Commit f9697fb4 authored by Sonia Zorba's avatar Sonia Zorba
Browse files

Allowed JWT usage on all endpoints and refactoring

parent e3dd2142
Pipeline #582 passed with stages
in 31 seconds
......@@ -16,7 +16,7 @@ public class GmsApplication {
public static void main(String[] args) {
SpringApplication.run(GmsApplication.class, args);
}
@Bean
public RapClient rapClient() {
return ServiceLocator.getInstance().getRapClient();
......
......@@ -26,6 +26,11 @@ public class GmsLoginFilter extends LoginFilter {
private boolean shouldNotFilter(HttpServletRequest request) throws ServletException {
if (request.getUserPrincipal() != null) {
// Principal set using JWT
return true;
}
// Allow CORS check
if ("OPTIONS".equals(request.getMethod())) {
return true;
......
package it.inaf.ia2.gms.authn;
import it.inaf.ia2.aa.data.User;
import it.inaf.ia2.gms.persistence.LoggingDAO;
import it.inaf.ia2.rap.client.RapClient;
import java.io.IOException;
......@@ -13,6 +14,7 @@ import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class JWTFilter implements Filter {
......@@ -31,9 +33,21 @@ public class JWTFilter implements Filter {
HttpServletResponse response = (HttpServletResponse) res;
String authHeader = request.getHeader("Authorization");
if (authHeader == null) {
loggingDAO.logAction("Attempt to access WS without token", request);
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Missing Authorization token");
if (request.isRequestedSessionIdValid()) {
HttpSession session = request.getSession(false);
User user = (User) session.getAttribute("user_data");
if (user != null) {
rapClient.setAccessToken(user.getAccessToken());
ServletRequestWithSessionPrincipal wrappedRequest = new ServletRequestWithSessionPrincipal(request, user);
fc.doFilter(wrappedRequest, res);
return;
}
}
fc.doFilter(req, res);
return;
}
......@@ -54,9 +68,24 @@ public class JWTFilter implements Filter {
fc.doFilter(wrappedRequest, res);
}
private static class ServletRequestWithSessionPrincipal extends HttpServletRequestWrapper {
private final User principal;
public ServletRequestWithSessionPrincipal(HttpServletRequest request, User user) {
super(request);
this.principal = user;
}
@Override
public Principal getUserPrincipal() {
return principal;
}
}
private static class ServletRequestWithJWTPrincipal extends HttpServletRequestWrapper {
private final Principal principal;
private final RapPrincipal principal;
public ServletRequestWithJWTPrincipal(HttpServletRequest request, Map<String, Object> jwtClaims) {
super(request);
......
......@@ -51,7 +51,7 @@ public class SecurityConfig {
public FilterRegistrationBean serviceJWTFilter(LoggingDAO loggingDAO, RapClient rapClient) {
FilterRegistrationBean bean = new FilterRegistrationBean();
bean.setFilter(new JWTFilter(loggingDAO, rapClient));
bean.addUrlPatterns("/ws/jwt/*");
bean.addUrlPatterns("/*");
bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
return bean;
}
......
package it.inaf.ia2.gms.controller;
import com.opencsv.CSVWriter;
import it.inaf.ia2.gms.authn.SessionData;
import it.inaf.ia2.gms.manager.GroupStatusManager;
import it.inaf.ia2.gms.manager.GroupsManager;
import it.inaf.ia2.gms.model.request.AddGroupRequest;
......@@ -16,6 +15,7 @@ import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.service.GroupsTreeBuilder;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.Valid;
import org.springframework.beans.factory.annotation.Autowired;
......@@ -34,7 +34,7 @@ import org.springframework.web.bind.annotation.RestController;
public class GroupsController {
@Autowired
private SessionData session;
private HttpServletRequest servletRequest;
@Autowired
private GroupsManager groupsManager;
......@@ -96,8 +96,7 @@ public class GroupsController {
@GetMapping(value = "/group/status/{groupId}", produces = MediaType.APPLICATION_OCTET_STREAM_VALUE)
public void downloadStatus(@PathVariable("groupId") String groupId, HttpServletResponse response) throws Exception {
try (OutputStream out = response.getOutputStream();
CSVWriter writer = new CSVWriter(new OutputStreamWriter(out))) {
try ( OutputStream out = response.getOutputStream(); CSVWriter writer = new CSVWriter(new OutputStreamWriter(out))) {
writer.writeNext(new String[]{"program", "email"});
......@@ -108,6 +107,6 @@ public class GroupsController {
}
private <T extends PaginatedModelRequest & SearchFilterRequest> PaginatedData<GroupNode> getGroupsPanel(GroupEntity parentGroup, T request) {
return groupsTreeBuilder.listSubGroups(parentGroup, request, session.getUserId());
return groupsTreeBuilder.listSubGroups(parentGroup, request, servletRequest.getUserPrincipal().getName());
}
}
package it.inaf.ia2.gms.controller;
import it.inaf.ia2.gms.authn.SessionData;
import it.inaf.ia2.gms.manager.GroupsManager;
import it.inaf.ia2.gms.manager.InvitedRegistrationManager;
import it.inaf.ia2.gms.manager.PermissionsManager;
......@@ -10,6 +9,7 @@ import it.inaf.ia2.gms.model.response.GroupsTabResponse;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.service.GroupsService;
import it.inaf.ia2.gms.service.GroupsTreeBuilder;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
......@@ -17,7 +17,7 @@ import org.springframework.stereotype.Component;
public class GroupsTabResponseBuilder {
@Autowired
private SessionData session;
HttpServletRequest servletRequest;
@Autowired
private PermissionsManager permissionsManager;
......@@ -46,7 +46,7 @@ public class GroupsTabResponseBuilder {
Permission permission = permissionsManager.getCurrentUserPermission(group);
response.setPermission(permission);
response.setGroupsPanel(groupsListBuilder.listSubGroups(group, request, session.getUserId()));
response.setGroupsPanel(groupsListBuilder.listSubGroups(group, request, servletRequest.getUserPrincipal().getName()));
response.setLeaf(group.isLeaf());
......
......@@ -39,15 +39,16 @@ import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
/**
* Web service called by other web applications using JWT (delegation).
* This class needs some refactoring: it contains all endpoints that used JWT.
* Now all endpoints accept both a JWT token or a session, so some of them could
* be removed and others should be moved on dedicated classes. Some endpoints
* match 2 patters to achieve a smooth transition.
*/
@RestController
@RequestMapping("/ws/jwt")
public class JWTWebServiceController {
@Autowired
......@@ -63,7 +64,7 @@ public class JWTWebServiceController {
private GroupsService groupsService;
@Autowired
private GroupNameService groupNameService;
protected GroupNameService groupNameService;
@Autowired
private MembershipManager membershipManager;
......@@ -83,7 +84,7 @@ public class JWTWebServiceController {
/**
* This endpoint is compliant with the IVOA GMS standard.
*/
@GetMapping(value = "/search", produces = MediaType.TEXT_PLAIN_VALUE)
@GetMapping(value = {"/ws/jwt/search", "/vo/search"}, produces = MediaType.TEXT_PLAIN_VALUE)
public void getGroups(HttpServletResponse response) throws IOException {
List<GroupEntity> memberships = membershipManager.getCurrentUserMemberships();
......@@ -104,10 +105,10 @@ public class JWTWebServiceController {
* be defined adding ".+", otherwise Spring will think it is a file
* extension (thanks https://stackoverflow.com/a/16333149/771431)
*/
@GetMapping(value = "/search/{group:.+}", produces = MediaType.TEXT_PLAIN_VALUE)
@GetMapping(value = {"/ws/jwt/search/{group:.+}", "/vo/search/{group:.+}"}, produces = MediaType.TEXT_PLAIN_VALUE)
public void isMemberOf(@PathVariable("group") String group, HttpServletResponse response) throws IOException {
List<String> groupNames = extractGroupNames(group);
List<String> groupNames = groupNameService.extractGroupNames(group);
boolean isMember = membershipManager.isCurrentUserMemberOf("ROOT");
if (!isMember) {
......@@ -135,13 +136,12 @@ public class JWTWebServiceController {
// else: empty response (as defined by GMS standard)
}
@GetMapping(value = {"/list/{group:.+}", "/list"}, produces = MediaType.TEXT_PLAIN_VALUE)
public void listGroups(@PathVariable("group") Optional<String> group, Principal principal, HttpServletResponse response) throws IOException {
@GetMapping(value = {"/ws/jwt/list/{group:.+}", "/ws/jwt/list"}, produces = MediaType.TEXT_PLAIN_VALUE)
public void listGroups(@PathVariable("group") Optional<String> groupNames, Principal principal, HttpServletResponse response) throws IOException {
String userId = principal.getName();
List<String> groupNames = extractGroupNames(group);
GroupEntity parentGroup = getGroupFromNames(groupNames);
GroupEntity parentGroup = groupNameService.getGroupFromNames(groupNames);
List<GroupEntity> allSubGroups = groupsDAO.getDirectSubGroups(parentGroup.getPath());
......@@ -157,7 +157,7 @@ public class JWTWebServiceController {
try ( PrintWriter pw = new PrintWriter(response.getOutputStream())) {
for (String groupName : groupNameService.getGroupsNames(visibleSubgroups)) {
pw.println(getShortGroupName(groupName, group));
pw.println(groupNameService.getShortGroupName(groupName, groupNames));
}
}
}
......@@ -166,10 +166,10 @@ public class JWTWebServiceController {
* Creates a group and its ancestors if they are missing. It doesn't fail if
* the last group already exists.
*/
@PostMapping(value = "/{group:.+}", produces = MediaType.TEXT_PLAIN_VALUE)
@PostMapping(value = "/ws/jwt/{group:.+}", produces = MediaType.TEXT_PLAIN_VALUE)
public void createGroup(@PathVariable("group") String groupParam, HttpServletRequest request, HttpServletResponse response) throws IOException {
List<String> groupNames = extractGroupNames(groupParam);
List<String> groupNames = groupNameService.extractGroupNames(groupParam);
String leafParam = request.getParameter("leaf");
boolean leaf = leafParam == null ? false : Boolean.valueOf(leafParam);
......@@ -191,29 +191,29 @@ public class JWTWebServiceController {
}
}
@DeleteMapping(value = "/{group:.+}", produces = MediaType.TEXT_PLAIN_VALUE)
@DeleteMapping(value = "/ws/jwt/{group:.+}", produces = MediaType.TEXT_PLAIN_VALUE)
public void deleteGroup(@PathVariable("group") String groupParam, HttpServletResponse response) {
GroupEntity group = getGroupFromNames(extractGroupNames(groupParam));
GroupEntity group = groupNameService.getGroupFromNames(Optional.of(groupParam));
groupsDAO.deleteGroup(group);
response.setStatus(HttpServletResponse.SC_NO_CONTENT);
}
@GetMapping(value = {"/membership/{group:.+}", "/membership"}, produces = MediaType.TEXT_PLAIN_VALUE)
public void getMembership(@PathVariable("group") Optional<String> group, @RequestParam("user_id") String userId, HttpServletResponse response) throws IOException {
@GetMapping(value = {"/ws/jwt/membership/{group:.+}", "/ws/jwt/membership"}, produces = MediaType.TEXT_PLAIN_VALUE)
public void getMembership(@PathVariable("group") Optional<String> groupNames, @RequestParam("user_id") String userId, HttpServletResponse response) throws IOException {
GroupEntity parent = getGroupFromNames(extractGroupNames(group));
GroupEntity parent = groupNameService.getGroupFromNames(groupNames);
List<GroupEntity> groups = membershipManager.getUserGroups(parent, userId);
try ( PrintWriter pw = new PrintWriter(response.getOutputStream())) {
for (String groupName : groupNameService.getGroupsNames(groups)) {
pw.println(getShortGroupName(groupName, group));
pw.println(groupNameService.getShortGroupName(groupName, groupNames));
}
}
}
@PostMapping(value = {"/membership/{group:.+}", "/membership"}, produces = MediaType.TEXT_PLAIN_VALUE)
public void addMember(@PathVariable("group") Optional<String> group, HttpServletRequest request, HttpServletResponse response) throws IOException {
@PostMapping(value = {"/ws/jwt/membership/{group:.+}", "/ws/jwt/membership"}, produces = MediaType.TEXT_PLAIN_VALUE)
public void addMember(@PathVariable("group") Optional<String> groupNames, HttpServletRequest request, HttpServletResponse response) throws IOException {
String targetUserId = request.getParameter("user_id");
if (targetUserId == null) {
......@@ -221,25 +221,25 @@ public class JWTWebServiceController {
return;
}
GroupEntity groupEntity = getGroupFromNames(extractGroupNames(group));
GroupEntity groupEntity = groupNameService.getGroupFromNames(groupNames);
membershipManager.addMember(groupEntity, targetUserId);
}
@DeleteMapping(value = {"/membership/{group:.+}", "/membership"}, produces = MediaType.TEXT_PLAIN_VALUE)
public void removeMember(@PathVariable("group") Optional<String> group, @RequestParam("user_id") String userId,
@DeleteMapping(value = {"/ws/jwt/membership/{group:.+}", "/ws/jwt/membership"}, produces = MediaType.TEXT_PLAIN_VALUE)
public void removeMember(@PathVariable("group") Optional<String> groupNames, @RequestParam("user_id") String userId,
HttpServletRequest request, HttpServletResponse response) throws IOException {
GroupEntity groupEntity = getGroupFromNames(extractGroupNames(group));
GroupEntity groupEntity = groupNameService.getGroupFromNames(groupNames);
membershipManager.removeMember(groupEntity, userId);
response.setStatus(HttpServletResponse.SC_NO_CONTENT);
}
@GetMapping(value = {"/permission/{group:.+}", "/permission"}, produces = MediaType.TEXT_PLAIN_VALUE)
@GetMapping(value = {"/ws/jwt/permission/{group:.+}", "/ws/jwt/permission"}, produces = MediaType.TEXT_PLAIN_VALUE)
public void getUserPermission(@PathVariable("group") Optional<String> groupNames, @RequestParam("user_id") Optional<String> userId, HttpServletRequest request, HttpServletResponse response) throws IOException {
GroupEntity groupEntity = getGroupFromNames(extractGroupNames(groupNames));
GroupEntity groupEntity = groupNameService.getGroupFromNames(groupNames);
if (userId.isPresent()) {
try ( PrintWriter pw = new PrintWriter(response.getOutputStream())) {
for (UserPermission userPermission : searchService.getUserPermission(groupEntity, userId.get(), permissionsManager.getCurrentUserPermissions(groupEntity))) {
......@@ -249,36 +249,36 @@ public class JWTWebServiceController {
}
} else {
try ( PrintWriter pw = new PrintWriter(response.getOutputStream())) {
for (it.inaf.ia2.gms.model.UserPermission up : permissionsManager.getAllPermissions(groupEntity)) {
for (it.inaf.ia2.gms.model.RapUserPermission up : permissionsManager.getAllPermissions(groupEntity)) {
pw.println(up.getUser().getId() + " " + up.getPermission());
}
}
}
}
@PostMapping(value = {"/permission/{group:.+}", "/permission/"}, produces = MediaType.TEXT_PLAIN_VALUE, consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
@PostMapping(value = {"/ws/jwt/permission/{group:.+}", "/ws/jwt/permission/"}, produces = MediaType.TEXT_PLAIN_VALUE, consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
public void addPermission(@PathVariable("group") Optional<String> groupNames, @RequestParam("user_id") String targetUserId, @RequestParam("permission") Permission permission) throws IOException {
GroupEntity groupEntity = getGroupFromNames(extractGroupNames(groupNames));
GroupEntity groupEntity = groupNameService.getGroupFromNames(groupNames);
permissionsManager.addPermission(groupEntity, targetUserId, permission);
}
@PutMapping(value = {"/permission/{group:.+}", "/permission/"}, produces = MediaType.TEXT_PLAIN_VALUE, consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
@PutMapping(value = {"/ws/jwt/permission/{group:.+}", "/ws/jwt/permission/"}, produces = MediaType.TEXT_PLAIN_VALUE, consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
public void setPermission(@PathVariable("group") Optional<String> groupNames, @RequestParam("user_id") String targetUserId, @RequestParam("permission") Permission permission) throws IOException {
GroupEntity groupEntity = getGroupFromNames(extractGroupNames(groupNames));
GroupEntity groupEntity = groupNameService.getGroupFromNames(groupNames);
permissionsManager.createOrUpdatePermission(groupEntity, targetUserId, permission);
}
@DeleteMapping(value = {"/permission/{group:.+}", "/permission/"}, produces = MediaType.TEXT_PLAIN_VALUE)
@DeleteMapping(value = {"/ws/jwt/permission/{group:.+}", "/ws/jwt/permission/"}, produces = MediaType.TEXT_PLAIN_VALUE)
public void removePermission(@PathVariable("group") Optional<String> groupNames, @RequestParam("user_id") String userId,
HttpServletRequest request, HttpServletResponse response) throws IOException {
GroupEntity groupEntity = getGroupFromNames(extractGroupNames(groupNames));
GroupEntity groupEntity = groupNameService.getGroupFromNames(groupNames);
permissionsManager.removePermission(groupEntity, userId);
response.setStatus(HttpServletResponse.SC_NO_CONTENT);
}
@GetMapping(value = "/check-invited-registration", produces = MediaType.TEXT_PLAIN_VALUE)
@GetMapping(value = {"/ws/jwt/check-invited-registration", "/check-invited-registration"}, produces = MediaType.TEXT_PLAIN_VALUE)
public void completeInvitedRegistrationIfNecessary(Principal principal, HttpServletResponse response) throws IOException {
String userId = principal.getName();
......@@ -300,7 +300,7 @@ public class JWTWebServiceController {
}
}
@PostMapping(value = "/invited-registration", produces = MediaType.TEXT_PLAIN_VALUE)
@PostMapping(value = {"/ws/jwt/invited-registration", "/invited-registration"}, produces = MediaType.TEXT_PLAIN_VALUE)
public void addInvitedRegistration(@RequestParam("token_hash") String tokenHash, @RequestParam("email") String email,
@RequestParam("groups") String groupNamesAndPermissionsParam, HttpServletResponse response) {
......@@ -311,7 +311,7 @@ public class JWTWebServiceController {
int lastSpaceIndex = param.lastIndexOf(" ");
String groupName = param.substring(0, lastSpaceIndex);
Permission permission = Permission.valueOf(param.substring(lastSpaceIndex + 1));
GroupEntity groupEntity = getGroupFromNames(extractGroupNames(groupName));
GroupEntity groupEntity = groupNameService.getGroupFromNames(Optional.of(groupName));
groupsPermissions.put(groupEntity, permission);
}
}
......@@ -321,10 +321,10 @@ public class JWTWebServiceController {
response.setStatus(HttpServletResponse.SC_CREATED);
}
@GetMapping(value = "/email/{group:.+}", produces = MediaType.TEXT_PLAIN_VALUE)
@GetMapping(value = {"/ws/jwt/email/{group:.+}", "/email/{group:.+}"}, produces = MediaType.TEXT_PLAIN_VALUE)
public void getEmailOfMembers(@PathVariable("group") String groupNames, @RequestParam("permission") Optional<Permission> permission, HttpServletResponse response) throws IOException {
GroupEntity groupEntity = getGroupFromNames(extractGroupNames(groupNames));
GroupEntity groupEntity = groupNameService.getGroupFromNames(Optional.of(groupNames));
Set<String> selectedUserIds = null;
if (permission.isPresent()) {
......@@ -346,68 +346,7 @@ public class JWTWebServiceController {
}
}
private GroupEntity getGroupFromNames(List<String> groupNames) {
if (groupNames.isEmpty()) {
return getRoot();
}
return getGroupFromNamesAndIndex(groupNames, groupNames.size() - 1);
}
private GroupEntity getGroupFromNamesAndIndex(List<String> groupNames, int index) {
String parentPath = ""; // starting from ROOT
GroupEntity group = null;
for (int i = 0; i < index + 1; i++) {
String groupName = groupNames.get(i);
group = groupsDAO.findGroupByParentAndName(parentPath, groupName)
.orElseThrow(() -> new BadRequestException("Unable to find group " + groupName));
parentPath = group.getPath();
}
if (group == null) {
throw new IllegalStateException();
}
return group;
}
private GroupEntity getRoot() {
return groupsDAO.findGroupById("ROOT")
.orElseThrow(() -> new IllegalStateException("Missing root group"));
}
private List<String> extractGroupNames(Optional<String> group) {
return extractGroupNames(group.orElse(null));
}
private List<String> extractGroupNames(String groupStr) {
if (groupStr == null || groupStr.isEmpty()) {
return new ArrayList<>();
}
List<String> names = new ArrayList<>();
String currentName = "";
for (int i = 0; i < groupStr.length(); i++) {
char c = groupStr.charAt(i);
// dot is the group separator and it must be escaped if used inside
// group names
if (c == '.' && groupStr.charAt(i - 1) != '\\') {
names.add(currentName.replace("\\.", "."));
currentName = "";
} else {
currentName += c;
}
}
names.add(currentName);
return names;
}
private String getShortGroupName(String completeGroupName, Optional<String> groupPrefix) {
if (groupPrefix.isPresent()) {
return completeGroupName.substring(groupPrefix.get().length() + 1);
}
return completeGroupName;
}
@PostMapping(value = "/join", produces = MediaType.APPLICATION_JSON_VALUE)
@PostMapping(value = {"/ws/jwt/join", "/join"}, produces = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity<?> join(RapPrincipal principal) {
String fromUser = principal.getName();
......
package it.inaf.ia2.gms.controller;
import it.inaf.ia2.gms.exception.BadRequestException;
import it.inaf.ia2.gms.manager.GroupsManager;
import it.inaf.ia2.gms.manager.PermissionsManager;
import it.inaf.ia2.gms.model.request.AddPermissionRequest;
......@@ -7,15 +8,20 @@ import it.inaf.ia2.gms.model.request.MemberRequest;
import it.inaf.ia2.gms.model.response.PaginatedData;
import it.inaf.ia2.gms.model.request.PaginatedModelRequest;
import it.inaf.ia2.gms.model.Permission;
import it.inaf.ia2.gms.model.UserPermission;
import it.inaf.ia2.gms.model.RapUserPermission;
import it.inaf.ia2.gms.model.request.TabRequest;
import it.inaf.ia2.gms.model.request.UpdatePermissionRequest;
import it.inaf.ia2.gms.model.response.UserPermission;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.PermissionEntity;
import it.inaf.ia2.gms.service.GroupNameService;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import javax.validation.Valid;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
......@@ -39,10 +45,10 @@ public class PermissionsController {
private PermissionsManager permissionsManager;
@GetMapping(value = "/permissions", produces = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity<PaginatedData<UserPermission>> getPermissionsTab(TabRequest request) {
public ResponseEntity<PaginatedData<RapUserPermission>> getPermissionsTab(TabRequest request) {
GroupEntity group = groupsManager.getGroupById(request.getGroupId());
PaginatedData<UserPermission> permissionsPanel = getPermissionsPanel(group, request);
PaginatedData<RapUserPermission> permissionsPanel = getPermissionsPanel(group, request);
return ResponseEntity.ok(permissionsPanel);
}
......@@ -63,7 +69,7 @@ public class PermissionsController {
}
@PostMapping(value = "/permission", consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity<PaginatedData<UserPermission>> addPermission(@Valid @RequestBody AddPermissionRequest request) {
public ResponseEntity<PaginatedData<RapUserPermission>> addPermission(@Valid @RequestBody AddPermissionRequest request) {
GroupEntity group = groupsManager.getGroupById(request.getGroupId());
if (request.isOverride()) {
......@@ -88,7 +94,7 @@ public class PermissionsController {
}
@DeleteMapping(value = "/permission", produces = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity<PaginatedData<UserPermission>> deletePermission(@Valid MemberRequest request) {
public ResponseEntity<PaginatedData<RapUserPermission>> deletePermission(@Valid MemberRequest request) {
GroupEntity group = groupsManager.getGroupById(request.getGroupId());
permissionsManager.removePermission(group, request.getUserId());
......@@ -96,8 +102,8 @@ public class PermissionsController {
return ResponseEntity.ok(getPermissionsPanel(group, request));
}
private PaginatedData<UserPermission> getPermissionsPanel(GroupEntity group, PaginatedModelRequest request) {
List<UserPermission> permissions = permissionsManager.getAllPermissions(group);
private PaginatedData<RapUserPermission> getPermissionsPanel(GroupEntity group, PaginatedModelRequest request) {
List<RapUserPermission> permissions = permissionsManager.getAllPermissions(group);
Collections.sort(permissions, (p1, p2) -> {
return p1.getUser().getDisplayName().compareTo(p2.getUser().getDisplayName());
});
......
package it.inaf.ia2.gms.controller;
import it.inaf.ia2.gms.authn.SessionData;
import it.inaf.ia2.gms.model.response.PaginatedData;
import it.inaf.ia2.gms.model.response.SearchResponseItem;
import it.inaf.ia2.gms.model.response.UserSearchResponse;
import it.inaf.ia2.gms.service.SearchService;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
......@@ -17,7 +17,7 @@ import org.springframework.web.bind.annotation.RestController;
public class SearchController {
@Autowired
private SessionData sessionData;
private HttpServletRequest servletRequest;
@Autowired
private SearchService searchService;
......@@ -26,14 +26,14 @@ public class SearchController {