Commit 29b2c96f authored by Piotr Gawron's avatar Piotr Gawron
Browse files

columns filtering added to user responses

parent 3d0b64ff
package lcsb.mapviewer.api.users;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.HashMap;
import java.util.List;
......@@ -14,6 +15,7 @@ import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.http.converter.json.MappingJacksonValue;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.crypto.password.PasswordEncoder;
......@@ -29,6 +31,7 @@ import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
import com.fasterxml.jackson.databind.ser.impl.SimpleFilterProvider;
import lcsb.mapviewer.api.BaseController;
import lcsb.mapviewer.api.OperationNotAllowedException;
......@@ -37,6 +40,7 @@ import lcsb.mapviewer.common.exception.InvalidStateException;
import lcsb.mapviewer.model.security.Privilege;
import lcsb.mapviewer.model.user.ConfigurationElementType;
import lcsb.mapviewer.model.user.User;
import lcsb.mapviewer.modelutils.serializer.CustomExceptFilter;
import lcsb.mapviewer.modelutils.serializer.model.security.PrivilegeKeyDeserializer;
import lcsb.mapviewer.services.InvalidTokenException;
import lcsb.mapviewer.services.ObjectNotFoundException;
......@@ -82,10 +86,10 @@ public class UserController extends BaseController {
@PreAuthorize("hasAnyAuthority('IS_ADMIN', 'IS_CURATOR') or #login == authentication.name")
@GetMapping(value = "/users/{login:.+}")
public UserDTO getUser(
public MappingJacksonValue getUser(
@PathVariable(value = "login") String login,
@RequestParam(value = "columns", defaultValue = "") String columns) throws ObjectNotFoundException {
return userRest.getUser(login, columns);
return createResponseWithColumns(columns, userRest.getUser(login, columns));
}
public static class UserPrivilegesDTO {
......@@ -94,11 +98,11 @@ public class UserController extends BaseController {
}
@PreAuthorize("hasAuthority('IS_ADMIN')")
@PatchMapping(value = "/users/{login}:updatePrivileges", consumes = { MediaType.APPLICATION_JSON_VALUE})
public UserDTO updatePrivileges(
@PatchMapping(value = "/users/{login}:updatePrivileges", consumes = { MediaType.APPLICATION_JSON_VALUE })
public MappingJacksonValue updatePrivileges(
@RequestBody UserPrivilegesDTO data,
@PathVariable(value = "login") String login) throws IOException, QueryException {
return userRest.updatePrivileges(login, data.privileges);
return createResponseWithColumns("", userRest.updatePrivileges(login, data.privileges));
}
@PreAuthorize("hasAuthority('IS_ADMIN') or #login == authentication.name")
......@@ -111,29 +115,49 @@ public class UserController extends BaseController {
@PreAuthorize("hasAnyAuthority('IS_ADMIN', 'IS_CURATOR')")
@GetMapping(value = "/users/")
public List<UserDTO> getUsers(@RequestParam(value = "columns", defaultValue = "") String columns) {
return userRest.getUsers(columns).stream()
public MappingJacksonValue getUsers(@RequestParam(value = "columns", defaultValue = "") String columns) {
List<UserDTO> data = new ArrayList<>();
List<User> users = userService.getUsers(true);
Map<String, Boolean> ldapAvailability = userService.ldapAccountExistsForLogin(users);
for (User user : users) {
data.add(new UserDTO(user, ldapAvailability.get(user.getLogin()) == true));
}
data = data.stream()
.sorted(Comparator.comparing(user -> user.getLogin(), Comparator.reverseOrder()))
.collect(Collectors.toList());
return createResponseWithColumns(columns, data);
}
private MappingJacksonValue createResponseWithColumns(String columns, Object data) {
MappingJacksonValue result = new MappingJacksonValue(data);
SimpleFilterProvider provider = new SimpleFilterProvider();
if (!columns.trim().isEmpty()) {
provider.addFilter("userFilter", new CustomExceptFilter(columns.split(",")));
} else {
provider.addFilter("userFilter", new CustomExceptFilter(userRest.createUserColumnSet(columns)));
}
result.setFilters(provider);
return result;
}
@PreAuthorize("hasAuthority('IS_ADMIN') or #login == authentication.name")
@PatchMapping(value = "/users/{login:.+}")
public UserDTO updateUser(
public MappingJacksonValue updateUser(
@RequestBody String body,
@PathVariable(value = "login") String login,
Authentication authentication) throws QueryException, IOException {
Map<String, Object> node = parseBody(body);
Map<String, Object> data = getData(node, "user");
return userRest.updateUser(login, data, authentication.getAuthorities());
return createResponseWithColumns("", userRest.updateUser(login, data, authentication.getAuthorities()));
}
@PreAuthorize("hasAuthority('IS_ADMIN')")
@PostMapping(value = "/users/{login:.+}")
public UserDTO addUser(
public MappingJacksonValue addUser(
@RequestBody MultiValueMap<String, Object> formData,
@PathVariable(value = "login") String login) throws QueryException {
return userRest.addUser(login, formData);
return createResponseWithColumns("", userRest.addUser(login, formData));
}
@PreAuthorize("hasAuthority('IS_ADMIN')")
......
