Commit 503eda63 authored by Viacheslav Pavlov's avatar Viacheslav Pavlov Committed by Matija Obreza

Subsets API and ACL

parent 80d02015
......@@ -135,6 +135,33 @@ public class SubsetController {
return new FilteredPage<>(filterCode, filter, subsetService.list(filter, new PageRequest(page, Integer.min(pageSize, 100), direction, sort)));
}
/**
* My subsets.
*
* @param page the page
* @param pageSize the page size
* @param direction the direction
* @param sort the sort
* @param filter the descriptor filter
* @return the page
* @throws IOException
*/
@PostMapping(value = "/list-mine")
public FilteredPage<Subset> mySubsets(@RequestParam(name = "p", required = false, defaultValue = "0") final int page,
@RequestParam(name = "l", required = false, defaultValue = "50") final int pageSize,
@RequestParam(name = "d", required = false, defaultValue = "DESC") final Sort.Direction direction,
@RequestParam(name = "s", required = false, defaultValue = "lastModifiedDate") final String[] sort,
@RequestParam(name = "f", required = false) String filterCode,
@RequestBody(required = false) SubsetFilter filter) throws IOException {
if (filterCode != null) {
filter = shortFilterService.filterByCode(filterCode, SubsetFilter.class);
} else {
filterCode = shortFilterService.getCode(filter);
}
return new FilteredPage<>(filterCode, filter, subsetService.listSubsetsForCurrentUser(filter, new PageRequest(page, Integer.min(pageSize, 100), direction, sort)));
}
/**
* Remove accessions form subset.
*
......
......@@ -40,6 +40,15 @@ public interface SubsetService {
*/
Page<Subset> list(SubsetFilter filter, Pageable page);
/**
* List current user's subsets matching the filter.
*
* @param filter filter data
* @param page Pageable
* @return list of Subset
*/
Page<Subset> listSubsetsForCurrentUser(SubsetFilter filter, Pageable page);
/**
* Method creating Subset.
*
......
......@@ -16,12 +16,14 @@
package org.genesys2.server.service.impl;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import java.util.stream.Collectors;
import org.genesys.catalog.exceptions.InvalidApiUsageException;
import org.genesys.catalog.model.Partner;
import org.genesys2.server.exception.NotFoundElement;
import org.genesys2.server.model.PublishState;
import org.genesys2.server.model.UserRole;
......@@ -35,14 +37,17 @@ import org.genesys2.server.persistence.SubsetRepository;
import org.genesys2.server.security.SecurityUtils;
import org.genesys2.server.service.SubsetService;
import org.genesys2.server.service.filter.SubsetFilter;
import org.genesys2.util.JPAUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.ConcurrencyFailureException;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.PageImpl;
import org.springframework.data.domain.Pageable;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.acls.domain.BasePermission;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
......@@ -84,11 +89,27 @@ public class SubsetServiceImpl implements SubsetService {
return subsetRepository.findAll(published, page);
}
@Override
@PreAuthorize("hasRole('ADMINISTRATOR') or isAuthenticated()")
public Page<Subset> listSubsetsForCurrentUser(SubsetFilter filter, Pageable page) {
if (securityUtils.hasRole(UserRole.ADMINISTRATOR)) {
Pageable markdownSortPageRequest = JPAUtils.toMarkdownSort(page, "title");
Page res = subsetRepository.findAll(filter.buildQuery(), markdownSortPageRequest);
return new PageImpl<Subset>(res.getContent(), page, res.getTotalElements());
} else {
final HashSet<Long> partners = new HashSet<>(securityUtils.listObjectIdentityIdsForCurrentUser(Partner.class, BasePermission.WRITE));
Pageable markdownSortPageRequest = JPAUtils.toMarkdownSort(page, "title");
Page res = subsetRepository.findAll(QSubset.subset.createdBy.in(partners).and(filter.buildQuery()), markdownSortPageRequest);
return new PageImpl<Subset>(res.getContent(), page, res.getTotalElements());
}
}
/**
* {@inheritDoc}
*/
@Override
@Transactional
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#source, 'WRITE')")
public Subset create(final Subset source) {
LOG.info("Create Subset.");
final Subset subset = new Subset();
......@@ -197,6 +218,7 @@ public class SubsetServiceImpl implements SubsetService {
*/
@Override
@Transactional
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#source, 'WRITE')")
public Subset update(final Subset source) {
LOG.info("Update Subset.");
final Subset subset = loadSubset(source);
......@@ -213,6 +235,7 @@ public class SubsetServiceImpl implements SubsetService {
*/
@Override
@Transactional
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#subset, 'WRITE')")
public Subset delete(final Subset subset) {
subsetRepository.delete(subset);
subset.setId(null);
......@@ -224,6 +247,7 @@ public class SubsetServiceImpl implements SubsetService {
*/
@Override
@Transactional
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#input, 'WRITE')")
public Subset removeAccessions(final Subset input, final Set<UUID> accessionsUuids) {
LOG.info("Remove accessions of subset {}.", input);
final Subset subset = loadSubset(input);
......@@ -246,6 +270,7 @@ public class SubsetServiceImpl implements SubsetService {
*/
@Override
@Transactional
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#input, 'WRITE')")
public Subset addAccessions(final Subset input, final Set<UUID> accessionsUuids) {
LOG.info("Add accessions to Subset. Input accessions {}", input);
final Subset subset = loadSubset(input);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment