common/securis.git

..	..	@@ -24,18 +24,19 @@
24	24	import javax.ws.rs.core.Response;
25	25	import javax.ws.rs.core.Response.Status;
26	26
	27	+import org.apache.logging.log4j.LogManager;
	28	+import org.apache.logging.log4j.Logger;
	29	+
27	30	import net.curisit.integrity.commons.Utils;
28	31	import net.curisit.securis.DefaultExceptionHandler;
29	32	import net.curisit.securis.SeCurisException;
30	33	import net.curisit.securis.db.Organization;
31	34	import net.curisit.securis.db.User;
	35	+import net.curisit.securis.db.User.Rol;
32	36	import net.curisit.securis.ioc.EnsureTransaction;
33	37	import net.curisit.securis.security.BasicSecurityContext;
34	38	import net.curisit.securis.security.Securable;
35	39	import net.curisit.securis.utils.TokenHelper;
36		-
37		-import org.apache.logging.log4j.LogManager;
38		-import org.apache.logging.log4j.Logger;
39	40
40	41	/**
41	42	* Organization resource, this service will provide methods to create, modify
..	..	@@ -47,225 +48,207 @@
47	48	@RequestScoped
48	49	public class OrganizationResource {
49	50
50		- private static final Logger LOG = LogManager.getLogger(OrganizationResource.class);
	51	+ private static final Logger LOG = LogManager.getLogger(OrganizationResource.class);
51	52
52		- @Context
53		- EntityManager em;
	53	+ @Context
	54	+ EntityManager em;
54	55
55		- @Context
56		- BasicSecurityContext bsc;
	56	+ @Context
	57	+ BasicSecurityContext bsc;
57	58
58		- public OrganizationResource() {
59		- }
	59	+ public OrganizationResource() {
	60	+ }
60	61
61		- /**
62		- *
63		- * @return the server version in format majorVersion.minorVersion
64		- */
65		- @GET
66		- @Path("/")
67		- @Produces({
68		- MediaType.APPLICATION_JSON
69		- })
70		- @Securable
71		- public Response index() {
72		- LOG.info("Getting organizations list ");
	62	+ /**
	63	+ *
	64	+ * @return the server version in format majorVersion.minorVersion
	65	+ */
	66	+ @GET
	67	+ @Path("/")
	68	+ @Produces({ MediaType.APPLICATION_JSON })
	69	+ @Securable
	70	+ public Response index() {
	71	+ LOG.info("Getting organizations list ");
73	72
74		- // EntityManager em = emProvider.get();
75		- em.clear();
76		- TypedQuery<Organization> q;
77		- if (bsc.isUserInRole(BasicSecurityContext.ROL_ADMIN)) {
78		- LOG.info("GEtting all orgs for user: " + bsc.getUserPrincipal());
79		- q = em.createNamedQuery("list-organizations", Organization.class);
80		- } else {
81		- q = em.createNamedQuery("list-organizations", Organization.class);
82		- }
	73	+ // EntityManager em = emProvider.get();
	74	+ em.clear();
	75	+ TypedQuery<Organization> q;
	76	+ if (bsc.isUserInRole(BasicSecurityContext.ROL_ADMIN)) {
	77	+ LOG.info("GEtting all orgs for user: " + bsc.getUserPrincipal());
	78	+ q = em.createNamedQuery("list-organizations", Organization.class);
	79	+ } else {
	80	+ q = em.createNamedQuery("list-organizations", Organization.class);
	81	+ }
83	82
84		- List<Organization> list = q.getResultList();
	83	+ List<Organization> list = q.getResultList();
85	84
86		- return Response.ok(list).build();
87		- }
	85	+ return Response.ok(list).build();
	86	+ }
88	87
89		- /**
90		- *
91		- * @return the server version in format majorVersion.minorVersion
92		- */
93		- @GET
94		- @Path("/{orgid}")
95		- @Produces({
96		- MediaType.APPLICATION_JSON
97		- })
98		- @Securable
99		- public Response get(@PathParam("orgid") String orgid, @HeaderParam(TokenHelper.TOKEN_HEADER_PÀRAM) String token) {
100		- LOG.info("Getting organization data for id: {}: ", orgid);
101		- if (orgid == null \|\| "".equals(orgid)) {
102		- LOG.error("Organization ID is mandatory");
103		- return Response.status(Status.NOT_FOUND).build();
104		- }
	88	+ /**
	89	+ *
	90	+ * @return the server version in format majorVersion.minorVersion
	91	+ */
	92	+ @GET
	93	+ @Path("/{orgid}")
	94	+ @Produces({ MediaType.APPLICATION_JSON })
	95	+ @Securable
	96	+ public Response get(@PathParam("orgid") String orgid, @HeaderParam(TokenHelper.TOKEN_HEADER_PÀRAM) String token) {
	97	+ LOG.info("Getting organization data for id: {}: ", orgid);
	98	+ if (orgid == null \|\| "".equals(orgid)) {
	99	+ LOG.error("Organization ID is mandatory");
	100	+ return Response.status(Status.NOT_FOUND).build();
	101	+ }
105	102
106		- // EntityManager em = emProvider.get();
107		- em.clear();
108		- Organization org = em.find(Organization.class, Integer.parseInt(orgid));
109		- if (org == null) {
110		- LOG.error("Organization with id {} not found in DB", orgid);
111		- return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Organization not found, id: " + orgid)
112		- .build();
113		- }
114		- return Response.ok(org).build();
115		- }
	103	+ // EntityManager em = emProvider.get();
	104	+ em.clear();
	105	+ Organization org = em.find(Organization.class, Integer.parseInt(orgid));
	106	+ if (org == null) {
	107	+ LOG.error("Organization with id {} not found in DB", orgid);
	108	+ return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Organization not found, id: " + orgid).build();
	109	+ }
	110	+ return Response.ok(org).build();
	111	+ }
116	112
117		- private boolean isCyclicalRelationship(int currentId, Organization parent) {
118		- while (parent != null) {
119		- if (parent.getId() == currentId) {
120		- return true;
121		- }
122		- parent = parent.getParentOrganization();
123		- }
124		- return false;
125		- }
	113	+ private boolean isCyclicalRelationship(int currentId, Organization parent) {
	114	+ while (parent != null) {
	115	+ if (parent.getId() == currentId) {
	116	+ return true;
	117	+ }
	118	+ parent = parent.getParentOrganization();
	119	+ }
	120	+ return false;
	121	+ }
126	122
127		- @POST
128		- @Path("/")
129		- @Consumes(MediaType.APPLICATION_JSON)
130		- @Produces({
131		- MediaType.APPLICATION_JSON
132		- })
133		- @EnsureTransaction
134		- @Securable
135		- @RolesAllowed(BasicSecurityContext.ROL_ADMIN)
136		- public Response create(Organization org) {
137		- LOG.info("Creating new organization");
138		- // EntityManager em = emProvider.get();
	123	+ @POST
	124	+ @Path("/")
	125	+ @Consumes(MediaType.APPLICATION_JSON)
	126	+ @Produces({ MediaType.APPLICATION_JSON })
	127	+ @EnsureTransaction
	128	+ @Securable(roles = Rol.ADMIN)
	129	+ @RolesAllowed(BasicSecurityContext.ROL_ADMIN)
	130	+ public Response create(Organization org) {
	131	+ LOG.info("Creating new organization");
	132	+ // EntityManager em = emProvider.get();
139	133
140		- try {
141		- this.setParentOrg(org, org.getParentOrgId(), em);
142		- } catch (SeCurisException e) {
143		- return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, e.getMessage()).build();
144		- }
	134	+ try {
	135	+ this.setParentOrg(org, org.getParentOrgId(), em);
	136	+ } catch (SeCurisException e) {
	137	+ return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, e.getMessage()).build();
	138	+ }
145	139
146		- Set<User> users = null;
147		- Set<String> usersIds = org.getUsersIds();
148		- if (usersIds != null && !usersIds.isEmpty()) {
149		- users = new HashSet<>();
150		- for (String username : usersIds) {
151		- User user = em.find(User.class, username);
152		- if (user == null) {
153		- LOG.error("Organization user with id {} not found in DB", username);
154		- return Response.status(Status.NOT_FOUND)
155		- .header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Organization's user not found with ID: " + username).build();
156		- }
157		- users.add(user);
158		- }
159		- }
	140	+ Set<User> users = null;
	141	+ Set<String> usersIds = org.getUsersIds();
	142	+ if (usersIds != null && !usersIds.isEmpty()) {
	143	+ users = new HashSet<>();
	144	+ for (String username : usersIds) {
	145	+ User user = em.find(User.class, username);
	146	+ if (user == null) {
	147	+ LOG.error("Organization user with id {} not found in DB", username);
	148	+ return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Organization's user not found with ID: " + username).build();
	149	+ }
	150	+ users.add(user);
	151	+ }
	152	+ }
160	153
161		- org.setUsers(users);
162		- org.setCreationTimestamp(new Date());
163		- em.persist(org);
164		- return Response.ok(org).build();
165		- }
	154	+ org.setUsers(users);
	155	+ org.setCreationTimestamp(new Date());
	156	+ em.persist(org);
	157	+ return Response.ok(org).build();
	158	+ }
166	159
167		- private void setParentOrg(Organization org, Integer parentOrgId, EntityManager em) throws SeCurisException {
168		- Organization parentOrg = null;
169		- if (parentOrgId != null) {
170		- parentOrg = em.find(Organization.class, parentOrgId);
171		- if (parentOrg == null) {
172		- LOG.error("Organization parent with id {} not found in DB", org.getParentOrgId());
