Loading gms/src/main/java/it/inaf/ia2/gms/controller/GroupsController.java +9 −3 Original line number Diff line number Diff line Loading @@ -57,7 +57,7 @@ public class GroupsController { GroupEntity parent = groupsService.getGroupById(request.getParentGroupId()); if (permissionsService.getUserPermissionForGroup(parent, session.getUserId()) != Permission.ADMIN) { throw new UnauthorizedException("Missing admin privileges"); throw new UnauthorizedException("Missing admin permission"); } GroupEntity newGroup = groupsService.addGroup(parent, request.getNewGroupName()); Loading @@ -70,7 +70,13 @@ public class GroupsController { @PutMapping(value = "/group/{groupId}", consumes = MediaType.APPLICATION_JSON_UTF8_VALUE, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public ResponseEntity<PaginatedData<GroupNode>> renameGroup(@PathVariable("groupId") String groupId, @Valid @RequestBody RenameGroupRequest request) { GroupEntity renamedGroup = groupsService.renameGroup(groupId, request.getNewGroupName(), session.getUserId()); GroupEntity group = groupsService.getGroupById(groupId); if (permissionsService.getUserPermissionForGroup(group, session.getUserId()) != Permission.ADMIN) { throw new UnauthorizedException("Missing admin permission"); } GroupEntity renamedGroup = groupsService.renameGroup(group, request.getNewGroupName()); GroupEntity parent = groupsService.getGroupByPath(renamedGroup.getParentPath()); Loading @@ -85,7 +91,7 @@ public class GroupsController { GroupEntity group = groupsService.getGroupById(groupId); if (permissionsService.getUserPermissionForGroup(group, session.getUserId()) != Permission.ADMIN) { throw new UnauthorizedException("Missing admin privileges"); throw new UnauthorizedException("Missing admin permission"); } GroupEntity parent = groupsService.deleteGroup(group); Loading gms/src/main/java/it/inaf/ia2/gms/controller/MembersController.java 0 → 100644 +72 −0 Original line number Diff line number Diff line package it.inaf.ia2.gms.controller; import it.inaf.ia2.gms.authn.SessionData; import it.inaf.ia2.gms.exception.UnauthorizedException; import it.inaf.ia2.gms.model.MemberRequest; import it.inaf.ia2.gms.model.PaginatedData; import it.inaf.ia2.gms.model.Permission; import it.inaf.ia2.gms.model.RapUser; import it.inaf.ia2.gms.persistence.model.GroupEntity; import it.inaf.ia2.gms.service.GroupsService; import it.inaf.ia2.gms.service.MembersService; import it.inaf.ia2.gms.service.PermissionsService; import java.util.List; import javax.validation.Valid; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RestController; @RestController public class MembersController { @Autowired private SessionData session; @Autowired private GroupsService groupsService; @Autowired private PermissionsService permissionsService; @Autowired private MembersService membersService; @PostMapping(value = "/member", consumes = MediaType.APPLICATION_JSON_UTF8_VALUE, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public ResponseEntity<PaginatedData<RapUser>> addMember(@Valid @RequestBody MemberRequest request) { GroupEntity group = groupsService.getGroupById(request.getGroupId()); verifyCurrentUserCanManageMembers(group); membersService.addMember(request.getGroupId(), request.getUserId()); return new ResponseEntity<>(getMembersPanel(request), HttpStatus.CREATED); } @DeleteMapping(value = "/member", produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public ResponseEntity<PaginatedData<RapUser>> removeMember(@Valid MemberRequest request) { GroupEntity group = groupsService.getGroupById(request.getGroupId()); verifyCurrentUserCanManageMembers(group); membersService.removeMember(group.getId(), request.getUserId()); return ResponseEntity.ok(getMembersPanel(request)); } private void verifyCurrentUserCanManageMembers(GroupEntity group) { Permission currentNodePermission = permissionsService.getUserPermissionForGroup(group, session.getUserId()); if (currentNodePermission != Permission.ADMIN && currentNodePermission != Permission.MANAGE_MEMBERS) { throw new UnauthorizedException("Missing admin or manage members permissions"); } } private PaginatedData<RapUser> getMembersPanel(MemberRequest request) { List<RapUser> members = membersService.getMembers(request.getGroupId()); return new PaginatedData<>(members, request.getPaginatorPage(), request.getPaginatorPageSize()); } } gms/src/main/java/it/inaf/ia2/gms/controller/PermissionsController.java +3 −3 Original line number Diff line number Diff line Loading @@ -36,7 +36,7 @@ public class PermissionsController { public ResponseEntity<PaginatedData<UserPermission>> addPermission(@Valid @RequestBody PermissionRequest request) { GroupEntity group = groupsService.getGroupById(request.getGroupId()); verifyAdminSession(group); verifyCurrentUserCanManagePermissions(group); permissionsService.addPermission(group, request.getUserId(), request.getPermission()); Loading @@ -47,14 +47,14 @@ public class PermissionsController { public ResponseEntity<PaginatedData<UserPermission>> deletePermission(@Valid PermissionRequest request) { GroupEntity group = groupsService.getGroupById(request.getGroupId()); verifyAdminSession(group); verifyCurrentUserCanManagePermissions(group); permissionsService.deletePermission(group, request.getUserId(), request.getPermission()); return ResponseEntity.ok(getPermissionsPanel(group, request)); } private void verifyAdminSession(GroupEntity group) { private void verifyCurrentUserCanManagePermissions(GroupEntity group) { Permission currentNodePermissions = permissionsService.getUserPermissionForGroup(group, session.getUserId()); if (currentNodePermissions != Permission.ADMIN) { throw new UnauthorizedException("Only admin users can handle permissions"); Loading gms/src/main/java/it/inaf/ia2/gms/model/AddMemberRequest.java→gms/src/main/java/it/inaf/ia2/gms/model/MemberRequest.java +1 −1 Original line number Diff line number Diff line Loading @@ -2,7 +2,7 @@ package it.inaf.ia2.gms.model; import javax.validation.constraints.NotEmpty; public class AddMemberRequest extends PaginatedModelRequest { public class MemberRequest extends PaginatedModelRequest { @NotEmpty private String groupId; Loading gms/src/main/java/it/inaf/ia2/gms/persistence/GroupsDAO.java +19 −2 Original line number Diff line number Diff line Loading @@ -124,9 +124,12 @@ public class GroupsDAO { }); } public List<GroupEntity> listSubGroups(String path) { /** * Returns the direct children (one level). */ public List<GroupEntity> getDirectSubGroups(String path) { String sql = "SELECT id, name, path from gms_group WHERE path ~ ? ORDER BY name"; String sql = "SELECT id, name, path FROM gms_group WHERE path ~ ? ORDER BY name"; return jdbcTemplate.query(conn -> { PreparedStatement ps = conn.prepareStatement(sql); Loading @@ -145,6 +148,20 @@ public class GroupsDAO { return path; } public List<GroupEntity> getAllChildren(String path) { String sql = "SELECT id, name, path FROM gms_group WHERE path <@ ? AND path <> ? ORDER BY nlevel(path) DESC"; return jdbcTemplate.query(conn -> { PreparedStatement ps = conn.prepareStatement(sql); ps.setObject(1, path, Types.OTHER); ps.setObject(2, path, Types.OTHER); return ps; }, resultSet -> { return getGroupsFromResultSet(resultSet); }); } public List<GroupEntity> findGroupsByNames(List<String> names) { String sql = "SELECT id, name, path from gms_group WHERE name IN (" Loading Loading
gms/src/main/java/it/inaf/ia2/gms/controller/GroupsController.java +9 −3 Original line number Diff line number Diff line Loading @@ -57,7 +57,7 @@ public class GroupsController { GroupEntity parent = groupsService.getGroupById(request.getParentGroupId()); if (permissionsService.getUserPermissionForGroup(parent, session.getUserId()) != Permission.ADMIN) { throw new UnauthorizedException("Missing admin privileges"); throw new UnauthorizedException("Missing admin permission"); } GroupEntity newGroup = groupsService.addGroup(parent, request.getNewGroupName()); Loading @@ -70,7 +70,13 @@ public class GroupsController { @PutMapping(value = "/group/{groupId}", consumes = MediaType.APPLICATION_JSON_UTF8_VALUE, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public ResponseEntity<PaginatedData<GroupNode>> renameGroup(@PathVariable("groupId") String groupId, @Valid @RequestBody RenameGroupRequest request) { GroupEntity renamedGroup = groupsService.renameGroup(groupId, request.getNewGroupName(), session.getUserId()); GroupEntity group = groupsService.getGroupById(groupId); if (permissionsService.getUserPermissionForGroup(group, session.getUserId()) != Permission.ADMIN) { throw new UnauthorizedException("Missing admin permission"); } GroupEntity renamedGroup = groupsService.renameGroup(group, request.getNewGroupName()); GroupEntity parent = groupsService.getGroupByPath(renamedGroup.getParentPath()); Loading @@ -85,7 +91,7 @@ public class GroupsController { GroupEntity group = groupsService.getGroupById(groupId); if (permissionsService.getUserPermissionForGroup(group, session.getUserId()) != Permission.ADMIN) { throw new UnauthorizedException("Missing admin privileges"); throw new UnauthorizedException("Missing admin permission"); } GroupEntity parent = groupsService.deleteGroup(group); Loading
