Revision 60107
Added by Konstantina Galouni over 3 years ago
| StakeholderController.java | ||
|---|---|---|
| 3 | 3 |
import eu.dnetlib.uoamonitorservice.dao.*; |
| 4 | 4 |
import eu.dnetlib.uoamonitorservice.entities.*; |
| 5 | 5 |
import eu.dnetlib.uoamonitorservice.handlers.EntityNotFoundException; |
| 6 |
import eu.dnetlib.uoaadmintoolslibrary.handlers.ForbiddenException; |
|
| 6 | 7 |
import eu.dnetlib.uoamonitorservice.handlers.utils.RolesUtils; |
| 7 | 8 |
import org.apache.log4j.Logger; |
| 8 | 9 |
import org.springframework.beans.factory.annotation.Autowired; |
| 9 | 10 |
|
| 10 | 11 |
import org.springframework.security.access.AccessDeniedException; |
| 12 |
import org.springframework.security.access.AuthorizationServiceException; |
|
| 11 | 13 |
import org.springframework.security.access.prepost.PreAuthorize; |
| 12 | 14 |
import org.springframework.web.bind.annotation.*; |
| 13 | 15 |
|
| ... | ... | |
| 45 | 47 |
@Autowired |
| 46 | 48 |
private TopicController topicController; |
| 47 | 49 |
|
| 50 |
@PreAuthorize("isAuthenticated()")
|
|
| 51 |
@RequestMapping(value = "/stakeholder/alias", method = RequestMethod.GET) |
|
| 52 |
public List<String> getAllReservedStakeholderAlias() {
|
|
| 53 |
// log.debug("get all stakeholder reserved alias-es");
|
|
| 54 |
List<String> stakeholderAlias = new ArrayList<>(); |
|
| 55 |
|
|
| 56 |
List<Stakeholder> stakeholders = stakeholderDAO.findAll(); |
|
| 57 |
if(stakeholders != null) {
|
|
| 58 |
stakeholders.forEach(stakeholder -> {
|
|
| 59 |
stakeholderAlias.add(stakeholder.getAlias()); |
|
| 60 |
}); |
|
| 61 |
} |
|
| 62 |
stakeholderAlias.add( "all"); |
|
| 63 |
stakeholderAlias.add("default");
|
|
| 64 |
stakeholderAlias.add("alias");
|
|
| 65 |
|
|
| 66 |
return stakeholderAlias; |
|
| 67 |
} |
|
| 68 |
|
|
| 48 | 69 |
// @PreAuthorize("isAuthenticated()")
|
| 49 | 70 |
@PreAuthorize("hasAnyAuthority(" +
|
| 50 | 71 |
"@AuthorizationService.PORTAL_ADMIN, " + |
| ... | ... | |
| 202 | 223 |
return stakeholderFull; |
| 203 | 224 |
} |
| 204 | 225 |
|
| 226 |
// private SubCategory setFullSubcategory(SubCategory subCategory) {
|
|
| 227 |
// SubCategory subCategoryFull = new SubCategory<Section<Indicator>>(subCategory); |
|
| 228 |
// |
|
| 229 |
// List<Section> sectionsCharts = new ArrayList<>(); |
|
| 230 |
// |
|
| 231 |
// for(String sectionId : subCategory.getCharts()) {
|
|
| 232 |
// sectionsCharts.add(getSectionFull(sectionId, subCategoryId, addAll, addPublicAndRestricted)); |
|
| 233 |
// } |
|
| 234 |
// subCategoryFull.setCharts(sectionsCharts); |
|
| 235 |
// |
|
| 236 |
// List<Section> sectionsNumbers = new ArrayList<>(); |
|
| 237 |
// |
|
| 238 |
// for(String sectionId : subCategory.getNumbers()) {
|
|
| 239 |
// sectionsNumbers.add(getSectionFull(sectionId, subCategoryId, addAll, addPublicAndRestricted)); |
|
| 240 |
// } |
|
| 241 |
// subCategoryFull.setNumbers(sectionsNumbers); |
|
| 242 |
// } |
|
| 243 |
|
|
| 205 | 244 |
private Section getSectionFull(String sectionId, String subCategoryId, boolean addAll, boolean addPublicAndRestricted) {
|
| 206 | 245 |
Section<String> section = sectionDAO.findById(sectionId); |
| 207 | 246 |
if (section == null) {
|
| ... | ... | |
| 235 | 274 |
"@AuthorizationService.PORTAL_ADMIN)") |
| 236 | 275 |
@RequestMapping(value = "/stakeholder/all", method = RequestMethod.GET) |
| 237 | 276 |
public List<Stakeholder> getAllStakeholders(@RequestParam(required = false) String type) {
|
| 238 |
log.debug("get all stakeholders" + (type != null ? " with type: "+type : ""));
|
|
| 277 |
// log.debug("get all stakeholders" + (type != null ? " with type: "+type : ""));
|
|
| 239 | 278 |
|
| 240 | 279 |
List<Stakeholder> stakeholders; |
| 241 | 280 |
if(type == null) {
|
| ... | ... | |
| 256 | 295 |
@PreAuthorize("isAuthenticated()")
|
| 257 | 296 |
@RequestMapping(value = "/stakeholder/default", method = RequestMethod.GET) |
| 258 | 297 |
public List<Stakeholder> getAllDefaultStakeholders(@RequestParam(required = false) String type) {
|
| 259 |
log.debug("get all default stakeholders" + (type != null ? " with type: "+type : ""));
|
|
| 298 |
// log.debug("get all default stakeholders" + (type != null ? " with type: "+type : ""));
|
|
| 260 | 299 |
|
| 261 | 300 |
List<Stakeholder> stakeholders; |
| 262 | 301 |
if(type == null) {
|
| ... | ... | |
| 299 | 338 |
|
| 300 | 339 |
@RequestMapping(value = "/stakeholder", method = RequestMethod.GET) |
| 301 | 340 |
public List<Stakeholder> getAllRealStakeholders(@RequestParam(required = false) String type) {
|
| 302 |
log.debug("get all NOT default stakeholders" + (type != null ? " with type: "+type : ""));
|
|
| 341 |
// log.debug("get all NOT default stakeholders" + (type != null ? " with type: "+type : ""));
|
|
| 303 | 342 |
|
| 304 | 343 |
List<Stakeholder> stakeholders; |
| 305 | 344 |
if(type == null) {
|
| ... | ... | |
| 351 | 390 |
@PreAuthorize("isAuthenticated()")
|
| 352 | 391 |
@RequestMapping(value = "/my-stakeholder", method = RequestMethod.GET) |
| 353 | 392 |
public List<Stakeholder> getMyRealStakeholders(@RequestParam(required = false) String type) {
|
| 354 |
log.debug("get my NOT default stakeholders" + (type != null ? " with type: "+type : ""));
|
|
| 393 |
// log.debug("get my NOT default stakeholders" + (type != null ? " with type: "+type : ""));
|
|
| 355 | 394 |
|
| 356 | 395 |
List<Stakeholder> stakeholders; |
| 357 | 396 |
if(type == null) {
|
| ... | ... | |
| 398 | 437 |
|
| 399 | 438 |
@RequestMapping(value = "/stakeholder/{alias}", method = RequestMethod.GET)
|
| 400 | 439 |
public Stakeholder getStakeholder(@PathVariable("alias") String alias) {
|
| 401 |
log.debug("get stakeholder: "+alias);
|
|
| 440 |
// log.debug("get stakeholder: "+alias);
|
|
| 402 | 441 |
|
| 403 | 442 |
Stakeholder<String> stakeholder = stakeholderDAO.findByAlias(alias); |
| 404 | 443 |
if(stakeholder == null) {
|
| ... | ... | |
| 409 | 448 |
// List<String> roles = authorizationService.getRoles(); |
| 410 | 449 |
List<String> roles = rolesUtils.getRoles(); |
| 411 | 450 |
|
| 451 |
if(stakeholder.getDefaultId() == null && !rolesUtils.isLoggedIn(roles)) {
|
|
| 452 |
// EXCEPTION - Unauthorized |
|
| 453 |
throw new AccessDeniedException("Get stakeholder: You are not authorized (not logged in) to access stakeholder with alias: "+alias);
|
|
| 454 |
} |
|
| 455 |
if(stakeholder.getDefaultId() == null && !rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) {
|
|
| 456 |
// EXCEPTION - Access denied |
|
| 457 |
throw new ForbiddenException("Get stakeholder: You are not authorized to access stakeholder with alias: "+alias);
|
|
| 458 |
} |
|
| 459 |
|
|
| 412 | 460 |
if((stakeholder.getVisibility() == Visibility.PRIVATE && !rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias()) |
| 413 | 461 |
|| (stakeholder.getVisibility() == Visibility.RESTRICTED && !rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias()) && !rolesUtils.isMember(roles, stakeholder.getType(), stakeholder.getAlias())))) {
|
| 414 | 462 |
// // EXCEPTION - Access denied |
| 415 |
// throw new AccessDeniedException("Get stakeholder: You are not authorized to get stakeholder with alias: "+alias);
|
|
| 463 |
// throw new ForbiddenException("Get stakeholder: You are not authorized to get stakeholder with alias: "+alias);
|
|
| 416 | 464 |
List<String> topicsEmpty = stakeholder.getTopics(); |
| 417 | 465 |
topicsEmpty.clear(); |
| 418 | 466 |
stakeholder.setTopics(topicsEmpty); |
| ... | ... | |
| 424 | 472 |
} |
| 425 | 473 |
|
| 426 | 474 |
// @PreAuthorize("isAuthenticated()")
|
| 427 |
@PreAuthorize("hasAnyAuthority(" +
|
|
| 428 |
"@AuthorizationService.PORTAL_ADMIN, " +
|
|
| 429 |
"@AuthorizationService.curator(#stakeholderFull.getType()), " +
|
|
| 430 |
"@AuthorizationService.manager(#stakeholderFull.getType(), #stakeholderFull.getAlias()) " +
|
|
| 431 |
")") |
|
| 475 |
@PreAuthorize("hasAnyAuthority("
|
|
| 476 |
+ "@AuthorizationService.PORTAL_ADMIN, "
|
|
| 477 |
+ "@AuthorizationService.curator(#stakeholderFull.getType()), "
|
|
| 478 |
+ "@AuthorizationService.manager(#stakeholderFull.getType(), #stakeholderFull.getAlias()) "
|
|
| 479 |
+ ")")
|
|
| 432 | 480 |
@RequestMapping(value = "/save", method = RequestMethod.POST) |
| 433 | 481 |
public Stakeholder<Topic> saveStakeholder(@RequestBody Stakeholder<Topic> stakeholderFull) {
|
| 434 | 482 |
log.debug("save stakeholder");
|
| ... | ... | |
| 444 | 492 |
Date date = new Date(); |
| 445 | 493 |
stakeholder.setUpdateDate(date); |
| 446 | 494 |
|
| 495 |
List<String> topics = new ArrayList<>(); |
|
| 496 |
|
|
| 447 | 497 |
// stakeholder does not exist in DB |
| 448 | 498 |
if(stakeholderFull.getId() == null) {
|
| 449 | 499 |
stakeholder.setCreationDate(date); |
| 500 |
|
|
| 501 |
for(Topic topic : stakeholderFull.getTopics()) {
|
|
| 502 |
topics.add(topic.getId()); |
|
| 503 |
} |
|
| 504 |
} else {
|
|
| 505 |
Stakeholder<String> oldStakeholder = stakeholderDAO.findById(stakeholderFull.getId()); |
|
| 506 |
if(oldStakeholder == null) {
|
|
| 507 |
// EXCEPTION - Stakeholder not found |
|
| 508 |
throw new EntityNotFoundException("save stakeholder: Stakeholder with id: "+stakeholderFull.getId()+" not found");
|
|
| 509 |
} |
|
| 510 |
for(String topicId : oldStakeholder.getTopics()) {
|
|
| 511 |
Topic topic = topicDAO.findById(topicId); |
|
| 512 |
if (topic == null) {
|
|
| 513 |
// EXCEPTION - Topic not found |
|
| 514 |
throw new EntityNotFoundException("Save stakeholder: Topic with id: "+topicId+" not found (topic exists in stakeholder: "+stakeholder.getId()+")");
|
|
| 515 |
} |
|
| 516 |
topics.add(topic.getId()); |
|
| 517 |
} |
|
| 518 |
// stakeholder.setTopics(topics); |
|
| 519 |
// stakeholderFull = this.setFullEntities(stakeholder, rolesUtils.getRoles()); |
|
| 450 | 520 |
