poststats/golf-rs-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

reformatted; added @RolesAllowed

Browse Source
This commit is contained in:
Brian Long
2023-02-03 10:11:26 -05:00
parent 1e43da7b41
commit a3dcee166d
7 changed files with 82 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/main/java/com/poststats/golf/api/EventApi.java
View File

@@ -32,7 +32,13 @@ import org.slf4j.LoggerFactory;
@RequestScoped @RequestScoped
@Path("/golf/event/{eventId}") @Path("/golf/event/{eventId}")
@Tag(name = "Event API") @Tag(name = "Event API")
@OpenAPIDefinition(info = @Info(contact = @Contact(name = "Brian Long", email = "brian.long@poststats.com"), title = "PostStats Golf API", description = "An API providing access to PostStats Golf objects.")) @OpenAPIDefinition(
info = @Info(
contact = @Contact(name = "Brian Long", email = "brian.long@poststats.com"),
title = "PostStats Golf API",
description = "An API providing access to PostStats Golf objects."
)
)
public class EventApi { public class EventApi {
private final Logger logger = LoggerFactory.getLogger(this.getClass()); private final Logger logger = LoggerFactory.getLogger(this.getClass());
@@ -53,9 +59,14 @@ public class EventApi {
@GET @GET
@Produces(Constants.V1_JSON) @Produces(Constants.V1_JSON)
@Operation(summary = "Retrieves limited meta-data about an event.", description = "Retreives name, location, dates, and other direct meta-data about the specified event.") @Operation(
@ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), summary = "Retrieves limited meta-data about an event.",
@ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") }) description = "Retreives name, location, dates, and other direct meta-data about the specified event."
)
@ApiResponses({
@ApiResponse(responseCode = "200", description = "Success"),
@ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found")
})
public Event get() throws JsonProcessingException { public Event get() throws JsonProcessingException {
DataSet row = this.eventService.get(this.eventId); DataSet row = this.eventService.get(this.eventId);
if (row == null) throw new WebApplicationException("Event not found", Status.NOT_FOUND); if (row == null) throw new WebApplicationException("Event not found", Status.NOT_FOUND);
@@ -66,9 +77,14 @@ public class EventApi {
@GET @GET
@Path("/detail") @Path("/detail")
@Produces(Constants.V1_JSON) @Produces(Constants.V1_JSON)
@Operation(summary = "Retrieves detailed meta-data about an event.", description = "Retreives name, location, dates, courses, and other indirect meta-data about the specified event.") @Operation(
@ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), summary = "Retrieves detailed meta-data about an event.",
@ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") }) description = "Retreives name, location, dates, courses, and other indirect meta-data about the specified event."
)
@ApiResponses({
@ApiResponse(responseCode = "200", description = "Success"),
@ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found")
})
public EventDetail getDetail() throws JsonProcessingException { public EventDetail getDetail() throws JsonProcessingException {
DataSet row = this.eventService.getDetail(this.eventId); DataSet row = this.eventService.getDetail(this.eventId);
if (row == null) throw new WebApplicationException("Event not found", Status.NOT_FOUND); if (row == null) throw new WebApplicationException("Event not found", Status.NOT_FOUND);

12
src/main/java/com/poststats/golf/api/EventFinanceApi.java
View File

@@ -45,8 +45,10 @@ public class EventFinanceApi {
@RolesAllowed("member") @RolesAllowed("member")
@Produces(Constants.V1_JSON) @Produces(Constants.V1_JSON)
@Operation(summary = "Retrieves the balances of all participants in an event.") @Operation(summary = "Retrieves the balances of all participants in an event.")
@ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), @ApiResponses({
@ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") }) @ApiResponse(responseCode = "200", description = "Success"),
@ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found")
})
public List<Map<String, Object>> getBalanceByPersonsAsJson(@Context SecurityContext securityContext) throws JsonProcessingException { public List<Map<String, Object>> getBalanceByPersonsAsJson(@Context SecurityContext securityContext) throws JsonProcessingException {
if (!securityContext.isUserInRole(this.eventId + "~finance")) throw new SecurityException("Not permitted"); if (!securityContext.isUserInRole(this.eventId + "~finance")) throw new SecurityException("Not permitted");
@@ -70,8 +72,10 @@ public class EventFinanceApi {
@RolesAllowed("member") @RolesAllowed("member")
@Produces("text/csv") @Produces("text/csv")
@Operation(summary = "Retrieves the balances of all participants in an event.") @Operation(summary = "Retrieves the balances of all participants in an event.")
@ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), @ApiResponses({
@ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") }) @ApiResponse(responseCode = "200", description = "Success"),
@ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found")
})
public StreamingOutput getBalanceByPersonsAsCsv(@Context SecurityContext securityContext) throws IOException { public StreamingOutput getBalanceByPersonsAsCsv(@Context SecurityContext securityContext) throws IOException {
if (!securityContext.isUserInRole(this.eventId + "~finance")) throw new SecurityException("Not permitted"); if (!securityContext.isUserInRole(this.eventId + "~finance")) throw new SecurityException("Not permitted");

30
src/main/java/com/poststats/golf/api/EventPersonApi.java
View File

@@ -56,8 +56,10 @@ public class EventPersonApi {
@RolesAllowed("member") @RolesAllowed("member")
@Produces(Constants.V1_JSON) @Produces(Constants.V1_JSON)
@Operation(summary = "Retrieves the administrators and participants in an event.") @Operation(summary = "Retrieves the administrators and participants in an event.")
@ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), @ApiResponses({
@ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") }) @ApiResponse(responseCode = "200", description = "Success"),
@ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found")
})
public List<Person> get(@Context SecurityContext securityContext, @QueryParam("format") String format) throws JsonProcessingException, IOException { public List<Person> get(@Context SecurityContext securityContext, @QueryParam("format") String format) throws JsonProcessingException, IOException {
if (!securityContext.isUserInRole(this.eventId + "~member")) throw new SecurityException("Not permitted"); if (!securityContext.isUserInRole(this.eventId + "~member")) throw new SecurityException("Not permitted");
@@ -70,8 +72,10 @@ public class EventPersonApi {
@RolesAllowed("member") @RolesAllowed("member")
@Produces("text/csv") @Produces("text/csv")
@Operation(summary = "Retrieves the administrators and participants in an event.") @Operation(summary = "Retrieves the administrators and participants in an event.")
@ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), @ApiResponses({
@ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") }) @ApiResponse(responseCode = "200", description = "Success"),
@ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found")
})
public StreamingOutput getAsCsv(@Context SecurityContext securityContext, @QueryParam("format") String format) throws JsonProcessingException, IOException { public StreamingOutput getAsCsv(@Context SecurityContext securityContext, @QueryParam("format") String format) throws JsonProcessingException, IOException {
if (!securityContext.isUserInRole(this.eventId + "~member")) throw new SecurityException("Not permitted"); if (!securityContext.isUserInRole(this.eventId + "~member")) throw new SecurityException("Not permitted");
@@ -84,8 +88,10 @@ public class EventPersonApi {
@RolesAllowed("member") @RolesAllowed("member")
@Produces(Constants.V1_JSON) @Produces(Constants.V1_JSON)
@Operation(summary = "Retrieves the participants in an event.") @Operation(summary = "Retrieves the participants in an event.")
@ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), @ApiResponses({
@ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") }) @ApiResponse(responseCode = "200", description = "Success"),
@ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found")
})
public List<Person> getParticipants(@Context SecurityContext securityContext, @Context @QueryParam("format") String format) public List<Person> getParticipants(@Context SecurityContext securityContext, @Context @QueryParam("format") String format)
throws JsonProcessingException, IOException { throws JsonProcessingException, IOException {
if (!securityContext.isUserInRole(this.eventId + "~member")) throw new SecurityException("Not permitted"); if (!securityContext.isUserInRole(this.eventId + "~member")) throw new SecurityException("Not permitted");
@@ -99,8 +105,10 @@ public class EventPersonApi {
@RolesAllowed("member") @RolesAllowed("member")
@Produces("text/csv") @Produces("text/csv")
@Operation(summary = "Retrieves the participants in an event.") @Operation(summary = "Retrieves the participants in an event.")
@ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), @ApiResponses({
@ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") }) @ApiResponse(responseCode = "200", description = "Success"),
@ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found")
})
public StreamingOutput getParticipantsAsCsv(@Context SecurityContext securityContext, @Context @QueryParam("format") String format) public StreamingOutput getParticipantsAsCsv(@Context SecurityContext securityContext, @Context @QueryParam("format") String format)
throws JsonProcessingException, IOException { throws JsonProcessingException, IOException {
if (!securityContext.isUserInRole(this.eventId + "~member")) throw new SecurityException("Not permitted"); if (!securityContext.isUserInRole(this.eventId + "~member")) throw new SecurityException("Not permitted");
@@ -114,8 +122,10 @@ public class EventPersonApi {
@RolesAllowed("member") @RolesAllowed("member")
@Produces(Constants.V1_JSON) @Produces(Constants.V1_JSON)
@Operation(summary = "Retrieves all the participants in an event series.") @Operation(summary = "Retrieves all the participants in an event series.")
@ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), @ApiResponses({
@ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found") }) @ApiResponse(responseCode = "200", description = "Success"),
@ApiResponse(responseCode = "404", description = "An event with the specified ID could not be found")
})
public List<Person> getSeriesParticipants(@Context SecurityContext securityContext, @QueryParam("format") String format) public List<Person> getSeriesParticipants(@Context SecurityContext securityContext, @QueryParam("format") String format)
throws JsonProcessingException, IOException { throws JsonProcessingException, IOException {
if (!securityContext.isUserInRole(this.eventId + "~member")) throw new SecurityException("Not permitted"); if (!securityContext.isUserInRole(this.eventId + "~member")) throw new SecurityException("Not permitted");

