From a3dcee166d2906fcfaa841ddfeea63a125b44833 Mon Sep 17 00:00:00 2001 From: Brian Long Date: Fri, 3 Feb 2023 10:11:26 -0500 Subject: [PATCH] reformatted; added @RolesAllowed --- .../java/com/poststats/golf/api/EventApi.java | 30 ++++++++++++++----- .../poststats/golf/api/EventFinanceApi.java | 12 +++++--- .../poststats/golf/api/EventPersonApi.java | 30 ++++++++++++------- .../com/poststats/golf/api/GolferApi.java | 11 +++++-- .../com/poststats/golf/api/SeriesApi.java | 28 ++++++++++++----- .../security/EventPersonSecurityContext.java | 2 +- .../poststats/golf/servlet/EventFilter.java | 5 ++-- 7 files changed, 82 insertions(+), 36 deletions(-) diff --git a/src/main/java/com/poststats/golf/api/EventApi.java b/src/main/java/com/poststats/golf/api/EventApi.java index cffe2e8..5711324 100644 --- a/src/main/java/com/poststats/golf/api/EventApi.java +++ b/src/main/java/com/poststats/golf/api/EventApi.java @@ -32,7 +32,13 @@ import org.slf4j.LoggerFactory; @RequestScoped @Path("/golf/event/{eventId}") @Tag(name = "Event API") -@OpenAPIDefinition(info = @Info(contact = @Contact(name = "Brian Long", email = "brian.long@poststats.com"), title = "PostStats Golf API", description = "An API providing access to PostStats Golf objects.")) +@OpenAPIDefinition( + info = @Info( + contact = @Contact(name = "Brian Long", email = "brian.long@poststats.com"), + title = "PostStats Golf API", + description = "An API providing access to PostStats Golf objects." + ) +) public class EventApi { private final Logger logger = LoggerFactory.getLogger(this.getClass()); @@ -53,9 +59,14 @@ public class EventApi { @GET @Produces(Constants.V1_JSON) - @Operation(summary = "Retrieves limited meta-data about an event.", description = "Retreives name, location, dates, and other direct meta-data about the specified event.") - @ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), - @ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") }) + @Operation( + summary = "Retrieves limited meta-data about an event.", + description = "Retreives name, location, dates, and other direct meta-data about the specified event." + ) + @ApiResponses({ + @ApiResponse(responseCode = "200", description = "Success"), + @ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") + }) public Event get() throws JsonProcessingException { DataSet row = this.eventService.get(this.eventId); if (row == null) throw new WebApplicationException("Event not found", Status.NOT_FOUND); @@ -66,9 +77,14 @@ public class EventApi { @GET @Path("/detail") @Produces(Constants.V1_JSON) - @Operation(summary = "Retrieves detailed meta-data about an event.", description = "Retreives name, location, dates, courses, and other indirect meta-data about the specified event.") - @ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), - @ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") }) + @Operation( + summary = "Retrieves detailed meta-data about an event.", + description = "Retreives name, location, dates, courses, and other indirect meta-data about the specified event." + ) + @ApiResponses({ + @ApiResponse(responseCode = "200", description = "Success"), + @ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") + }) public EventDetail getDetail() throws JsonProcessingException { DataSet row = this.eventService.getDetail(this.eventId); if (row == null) throw new WebApplicationException("Event not found", Status.NOT_FOUND); diff --git a/src/main/java/com/poststats/golf/api/EventFinanceApi.java b/src/main/java/com/poststats/golf/api/EventFinanceApi.java index 4e8a94d..24347fc 100644 --- a/src/main/java/com/poststats/golf/api/EventFinanceApi.java +++ b/src/main/java/com/poststats/golf/api/EventFinanceApi.java @@ -45,8 +45,10 @@ public class EventFinanceApi { @RolesAllowed("member") @Produces(Constants.V1_JSON) @Operation(summary = "Retrieves the balances of all participants in an event.") - @ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), - @ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") }) + @ApiResponses({ + @ApiResponse(responseCode = "200", description = "Success"), + @ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") + }) public List> getBalanceByPersonsAsJson(@Context SecurityContext securityContext) throws JsonProcessingException { if (!securityContext.isUserInRole(this.eventId + "~finance")) throw new SecurityException("Not permitted"); @@ -70,8 +72,10 @@ public class EventFinanceApi { @RolesAllowed("member") @Produces("text/csv") @Operation(summary = "Retrieves the balances of all participants in an event.") - @ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), - @ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") }) + @ApiResponses({ + @ApiResponse(responseCode = "200", description = "Success"), + @ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") + }) public StreamingOutput getBalanceByPersonsAsCsv(@Context SecurityContext securityContext) throws IOException { if (!securityContext.isUserInRole(this.eventId + "~finance")) throw new SecurityException("Not permitted"); diff --git a/src/main/java/com/poststats/golf/api/EventPersonApi.java b/src/main/java/com/poststats/golf/api/EventPersonApi.java index 679fd6e..6368c4b 100644 --- a/src/main/java/com/poststats/golf/api/EventPersonApi.java +++ b/src/main/java/com/poststats/golf/api/EventPersonApi.java @@ -56,8 +56,10 @@ public class EventPersonApi { @RolesAllowed("member") @Produces(Constants.V1_JSON) @Operation(summary = "Retrieves the administrators and participants in an event.") - @ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), - @ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") }) + @ApiResponses({ + @ApiResponse(responseCode = "200", description = "Success"), + @ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") + }) public List get(@Context SecurityContext securityContext, @QueryParam("format") String format) throws JsonProcessingException, IOException { if (!securityContext.isUserInRole(this.eventId + "~member")) throw new SecurityException("Not permitted"); @@ -70,8 +72,10 @@ public class EventPersonApi { @RolesAllowed("member") @Produces("text/csv") @Operation(summary = "Retrieves the administrators and participants in an event.") - @ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), - @ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") }) + @ApiResponses({ + @ApiResponse(responseCode = "200", description = "Success"), + @ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") + }) public StreamingOutput getAsCsv(@Context SecurityContext securityContext, @QueryParam("format") String format) throws JsonProcessingException, IOException { if (!securityContext.isUserInRole(this.eventId + "~member")) throw new SecurityException("Not permitted"); @@ -84,8 +88,10 @@ public class EventPersonApi { @RolesAllowed("member") @Produces(Constants.V1_JSON) @Operation(summary = "Retrieves the participants in an event.") - @ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), - @ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") }) + @ApiResponses({ + @ApiResponse(responseCode = "200", description = "Success"), + @ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") + }) public List getParticipants(@Context SecurityContext securityContext, @Context @QueryParam("format") String format) throws JsonProcessingException, IOException { if (!securityContext.isUserInRole(this.eventId + "~member")) throw new SecurityException("Not permitted"); @@ -99,8 +105,10 @@ public class EventPersonApi { @RolesAllowed("member") @Produces("text/csv") @Operation(summary = "Retrieves the participants in an event.") - @ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), - @ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") }) + @ApiResponses({ + @ApiResponse(responseCode = "200", description = "Success"), + @ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") + }) public StreamingOutput getParticipantsAsCsv(@Context SecurityContext securityContext, @Context @QueryParam("format") String format) throws JsonProcessingException, IOException { if (!securityContext.isUserInRole(this.eventId + "~member")) throw new SecurityException("Not permitted"); @@ -114,8 +122,10 @@ public class EventPersonApi { @RolesAllowed("member") @Produces(Constants.V1_JSON) @Operation(summary = "Retrieves all the participants in an event series.") - @ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), - @ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") }) + @ApiResponses({ + @ApiResponse(responseCode = "200", description = "Success"), + @ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") + }) public List getSeriesParticipants(@Context SecurityContext securityContext, @QueryParam("format") String format) throws JsonProcessingException, IOException { if (!securityContext.isUserInRole(this.eventId + "~member")) throw new SecurityException("Not permitted"); diff --git a/src/main/java/com/poststats/golf/api/GolferApi.java b/src/main/java/com/poststats/golf/api/GolferApi.java index d824f2f..db647a2 100644 --- a/src/main/java/com/poststats/golf/api/GolferApi.java +++ b/src/main/java/com/poststats/golf/api/GolferApi.java @@ -48,9 +48,14 @@ public class GolferApi { @GET @Produces(Constants.V1_JSON) - @Operation(summary = "Retrieves limited meta-data about a golfer.", description = "Retreives name, location, and other direct meta-data about the specified golfer.") - @ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), - @ApiResponse(responseCode = "404", description = "A golfer with the specified ID could not be found") }) + @Operation( + summary = "Retrieves limited meta-data about a golfer.", + description = "Retreives name, location, and other direct meta-data about the specified golfer." + ) + @ApiResponses({ + @ApiResponse(responseCode = "200", description = "Success"), + @ApiResponse(responseCode = "404", description = "A golfer with the specified ID could not be found") + }) public Person get() throws JsonProcessingException { DataSet row = this.personService.get(this.personId); if (row == null) throw new WebApplicationException("Event not found", Status.NOT_FOUND); diff --git a/src/main/java/com/poststats/golf/api/SeriesApi.java b/src/main/java/com/poststats/golf/api/SeriesApi.java index e099ae6..1099f5a 100644 --- a/src/main/java/com/poststats/golf/api/SeriesApi.java +++ b/src/main/java/com/poststats/golf/api/SeriesApi.java @@ -62,9 +62,14 @@ public class SeriesApi { @GET @Produces(Constants.V1_JSON) - @Operation(summary = "Retrieves meta-data about an event series.", description = "Retreives name and other direct meta-data about the specified event series.") - @ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), - @ApiResponse(responseCode = "404", description = "An event series with the specified ID could not be found") }) + @Operation( + summary = "Retrieves meta-data about an event series.", + description = "Retreives name and other direct meta-data about the specified event series." + ) + @ApiResponses({ + @ApiResponse(responseCode = "200", description = "Success"), + @ApiResponse(responseCode = "404", description = "An event series with the specified ID could not be found") + }) public Series get() throws JsonProcessingException { DataSet row = this.seriesService.get(this.seriesId); if (row == null) throw new WebApplicationException("Series not found", Status.NOT_FOUND); @@ -76,8 +81,10 @@ public class SeriesApi { @Path("/eventIds") @Produces(Constants.V1_JSON) @Operation(summary = "Retrieves event IDs under an event series.") - @ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), - @ApiResponse(responseCode = "404", description = "An event series with the specified ID could not be found") }) + @ApiResponses({ + @ApiResponse(responseCode = "200", description = "Success"), + @ApiResponse(responseCode = "404", description = "An event series with the specified ID could not be found") + }) public Set getEventIds() throws JsonProcessingException { Set eventIds = this.eventService.getIds(this.seriesId); if (eventIds.isEmpty()) throw new WebApplicationException("Series or events not found", Status.NOT_FOUND); @@ -87,9 +94,14 @@ public class SeriesApi { @GET @Path("/events") @Produces(Constants.V1_JSON) - @Operation(summary = "Retrieves limited event meta-data about all events in an event series.", description = "Retreives name, location, dates, and other direct meta-data about all events in the specified event series.") - @ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), - @ApiResponse(responseCode = "404", description = "An event series with the specified ID could not be found") }) + @Operation( + summary = "Retrieves limited event meta-data about all events in an event series.", + description = "Retreives name, location, dates, and other direct meta-data about all events in the specified event series." + ) + @ApiResponses({ + @ApiResponse(responseCode = "200", description = "Success"), + @ApiResponse(responseCode = "404", description = "An event series with the specified ID could not be found") + }) public List getEvents(@QueryParam("reverse") Boolean reverse) throws JsonProcessingException { Map rows = this.eventService.get(this.seriesId, !Boolean.TRUE.equals(reverse)); if (rows.isEmpty()) throw new WebApplicationException("Series or events not found", Status.NOT_FOUND); diff --git a/src/main/java/com/poststats/golf/security/EventPersonSecurityContext.java b/src/main/java/com/poststats/golf/security/EventPersonSecurityContext.java index e239b3a..dc8fdd6 100644 --- a/src/main/java/com/poststats/golf/security/EventPersonSecurityContext.java +++ b/src/main/java/com/poststats/golf/security/EventPersonSecurityContext.java @@ -22,7 +22,7 @@ public class EventPersonSecurityContext implements SecurityContext { @Override public boolean isUserInRole(String role) { Person person = (Person) this.securityContext.getUserPrincipal(); - return person.hasAccessControl(role, this.eventId); + return person == null ? false : person.hasAccessControl(role, this.eventId); } @Override diff --git a/src/main/java/com/poststats/golf/servlet/EventFilter.java b/src/main/java/com/poststats/golf/servlet/EventFilter.java index 824ef50..b816722 100644 --- a/src/main/java/com/poststats/golf/servlet/EventFilter.java +++ b/src/main/java/com/poststats/golf/servlet/EventFilter.java @@ -47,9 +47,8 @@ public class EventFilter implements ContainerRequestFilter { requestContext.setProperty(Constants.EVENT_ID, eventId); SecurityContext scontext = requestContext.getSecurityContext(); - if (scontext != null) { - this.logger.debug("Authorized for Event: {} => {}", scontext.getUserPrincipal() - .getName(), eventId); + if (scontext.getUserPrincipal() != null) { + this.logger.debug("Narrowing authorization for event: {} => {}", scontext.getUserPrincipal(), eventId); requestContext.setSecurityContext(new EventPersonSecurityContext(scontext, eventId)); } }