} |
| 451 | 521 |
|
| 452 |
List<String> topics = new ArrayList<>(); |
|
| 453 |
for(Topic topic : stakeholderFull.getTopics()) {
|
|
| 454 |
topics.add(topic.getId()); |
|
| 455 |
} |
|
| 456 | 522 |
stakeholder.setTopics(topics); |
| 457 | 523 |
|
| 458 | 524 |
Stakeholder<String> stakeholderSaved = stakeholderDAO.save(stakeholder); |
| ... | ... | |
| 483 | 549 |
// && !roles.contains(authorizationService.curator(stakeholder.getType()))) {
|
| 484 | 550 |
if(!rolesUtils.hasCreateAndDeleteAuthority(roles, stakeholder.getType())) {
|
| 485 | 551 |
// EXCEPTION - Access denied |
| 486 |
throw new AccessDeniedException("Delete stakeholder: You are not authorized to delete stakeholder with id: "+stakeholderId);
|
|
| 552 |
throw new ForbiddenException("Delete stakeholder: You are not authorized to delete stakeholder with id: "+stakeholderId);
|
|
| 487 | 553 |
} |
| 488 | 554 |
|
| 489 | 555 |
// for(String topicId : stakeholder.getTopics()) {
|
| ... | ... | |
| 615 | 681 |
// && !roles.contains(authorizationService.manager(stakeholder.getType(), stakeholder.getAlias()))) {
|
| 616 | 682 |
if(!rolesUtils.hasUpdateAuthority(roles, stakeholder.getType(), stakeholder.getAlias())) {
|
| 617 | 683 |
// EXCEPTION - Access denied |
| 618 |
throw new AccessDeniedException("Change stakeholder visibility: You are not authorized to update stakeholder with id: "+stakeholderId);
|
|
| 684 |
throw new ForbiddenException("Change stakeholder visibility: You are not authorized to update stakeholder with id: "+stakeholderId);
|
|
| 619 | 685 |
} |
| 620 | 686 |
stakeholder.setVisibility(visibility); |
| 621 | 687 |
|
Also available in: Unified diff
[Trunk | Monitor Service]:
1. StakeholderController.java & TopicController.java & CategoryController.java & SubCategoryController.java && SectionController.java && IndicatorController.java:
a. Comment logs for get requests.
b. Use "ForbiddenException" instead of "AccessDeniedException"
c. On /save, if full entity has id (already in DB), if not found in DB throw EntityNotFoundException.
d. Get children (e.g. when saving a Topic, get its categories) from DB.
2. TopicController.java & CategoryController.java & SubCategoryController.java & SectionController.java:
In /reorder, if there are in DB, ids that are missing from reordered list, do reordering and add in the end of list the missing ids.
3. ReorderEvent.java: [NEW] Added class ReorderEvent with fields "action" (String), "target" (String), "ids" (List<String>) (used in IndicatorController.java).
4. IndicatorController.java:
a. In /reorder, @RequestBody changed from List<String> indicators to ReorderEvent reorderEvent.
b. If there are in DB, ids that are missing from reordered list AND missing id is not moved to other section (action = removed and target = missing id), do reordering and add in the end of list the missing ids.
5. ExceptionsHandler.java: exception handler methods "invalidInput()", "nullPointerException()", "notFoundException()" moved to "Admin Tools Library" - "accessDeniedException()" is removed.
6. responses/ExceptionResponse.java: File and folder deleted (moved to "Admin Tools Library").
7. RolesUtils.java: Added method "isLoggedIn()" (checks if no roles for user, or user has role "ROLE_ANONYMOUS").