gms/src/main/java/it/inaf/ia2/gms/controller/MembersController.java 0 → 100644 +72 −0 Original line number Diff line number Diff line package it.inaf.ia2.gms.controller; import it.inaf.ia2.gms.authn.SessionData; import it.inaf.ia2.gms.exception.UnauthorizedException; import it.inaf.ia2.gms.model.MemberRequest; import it.inaf.ia2.gms.model.PaginatedData; import it.inaf.ia2.gms.model.Permission; import it.inaf.ia2.gms.model.RapUser; import it.inaf.ia2.gms.persistence.model.GroupEntity; import it.inaf.ia2.gms.service.GroupsService; import it.inaf.ia2.gms.service.MembersService; import it.inaf.ia2.gms.service.PermissionsService; import java.util.List; import javax.validation.Valid; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RestController; @RestController public class MembersController { @Autowired private SessionData session; @Autowired private GroupsService groupsService; @Autowired private PermissionsService permissionsService; @Autowired private MembersService membersService; @PostMapping(value = "/member", consumes = MediaType.APPLICATION_JSON_UTF8_VALUE, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public ResponseEntity<PaginatedData<RapUser>> addMember(@Valid @RequestBody MemberRequest request) { GroupEntity group = groupsService.getGroupById(request.getGroupId()); verifyCurrentUserCanManageMembers(group); membersService.addMember(request.getGroupId(), request.getUserId()); return new ResponseEntity<>(getMembersPanel(request), HttpStatus.CREATED); } @DeleteMapping(value = "/member", produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public ResponseEntity<PaginatedData<RapUser>> removeMember(@Valid MemberRequest request) { GroupEntity group = groupsService.getGroupById(request.getGroupId()); verifyCurrentUserCanManageMembers(group); membersService.removeMember(group.getId(), request.getUserId()); return ResponseEntity.ok(getMembersPanel(request)); } private void verifyCurrentUserCanManageMembers(GroupEntity group) { Permission currentNodePermission = permissionsService.getUserPermissionForGroup(group, session.getUserId()); if (currentNodePermission != Permission.ADMIN && currentNodePermission != Permission.MANAGE_MEMBERS) { throw new UnauthorizedException("Missing admin or manage members permissions"); } } private PaginatedData<RapUser> getMembersPanel(MemberRequest request) { List<RapUser> members = membersService.getMembers(request.getGroupId()); return new PaginatedData<>(members, request.getPaginatorPage(), request.getPaginatorPageSize()); } }
gms/src/main/java/it/inaf/ia2/gms/controller/PermissionsController.java +3 −3 Original line number Diff line number Diff line Loading @@ -36,7 +36,7 @@ public class PermissionsController { public ResponseEntity<PaginatedData<UserPermission>> addPermission(@Valid @RequestBody PermissionRequest request) { GroupEntity group = groupsService.getGroupById(request.getGroupId()); verifyAdminSession(group); verifyCurrentUserCanManagePermissions(group); permissionsService.addPermission(group, request.getUserId(), request.getPermission()); Loading @@ -47,14 +47,14 @@ public class PermissionsController { public ResponseEntity<PaginatedData<UserPermission>> deletePermission(@Valid PermissionRequest request) { GroupEntity group = groupsService.getGroupById(request.getGroupId()); verifyAdminSession(group); verifyCurrentUserCanManagePermissions(group); permissionsService.deletePermission(group, request.getUserId(), request.getPermission()); return ResponseEntity.ok(getPermissionsPanel(group, request)); } private void verifyAdminSession(GroupEntity group) { private void verifyCurrentUserCanManagePermissions(GroupEntity group) { Permission currentNodePermissions = permissionsService.getUserPermissionForGroup(group, session.getUserId()); if (currentNodePermissions != Permission.ADMIN) { throw new UnauthorizedException("Only admin users can handle permissions"); Loading
gms/src/main/java/it/inaf/ia2/gms/model/AddMemberRequest.java→gms/src/main/java/it/inaf/ia2/gms/model/MemberRequest.java +1 −1 Original line number Diff line number Diff line Loading @@ -2,7 +2,7 @@ package it.inaf.ia2.gms.model; import javax.validation.constraints.NotEmpty; public class AddMemberRequest extends PaginatedModelRequest { public class MemberRequest extends PaginatedModelRequest { @NotEmpty private String groupId; Loading
gms/src/main/java/it/inaf/ia2/gms/persistence/GroupsDAO.java +19 −2 Original line number Diff line number Diff line Loading @@ -124,9 +124,12 @@ public class GroupsDAO { }); } public List<GroupEntity> listSubGroups(String path) { /** * Returns the direct children (one level). */ public List<GroupEntity> getDirectSubGroups(String path) { String sql = "SELECT id, name, path from gms_group WHERE path ~ ? ORDER BY name"; String sql = "SELECT id, name, path FROM gms_group WHERE path ~ ? ORDER BY name"; return jdbcTemplate.query(conn -> { PreparedStatement ps = conn.prepareStatement(sql); Loading @@ -145,6 +148,20 @@ public class GroupsDAO { return path; } public List<GroupEntity> getAllChildren(String path) { String sql = "SELECT id, name, path FROM gms_group WHERE path <@ ? AND path <> ? ORDER BY nlevel(path) DESC"; return jdbcTemplate.query(conn -> { PreparedStatement ps = conn.prepareStatement(sql); ps.setObject(1, path, Types.OTHER); ps.setObject(2, path, Types.OTHER); return ps; }, resultSet -> { return getGroupsFromResultSet(resultSet); }); } public List<GroupEntity> findGroupsByNames(List<String> names) { String sql = "SELECT id, name, path from gms_group WHERE name IN (" Loading