173		- throw new SecurityException("Organization's parent not found with ID: " + org.getParentOrgId());
174		- }
175		- }
	160	+ private void setParentOrg(Organization org, Integer parentOrgId, EntityManager em) throws SeCurisException {
	161	+ Organization parentOrg = null;
	162	+ if (parentOrgId != null) {
	163	+ parentOrg = em.find(Organization.class, parentOrgId);
	164	+ if (parentOrg == null) {
	165	+ LOG.error("Organization parent with id {} not found in DB", org.getParentOrgId());
	166	+ throw new SecurityException("Organization's parent not found with ID: " + org.getParentOrgId());
	167	+ }
	168	+ }
176	169
177		- org.setParentOrganization(parentOrg);
178		- }
	170	+ org.setParentOrganization(parentOrg);
	171	+ }
179	172
180		- private void setOrgUsers(Organization org, Set<String> usersIds, EntityManager em) throws SeCurisException {
181		- Set<User> users = null;
182		- if (usersIds != null && !usersIds.isEmpty()) {
183		- users = new HashSet<>();
184		- for (String username : usersIds) {
185		- User user = em.find(User.class, username);
186		- if (user == null) {
187		- LOG.error("Organization user with id '{}' not found in DB", username);
188		- throw new SecurityException("Organization's user not found with ID: " + username);
189		- }
190		- users.add(user);
191		- }
192		- }
	173	+ private void setOrgUsers(Organization org, Set<String> usersIds, EntityManager em) throws SeCurisException {
	174	+ Set<User> users = null;
	175	+ if (usersIds != null && !usersIds.isEmpty()) {
	176	+ users = new HashSet<>();
	177	+ for (String username : usersIds) {
	178	+ User user = em.find(User.class, username);
	179	+ if (user == null) {
	180	+ LOG.error("Organization user with id '{}' not found in DB", username);
	181	+ throw new SecurityException("Organization's user not found with ID: " + username);
	182	+ }
	183	+ users.add(user);
	184	+ }
	185	+ }
193	186
194		- org.setUsers(users);
195		- }
	187	+ org.setUsers(users);
	188	+ }
196	189
197		- @PUT
198		- @POST
199		- @Path("/{orgid}")
200		- @Consumes(MediaType.APPLICATION_JSON)
201		- @Produces({
202		- MediaType.APPLICATION_JSON
203		- })
204		- @EnsureTransaction
205		- @Securable
206		- @RolesAllowed(BasicSecurityContext.ROL_ADMIN)
207		- public Response modify(Organization org, @PathParam("orgid") String orgid, @HeaderParam(TokenHelper.TOKEN_HEADER_PÀRAM) String token) {
208		- LOG.info("Modifying organization with id: {}", orgid);
209		- // EntityManager em = emProvider.get();
210		- Organization currentOrg = em.find(Organization.class, Integer.parseInt(orgid));
211		- if (currentOrg == null) {
212		- LOG.error("Organization with id {} not found in DB", orgid);
213		- return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Organization not found with ID: " + orgid)
214		- .build();
215		- }
216		- try {
217		- this.setParentOrg(currentOrg, org.getParentOrgId(), em);
218		- } catch (SeCurisException e) {
219		- return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, e.getMessage()).build();
220		- }
221		- if (org.getParentOrganization() != null && (isCyclicalRelationship(currentOrg.getId(), org.getParentOrganization()))) {
222		- LOG.error("Organization parent generate a cyclical relationship, parent id {}, current id: {}", org.getParentOrgId(), currentOrg.getId());
223		- return Response
224		- .status(Status.FORBIDDEN)
225		- .header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER,
226		- "Cyclical relationships are not allowed, please change the parent organization, current Parent: "
227		- + org.getParentOrganization().getName()).build();
228		- }
	190	+ @PUT
	191	+ @POST
	192	+ @Path("/{orgid}")
	193	+ @Consumes(MediaType.APPLICATION_JSON)
	194	+ @Produces({ MediaType.APPLICATION_JSON })
	195	+ @EnsureTransaction
	196	+ @Securable(roles = Rol.ADMIN)
	197	+ @RolesAllowed(BasicSecurityContext.ROL_ADMIN)
	198	+ public Response modify(Organization org, @PathParam("orgid") String orgid, @HeaderParam(TokenHelper.TOKEN_HEADER_PÀRAM) String token) {
	199	+ LOG.info("Modifying organization with id: {}", orgid);
	200	+ // EntityManager em = emProvider.get();
	201	+ Organization currentOrg = em.find(Organization.class, Integer.parseInt(orgid));
	202	+ if (currentOrg == null) {
	203	+ LOG.error("Organization with id {} not found in DB", orgid);
	204	+ return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Organization not found with ID: " + orgid).build();
	205	+ }
	206	+ try {
	207	+ this.setParentOrg(currentOrg, org.getParentOrgId(), em);
	208	+ } catch (SeCurisException e) {
	209	+ return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, e.getMessage()).build();
	210	+ }
	211	+ if (org.getParentOrganization() != null && (isCyclicalRelationship(currentOrg.getId(), org.getParentOrganization()))) {
	212	+ LOG.error("Organization parent generate a cyclical relationship, parent id {}, current id: {}", org.getParentOrgId(), currentOrg.getId());
	213	+ return Response.status(Status.FORBIDDEN).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER,
	214	+ "Cyclical relationships are not allowed, please change the parent organization, current Parent: " + org.getParentOrganization().getName()).build();
	215	+ }
229	216
230		- try {
231		- setOrgUsers(currentOrg, org.getUsersIds(), em);
232		- } catch (SeCurisException e) {
233		- return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, e.getMessage()).build();
234		- }
	217	+ try {
	218	+ setOrgUsers(currentOrg, org.getUsersIds(), em);
	219	+ } catch (SeCurisException e) {
	220	+ return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, e.getMessage()).build();
	221	+ }
235	222
236		- currentOrg.setCode(org.getCode());
237		- currentOrg.setName(org.getName());
238		- currentOrg.setDescription(org.getDescription());
239		- em.persist(currentOrg);
	223	+ currentOrg.setCode(org.getCode());
	224	+ currentOrg.setName(org.getName());
	225	+ currentOrg.setDescription(org.getDescription());
	226	+ em.persist(currentOrg);
240	227
241		- return Response.ok(currentOrg).build();
242		- }
	228	+ return Response.ok(currentOrg).build();
	229	+ }
243	230
244		- @DELETE
245		- @Path("/{orgid}")
246		- @EnsureTransaction
247		- @Produces({
248		- MediaType.APPLICATION_JSON
249		- })
250		- @Securable
251		- @RolesAllowed(BasicSecurityContext.ROL_ADMIN)
252		- public Response delete(@PathParam("orgid") String orgid, @Context HttpServletRequest request) {
253		- LOG.info("Deleting organization with id: {}", orgid);
254		- // EntityManager em = emProvider.get();
255		- Organization org = em.find(Organization.class, Integer.parseInt(orgid));
256		- if (org == null) {
257		- LOG.error("Organization with id {} can not be deleted, It was not found in DB", orgid);
258		- return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Organization was not found, ID: " + orgid)
259		- .build();
260		- }
261		- if (org.getChildOrganizations() != null && !org.getChildOrganizations().isEmpty()) {
262		- LOG.error("Organization has children and can not be deleted, ID: " + orgid);
263		- return Response.status(Status.FORBIDDEN)
264		- .header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Organization has children and can not be deleted, ID: " + orgid).build();
265		- }
	231	+ @DELETE
	232	+ @Path("/{orgid}")
	233	+ @EnsureTransaction
	234	+ @Produces({ MediaType.APPLICATION_JSON })
	235	+ @Securable(roles = Rol.ADMIN)
	236	+ @RolesAllowed(BasicSecurityContext.ROL_ADMIN)
	237	+ public Response delete(@PathParam("orgid") String orgid, @Context HttpServletRequest request) {
	238	+ LOG.info("Deleting organization with id: {}", orgid);
	239	+ // EntityManager em = emProvider.get();
	240	+ Organization org = em.find(Organization.class, Integer.parseInt(orgid));
	241	+ if (org == null) {
	242	+ LOG.error("Organization with id {} can not be deleted, It was not found in DB", orgid);
	243	+ return Response.status(Status.NOT_FOUND).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Organization was not found, ID: " + orgid).build();
	244	+ }
	245	+ if (org.getChildOrganizations() != null && !org.getChildOrganizations().isEmpty()) {
	246	+ LOG.error("Organization has children and can not be deleted, ID: " + orgid);
	247	+ return Response.status(Status.FORBIDDEN).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Organization has children and can not be deleted, ID: " + orgid).build();
	248	+ }
266	249
267		- em.remove(org);
268		- return Response.ok(Utils.createMap("success", true, "id", orgid)).build();
269		- }
	250	+ em.remove(org);
	251	+ return Response.ok(Utils.createMap("success", true, "id", orgid)).build();
	252	+ }
270	253
271	254	}