Commit 4fc84353 authored by Matija Obreza's avatar Matija Obreza
Browse files

Metadata is ACL aware

Dataset REST controller
parent 0e5c09ce
......@@ -16,8 +16,6 @@
package org.genesys2.server.model.genesys;
// Generated Apr 24, 2013 10:08:59 AM by Hibernate Tools 4.0.0
import static javax.persistence.GenerationType.IDENTITY;
import java.text.MessageFormat;
......@@ -29,18 +27,16 @@ import javax.persistence.Id;
import javax.persistence.Lob;
import javax.persistence.Table;
import org.genesys2.server.model.AclAwareModel;
import org.hibernate.search.annotations.DocumentId;
import org.hibernate.search.annotations.Field;
import org.hibernate.search.annotations.Indexed;
import org.hibernate.search.annotations.Store;
/**
* Metadata generated by hbm2java
*/
@Entity
@Table(name = "metadata")
@Indexed
public class Metadata implements java.io.Serializable {
public class Metadata implements java.io.Serializable, AclAwareModel {
/**
*
......
......@@ -20,7 +20,11 @@ import java.util.List;
import org.genesys2.server.model.genesys.Metadata;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Query;
public interface MetadataRepository extends JpaRepository<Metadata, Long> {
List<Metadata> findByInstitute(String institute);
@Query("select distinct m from Metadata m where m.id in ( ?1 )")
List<Metadata> findByIds(List<Long> oids);
}
/**
* Copyright 2013 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
package org.genesys2.server.service;
import java.util.List;
import org.genesys2.server.model.genesys.Metadata;
import org.springframework.security.access.prepost.PreAuthorize;
public interface DatasetService {
@PreAuthorize("isAuthenticated()")
List<Metadata> listMyMetadata();
@PreAuthorize("isAuthenticated()")
Metadata addDataset(String wiewsCode, String title, String description);
Metadata getDataset(long metadataId);
}
......@@ -58,19 +58,25 @@ import org.genesys2.server.persistence.domain.OrganizationRepository;
import org.genesys2.server.persistence.domain.ParameterRepository;
import org.genesys2.server.persistence.domain.SvalbardRepository;
import org.genesys2.server.persistence.domain.TraitValueRepository;
import org.genesys2.server.security.AuthUserDetails;
import org.genesys2.server.service.AclAssignerService;
import org.genesys2.server.service.DatasetService;
import org.genesys2.server.service.GenesysService;
import org.genesys2.server.service.HtmlSanitizer;
import org.genesys2.server.service.TraitService;
import org.genesys2.spring.SecurityContextUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.PageRequest;
import org.springframework.data.domain.Pageable;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.acls.domain.BasePermission;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
@Service
@Transactional(readOnly = true)
public class GenesysServiceImpl implements GenesysService, TraitService {
public class GenesysServiceImpl implements GenesysService, TraitService, DatasetService {
public static final Log LOG = LogFactory.getLog(GenesysServiceImpl.class);
......@@ -117,6 +123,12 @@ public class GenesysServiceImpl implements GenesysService, TraitService {
@Autowired
private SvalbardRepository svalbardRepository;
@Autowired
private AclAssignerService aclService;
@Autowired
private HtmlSanitizer htmlSanitizer;
@Override
public long countByInstitute(FaoInstitute institute) {
return accessionRepository.countByInstitute(institute);
......@@ -366,4 +378,35 @@ public class GenesysServiceImpl implements GenesysService, TraitService {
return 0;
return accessionRepository.countAvailable(accessionIds);
}
/**
* Returns datasets to which current user has 'WRITE'
*/
@Override
@PreAuthorize("isAuthenticated()")
public List<Metadata> listMyMetadata() {
AuthUserDetails user = SecurityContextUtil.getAuthUser();
List<Long> oids = aclService.listIdentitiesForSid(Metadata.class, user, BasePermission.WRITE);
LOG.info("Got " + oids.size() + " elements for " + user.getUsername());
if (oids.size() == 0)
return null;
return metadataRepository.findByIds(oids);
}
@Override
@PreAuthorize("isAuthenticated()")
@Transactional(readOnly = false)
public Metadata addDataset(String wiewsCode, String title, String description) {
Metadata metadata = new Metadata();
metadata.setInstitute(wiewsCode);
metadata.setTitle(title);
metadata.setDescription(htmlSanitizer.sanitize(description));
return metadataRepository.save(metadata);
}
@Override
public Metadata getDataset(long id) {
return metadataRepository.findOne(id);
}
}
/**
* Copyright 2013 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
package org.genesys2.server.servlet.controller.rest;
import java.util.List;
import javax.xml.bind.ValidationException;
import net.sf.oval.ConstraintViolation;
import net.sf.oval.Validator;
import net.sf.oval.constraint.MaxLength;
import net.sf.oval.constraint.MinLength;
import net.sf.oval.constraint.NotBlank;
import net.sf.oval.constraint.NotNull;
import org.genesys2.server.exception.AuthorizationException;
import org.genesys2.server.model.genesys.Metadata;
import org.genesys2.server.service.CropService;
import org.genesys2.server.service.DatasetService;
import org.genesys2.server.service.TraitService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller("restDatasetController")
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = { "/api/v0/datasets", "/json/v0/datasets" })
public class DatasetController extends RestController {
@Autowired
DatasetService datasetService;
@Autowired
TraitService traitService;
@Autowired
CropService cropService;
/**
* List all crops
*
* @return
* @throws AuthorizationException
*/
@RequestMapping(value = "", method = RequestMethod.GET, produces = { MediaType.APPLICATION_JSON_VALUE })
public @ResponseBody
Object listDatasets() throws AuthorizationException {
LOG.info("Listing datasets");
List<Metadata> datasets = datasetService.listMyMetadata();
return OAuth2Cleanup.clean(datasets);
}
/**
* Add a crop
*
* @return
* @throws ValidationException
*/
@RequestMapping(value = "", method = { RequestMethod.PUT, RequestMethod.POST }, produces = { MediaType.APPLICATION_JSON_VALUE })
public @ResponseBody
Object createDataset(@RequestBody MetadataJson metadataJson) throws ValidationException {
LOG.info("Creating metadata");
Validator validator = new Validator();
List<ConstraintViolation> violations = validator.validate(metadataJson);
if (violations.size() > 0) {
// TODO We could do better messages on validation error
throw new ModelValidationException("Validation problem", violations);
}
Metadata metadata = datasetService.addDataset(metadataJson.institute, metadataJson.title, metadataJson.description);
return metadata;
}
/**
* Get crop details /crops/{shortName}
*
* @return
* @throws AuthorizationException
*/
@RequestMapping(value = "/{metadataId:.+}", method = RequestMethod.GET, produces = { MediaType.APPLICATION_JSON_VALUE })
public @ResponseBody
Object getCrop(@PathVariable("metadataId") Long metadataId) throws AuthorizationException {
LOG.info("Getting metadata " + metadataId);
return OAuth2Cleanup.clean(datasetService.getDataset(metadataId));
}
public static class MetadataJson {
@NotBlank
@NotNull
public String institute;
@NotBlank
@NotNull
@MinLength(10)
@MaxLength(200)
public String title;
public String SDate;
public String EDate;
public String location;
public Double longitude;
public Double latitude;
public Double altitude;
public String citation;
public String description;
}
}
\ No newline at end of file
......@@ -18,6 +18,7 @@ package org.genesys2.server.servlet.controller.rest;
import java.util.Collection;
import org.genesys2.server.model.genesys.Metadata;
import org.genesys2.server.model.genesys.Method;
import org.genesys2.server.model.genesys.Parameter;
import org.genesys2.server.model.impl.Crop;
......@@ -61,6 +62,9 @@ public class OAuth2Cleanup {
team.setMembers(null);
team.setInstitutes(null);
}
if (t instanceof Metadata) {
// Metadata metadata = (Metadata) t;
}
return t;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment