common/securis.git

..	..	@@ -22,9 +22,7 @@
22	22	import javax.ws.rs.core.Response;
23	23	import javax.ws.rs.core.Response.Status;
24	24
25		-import net.curisit.integrity.commons.JsonUtils;
26	25	import net.curisit.integrity.commons.Utils;
27		-import net.curisit.integrity.exception.CurisException;
28	26	import net.curisit.securis.DefaultExceptionHandler;
29	27	import net.curisit.securis.db.License;
30	28	import net.curisit.securis.db.LicenseHistory;
..	..	@@ -32,6 +30,7 @@
32	30	import net.curisit.securis.db.User;
33	31	import net.curisit.securis.security.BasicSecurityContext;
34	32	import net.curisit.securis.security.Securable;
	33	+import net.curisit.securis.services.exception.SeCurisServiceException;
35	34	import net.curisit.securis.utils.TokenHelper;
36	35
37	36	import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataInput;
..	..	@@ -92,69 +91,43 @@
92	91	/**
93	92	*
94	93	* @return the server version in format majorVersion.minorVersion
	94	+ * @throws SeCurisServiceException
95	95	*/
96	96	@GET
97	97	@Path("/{licId}")
98	98	@Securable
99	99	@Produces(
100	100	{ MediaType.APPLICATION_JSON })
101		- public Response get(@PathParam("licId") Integer licId, @Context BasicSecurityContext bsc) {
	101	+ public Response get(@PathParam("licId") Integer licId, @Context BasicSecurityContext bsc) throws SeCurisServiceException {
102	102	log.info("Getting organization data for id: {}: ", licId);
103		- if (licId == null \|\| licId.equals("")) {
104		- log.error("License ID is mandatory");
105		- return Response.status(Status.NOT_FOUND).build();
106		- }
107	103
108	104	EntityManager em = emProvider.get();
109		- License lic = em.find(License.class, licId);
110		- if (lic == null) {
111		- log.error("License with id {} not found in DB", licId);
112		- return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "License not found for ID: " + licId).build();
113		- }
114		- if (!bsc.isUserInRole(BasicSecurityContext.ROL_ADMIN)) {
115		- if (!bsc.getOrganizationsIds().contains(lic.getPack().getOrganization().getId())) {
116		- log.error("License with id {} is not accesible by user {}", licId, bsc.getUserPrincipal());
117		- return Response.status(Status.UNAUTHORIZED).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Unathorized access to license data").build();
118		- }
119		- }
	105	+ License lic = getCurrentLicense(licId, bsc, em);
120	106	return Response.ok(lic).build();
121	107	}
122	108
123	109	/**
124	110	*
125	111	* @return The license file, only of license is active
	112	+ * @throws SeCurisServiceException
126	113	*/
127	114	@GET
128	115	@Path("/{licId}/download")
129	116	@Securable
130	117	@Produces(
131	118	{ MediaType.APPLICATION_OCTET_STREAM })
132		- public Response download(@PathParam("licId") Integer licId, @Context BasicSecurityContext bsc) {
133		- log.info("Getting license data for id: {}: ", licId);
134		- if (licId == null \|\| licId.equals("")) {
135		- log.error("License ID is mandatory");
136		- return Response.status(Status.NOT_FOUND).build();
137		- }
	119	+ public Response download(@PathParam("licId") Integer licId, @Context BasicSecurityContext bsc) throws SeCurisServiceException {
138	120
139	121	EntityManager em = emProvider.get();
140		- License lic = em.find(License.class, licId);
141		- if (lic == null) {
142		- log.error("License with id {} not found in DB", licId);
143		- return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "License not found for ID: " + licId).build();
144		- }
145		- if (!bsc.isUserInRole(BasicSecurityContext.ROL_ADMIN)) {
146		- if (!bsc.getOrganizationsIds().contains(lic.getPack().getOrganization().getId())) {
147		- log.error("License with id {} is not accesible by user {}", licId, bsc.getUserPrincipal());
148		- return Response.status(Status.UNAUTHORIZED).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Unathorized access to license data").build();
149		- }
150		- }
	122	+ License lic = getCurrentLicense(licId, bsc, em);
	123	+
151	124	if (lic.getLicenseData() == null) {
152	125	log.error("License with id {} has not license file generated", licId, bsc.getUserPrincipal());
153		- return Response.status(Status.FORBIDDEN).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "License has not contain data to generate license file").build();
	126	+ throw new SeCurisServiceException(Status.FORBIDDEN.getStatusCode(), "License has not contain data to generate license file");
154	127	}
155	128	if (lic.getStatus() != License.Status.ACTIVE) {
156	129	log.error("License with id {} is not active, so It can not downloaded", licId, bsc.getUserPrincipal());
157		- return Response.status(Status.FORBIDDEN).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "License is not active, so It can not be downloaded").build();
	130	+ throw new SeCurisServiceException(Status.FORBIDDEN.getStatusCode(), "License is not active, so It can not be downloaded");
158	131	}
159	132	return Response.ok(lic.getLicenseData()).build();
160	133	}
..	..	@@ -167,42 +140,60 @@
167	140	@Consumes(MediaType.APPLICATION_JSON)
168	141	@Produces(
169	142	{ MediaType.APPLICATION_JSON })
170		- public Response activate(@PathParam("licId") Integer licId, @Context BasicSecurityContext bsc) {
171		- log.info("Getting license data for id: {}: ", licId);
172		- if (licId == null \|\| licId.equals("")) {
173		- log.error("License ID is mandatory");
174		- return Response.status(Status.NOT_FOUND).build();
175		- }
	143	+ public Response activate(@PathParam("licId") Integer licId, @Context BasicSecurityContext bsc) throws SeCurisServiceException {
176	144
177	145	EntityManager em = emProvider.get();
178		- License lic = em.find(License.class, licId);
179		- if (lic == null) {
180		- log.error("License with id {} not found in DB", licId);
181		- return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "License not found for ID: " + licId).build();
182		- }
183		- if (!bsc.isUserInRole(BasicSecurityContext.ROL_ADMIN)) {
184		- if (!bsc.getOrganizationsIds().contains(lic.getPack().getOrganization().getId())) {
185		- log.error("License with id {} is not accesible by user {}", licId, bsc.getUserPrincipal());
186		- return Response.status(Status.UNAUTHORIZED).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Unathorized access to license data").build();
187		- }
188		- }
	146	+ License lic = getCurrentLicense(licId, bsc, em);
189	147
190		- User user = null;
191		- try {
192		- user = getUser(bsc.getUserPrincipal().getName(), em);
193		- } catch (CurisException ex) {
194		- return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Current user not found in DB: " + bsc.getUserPrincipal()).build();
195		- }
	148	+ User user = getUser(bsc.getUserPrincipal().getName(), em);
196	149
197	150	lic.setStatus(License.Status.ACTIVE);
198	151	lic.setModificationTimestamp(new Date());
199	152	em.persist(lic);
200		- LicenseHistory lh = new LicenseHistory();
201		- lh.setLicense(lic);
202		- lh.setUser(user);
203		- lh.setTimestamp(new Date());
204		- lh.setAction(LicenseHistory.Actions.ACTIVATE);
205		- em.persist(lh);
	153	+ em.persist(createLicenseHistoryAction(lic, user, LicenseHistory.Actions.ACTIVATE));
	154	+ return Response.ok(lic).build();
	155	+ }
	156	+
	157	+ @PUT
	158	+ @POST
	159	+ @Path("/{licId}/send")
	160	+ @Securable
	161	+ @Transactional
	162	+ @Consumes(MediaType.APPLICATION_JSON)
	163	+ @Produces(
	164	+ { MediaType.APPLICATION_JSON })
	165	+ public Response send(@PathParam("licId") Integer licId, @Context BasicSecurityContext bsc) throws SeCurisServiceException {
	166	+
	167	+ EntityManager em = emProvider.get();
	168	+ License lic = getCurrentLicense(licId, bsc, em);
	169	+
	170	+ User user = getUser(bsc.getUserPrincipal().getName(), em);
	171	+ // TODO: Send mail with lic file
	172	+ lic.setModificationTimestamp(new Date());
	173	+ em.persist(lic);
	174	+ em.persist(createLicenseHistoryAction(lic, user, LicenseHistory.Actions.SEND, "Email sent to: " + lic.getEmail()));
	175	+ return Response.ok(lic).build();
	176	+ }
	177	+
	178	+ @PUT
	179	+ @POST
	180	+ @Path("/{licId}/cancel")
	181	+ @Securable
	182	+ @Transactional
	183	+ @Consumes(MediaType.APPLICATION_JSON)
	184	+ @Produces(
	185	+ { MediaType.APPLICATION_JSON })
	186	+ public Response cancel(@PathParam("licId") Integer licId, @Context BasicSecurityContext bsc) throws SeCurisServiceException {
	187	+
	188	+ EntityManager em = emProvider.get();
	189	+ License lic = getCurrentLicense(licId, bsc, em);
	190	+
	191	+ User user = getUser(bsc.getUserPrincipal().getName(), em);
	192	+
	193	+ lic.setStatus(License.Status.CANCELED);
	194	+ lic.setModificationTimestamp(new Date());
	195	+ em.persist(lic);
	196	+ em.persist(createLicenseHistoryAction(lic, user, LicenseHistory.Actions.CANCEL));
206	197	return Response.ok(lic).build();
207	198	}
208	199
..	..	@@ -213,7 +204,7 @@
213	204	@Produces(
214	205	{ MediaType.APPLICATION_JSON })
215	206	@Transactional
216		- public Response create(License lic, @Context BasicSecurityContext bsc) {
	207	+ public Response create(License lic, @Context BasicSecurityContext bsc) throws SeCurisServiceException {
217	208	log.info("Creating new license from create()");
218	209	EntityManager em = emProvider.get();
219	210	Pack pack = null;
..	..	@@ -232,14 +223,7 @@
232	223	}
233	224	}
234	225
235		- User createdBy = null;
236		- try {
237		- createdBy = getUser(bsc.getUserPrincipal().getName(), em);
238		- } catch (CurisException ex) {
239		- String createdByUsername = lic.getCreatedById();
240		- log.error("License created by user with id {} not found in DB", createdByUsername);
241		- return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "License's created by user not found with ID: " + createdByUsername).build();
242		- }
	226	+ User createdBy = getUser(bsc.getUserPrincipal().getName(), em);
243	227
244	228	// ODO: Manage status if request data is set
245	229	lic.setCreatedBy(createdBy);
..	..	@@ -247,12 +231,7 @@
247	231	lic.setCreationTimestamp(new Date());
248	232	lic.setModificationTimestamp(lic.getCreationTimestamp());
249	233	em.persist(lic);
250		- LicenseHistory lh = new LicenseHistory();
251		- lh.setLicense(lic);
252		- lh.setUser(createdBy);
253		- lh.setTimestamp(new Date());
254		- lh.setAction(LicenseHistory.Actions.CREATE);
255		- em.persist(lh);
	234	+ em.persist(createLicenseHistoryAction(lic, createdBy, LicenseHistory.Actions.CREATE));
256	235
257	236	return Response.ok(lic).build();
258	237	}
..	..	@@ -264,7 +243,7 @@
264	243	@Produces(
265	244	{ MediaType.APPLICATION_JSON })
266	245	@Transactional
267		- public Response createWithFile(MultipartFormDataInput mpfdi, @Context BasicSecurityContext bsc) throws IOException {
	246	+ public Response createWithFile(MultipartFormDataInput mpfdi, @Context BasicSecurityContext bsc) throws IOException, SeCurisServiceException {
268	247	License lic = new License();
269	248	lic.setCode(mpfdi.getFormDataPart("code", String.class, null));
270	249	lic.setRequestData(mpfdi.getFormDataPart("request_data", String.class, null));
..	..	@@ -272,25 +251,8 @@
272	251	lic.setFullName(mpfdi.getFormDataPart("full_name", String.class, null));
273	252	lic.setEmail(mpfdi.getFormDataPart("email", String.class, null));
274	253	lic.setComments(mpfdi.getFormDataPart("comments", String.class, null));
275		- try {
276		- log.info("File content: {}", lic.getRequestData());
277		- log.info("License read from multipart: {}", JsonUtils.toJSON(lic));
278		- } catch (CurisException e) {
279		- // TODO Auto-generated catch block
280		- e.printStackTrace();
281		- }
282		- return create(lic, bsc);
283		- }
284	254
285		- private User getUser(String username, EntityManager em) throws CurisException {
286		- User user = null;
287		- if (username != null) {
288		- user = em.find(User.class, username);
289		- if (user == null) {
290		- throw new CurisException("User not found");
291		- }
292		- }
293		- return user;
	255	+ return create(lic, bsc);
294	256	}
295	257
296	258	@PUT
..	..	@@ -301,57 +263,13 @@
301	263	@Consumes(MediaType.APPLICATION_JSON)
302	264	@Produces(
303	265	{ MediaType.APPLICATION_JSON })
304		- public Response modify(License lic, @PathParam("licId") Integer licId, @Context BasicSecurityContext bsc) {
	266	+ public Response modify(License lic, @PathParam("licId") Integer licId, @Context BasicSecurityContext bsc) throws SeCurisServiceException {
305	267	log.info("Modifying organization with id: {}", licId);
	268	+
306	269	EntityManager em = emProvider.get();
307	270
308		- // Pack pack = null;
309		- // if (lic.getPackId() != null) {
310		- // pack = em.find(Pack.class, lic.getPackId());
311		- // if (pack == null) {
312		- // log.error("License pack with id {} not found in DB", lic.getPackId());
313		- // return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "License's pack not found with ID: " + lic.getPackId()).build();
314		- // } else {
315		- // if (!bsc.isUserInRole(BasicSecurityContext.ROL_ADMIN)) {
316		- // if (!bsc.getOrganizationsIds().contains(pack.getOrganization().getId())) {
317		- // log.error("License for pack with id {} can not be modified by user {}", pack.getId(), bsc.getUserPrincipal());
318		- // return Response.status(Status.UNAUTHORIZED).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Unathorized action on pack license").build();
319		- // }
320		- // }
321		- // }
322		- // }
323		- User createdBy = null;
324		- try {
325		- createdBy = getUser(lic.getCreatedById(), em);
326		- } catch (CurisException ex) {
327		- String createdByUsername = lic.getCreatedById();
328		- log.error("License created by user with id {} not found in DB", createdByUsername);
329		- return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "License's created by user not found with ID: " + createdByUsername).build();
330		- }
	271	+ License currentLicense = getCurrentLicense(licId, bsc, em);
331	272
332		- User canceledBy = null;
333		- try {
334		- canceledBy = getUser(lic.getCanceledById(), em);
335		- } catch (CurisException ex) {
336		- String canceledByUsername = lic.getCreatedById();
337		- log.error("License canceled by user with id {} not found in DB", canceledByUsername);
338		- return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "License's canceled by user not found with ID: " + canceledByUsername).build();
339		- }
340		- License currentLicense = em.find(License.class, lic.getId());
341		- if (currentLicense == null) {
342		- log.error("License with id {} not found in DB", licId);
343		- return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "License not found for ID: " + licId).build();
344		- }
345		- if (!bsc.isUserInRole(BasicSecurityContext.ROL_ADMIN)) {
346		- if (!bsc.getOrganizationsIds().contains(lic.getPack().getOrganization().getId())) {
347		- log.error("License with id {} is not accesible by user {}", licId, bsc.getUserPrincipal());
348		- return Response.status(Status.UNAUTHORIZED).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Unathorized access to license data").build();
349		- }
350		- }
351		- // TODO: set status based in current one and dates ? use custom actions ?
352		- currentLicense.setCreatedBy(createdBy);
353		- currentLicense.setCanceledBy(canceledBy);
354		- // currentLicense.setPack(pack);
355	273	currentLicense.setCode(lic.getCode());
356	274	currentLicense.setFullName(lic.getFullName());
357	275	currentLicense.setEmail(lic.getEmail());
..	..	@@ -368,21 +286,10 @@
368	286	@Securable
369	287	@Produces(
370	288	{ MediaType.APPLICATION_JSON })
371		- public Response delete(@PathParam("licId") String licId, @Context BasicSecurityContext bsc) {
	289	+ public Response delete(@PathParam("licId") Integer licId, @Context BasicSecurityContext bsc) throws SeCurisServiceException {
372	290	log.info("Deleting license with id: {}", licId);
373	291	EntityManager em = emProvider.get();
374		- License lic = em.find(License.class, Integer.parseInt(licId));
375		- if (lic == null) {
376		- log.error("License with id {} can not be deleted, It was not found in DB", licId);
377		- return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "License was not found, ID: " + licId).build();
378		- }
379		-
380		- if (!bsc.isUserInRole(BasicSecurityContext.ROL_ADMIN)) {
381		- if (!bsc.getOrganizationsIds().contains(lic.getPack().getOrganization().getId())) {
382		- log.error("License with id {} is not accesible by user {}", licId, bsc.getUserPrincipal());
383		- return Response.status(Status.UNAUTHORIZED).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Unathorized access to license data").build();
384		- }
385		- }
	292	+ License lic = getCurrentLicense(licId, bsc, em);
386	293
387	294	if (lic.getStatus() != License.Status.CANCELED \|\| lic.getStatus() != License.Status.CREATED) {
388	295	log.error("License {} can not be deleted with status {}", lic.getCode(), lic.getStatus());
..	..	@@ -393,4 +300,48 @@
393	300	return Response.ok(Utils.createMap("success", true, "id", licId)).build();
394	301	}
395	302
	303	+ private License getCurrentLicense(Integer licId, BasicSecurityContext bsc, EntityManager em) throws SeCurisServiceException {
	304	+ if (licId == null \|\| licId.equals("")) {
	305	+ log.error("License ID is mandatory");
	306	+ throw new SeCurisServiceException(Status.NOT_FOUND.getStatusCode(), "Missing license ID");
	307	+ }
	308	+
	309	+ License lic = em.find(License.class, licId);
	310	+ if (lic == null) {
	311	+ log.error("License with id {} not found in DB", licId);
	312	+ throw new SeCurisServiceException(Status.NOT_FOUND.getStatusCode(), "License not found for ID: " + licId);
	313	+ }
	314	+ if (!bsc.isUserInRole(BasicSecurityContext.ROL_ADMIN)) {
	315	+ if (!bsc.getOrganizationsIds().contains(lic.getPack().getOrganization().getId())) {
	316	+ log.error("License with id {} is not accesible by user {}", licId, bsc.getUserPrincipal());
	317	+ throw new SeCurisServiceException(Status.UNAUTHORIZED.getStatusCode(), "Unathorized access to license data");
	318	+ }
	319	+ }
	320	+ return lic;
	321	+ }
	322	+
	323	+ private User getUser(String username, EntityManager em) throws SeCurisServiceException {
	324	+ User user = null;
	325	+ if (username != null) {
	326	+ user = em.find(User.class, username);
	327	+ if (user == null) {
	328	+ throw new SeCurisServiceException(Status.NOT_FOUND.getStatusCode(), "User not found with username: " + username);
	329	+ }
	330	+ }
	331	+ return user;
	332	+ }
	333	+
	334	+ private LicenseHistory createLicenseHistoryAction(License lic, User user, String action, String comments) {
	335	+ LicenseHistory lh = new LicenseHistory();
	336	+ lh.setLicense(lic);
	337	+ lh.setUser(user);
	338	+ lh.setTimestamp(new Date());
	339	+ lh.setAction(action);
	340	+ lh.setComments(comments);
	341	+ return lh;
	342	+ }
	343	+
	344	+ private LicenseHistory createLicenseHistoryAction(License lic, User user, String action) {
	345	+ return createLicenseHistoryAction(lic, user, action, null);
	346	+ }
396	347	}