Commit f69e4e49 authored by Matija Obreza's avatar Matija Obreza
Browse files

Permission checks for upsertAccession

parent 31107cba
......@@ -37,6 +37,7 @@ import org.genesys2.server.service.InstituteService;
import org.genesys2.server.service.OrganizationService;
import org.genesys2.server.service.TaxonomyService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
......@@ -66,6 +67,7 @@ public class BatchRESTServiceImpl implements BatchRESTService {
@Override
@Transactional
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#institute, 'WRITE') or hasPermission(#institute, 'CREATE')")
public boolean upsertAccessionData(FaoInstitute institute, Map<BatchRESTService.DataJson, ObjectNode> batch) {
LOG.info("Batch processing " + batch.size() + " entries for " + institute);
List<Accession> toSave = new ArrayList<Accession>();
......
......@@ -17,9 +17,7 @@
package org.genesys2.server.servlet.controller.rest;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.genesys2.server.model.genesys.Accession;
......@@ -56,7 +54,7 @@ public class AccessionController extends RestController {
@Autowired
GenesysService genesysService;
@Autowired
BatchRESTService batchRESTService;
......@@ -133,7 +131,13 @@ public class AccessionController extends RestController {
Accession accession = genesysService.getAccession(dataJson.instCode, dataJson.genus, dataJson.acceNumb);
ret.put("id", accession != null ? accession.getId() : null);
if (accession != null) {
ret.put("id", accession.getId());
// Give them back the UUID
if (accession.getUuid() != null) {
ret.put("uuid", accession.getUuid());
}
}
rets.add(ret);
}
......@@ -141,94 +145,6 @@ public class AccessionController extends RestController {
return rets;
}
/**
* Update accessions in the system
*
* @return
* @throws IOException
* @throws JsonProcessingException
*/
@RequestMapping(value = "/{instCode}/update", method = { RequestMethod.POST, RequestMethod.PUT }, produces = { MediaType.APPLICATION_JSON_VALUE })
public @ResponseBody
boolean updateInstituteAccession(@PathVariable("instCode") String instCode, @RequestBody String content) throws JsonProcessingException, IOException {
// TODO Check user's permissions to update this WIEWS institute.
FaoInstitute institute = instituteService.getInstitute(instCode);
if (institute == null) {
throw new ResourceNotFoundException();
}
JsonNode json = mapper.readTree(content);
Map<BatchRESTService.DataJson, ObjectNode> batch = new HashMap<BatchRESTService.DataJson, ObjectNode>();
if (json.isArray()) {
for (JsonNode j : json) {
BatchRESTService.DataJson dataJson = readAid3(j);
if (!instCode.equals(dataJson.instCode)) {
throw new RuntimeException("Accession does not belong to instCode=" + instCode + " acn=" + dataJson);
}
batch.put(dataJson, (ObjectNode) j);
}
} else {
BatchRESTService.DataJson dataJson = readAid3(json);
if (!instCode.equals(dataJson.instCode)) {
throw new RuntimeException("Accession does not belong to instCode=" + instCode + " acn=" + dataJson);
}
batch.put(dataJson, (ObjectNode) json);
}
LOG.info("Batch processing " + batch.size() + " entries for " + institute);
List<Accession> toSave = new ArrayList<Accession>();
for (BatchRESTService.DataJson dataJson : batch.keySet()) {
if (LOG.isDebugEnabled())
LOG.debug("Loading accession " + dataJson);
Accession accession = genesysService.getAccession(dataJson.instCode, dataJson.genus, dataJson.acceNumb);
if (accession == null) {
// LOG.warn("No accession " + dataJson);
continue;
}
ObjectNode accnJson = batch.get(dataJson);
boolean updated = false;
JsonNode value = accnJson.get("mlsStat");
if (value != null) {
Boolean inMls = value.isNull() ? null : value.asBoolean();
if (inMls != accession.getMlsStatus()) {
if (LOG.isDebugEnabled())
LOG.debug("Setting MLSSTAT to " + inMls);
accession.setMlsStatus(inMls);
updated = true;
}
}
value = accnJson.get("availability");
if (value != null) {
Boolean availability = value.isNull() ? null : value.asBoolean();
if (availability != accession.getAvailability()) {
if (LOG.isDebugEnabled())
LOG.debug("Setting Availability to " + availability);
accession.setAvailability(availability);
updated = true;
}
}
if (updated) {
toSave.add(accession);
}
}
if (toSave.size() > 0) {
LOG.info("Storing " + toSave.size() + " accessions.");
genesysService.saveAccessions(toSave);
}
return toSave.size() > 0;
}
/**
* Update accessions in the system
......@@ -240,7 +156,7 @@ public class AccessionController extends RestController {
@RequestMapping(value = "/{instCode}/upsert", method = { RequestMethod.POST, RequestMethod.PUT }, produces = { MediaType.APPLICATION_JSON_VALUE })
public @ResponseBody
boolean upsertInstituteAccession(@PathVariable("instCode") String instCode, @RequestBody String content) throws JsonProcessingException, IOException {
// TODO Check user's permissions to update this WIEWS institute.
// User's permission to WRITE to this WIEWS institute are checked in BatchRESTService.
FaoInstitute institute = instituteService.getInstitute(instCode);
if (institute == null) {
throw new ResourceNotFoundException();
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment