Revision 59814
Added by Konstantina Galouni over 3 years ago
SectionController.java | ||
---|---|---|
4 | 4 |
import eu.dnetlib.uoamonitorservice.entities.*; |
5 | 5 |
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; |
6 | 6 |
import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException; |
7 |
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils; |
|
7 | 8 |
import org.apache.log4j.Logger; |
8 | 9 |
import org.springframework.beans.factory.annotation.Autowired; |
10 |
import org.springframework.security.access.AccessDeniedException; |
|
11 |
import org.springframework.security.access.prepost.PreAuthorize; |
|
9 | 12 |
import org.springframework.web.bind.annotation.*; |
10 | 13 |
|
11 | 14 |
import java.util.ArrayList; |
15 |
import java.util.Date; |
|
12 | 16 |
import java.util.Iterator; |
13 | 17 |
import java.util.List; |
14 | 18 |
|
... | ... | |
18 | 22 |
private final Logger log = Logger.getLogger(this.getClass()); |
19 | 23 |
|
20 | 24 |
@Autowired |
25 |
private RolesUtils rolesUtils; |
|
26 |
|
|
27 |
@Autowired |
|
21 | 28 |
private StakeholderDAO stakeholderDAO; |
22 | 29 |
|
23 | 30 |
@Autowired |
... | ... | |
52 | 59 |
sectionFull.setIndicators(indicatorsFull); |
53 | 60 |
section.setIndicators(indicators); |
54 | 61 |
|
62 |
Date date = new Date(); |
|
63 |
section.setCreationDate(date); |
|
64 |
section.setUpdateDate(date); |
|
65 |
|
|
66 |
sectionFull.setCreationDate(date); |
|
67 |
sectionFull.setUpdateDate(date); |
|
68 |
|
|
55 | 69 |
sectionDAO.save(section); |
56 | 70 |
|
57 | 71 |
sectionFull.setId(section.getId()); |
58 | 72 |
return sectionFull; |
59 | 73 |
} |
60 | 74 |
|
75 |
@PreAuthorize("isAuthenticated()") |
|
61 | 76 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/save/{index}", method = RequestMethod.POST) |
62 | 77 |
public Section saveSection(@PathVariable("stakeholderId") String stakeholderId, |
63 | 78 |
@PathVariable("topicId") String topicId, |
... | ... | |
70 | 85 |
|
71 | 86 |
SubCategory<String> subCategory = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId); |
72 | 87 |
|
88 |
Section<String> section = new Section<>(sectionFull); |
|
89 |
|
|
90 |
Date date = new Date(); |
|
91 |
section.setUpdateDate(date); |
|
92 |
sectionFull.setUpdateDate(date); |
|
93 |
|
|
73 | 94 |
Section<String> oldSection = null; |
74 | 95 |
if(sectionFull.getId() != null) { |
75 | 96 |
oldSection = sectionDAO.findById(sectionFull.getId()); |
97 |
} else { // section does not exist in DB |
|
98 |
section.setCreationDate(date); |
|
99 |
sectionFull.setCreationDate(date); |
|
76 | 100 |
} |
77 | 101 |
|
78 |
Section<String> section = new Section<>(sectionFull); |
|
79 |
|
|
80 | 102 |
String sectionId = sectionFull.getId(); |
81 | 103 |
List<String> indicators = new ArrayList<>(); |
82 | 104 |
for(Indicator indicator : sectionFull.getIndicators()) { |
83 | 105 |
indicators.add(indicator.getId()); |
84 | 106 |
} |
85 | 107 |
section.setIndicators(indicators); |
86 |
sectionDAO.save(section); |
|
87 | 108 |
|
88 | 109 |
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId); |
89 | 110 |
// this section belongs in default profile and it is new or it is updated |
90 | 111 |
if(stakeholder.getDefaultId() == null) { |
91 | 112 |
if(sectionId == null) { |
113 |
sectionDAO.save(section); |
|
92 | 114 |
onSaveDefaultSection(section, topicId, categoryId, subcategoryId, stakeholder); |
93 | 115 |
} |
94 | 116 |
else { |
95 | 117 |
onUpdateDefaultSection(section, stakeholder, oldSection); |
118 |
sectionDAO.save(section); |
|
96 | 119 |
} |
120 |
} else { |
|
121 |
sectionDAO.save(section); |
|
97 | 122 |
} |
98 | 123 |
|
99 | 124 |
List<String> sections = null; |
... | ... | |
174 | 199 |
} |
175 | 200 |
|
176 | 201 |
// sectionBasedOnDefault.setTitle(section.getTitle()); |
202 |
sectionBasedOnDefault.setUpdateDate(section.getUpdateDate()); |
|
