common/securis.git

..	..	@@ -1,6 +1,7 @@
1	1	package net.curisit.securis.services;
2	2
3	3	import java.security.Principal;
	4	+import java.util.ArrayList;
4	5	import java.util.Date;
5	6	import java.util.HashSet;
6	7	import java.util.List;
..	..	@@ -21,8 +22,10 @@
21	22	import javax.ws.rs.Produces;
22	23	import javax.ws.rs.core.Context;
23	24	import javax.ws.rs.core.MediaType;
	25	+import javax.ws.rs.core.MultivaluedMap;
24	26	import javax.ws.rs.core.Response;
25	27	import javax.ws.rs.core.Response.Status;
	28	+import javax.ws.rs.core.UriInfo;
26	29
27	30	import org.apache.logging.log4j.LogManager;
28	31	import org.apache.logging.log4j.Logger;
..	..	@@ -80,33 +83,63 @@
80	83	@Path("/")
81	84	@Securable
82	85	@Produces({ MediaType.APPLICATION_JSON })
83		- public Response index(@Context BasicSecurityContext bsc) {
	86	+ public Response index(@Context UriInfo uriInfo, @Context BasicSecurityContext bsc) {
84	87	LOG.info("Getting packs list ");
	88	+ MultivaluedMap<String, String> queryParams = uriInfo.getQueryParameters();
85	89
86	90	// EntityManager em = emProvider.get();
87	91	em.clear();
88	92
	93	+ TypedQuery<Pack> q = createQuery(queryParams, bsc);
	94	+ if (q == null) {
	95	+ return Response.ok().build();
	96	+ }
	97	+
	98	+ List<Pack> list = q.getResultList();
	99	+
	100	+ return Response.ok(list).build();
	101	+ }
	102	+
	103	+ private String generateWhereFromParams(boolean addWhere, MultivaluedMap<String, String> queryParams) {
	104	+ List<String> conditions = new ArrayList<>();
	105	+ if (queryParams.containsKey("organizationId")) {
	106	+ conditions.add(String.format("pa.organization.id = %s", queryParams.getFirst("organizationId")));
	107	+ }
	108	+ if (queryParams.containsKey("applicationId")) {
	109	+ conditions.add(String.format("pa.licenseType.application.id = %s", queryParams.getFirst("applicationId")));
	110	+ }
	111	+ if (queryParams.containsKey("licenseTypeId")) {
	112	+ conditions.add(String.format("pa.licenseType.id = %s", queryParams.getFirst("licenseTypeId")));
	113	+ }
	114	+ String connector = addWhere ? " where " : " and ";
	115	+ return (conditions.isEmpty() ? "" : connector) + String.join(" and ", conditions);
	116	+ }
	117	+
	118	+ private TypedQuery<Pack> createQuery(MultivaluedMap<String, String> queryParams, BasicSecurityContext bsc) {
89	119	TypedQuery<Pack> q;
	120	+ String hql = "SELECT pa FROM Pack pa";
90	121	if (bsc.isUserInRole(BasicSecurityContext.ROL_ADMIN)) {
91		- LOG.info("Getting all packs for user: " + bsc.getUserPrincipal());
92		- q = em.createNamedQuery("list-packs", Pack.class);
	122	+ hql += generateWhereFromParams(true, queryParams);
	123	+ q = em.createQuery(hql, Pack.class);
93	124	} else {
94	125	if (bsc.getApplicationsIds() == null \|\| bsc.getApplicationsIds().isEmpty()) {
95		- return Response.ok().build();
	126	+ return null;
96	127	}
97	128	if (bsc.getOrganizationsIds() == null \|\| bsc.getOrganizationsIds().isEmpty()) {
98		- q = em.createNamedQuery("list-packs-by-apps", Pack.class);
	129	+ hql += " where pa.licenseType.application.id in :list_ids_app ";
99	130	} else {
100		- q = em.createNamedQuery("list-packs-by-orgs-apps", Pack.class);
	131	+ hql += " where pa.organization.id in :list_ids_org and pa.licenseType.application.id in :list_ids_app ";
	132	+ }
	133	+ hql += generateWhereFromParams(false, queryParams);
	134	+ q = em.createQuery(hql, Pack.class);
	135	+ if (hql.contains("list_ids_org")) {
101	136	q.setParameter("list_ids_org", bsc.getOrganizationsIds());
102	137	}
103	138	q.setParameter("list_ids_app", bsc.getApplicationsIds());
104	139	LOG.info("Getting packs from orgs: {} and apps: {}", bsc.getOrganizationsIds(), bsc.getApplicationsIds());
105	140	}
106	141
107		- List<Pack> list = q.getResultList();
108		-
109		- return Response.ok(list).build();
	142	+ return q;
110	143	}
111	144
112	145	private Response generateErrorUnathorizedAccess(Pack pack, Principal user) {