11
src/main/java/com/poststats/golf/api/GolferApi.java
View File

@@ -48,9 +48,14 @@ public class GolferApi {
@GET @GET
@Produces(Constants.V1_JSON) @Produces(Constants.V1_JSON)
@Operation(summary = "Retrieves limited meta-data about a golfer.", description = "Retreives name, location, and other direct meta-data about the specified golfer.") @Operation(
@ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), summary = "Retrieves limited meta-data about a golfer.",
@ApiResponse(responseCode = "404", description = "A golfer with the specified ID could not be found") }) description = "Retreives name, location, and other direct meta-data about the specified golfer."
)
@ApiResponses({
@ApiResponse(responseCode = "200", description = "Success"),
@ApiResponse(responseCode = "404", description = "A golfer with the specified ID could not be found")
})
public Person get() throws JsonProcessingException { public Person get() throws JsonProcessingException {
DataSet row = this.personService.get(this.personId); DataSet row = this.personService.get(this.personId);
if (row == null) throw new WebApplicationException("Event not found", Status.NOT_FOUND); if (row == null) throw new WebApplicationException("Event not found", Status.NOT_FOUND);

28
src/main/java/com/poststats/golf/api/SeriesApi.java
View File

@@ -62,9 +62,14 @@ public class SeriesApi {
@GET @GET
@Produces(Constants.V1_JSON) @Produces(Constants.V1_JSON)
@Operation(summary = "Retrieves meta-data about an event series.", description = "Retreives name and other direct meta-data about the specified event series.") @Operation(
@ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), summary = "Retrieves meta-data about an event series.",
@ApiResponse(responseCode = "404", description = "An event series with the specified ID could not be found") }) description = "Retreives name and other direct meta-data about the specified event series."
)
@ApiResponses({
@ApiResponse(responseCode = "200", description = "Success"),
@ApiResponse(responseCode = "404", description = "An event series with the specified ID could not be found")
})
public Series get() throws JsonProcessingException { public Series get() throws JsonProcessingException {
DataSet row = this.seriesService.get(this.seriesId); DataSet row = this.seriesService.get(this.seriesId);
if (row == null) throw new WebApplicationException("Series not found", Status.NOT_FOUND); if (row == null) throw new WebApplicationException("Series not found", Status.NOT_FOUND);
@@ -76,8 +81,10 @@ public class SeriesApi {
@Path("/eventIds") @Path("/eventIds")
@Produces(Constants.V1_JSON) @Produces(Constants.V1_JSON)
@Operation(summary = "Retrieves event IDs under an event series.") @Operation(summary = "Retrieves event IDs under an event series.")
@ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), @ApiResponses({
@ApiResponse(responseCode = "404", description = "An event series with the specified ID could not be found") }) @ApiResponse(responseCode = "200", description = "Success"),
@ApiResponse(responseCode = "404", description = "An event series with the specified ID could not be found")
})
public Set<Long> getEventIds() throws JsonProcessingException { public Set<Long> getEventIds() throws JsonProcessingException {
Set<Long> eventIds = this.eventService.getIds(this.seriesId); Set<Long> eventIds = this.eventService.getIds(this.seriesId);
if (eventIds.isEmpty()) throw new WebApplicationException("Series or events not found", Status.NOT_FOUND); if (eventIds.isEmpty()) throw new WebApplicationException("Series or events not found", Status.NOT_FOUND);
@@ -87,9 +94,14 @@ public class SeriesApi {
@GET @GET
@Path("/events") @Path("/events")
@Produces(Constants.V1_JSON) @Produces(Constants.V1_JSON)
@Operation(summary = "Retrieves limited event meta-data about all events in an event series.", description = "Retreives name, location, dates, and other direct meta-data about all events in the specified event series.") @Operation(
@ApiResponses({ @ApiResponse(responseCode = "200", description = "Success"), summary = "Retrieves limited event meta-data about all events in an event series.",
@ApiResponse(responseCode = "404", description = "An event series with the specified ID could not be found") }) description = "Retreives name, location, dates, and other direct meta-data about all events in the specified event series."
)
@ApiResponses({
@ApiResponse(responseCode = "200", description = "Success"),
@ApiResponse(responseCode = "404", description = "An event series with the specified ID could not be found")
})
public List<Event> getEvents(@QueryParam("reverse") Boolean reverse) throws JsonProcessingException { public List<Event> getEvents(@QueryParam("reverse") Boolean reverse) throws JsonProcessingException {
Map<Long, DataSet> rows = this.eventService.get(this.seriesId, !Boolean.TRUE.equals(reverse)); Map<Long, DataSet> rows = this.eventService.get(this.seriesId, !Boolean.TRUE.equals(reverse));
if (rows.isEmpty()) throw new WebApplicationException("Series or events not found", Status.NOT_FOUND); if (rows.isEmpty()) throw new WebApplicationException("Series or events not found", Status.NOT_FOUND);

2
src/main/java/com/poststats/golf/security/EventPersonSecurityContext.java
View File

@@ -22,7 +22,7 @@ public class EventPersonSecurityContext implements SecurityContext {
@Override @Override
public boolean isUserInRole(String role) { public boolean isUserInRole(String role) {
Person person = (Person) this.securityContext.getUserPrincipal(); Person person = (Person) this.securityContext.getUserPrincipal();
return person.hasAccessControl(role, this.eventId); return person == null ? false : person.hasAccessControl(role, this.eventId);
} }
@Override @Override

5
src/main/java/com/poststats/golf/servlet/EventFilter.java
View File

@@ -47,9 +47,8 @@ public class EventFilter implements ContainerRequestFilter {
requestContext.setProperty(Constants.EVENT_ID, eventId); requestContext.setProperty(Constants.EVENT_ID, eventId);
SecurityContext scontext = requestContext.getSecurityContext(); SecurityContext scontext = requestContext.getSecurityContext();
if (scontext != null) { if (scontext.getUserPrincipal() != null) {
this.logger.debug("Authorized for Event: {} => {}", scontext.getUserPrincipal() this.logger.debug("Narrowing authorization for event: {} => {}", scontext.getUserPrincipal(), eventId);
.getName(), eventId);
requestContext.setSecurityContext(new EventPersonSecurityContext(scontext, eventId)); requestContext.setSecurityContext(new EventPersonSecurityContext(scontext, eventId));
} }
} }