Commit 73d2ad5d authored by Piotr Gawron's avatar Piotr Gawron
Browse files

privilege DTO introduced

parent 68ef09bc
......@@ -157,24 +157,27 @@ public class ProjectController extends BaseController {
}
}
static class PrivilegeDTO {
public String login;
public PrivilegeType privilegeType;
}
@PreAuthorize("hasAuthority('IS_ADMIN') "
+ "or (hasAuthority('IS_CURATOR') and hasAuthority('WRITE_PROJECT:' + #projectId))")
@PatchMapping(value = "/{projectId:.+}:grantPrivileges")
public Map<String, Object> grantPrivileges(
@RequestBody String body,
public void grantPrivileges(
@RequestBody List<PrivilegeDTO> privileges,
@PathVariable(value = "projectId") String projectId) throws IOException, QueryException {
Map[] data = extractListBody(body);
return projectController.grantPrivilegesProject(projectId, data);
projectController.grantPrivilegesProject(projectId, privileges);
}
@PreAuthorize("hasAuthority('IS_ADMIN') "
+ "or (hasAuthority('IS_CURATOR') and hasAuthority('WRITE_PROJECT:' + #projectId))")
@PatchMapping(value = "/{projectId:.+}:revokePrivileges")
public Map<String, Object> revokePrivileges(
@RequestBody String body,
@RequestBody List<PrivilegeDTO> privileges,
@PathVariable(value = "projectId") String projectId) throws IOException, QueryException {
Map[] data = extractListBody(body);
return projectController.revokePrivilegesProject(projectId, data);
return projectController.revokePrivilegesProject(projectId, privileges);
}
@PreAuthorize("hasAnyAuthority('IS_ADMIN', 'IS_CURATOR')")
......
......@@ -10,7 +10,6 @@ import java.util.Comparator;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.TreeMap;
import org.apache.logging.log4j.LogManager;
......@@ -20,11 +19,10 @@ import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.MultiValueMap;
import lcsb.mapviewer.annotation.services.MeSHParser;
import lcsb.mapviewer.api.BaseRestImpl;
import lcsb.mapviewer.api.OperationNotAllowedException;
import lcsb.mapviewer.api.projects.ProjectController.PrivilegeDTO;
import lcsb.mapviewer.common.comparator.StringComparator;
import lcsb.mapviewer.common.exception.InvalidArgumentException;
import lcsb.mapviewer.converter.Converter;
import lcsb.mapviewer.converter.zip.GlyphZipEntryFile;
import lcsb.mapviewer.converter.zip.ImageZipEntryFile;
......@@ -36,12 +34,10 @@ import lcsb.mapviewer.model.ProjectLogEntry;
import lcsb.mapviewer.model.cache.FileEntry;
import lcsb.mapviewer.model.cache.UploadedFileEntry;
import lcsb.mapviewer.model.graphics.MapCanvasType;
import lcsb.mapviewer.model.map.MiriamData;
import lcsb.mapviewer.model.map.MiriamType;
import lcsb.mapviewer.model.map.layout.ProjectBackground;
import lcsb.mapviewer.model.map.model.SubmodelType;
import lcsb.mapviewer.model.map.species.Element;
import lcsb.mapviewer.model.security.PrivilegeType;
import lcsb.mapviewer.model.user.ConfigurationElementType;
import lcsb.mapviewer.model.user.User;
import lcsb.mapviewer.persist.dao.ProjectDao;
......@@ -61,7 +57,10 @@ import lcsb.mapviewer.services.utils.CreateProjectParams;
public class ProjectRestImpl extends BaseRestImpl {
public static enum ZipEntryFileType {
MAP, OVERLAY, IMAGE, GLYPH;
MAP,
OVERLAY,
IMAGE,
GLYPH;
public static ZipEntryFileType getType(String entryType) {
for (ZipEntryFileType type : ZipEntryFileType.values()) {
......@@ -84,8 +83,6 @@ public class ProjectRestImpl extends BaseRestImpl {
private IElementService elementService;
private IReactionService reactionService;
private MeSHParser meshParser;
private ProjectDao projectDao;
private UploadedFileEntryDao uploadedFileEntryDao;
......@@ -94,12 +91,10 @@ public class ProjectRestImpl extends BaseRestImpl {
ProjectDao projectDao,
UploadedFileEntryDao uploadedFileEntryDao,
IUserService userService,
MeSHParser meshParser,
IElementService elementService,
IReactionService reactionService) {
this.projectService = projectService;
this.projectDao = projectDao;
this.meshParser = meshParser;
this.userService = userService;
this.uploadedFileEntryDao = uploadedFileEntryDao;
this.elementService = elementService;
......@@ -484,54 +479,38 @@ public class ProjectRestImpl extends BaseRestImpl {
return result;
}
public Map<String, Object> grantPrivilegesProject(String projectId, Map[] data) throws QueryException {
Project project = getProjectByProjectId(projectId);
for (Map m : data) {
PrivilegeType privilege = getPrivilegeType(m);
User user = getUser(m);
userService.grantUserPrivilege(user, privilege, projectId);
}
return null;
}
private User getUser(Map m) throws QueryException {
if (!(m.get("login") instanceof String)) {
throw new QueryException("Invalid login: " + m.get("login"));
}
String login = (String) m.get("login");
User result = userService.getUserByLogin(login);
if (result == null) {
throw new ObjectNotFoundException("User doesn't exist: " + login);
public void grantPrivilegesProject(String projectId, List<PrivilegeDTO> privileges) throws QueryException {
getProjectByProjectId(projectId);
for (PrivilegeDTO m : privileges) {
User user = userService.getUserByLogin(m.login);
if (user == null) {
throw new ObjectNotFoundException("User does not exist");
}
userService.grantUserPrivilege(user, m.privilegeType, projectId);
}
return result;
}
public Map<String, Object> revokePrivilegesProject(String projectId, Map[] data) throws QueryException {
Project project = getProjectByProjectId(projectId);
for (Map m : data) {
PrivilegeType privilege = getPrivilegeType(m);
User user = getUser(m);
userService.revokeUserPrivilege(user, privilege, projectId);
public Map<String, Object> revokePrivilegesProject(String projectId, List<PrivilegeDTO> privileges) throws QueryException {
getProjectByProjectId(projectId);
for (PrivilegeDTO m : privileges) {
User user = userService.getUserByLogin(m.login);
if (user == null) {
throw new ObjectNotFoundException("User does not exist");
}
userService.revokeUserPrivilege(user, m.privilegeType, projectId);
}
return null;
}
private PrivilegeType getPrivilegeType(Map m) throws QueryException {
if (!(m.get("privilegeType") instanceof String)) {
throw new QueryException("Invalid privilegeType: " + m.get("privilegeType"));
}
String type = (String) m.get("privilegeType");
try {
PrivilegeType result = PrivilegeType.valueOf(type);
return result;
} catch (Exception e) {
throw new QueryException("Invalid privilegeType: " + type, e);
}
}
private enum LogSortColumn {
ID("id"), LEVEL("level"), TYPE("type"), OBJECT_IDENTIFIER("objectIdentifier"), OBJECT_CLASS("objectClass"), MAP_NAME("mapName"), SOURCE("source"), CONTENT(
"content");
ID("id"),
LEVEL("level"),
TYPE("type"),
OBJECT_IDENTIFIER("objectIdentifier"),
OBJECT_CLASS("objectClass"),
MAP_NAME("mapName"),
SOURCE("source"),
CONTENT("content");
private String commonName;
......
......@@ -257,6 +257,7 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest
+ "}]";
RequestBuilder request = patch("/api/projects/{projectId}:grantPrivileges", TEST_PROJECT)
.contentType(MediaType.APPLICATION_JSON)
.content(body)
.session(session);
......@@ -426,6 +427,7 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest
+ "}]";
RequestBuilder request = patch("/api/projects/*:grantPrivileges")
.contentType(MediaType.APPLICATION_JSON)
.content(body)
.session(session);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment