common/securis.git

..	..	@@ -7,16 +7,15 @@
7	7	import javax.inject.Provider;
8	8	import javax.persistence.EntityManager;
9	9	import javax.persistence.TypedQuery;
10		-import javax.servlet.http.HttpServletRequest;
11	10	import javax.ws.rs.Consumes;
12	11	import javax.ws.rs.DELETE;
13	12	import javax.ws.rs.GET;
14		-import javax.ws.rs.HeaderParam;
15	13	import javax.ws.rs.POST;
16	14	import javax.ws.rs.PUT;
17	15	import javax.ws.rs.Path;
18	16	import javax.ws.rs.PathParam;
19	17	import javax.ws.rs.Produces;
	18	+import javax.ws.rs.QueryParam;
20	19	import javax.ws.rs.core.Context;
21	20	import javax.ws.rs.core.MediaType;
22	21	import javax.ws.rs.core.Response;
..	..	@@ -28,6 +27,8 @@
28	27	import net.curisit.securis.db.License;
29	28	import net.curisit.securis.db.Pack;
30	29	import net.curisit.securis.db.User;
	30	+import net.curisit.securis.security.BasicSecurityContext;
	31	+import net.curisit.securis.security.Securable;
31	32	import net.curisit.securis.utils.TokenHelper;
32	33
33	34	import org.slf4j.Logger;
..	..	@@ -40,7 +41,7 @@
40	41	*
41	42	* @author roberto <roberto.sanchez@curisit.net>
42	43	*/
43		-@Path("/organization")
	44	+@Path("/license")
44	45	public class LicenseResource {
45	46
46	47	private static final Logger log = LoggerFactory.getLogger(LicenseResource.class);
..	..	@@ -60,14 +61,25 @@
60	61	*/
61	62	@GET
62	63	@Path("/")
	64	+ @Securable
63	65	@Produces(
64	66	{ MediaType.APPLICATION_JSON })
65		- public Response index() {
	67	+ public Response index(@QueryParam("packId") Integer packId, @Context BasicSecurityContext bsc) {
66	68	log.info("Getting licenses list ");
67	69
68	70	EntityManager em = emProvider.get();
69		- TypedQuery<License> q = em.createNamedQuery("list-licenses-by-pack", License.class);
70	71
	72	+ if (!bsc.isUserInRole(BasicSecurityContext.ROL_ADMIN)) {
	73	+ Pack pack = em.find(Pack.class, packId);
	74	+ if (pack == null)
	75	+ return Response.ok().build();
	76	+ if (!bsc.getOrganizationsIds().contains(pack.getOrganization().getId())) {
	77	+ log.error("Pack with id {} not accesible by user {}", pack, bsc.getUserPrincipal());
	78	+ return Response.status(Status.UNAUTHORIZED).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Unathorized access to pack licenses").build();
	79	+ }
	80	+ }
	81	+ TypedQuery<License> q = em.createNamedQuery("list-licenses-by-pack", License.class);
	82	+ q.setParameter("packId", packId);
71	83	List<License> list = q.getResultList();
72	84
73	85	return Response.ok(list).build();
..	..	@@ -79,9 +91,10 @@
79	91	*/
80	92	@GET
81	93	@Path("/{licId}")
	94	+ @Securable
82	95	@Produces(
83	96	{ MediaType.APPLICATION_JSON })
84		- public Response get(@PathParam("licId") String licId, @HeaderParam(TokenHelper.TOKEN_HEADER_PÀRAM) String token) {
	97	+ public Response get(@PathParam("licId") Integer licId, @Context BasicSecurityContext bsc) {
85	98	log.info("Getting organization data for id: {}: ", licId);
86	99	if (licId == null \|\| licId.equals("")) {
87	100	log.error("License ID is mandatory");
..	..	@@ -89,21 +102,28 @@
89	102	}
90	103
91	104	EntityManager em = emProvider.get();
92		- License lt = em.find(License.class, Integer.parseInt(licId));
93		- if (lt == null) {
	105	+ License lic = em.find(License.class, licId);
	106	+ if (lic == null) {
94	107	log.error("License with id {} not found in DB", licId);
95		- return Response.status(Status.NOT_FOUND).build();
	108	+ return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "License not found for ID: " + licId).build();
96	109	}
97		- return Response.ok(lt).build();
	110	+ if (!bsc.isUserInRole(BasicSecurityContext.ROL_ADMIN)) {
	111	+ if (!bsc.getOrganizationsIds().contains(lic.getPack().getOrganization().getId())) {
	112	+ log.error("License with id {} is not accesible by user {}", licId, bsc.getUserPrincipal());
	113	+ return Response.status(Status.UNAUTHORIZED).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Unathorized access to license data").build();
	114	+ }
	115	+ }
	116	+ return Response.ok(lic).build();
98	117	}
99	118
100	119	@POST
101	120	@Path("/")
102	121	@Consumes(MediaType.APPLICATION_JSON)
	122	+ @Securable
103	123	@Produces(
104	124	{ MediaType.APPLICATION_JSON })
105	125	@Transactional
106		- public Response create(License lic, @HeaderParam(TokenHelper.TOKEN_HEADER_PÀRAM) String token) {
	126	+ public Response create(License lic, @Context BasicSecurityContext bsc) {
107	127	log.info("Creating new organization");
108	128	EntityManager em = emProvider.get();
109	129	Pack pack = null;
..	..	@@ -112,6 +132,13 @@
112	132	if (pack == null) {
113	133	log.error("License pack with id {} not found in DB", lic.getPackId());
114	134	return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "License's pack not found with ID: " + lic.getPackId()).build();
	135	+ } else {
	136	+ if (!bsc.isUserInRole(BasicSecurityContext.ROL_ADMIN)) {
	137	+ if (!bsc.getOrganizationsIds().contains(pack.getOrganization().getId())) {
	138	+ log.error("License for pack with id {} can not be created by user {}", pack.getId(), bsc.getUserPrincipal());
	139	+ return Response.status(Status.UNAUTHORIZED).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Unathorized action on pack license").build();
	140	+ }
	141	+ }
115	142	}
116	143	}
117	144
..	..	@@ -124,16 +151,11 @@
124	151	return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "License's created by user not found with ID: " + createdByUsername).build();
125	152	}
126	153
127		- try {
128		- User canceledBy = getUser(lic.getCanceledById(), em);
129		- lic.setCanceledBy(canceledBy);
130		- } catch (CurisException ex) {
131		- String canceledByUsername = lic.getCreatedById();
132		- log.error("License canceled by user with id {} not found in DB", canceledByUsername);
133		- return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "License's canceled by user not found with ID: " + canceledByUsername).build();
134		- }
135		-
	154	+ // ODO: Manage status if request data is set
	155	+ lic.setCanceledBy(null);
	156	+ lic.setStatus(License.Status.CREATED);
136	157	lic.setCreationTimestamp(new Date());
	158	+ lic.setModificationTimestamp(lic.getCreationTimestamp());
137	159	em.persist(lic);
138	160
139	161	return Response.ok(lic).build();
..	..	@@ -153,22 +175,30 @@
153	175	@PUT
154	176	@POST
155	177	@Path("/{licId}")
	178	+ @Securable
156	179	@Transactional
157	180	@Consumes(MediaType.APPLICATION_JSON)
158	181	@Produces(
159	182	{ MediaType.APPLICATION_JSON })
160		- public Response modify(License lic, @PathParam("licId") String licId, @HeaderParam(TokenHelper.TOKEN_HEADER_PÀRAM) String token) {
	183	+ public Response modify(License lic, @PathParam("licId") Integer licId, @Context BasicSecurityContext bsc) {
161	184	log.info("Modifying organization with id: {}", licId);
162	185	EntityManager em = emProvider.get();
163	186
164		- Pack pack = null;
165		- if (lic.getPackId() != null) {
166		- pack = em.find(Pack.class, lic.getPackId());
167		- if (pack == null) {
168		- log.error("License pack with id {} not found in DB", lic.getPackId());
169		- return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "License's pack not found with ID: " + lic.getPackId()).build();
170		- }
171		- }
	187	+ // Pack pack = null;
	188	+ // if (lic.getPackId() != null) {
	189	+ // pack = em.find(Pack.class, lic.getPackId());
	190	+ // if (pack == null) {
	191	+ // log.error("License pack with id {} not found in DB", lic.getPackId());
	192	+ // return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "License's pack not found with ID: " + lic.getPackId()).build();
	193	+ // } else {
	194	+ // if (!bsc.isUserInRole(BasicSecurityContext.ROL_ADMIN)) {
	195	+ // if (!bsc.getOrganizationsIds().contains(pack.getOrganization().getId())) {
	196	+ // log.error("License for pack with id {} can not be modified by user {}", pack.getId(), bsc.getUserPrincipal());
	197	+ // return Response.status(Status.UNAUTHORIZED).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Unathorized action on pack license").build();
	198	+ // }
	199	+ // }
	200	+ // }
	201	+ // }
172	202	User createdBy = null;
173	203	try {
174	204	createdBy = getUser(lic.getCreatedById(), em);
..	..	@@ -186,30 +216,59 @@
186	216	log.error("License canceled by user with id {} not found in DB", canceledByUsername);
187	217	return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "License's canceled by user not found with ID: " + canceledByUsername).build();
188	218	}
	219	+ License currentLicense = em.find(License.class, lic.getId());
	220	+ if (currentLicense == null) {
	221	+ log.error("License with id {} not found in DB", licId);
	222	+ return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "License not found for ID: " + licId).build();
	223	+ }
	224	+ if (!bsc.isUserInRole(BasicSecurityContext.ROL_ADMIN)) {
	225	+ if (!bsc.getOrganizationsIds().contains(lic.getPack().getOrganization().getId())) {
	226	+ log.error("License with id {} is not accesible by user {}", licId, bsc.getUserPrincipal());
	227	+ return Response.status(Status.UNAUTHORIZED).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Unathorized access to license data").build();
	228	+ }
	229	+ }
	230	+ // TODO: set status based in current one and dates ? use custom actions ?
	231	+ currentLicense.setCreatedBy(createdBy);
	232	+ currentLicense.setCanceledBy(canceledBy);
	233	+ // currentLicense.setPack(pack);
	234	+ currentLicense.setCode(lic.getCode());
	235	+ currentLicense.setFullName(lic.getFullName());
	236	+ currentLicense.setEmail(lic.getEmail());
	237	+ currentLicense.setRequestData(lic.getRequestData());
	238	+ currentLicense.setModificationTimestamp(new Date());
	239	+ em.persist(currentLicense);
189	240
190		- lic.setCreatedBy(createdBy);
191		- lic.setCanceledBy(canceledBy);
192		- lic.setPack(pack);
193		- em.persist(lic);
194		-
195		- return Response.ok(lic).build();
	241	+ return Response.ok(currentLicense).build();
196	242	}
197	243
198	244	@DELETE
199	245	@Path("/{licId}")
200	246	@Transactional
	247	+ @Securable
201	248	@Produces(
202	249	{ MediaType.APPLICATION_JSON })
203		- public Response delete(@PathParam("licId") String licId, @Context HttpServletRequest request) {
	250	+ public Response delete(@PathParam("licId") String licId, @Context BasicSecurityContext bsc) {
204	251	log.info("Deleting license with id: {}", licId);
205	252	EntityManager em = emProvider.get();
206		- License org = em.find(License.class, Integer.parseInt(licId));
207		- if (org == null) {
	253	+ License lic = em.find(License.class, Integer.parseInt(licId));
	254	+ if (lic == null) {
208	255	log.error("License with id {} can not be deleted, It was not found in DB", licId);
209	256	return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "License was not found, ID: " + licId).build();
210	257	}
211	258
212		- em.remove(org);
	259	+ if (!bsc.isUserInRole(BasicSecurityContext.ROL_ADMIN)) {
	260	+ if (!bsc.getOrganizationsIds().contains(lic.getPack().getOrganization().getId())) {
	261	+ log.error("License with id {} is not accesible by user {}", licId, bsc.getUserPrincipal());
	262	+ return Response.status(Status.UNAUTHORIZED).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Unathorized access to license data").build();
	263	+ }
	264	+ }
	265	+
	266	+ if (lic.getStatus() != License.Status.CANCELED \|\| lic.getStatus() != License.Status.CREATED) {
	267	+ log.error("License {} can not be deleted with status {}", lic.getCode(), lic.getStatus());
	268	+ return Response.status(Status.FORBIDDEN).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "License can not be deleted in current status").build();
	269	+ }
	270	+
	271	+ em.remove(lic);
213	272	return Response.ok(Utils.createMap("success", true, "id", licId)).build();
214	273	}
215	274