EXCEPTION - Access denied |
|
226 |
throw new AccessDeniedException("Delete category: You are not authorized to update stakeholder with id: "+stakeholderId); |
|
227 |
} |
|
228 |
|
|
197 | 229 |
Topic<String> topic = topicDAO.findById(topicId); |
198 | 230 |
if(topic != null) { |
199 | 231 |
if(stakeholder.getTopics().contains(topicId)) { |
... | ... | |
201 | 233 |
Category<String> category = categoryDAO.findById(categoryId); |
202 | 234 |
if(category != null) { |
203 | 235 |
|
236 |
if(category.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) { |
|
237 |
// EXCEPTION - Access denied |
|
238 |
throw new AccessDeniedException("Delete category: You are not authorized to delete a default Category in stakeholder with id: "+stakeholderId); |
|
239 |
} |
|
240 |
|
|
241 |
|
|
204 | 242 |
List<String> categories = topic.getCategories(); |
205 | 243 |
int index = categories.indexOf(categoryId); |
206 | 244 |
if(index != -1) { |
... | ... | |
321 | 359 |
return true; |
322 | 360 |
} |
323 | 361 |
|
362 |
@PreAuthorize("isAuthenticated()") |
|
324 | 363 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/reorder", method = RequestMethod.POST) |
325 | 364 |
public List<Category> reorderCategories(@PathVariable("stakeholderId") String stakeholderId, |
326 | 365 |
@PathVariable("topicId") String topicId, |
... | ... | |
342 | 381 |
return categoriesFull; |
343 | 382 |
} |
344 | 383 |
|
345 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/toggle-status", method = RequestMethod.POST) |
|
346 |
public Boolean toggleCategoryStatus(@PathVariable("stakeholderId") String stakeholderId, |
|
347 |
@PathVariable("topicId") String topicId, |
|
348 |
@PathVariable("categoryId") String categoryId) { |
|
349 |
log.debug("toggle category status (isActive)"); |
|
350 |
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId); |
|
384 |
// @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/toggle-status", method = RequestMethod.POST) |
|
385 |
// public Boolean toggleCategoryStatus(@PathVariable("stakeholderId") String stakeholderId, |
|
386 |
// @PathVariable("topicId") String topicId, |
|
387 |
// @PathVariable("categoryId") String categoryId) { |
|
388 |
// log.debug("toggle category status (isActive)"); |
|
389 |
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId); |
|
390 |
// |
|
391 |
// Category category = categoryDAO.findById(categoryId); |
|
392 |
// if (category == null) { |
|
393 |
// // EXCEPTION - Category not found |
|
394 |
// throw new EntityNotFoundException("Toggle category status: Category with id: "+categoryId+" not found"); |
|
395 |
// } |
|
396 |
// category.setIsActive(!category.getIsActive()); |
|
397 |
// |
|
398 |
// this.toggleCategory(stakeholderId, topicId, category); |
|
399 |
// |
|
400 |
// return category.getIsActive(); |
|
401 |
// } |
|
402 |
// |
|
403 |
// @RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/toggle-access", method = RequestMethod.POST) |
|
404 |
// public Boolean toggleCategoryAccess(@PathVariable("stakeholderId") String stakeholderId, |
|
405 |
// @PathVariable("topicId") String topicId, |
|
406 |
// @PathVariable("categoryId") String categoryId) { |
|
407 |
// log.debug("toggle category access (isPublic)"); |
|
408 |
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId); |
|
409 |
// |
|
410 |
// Category category = categoryDAO.findById(categoryId); |
|
411 |
// if (category == null) { |
|
412 |
// // EXCEPTION - Category not found |
|
413 |
// throw new EntityNotFoundException("Toggle category access: Category with id: "+categoryId+" not found"); |
|
414 |
// } |
|
415 |
// category.setIsPublic(!category.getIsPublic()); |
|
416 |
// |
|
417 |
// this.toggleCategory(stakeholderId, topicId, category); |
|
418 |
// |
|
419 |
// return category.getIsPublic(); |
|
420 |
// } |
|
351 | 421 |
|
352 |
Category category = categoryDAO.findById(categoryId); |
|
353 |
if (category == null) { |
|
354 |
// EXCEPTION - Category not found |
|
355 |
throw new EntityNotFoundException("Toggle category status: Category with id: "+categoryId+" not found"); |
|
356 |
} |
|
357 |
category.setIsActive(!category.getIsActive()); |
|
358 |
|
|
359 |
this.toggleCategory(stakeholderId, topicId, category); |
|
360 |
|
|
361 |
return category.getIsActive(); |
|
362 |
} |
|
363 |
|
|
364 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/toggle-access", method = RequestMethod.POST) |
|
365 |
public Boolean toggleCategoryAccess(@PathVariable("stakeholderId") String stakeholderId, |
|
366 |
@PathVariable("topicId") String topicId, |
|
367 |
@PathVariable("categoryId") String categoryId) { |
|
368 |
log.debug("toggle category access (isPublic)"); |
|
422 |
@PreAuthorize("isAuthenticated()") |
|
423 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/change-visibility", method = RequestMethod.POST) |
|
424 |
public Visibility changeCategoryVisibility(@PathVariable("stakeholderId") String stakeholderId, |
|
425 |
@PathVariable("topicId") String topicId, |
|
426 |
@PathVariable("categoryId") String categoryId, |
|
427 |
@RequestParam("visibility") Visibility visibility) { |
|
428 |
log.debug("change category visibility: "+visibility); |
|
369 | 429 |
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId + " - Category: "+categoryId); |
370 | 430 |
|
371 | 431 |
Category category = categoryDAO.findById(categoryId); |
372 | 432 |
if (category == null) { |
373 | 433 |
// EXCEPTION - Category not found |
374 |
throw new EntityNotFoundException("Toggle category access: Category with id: "+categoryId+" not found");
|
|
434 |
throw new EntityNotFoundException("Change topic visibility: Category with id: "+categoryId+" not found");
|
|
375 | 435 |
} |
376 |
category.setIsPublic(!category.getIsPublic());
|
|
436 |
category.setVisibility(visibility);
|
|
377 | 437 |
|
378 | 438 |
this.toggleCategory(stakeholderId, topicId, category); |
379 | 439 |
|
380 |
return category.getIsPublic();
|
|
440 |
return category.getVisibility();
|
|
381 | 441 |
} |
382 | 442 |
|
383 | 443 |
public void toggleCategory(String stakeholderId, String topicId, Category category) { |
... | ... | |
385 | 445 |
|
386 | 446 |
if (stakeholder != null) { |
387 | 447 |
|
448 |
List<String> roles = rolesUtils.getRoles(); |
|
449 |
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { |
|
450 |
// EXCEPTION - Access denied |
|
451 |
throw new AccessDeniedException("Toggle category: You are not authorized to update stakeholder with id: "+stakeholderId); |
|
452 |
} |
|
453 |
|
|
388 | 454 |
Topic<String> topic = topicDAO.findById(topicId); |
389 | 455 |
if (topic != null) { |
390 | 456 |
if (stakeholder.getTopics().contains(topicId)) { |
... | ... | |
419 | 485 |
throw new EntityNotFoundException("checkForExceptions category: Stakeholder with id: " + stakeholderId + " not found"); |
420 | 486 |
} |
421 | 487 |
|
488 |
List<String> roles = rolesUtils.getRoles(); |
|
489 |
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { |
|
490 |
// EXCEPTION - Access denied |
|
491 |
throw new AccessDeniedException("checkForExceptions category: You are not authorized to update stakeholder with id: "+stakeholderId); |
|
492 |
} |
|
493 |
|
|
422 | 494 |
Topic<String> topic = topicDAO.findById(topicId); |
423 | 495 |
if(topic == null) { |
424 | 496 |
// EXCEPTION - Topic not found |
Also available in: Unified diff
[Trunk | Monitor Service]:
1. RolesUtils.java: New class connected to "AuthorizationService" and returns helper methods for roles and authorities.
2. StakeholderController.java & TopicController.java & CategoryController.java & SubCategoryController.java & SectionController.java & IndicatorController.java:
a. Add authorization checks according to user roles (authorization library).
b. Handle new fields "createDate" and "updateDate" (StakeholderController.java already had these fields).
c. [Bug fix] On save method, if it is default entity, add it before "onSaveDefault...()" or after "onUpdateDefault...()".
d. (not in SectionController) Comment methods for toggling status and access and add method for changing visibility.
e.g. "changeIndicatorVisibility()" (/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{indicatorId}/change-visibility).
3. StakeholderController.java: Method "getAllRealStakeholders()" (/stakeholder) returns now basic Stakeholder info (topicIds, not full entities).
4. IndicatorController.java:
a. [Bug fix] On "onUpdateDefaultIndicator()", "changed" is set to false for each indicatorBasedOnDefault.
b. On "onUpdateDefaultIndicator()" handle update policy for "description" and "additionalDescription".
c. [Bug fix] On "onUpdateDefaultIndicator()", bug fixes when updating "jsonPath".