diff --git a/ccm-core/src/main/java/org/libreccm/security/RolesApi.java b/ccm-core/src/main/java/org/libreccm/security/RolesApi.java index 33c680603..3b44125d7 100644 --- a/ccm-core/src/main/java/org/libreccm/security/RolesApi.java +++ b/ccm-core/src/main/java/org/libreccm/security/RolesApi.java @@ -5,8 +5,34 @@ */ package org.libreccm.security; +import org.libreccm.core.CcmObject; +import org.libreccm.core.CcmObjectRepository; +import org.libreccm.core.CoreConstants; +import org.libreccm.core.api.ExtractedIdentifier; +import org.libreccm.core.api.IdentifierExtractor; +import org.libreccm.core.api.JsonArrayCollector; + +import java.util.List; + import javax.enterprise.context.RequestScoped; +import javax.inject.Inject; +import javax.json.Json; +import javax.json.JsonArray; +import javax.json.JsonObject; +import javax.transaction.Transactional; +import javax.ws.rs.Consumes; +import javax.ws.rs.DELETE; +import javax.ws.rs.DefaultValue; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.PUT; import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; /** * @@ -15,5 +41,258 @@ import javax.ws.rs.Path; @RequestScoped @Path("/roles") public class RolesApi { + + @Inject + private IdentifierExtractor identifierExtractor; + + @Inject + private CcmObjectRepository ccmObjectRepository; + @Inject + private PartyRepository partyRepository; + + @Inject + private RoleManager roleManager; + + @Inject + private RoleRepository roleRepository; + + @GET + @Path("/") + @Produces(MediaType.APPLICATION_JSON) + @AuthorizationRequired + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) + @Transactional(Transactional.TxType.REQUIRED) + public JsonObject getRoles( + @QueryParam("limit") @DefaultValue("20") final int limit, + @QueryParam("offset") @DefaultValue("0") final int offset + ) { + final long count = roleRepository.countAll(); + final List roles = roleRepository.findAll(limit, offset); + + return Json + .createObjectBuilder() + .add("count", count) + .add("limit", limit) + .add("offset", offset) + .add( + "roles", + roles + .stream() + .map(Role::toJson) + .collect(new JsonArrayCollector()) + ) + .build(); + } + + @GET + @Path("/{roleIdentifier}") + @Produces(MediaType.APPLICATION_JSON) + @AuthorizationRequired + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) + @Transactional(Transactional.TxType.REQUIRED) + public JsonObject getRole( + @PathParam("roleIdentifier") final String roleIdentifier + ) { + return findRole(roleIdentifier).toJson(); + } + + @POST + @Path("/") + @Consumes(MediaType.APPLICATION_JSON) + @AuthorizationRequired + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) + @Transactional(Transactional.TxType.REQUIRED) + public Response addRole(final JsonObject roleData) { + throw new UnsupportedOperationException(); + } + + @PUT + @Path("/{roleIdentifier}") + @Consumes(MediaType.APPLICATION_JSON) + @AuthorizationRequired + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) + @Transactional(Transactional.TxType.REQUIRED) + public Response updateRole( + @PathParam("roleIdentifier") final String groupIdentifier, + final JsonObject groupData + ) { + throw new UnsupportedOperationException(); + } + + @DELETE + @Path("/{roleIdentifier}") + @Consumes(MediaType.APPLICATION_JSON) + @AuthorizationRequired + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) + @Transactional(Transactional.TxType.REQUIRED) + public Response deleteRole( + @PathParam("groupIdentifier") final String groupIdentifier + ) { + throw new UnsupportedOperationException(); + } + + @GET + @Path("/{roleIdentifier}/members") + @Produces(MediaType.APPLICATION_JSON) + @AuthorizationRequired + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) + @Transactional(Transactional.TxType.REQUIRED) + public JsonArray getMembers( + @PathParam("roleIdentifier") final String roleIdentifier + ) { + throw new UnsupportedOperationException(); + } + + @PUT + @Path("/{roleIdentifier}/members/{partyIdentifier}") + @AuthorizationRequired + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) + @Transactional(Transactional.TxType.REQUIRED) + public Response addMember( + @PathParam("roleIdentifier") final String groupIdentifier, + @PathParam("partyIdentifier") final String userIdentifier + ) { + throw new UnsupportedOperationException(); + } + + @DELETE + @Path("/{roleIdentifier}/members/{partyIdentifier}") + @AuthorizationRequired + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) + @Transactional(Transactional.TxType.REQUIRED) + public Response removeMember( + @PathParam("roleIdentifier") final String groupIdentifier, + @PathParam("partyIdentifier") final String userIdentifier + ) { + throw new UnsupportedOperationException(); + } + + @GET + @Path("/{roleIdentifier}/permissions") + @Produces(MediaType.APPLICATION_JSON) + @AuthorizationRequired + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) + @Transactional(Transactional.TxType.REQUIRED) + public JsonArray getPermissions( + @PathParam("roleIdentifier") final String groupIdentifier + ) { + throw new UnsupportedOperationException(); + } + + @POST + @Path("/{roleIdentifier}/permissions") + @Consumes(MediaType.APPLICATION_JSON) + @AuthorizationRequired + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) + @Transactional(Transactional.TxType.REQUIRED) + public Response addPermission( + @PathParam("roleIdentifier") final String groupIdentifier, + final JsonObject permissionData + ) { + throw new UnsupportedOperationException(); + } + + @DELETE + @Path("/{roleIdentifier}/permissions/{permissionIdentifier}") + @AuthorizationRequired + @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) + @Transactional(Transactional.TxType.REQUIRED) + public Response removePermission( + @PathParam("roleIdentifier") final String groupIdentifier, + @PathParam("permissionIdentifier") final String permissionIdentifier + ) { + throw new UnsupportedOperationException(); + } + + + + private Party findParty(final String partyIdentifier) { + final ExtractedIdentifier identifier = identifierExtractor + .extractIdentifier(partyIdentifier); + + switch (identifier.getType()) { + case ID: + return partyRepository + .findById(Long.parseLong(identifier.getIdentifier())) + .orElseThrow( + () -> new WebApplicationException( + String.format( + "No party with ID %s found", + identifier.getIdentifier() + ), + Response.Status.NOT_FOUND + ) + ); + case UUID: + return partyRepository + .findByUuid(identifier.getIdentifier()) + .orElseThrow( + () -> new WebApplicationException( + String.format( + "No party with UUID %s found", + identifier.getIdentifier() + ), + Response.Status.NOT_FOUND + ) + ); + default: + return partyRepository + .findByName(identifier.getIdentifier()) + .orElseThrow( + () -> new WebApplicationException( + String.format( + "No party with name %s found", + identifier.getIdentifier() + ), + Response.Status.NOT_FOUND + ) + ); + } + } + + private Role findRole(final String roleIdentifier) { + final ExtractedIdentifier identifier = identifierExtractor + .extractIdentifier(roleIdentifier); + + switch (identifier.getType()) { + case ID: + return roleRepository + .findById(Long.parseLong(identifier.getIdentifier())) + .orElseThrow( + () -> new WebApplicationException( + String.format( + "No role with ID %s found.", + identifier.getIdentifier() + ), + Response.Status.NOT_FOUND + ) + ); + case UUID: + return roleRepository + .findByUuid(identifier.getIdentifier()) + .orElseThrow( + () -> new WebApplicationException( + String.format( + "No role with UUID %s found.", + identifier.getIdentifier() + ), + Response.Status.NOT_FOUND + ) + ); + default: + return roleRepository + .findByName(identifier.getIdentifier()) + .orElseThrow( + () -> new WebApplicationException( + String.format( + "No role with name %s found.", + identifier.getIdentifier() + ), + Response.Status.NOT_FOUND + ) + ); + } + } + }