Revision 59814
Added by Konstantina Galouni over 3 years ago
TopicController.java | ||
---|---|---|
4 | 4 |
import eu.dnetlib.uoamonitorservice.entities.*; |
5 | 5 |
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; |
6 | 6 |
import eu.dnetlib.uoamonitorservice.handlers.PathNotValidException; |
7 |
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils; |
|
7 | 8 |
import org.apache.log4j.Logger; |
8 | 9 |
import org.springframework.beans.factory.annotation.Autowired; |
10 |
import org.springframework.security.access.AccessDeniedException; |
|
11 |
import org.springframework.security.access.prepost.PreAuthorize; |
|
9 | 12 |
import org.springframework.web.bind.annotation.*; |
10 | 13 |
|
11 | 14 |
import java.util.ArrayList; |
15 |
import java.util.Date; |
|
12 | 16 |
import java.util.Iterator; |
13 | 17 |
import java.util.List; |
14 | 18 |
|
... | ... | |
18 | 22 |
private final Logger log = Logger.getLogger(this.getClass()); |
19 | 23 |
|
20 | 24 |
@Autowired |
25 |
private RolesUtils rolesUtils; |
|
26 |
|
|
27 |
@Autowired |
|
21 | 28 |
private StakeholderDAO stakeholderDAO; |
22 | 29 |
|
23 | 30 |
@Autowired |
24 | 31 |
private TopicDAO topicDAO; |
25 | 32 |
|
26 | 33 |
@Autowired |
27 |
private CategoryDAO categoryDAO; |
|
28 |
|
|
29 |
@Autowired |
|
30 |
private SubCategoryDAO subCategoryDAO; |
|
31 |
|
|
32 |
@Autowired |
|
33 |
private SectionDAO sectionDAO; |
|
34 |
|
|
35 |
@Autowired |
|
36 |
private IndicatorDAO indicatorDAO; |
|
37 |
|
|
38 |
@Autowired |
|
39 | 34 |
private CategoryController categoryController; |
40 | 35 |
|
41 | 36 |
public Topic<Category> buildTopic(Topic<Category> topicFull) { |
... | ... | |
51 | 46 |
topicFull.setCategories(categoriesFull); |
52 | 47 |
topic.setCategories(categories); |
53 | 48 |
|
49 |
Date date = new Date(); |
|
50 |
topic.setCreationDate(date); |
|
51 |
topic.setUpdateDate(date); |
|
52 |
|
|
53 |
topicFull.setCreationDate(date); |
|
54 |
topicFull.setUpdateDate(date); |
|
55 |
|
|
54 | 56 |
topicDAO.save(topic); |
55 | 57 |
|
56 | 58 |
topicFull.setId(topic.getId()); |
57 | 59 |
return topicFull; |
58 | 60 |
} |
59 | 61 |
|
62 |
@PreAuthorize("isAuthenticated()") |
|
60 | 63 |
@RequestMapping(value = "/{stakeholderId}/save", method = RequestMethod.POST) |
61 | 64 |
public Topic<Category> saveTopic(@PathVariable("stakeholderId") String stakeholderId, |
62 | 65 |
@RequestBody Topic<Category> topicFull) { |
... | ... | |
66 | 69 |
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId); |
67 | 70 |
|
68 | 71 |
if(stakeholder != null) { |
72 |
List<String> roles = rolesUtils.getRoles(); |
|
73 |
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { |
|
74 |
// EXCEPTION - Access denied |
|
75 |
throw new AccessDeniedException("Save Topic: You are not authorized to update stakeholder with id: "+stakeholderId); |
|
76 |
} |
|
77 |
|
|
78 |
Topic<String> topic = new Topic<>(topicFull); |
|
79 |
Date date = new Date(); |
|
80 |
topic.setUpdateDate(date); |
|
81 |
topicFull.setUpdateDate(date); |
|
82 |
|
|
69 | 83 |
Topic<String> oldTopic = null; |
70 | 84 |
if(topicFull.getId() != null) { |
71 | 85 |
oldTopic = topicDAO.findById(topicFull.getId()); |
86 |
} else { // topic does not exist in DB |
|
87 |
topic.setCreationDate(date); |
|
88 |
topicFull.setCreationDate(date); |
|
72 | 89 |
} |
73 | 90 |
|
74 |
Topic<String> topic = new Topic<>(topicFull); |
|
75 |
|
|
76 | 91 |
List<String> categories = new ArrayList<>(); |
77 | 92 |
for(Category category : topicFull.getCategories()) { |
78 | 93 |
categories.add(category.getId()); |
79 | 94 |
} |
80 | 95 |
topic.setCategories(categories); |
81 | 96 |
|
82 |
topicDAO.save(topic); |
|
83 |
|
|
84 | 97 |
if(stakeholder.getDefaultId() == null) { |
85 | 98 |
if(topicFull.getId() == null) { |
99 |
topicDAO.save(topic); |
|
86 | 100 |
onSaveDefaultTopic(topic, stakeholderId); |
87 | 101 |
} else { |
88 | 102 |
onUpdateDefaultTopic(topic, oldTopic); |
103 |
topicDAO.save(topic); |
|
89 | 104 |
} |
105 |
} else { |
|
106 |
topicDAO.save(topic); |
|
90 | 107 |
} |
91 | 108 |
|
92 | 109 |
List<String> topics = stakeholder.getTopics(); |
... | ... | |
158 | 175 |
|
159 | 176 |
// topicBasedOnDefault.setName(topic.getName()); |
160 | 177 |
// topicBasedOnDefault.setDescription(topic.getDescription()); |
178 |
topicBasedOnDefault.setUpdateDate(topic.getUpdateDate()); |
|
161 | 179 |
topicDAO.save(topicBasedOnDefault); |
162 | 180 |
} |
163 | 181 |
} |
164 | 182 |
|
183 |
@PreAuthorize("isAuthenticated()") |
|
165 | 184 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/delete", method = RequestMethod.DELETE) |
166 | 185 |
public boolean deleteTopic(@PathVariable("stakeholderId") String stakeholderId, |
167 | 186 |
@PathVariable("topicId") String topicId, |
... | ... | |
173 | 192 |
|
174 | 193 |
if(stakeholder != null) { |
175 | 194 |
|
195 |
List<String> roles = rolesUtils.getRoles(); |
|
196 |
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { |
|
197 |
// EXCEPTION - Access denied |
|
198 |
throw new AccessDeniedException("Delete topic: You are not authorized to update stakeholder with id: "+stakeholderId); |
|
199 |
} |
|
200 |
|
|
176 | 201 |
Topic<String> topic = topicDAO.findById(topicId); |
177 | 202 |
if(topic != null) { |
178 | 203 |
|
204 |
if(topic.getDefaultId() != null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) { |
|
205 |
// EXCEPTION - Access denied |
|
206 |
throw new AccessDeniedException("Delete topic: You are not authorized to delete a default Topic in stakeholder with id: "+stakeholderId); |
|
207 |
} |
|
208 |
|
|
179 | 209 |
List<String> topics = stakeholder.getTopics(); |
180 | 210 |
int index = topics.indexOf(topicId); |
181 | 211 |
if(index != -1) { |
... | ... | |
298 | 328 |
return true; |
299 | 329 |
} |
300 | 330 |
|
331 |
@PreAuthorize("isAuthenticated()") |
|
301 | 332 |
@RequestMapping(value = "/{stakeholderId}/reorder", method = RequestMethod.POST) |
302 | 333 |
public List<Topic> reorderTopics(@PathVariable("stakeholderId") String stakeholderId, |
303 | 334 |
@RequestBody List<String> topics) { |
... | ... | |
307 | 338 |
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId); |
308 | 339 |
|
309 | 340 |
if(stakeholder != null) { |
341 |
|
|
342 |
List<String> roles = rolesUtils.getRoles(); |
|
343 |
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { |
|
344 |
// EXCEPTION - Access denied |
|
345 |
throw new AccessDeniedException("Reorder topics: You are not authorized to update stakeholder with id: "+stakeholderId); |
|
346 |
} |
|
347 |
|
|
310 | 348 |
stakeholder.setTopics(topics); |
311 | 349 |
|
312 | 350 |
stakeholderDAO.save(stakeholder); |
... | ... | |
323 | 361 |
} |
324 | 362 |
} |
325 | 363 |
|
326 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/toggle-status", method = RequestMethod.POST) |
|
327 |
public Boolean toggleTopicStatus(@PathVariable("stakeholderId") String stakeholderId, |
|
328 |
@PathVariable("topicId") String topicId) { |
|
329 |
log.debug("toggle topic status (isActive)"); |
|
330 |
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId); |
|
364 |
// @RequestMapping(value = "/{stakeholderId}/{topicId}/toggle-status", method = RequestMethod.POST) |
|
365 |
// public Boolean toggleTopicStatus(@PathVariable("stakeholderId") String stakeholderId, |
|
366 |
// @PathVariable("topicId") String topicId) { |
|
367 |
// log.debug("toggle topic status (isActive)"); |
|
368 |
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId); |
|
369 |
// |
|
370 |
// Topic topic = topicDAO.findById(topicId); |
|
371 |
// if (topic == null) { |
|
372 |
// // EXCEPTION - Topic not found |
|
373 |
// throw new EntityNotFoundException("Toggle topic status: Topic with id: "+topicId+" not found"); |
|
374 |
// } |
|
375 |
// topic.setIsActive(!topic.getIsActive()); |
|
376 |
// |
|
377 |
// this.toggleTopic(stakeholderId, topic); |
|
378 |
// |
|
379 |
// return topic.getIsActive(); |
|
380 |
// } |
|
381 |
// |
|
382 |
// @RequestMapping(value = "/{stakeholderId}/{topicId}/toggle-access", method = RequestMethod.POST) |
|
383 |
// public Boolean toggleTopicAccess(@PathVariable("stakeholderId") String stakeholderId, |
|
384 |
// @PathVariable("topicId") String topicId) { |
|
385 |
// log.debug("toggle topic access (isPublic)"); |
|
386 |
// log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId); |
|
387 |
// |
|
388 |
// Topic topic = topicDAO.findById(topicId); |
|
389 |
// if (topic == null) { |
|
390 |
// // EXCEPTION - Topic not found |
|
391 |
// throw new EntityNotFoundException("Toggle topic access: Topic with id: "+topicId+" not found"); |
|
392 |
// } |
|
393 |
// topic.setIsPublic(!topic.getIsPublic()); |
|
394 |
// |
|
395 |
// this.toggleTopic(stakeholderId, topic); |
|
396 |
// |
|
397 |
// return topic.getIsPublic(); |
|
398 |
// } |
|
331 | 399 |
|
332 |
Topic topic = topicDAO.findById(topicId); |
|
333 |
if (topic == null) { |
|
334 |
// EXCEPTION - Topic not found |
|
335 |
throw new EntityNotFoundException("Toggle topic status: Topic with id: "+topicId+" not found"); |
|
336 |
} |
|
337 |
topic.setIsActive(!topic.getIsActive()); |
|
338 |
|
|
339 |
this.toggleTopic(stakeholderId, topic); |
|
340 |
|
|
341 |
return topic.getIsActive(); |
|
342 |
} |
|
343 |
|
|
344 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/toggle-access", method = RequestMethod.POST) |
|
345 |
public Boolean toggleTopicAccess(@PathVariable("stakeholderId") String stakeholderId, |
|
346 |
@PathVariable("topicId") String topicId) { |
|
347 |
log.debug("toggle topic access (isPublic)"); |
|
400 |
@PreAuthorize("isAuthenticated()") |
|
401 |
@RequestMapping(value = "/{stakeholderId}/{topicId}/change-visibility", method = RequestMethod.POST) |
|
402 |
public Visibility changeTopicVisibility(@PathVariable("stakeholderId") String stakeholderId, |
|
403 |
@PathVariable("topicId") String topicId, |
|
404 |
@RequestParam("visibility") Visibility visibility) { |
|
405 |
log.debug("change topic visibility: "+visibility); |
|
348 | 406 |
log.debug("Stakeholder: "+stakeholderId + " - Topic: "+topicId); |
349 | 407 |
|
350 | 408 |
Topic topic = topicDAO.findById(topicId); |
351 | 409 |
if (topic == null) { |
352 | 410 |
// EXCEPTION - Topic not found |
353 |
throw new EntityNotFoundException("Toggle topic access: Topic with id: "+topicId+" not found");
|
|
411 |
throw new EntityNotFoundException("Change topic visibility: Topic with id: "+topicId+" not found");
|
|
354 | 412 |
} |
355 |
topic.setIsPublic(!topic.getIsPublic());
|
|
413 |
topic.setVisibility(visibility);
|
|
356 | 414 |
|
357 | 415 |
this.toggleTopic(stakeholderId, topic); |
358 | 416 |
|
359 |
return topic.getIsPublic();
|
|
417 |
return topic.getVisibility();
|
|
360 | 418 |
} |
361 | 419 |
|
362 | 420 |
public void toggleTopic(String stakeholderId, Topic topic) { |
363 | 421 |
Stakeholder<String> stakeholder = stakeholderDAO.findById(stakeholderId); |
364 | 422 |
|
365 | 423 |
if (stakeholder != null) { |
424 |
|
|
425 |
List<String> roles = rolesUtils.getRoles(); |
|
426 |
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) { |
|
427 |
// EXCEPTION - Access denied |
|
428 |
throw new AccessDeniedException("Toggle topic: You are not authorized to update stakeholder with id: "+stakeholderId); |
|
429 |
} |
|
430 |
|
|
366 | 431 |
if (stakeholder.getTopics().contains(topic.getId())) { |
367 | 432 |
topicDAO.save(topic); |
368 | 433 |
log.debug("Topic toggled!"); |
Also available in: Unified diff
[Trunk | Monitor Service]:
1. RolesUtils.java: New class connected to "AuthorizationService" and returns helper methods for roles and authorities.
2. StakeholderController.java & TopicController.java & CategoryController.java & SubCategoryController.java & SectionController.java & IndicatorController.java:
a. Add authorization checks according to user roles (authorization library).
b. Handle new fields "createDate" and "updateDate" (StakeholderController.java already had these fields).
c. [Bug fix] On save method, if it is default entity, add it before "onSaveDefault...()" or after "onUpdateDefault...()".
d. (not in SectionController) Comment methods for toggling status and access and add method for changing visibility.
e.g. "changeIndicatorVisibility()" (/{stakeholderId}/{topicId}/{categoryId}/{subcategoryId}/{sectionId}/{indicatorId}/change-visibility).
3. StakeholderController.java: Method "getAllRealStakeholders()" (/stakeholder) returns now basic Stakeholder info (topicIds, not full entities).
4. IndicatorController.java:
a. [Bug fix] On "onUpdateDefaultIndicator()", "changed" is set to false for each indicatorBasedOnDefault.
b. On "onUpdateDefaultIndicator()" handle update policy for "description" and "additionalDescription".
c. [Bug fix] On "onUpdateDefaultIndicator()", bug fixes when updating "jsonPath".