177 | 203 |
sectionDAO.save(sectionBasedOnDefault); |
178 | 204 |
} |
179 | 205 |
} |
180 | 206 |
|
207 |
@PreAuthorize("isAuthenticated()") |
|
181 | 208 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/delete", method = RequestMethod.DELETE) |
182 | 209 |
public boolean deleteSection(@PathVariable("stakeholderId") String stakeholderId, |
183 | 210 |
@PathVariable("topicId") String topicId, |
... | ... | |
192 | 219 |
if(section != null) { |
193 | 220 |
SubCategory<String> subCategory = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId); |
194 | 221 |
|
222 |
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId); |
|
223 |
List<String> roles = rolesUtils.getRoles(); |
|
224 |
if(section.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) { |
|
225 |
// EXCEPTION - Access denied |
|
226 |
throw new AccessDeniedException("Delete section: You are not authorized to delete a default Section in stakeholder with id: "+stakeholderId); |
|
227 |
} |
|
228 |
|
|
195 | 229 |
String type = ""; |
196 | 230 |
List<String> sections = null; |
197 | 231 |
if (section.getType().equals("chart")) { |
... | ... | |
273 | 307 |
return true; |
274 | 308 |
} |
275 | 309 |
|
310 |
@PreAuthorize("isAuthenticated()") |
|
276 | 311 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{type}/reorder", method = RequestMethod.POST) |
277 | 312 |
public List<Section> reorderSections(@PathVariable("stakeholderId") String stakeholderId, |
278 | 313 |
@PathVariable("topicId") String topicId, |
... | ... | |
343 | 378 |
// return section.getIsPublic(); |
344 | 379 |
// } |
345 | 380 |
|
381 |
|
|
346 | 382 |
public void toggleSection(String stakeholderId, String topicId, String categoryId, String subcategoryId, Section section) { |
347 | 383 |
SubCategory<String> subCategory = checkForExceptions(stakeholderId, topicId, categoryId, subcategoryId); |
348 | 384 |
|
... | ... | |
372 | 408 |
throw new EntityNotFoundException("Save indicator: Stakeholder with id: " + stakeholderId + " not found"); |
373 | 409 |
} |
374 | 410 |
|
411 |
List<String> roles = rolesUtils.getRoles(); |
|
412 |
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { |
|
413 |
// EXCEPTION - Access denied |
|
414 |
throw new AccessDeniedException("CheckForExceptions Section: You are not authorized to update stakeholder with id: "+stakeholderId); |
|
415 |
} |
|
416 |
|
|
375 | 417 |
Topic<String> topic = topicDAO.findById(topicId); |
376 | 418 |
if(topic == null) { |
377 | 419 |
// EXCEPTION - Topic not found |
Also available in: Unified diff
[Trunk | Monitor Service]:
1. RolesUtils.java: New class connected to "AuthorizationService" and returns helper methods for roles and authorities.
2. StakeholderController.java & TopicController.java & CategoryController.java & SubCategoryController.java & SectionController.java & IndicatorController.java:
a. Add authorization checks according to user roles (authorization library).
b. Handle new fields "createDate" and "updateDate" (StakeholderController.java already had these fields).
c. [Bug fix] On save method, if it is default entity, add it before "onSaveDefault...()" or after "onUpdateDefault...()".
d. (not in SectionController) Comment methods for toggling status and access and add method for changing visibility.
e.g. "changeIndicatorVisibility()" (/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{indicatorId}/change-visibility).
3. StakeholderController.java: Method "getAllRealStakeholders()" (/stakeholder) returns now basic Stakeholder info (topicIds, not full entities).
4. IndicatorController.java:
a. [Bug fix] On "onUpdateDefaultIndicator()", "changed" is set to false for each indicatorBasedOnDefault.
b. On "onUpdateDefaultIndicator()" handle update policy for "description" and "additionalDescription".
c. [Bug fix] On "onUpdateDefaultIndicator()", bug fixes when updating "jsonPath".