package lcsb.mapviewer.api.users;
import com.fasterxml.jackson.annotation.JsonFilter;
import lcsb.mapviewer.model.user.User;
@JsonFilter("userFilter")
public class UserDTO extends User {
/**
......
......@@ -154,16 +154,6 @@ public class UserRestImpl extends BaseRestImpl {
}
}
public List<UserDTO> getUsers(String columns) {
List<UserDTO> result = new ArrayList<>();
List<User> users = getUserService().getUsers(true);
Map<String, Boolean> ldapAvailability = getUserService().ldapAccountExistsForLogin(users);
for (User user : users) {
result.add(new UserDTO(user, ldapAvailability.get(user.getLogin()) == true));
}
return result;
}
public UserDTO updatePrivileges(String login, Map<Privilege, Boolean> data) throws QueryException {
if (data == null) {
throw new QueryException("Privileges not defined");
......
......@@ -303,7 +303,7 @@ public class UserControllerIntegrationTest extends ControllerIntegrationTest {
UserPrivilegesDTO grantData = new UserPrivilegesDTO();
grantData.privileges.put(new Privilege(PrivilegeType.READ_PROJECT, project.getProjectId()), true);
UserPrivilegesDTO revokeData = new UserPrivilegesDTO();
revokeData.privileges.put(new Privilege(PrivilegeType.READ_PROJECT, project.getProjectId()), false);
......@@ -311,7 +311,7 @@ public class UserControllerIntegrationTest extends ControllerIntegrationTest {
.contentType(MediaType.APPLICATION_JSON)
.content(objectMapper.writeValueAsBytes(grantData))
.session(session);
RequestBuilder revokeRequest = patch("/api/users/" + TEST_USER_LOGIN + ":updatePrivileges")
.contentType(MediaType.APPLICATION_JSON)
.content(objectMapper.writeValueAsBytes(revokeData))
......@@ -850,6 +850,22 @@ public class UserControllerIntegrationTest extends ControllerIntegrationTest {
.andExpect(status().is2xxSuccessful());
}
@Test
public void testGetUsersWithLdapInfo() throws Exception {
MockHttpSession session = createSession(BUILT_IN_TEST_ADMIN_LOGIN, BUILT_IN_TEST_ADMIN_PASSWORD);
RequestBuilder grantRequest = get("/api/users/?columns=connectedToLdap")
.session(session);
String content = mockMvc.perform(grantRequest)
.andExpect(status().is2xxSuccessful())
.andReturn().getResponse().getContentAsString();
List<Map<String, Object>> list = objectMapper.readValue(content, new TypeReference<List<Map<String, Object>>>() {
});
assertTrue(list.get(0).containsKey("connectedToLdap"));
assertFalse(list.get(0).containsKey("login"));
}
private List<FieldDescriptor> getUserResponseFields() {
List<FieldDescriptor> result = new ArrayList<>(Arrays.asList(
fieldWithPath("login")
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment