Skip to content
Snippets Groups Projects
Commit 19d613f5 authored by Martin Weise's avatar Martin Weise
Browse files

Updated permissions and endpoints for auth service

Former-commit-id: 2ded327f
parent 953f5249
No related branches found
No related tags found
1 merge request!42Fixed the query service tests
Showing
with 62 additions and 25 deletions
...@@ -13,6 +13,7 @@ import org.springframework.beans.factory.annotation.Autowired; ...@@ -13,6 +13,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import javax.validation.Valid; import javax.validation.Valid;
...@@ -38,6 +39,7 @@ public class ContainerEndpoint { ...@@ -38,6 +39,7 @@ public class ContainerEndpoint {
} }
@GetMapping @GetMapping
@Transactional(readOnly = true)
@ApiOperation(value = "List all containers", notes = "Lists the containers in the metadata database.") @ApiOperation(value = "List all containers", notes = "Lists the containers in the metadata database.")
@ApiResponses({ @ApiResponses({
@ApiResponse(code = 200, message = "All containers are listed."), @ApiResponse(code = 200, message = "All containers are listed."),
...@@ -52,6 +54,7 @@ public class ContainerEndpoint { ...@@ -52,6 +54,7 @@ public class ContainerEndpoint {
} }
@PostMapping @PostMapping
@Transactional
@PreAuthorize("hasRole('ROLE_RESEARCHER')") @PreAuthorize("hasRole('ROLE_RESEARCHER')")
@ApiOperation(value = "Creates a new container", notes = "Creates a new container whose image is registered in the metadata database too.") @ApiOperation(value = "Creates a new container", notes = "Creates a new container whose image is registered in the metadata database too.")
@ApiResponses({ @ApiResponses({
...@@ -69,6 +72,7 @@ public class ContainerEndpoint { ...@@ -69,6 +72,7 @@ public class ContainerEndpoint {
} }
@GetMapping("/{id}") @GetMapping("/{id}")
@Transactional(readOnly = true)
@ApiOperation(value = "Get all information about a container", notes = "Since we follow the REST-principle, this method provides more information than the findAll method.") @ApiOperation(value = "Get all information about a container", notes = "Since we follow the REST-principle, this method provides more information than the findAll method.")
@ApiResponses({ @ApiResponses({
@ApiResponse(code = 200, message = "Get information about container."), @ApiResponse(code = 200, message = "Get information about container."),
...@@ -83,6 +87,7 @@ public class ContainerEndpoint { ...@@ -83,6 +87,7 @@ public class ContainerEndpoint {
} }
@PutMapping("/{id}") @PutMapping("/{id}")
@Transactional
@PreAuthorize("hasRole('ROLE_RESEARCHER')") @PreAuthorize("hasRole('ROLE_RESEARCHER')")
@ApiOperation(value = "Change the state of a container", notes = "The new state can only be one of START/STOP.") @ApiOperation(value = "Change the state of a container", notes = "The new state can only be one of START/STOP.")
@ApiResponses({ @ApiResponses({
...@@ -105,6 +110,7 @@ public class ContainerEndpoint { ...@@ -105,6 +110,7 @@ public class ContainerEndpoint {
} }
@DeleteMapping("/{id}") @DeleteMapping("/{id}")
@Transactional
@ApiOperation(value = "Delete a container") @ApiOperation(value = "Delete a container")
@PreAuthorize("hasRole('ROLE_DATA_STEWARD')") @PreAuthorize("hasRole('ROLE_DATA_STEWARD')")
@ApiResponses({ @ApiResponses({
......
...@@ -19,6 +19,7 @@ import org.springframework.beans.factory.annotation.Autowired; ...@@ -19,6 +19,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import javax.validation.Valid; import javax.validation.Valid;
...@@ -43,6 +44,7 @@ public class ImageEndpoint { ...@@ -43,6 +44,7 @@ public class ImageEndpoint {
} }
@GetMapping @GetMapping
@Transactional(readOnly = true)
@ApiOperation(value = "List all images", notes = "Lists the images in the metadata database.") @ApiOperation(value = "List all images", notes = "Lists the images in the metadata database.")
@ApiResponses({ @ApiResponses({
@ApiResponse(code = 200, message = "All images are listed."), @ApiResponse(code = 200, message = "All images are listed."),
...@@ -57,6 +59,7 @@ public class ImageEndpoint { ...@@ -57,6 +59,7 @@ public class ImageEndpoint {
} }
@PostMapping @PostMapping
@Transactional
@PreAuthorize("hasRole('ROLE_DEVELOPER')") @PreAuthorize("hasRole('ROLE_DEVELOPER')")
@ApiOperation(value = "Creates a new image", notes = "Creates a new image in the metadata database.") @ApiOperation(value = "Creates a new image", notes = "Creates a new image in the metadata database.")
@ApiResponses({ @ApiResponses({
...@@ -73,6 +76,7 @@ public class ImageEndpoint { ...@@ -73,6 +76,7 @@ public class ImageEndpoint {
} }
@GetMapping("/{id}") @GetMapping("/{id}")
@Transactional(readOnly = true)
@ApiOperation(value = "Get all informations about a image", notes = "Since we follow the REST-principle, this method provides more information than the findAll method.") @ApiOperation(value = "Get all informations about a image", notes = "Since we follow the REST-principle, this method provides more information than the findAll method.")
@ApiResponses({ @ApiResponses({
@ApiResponse(code = 200, message = "Get information about container."), @ApiResponse(code = 200, message = "Get information about container."),
...@@ -86,6 +90,7 @@ public class ImageEndpoint { ...@@ -86,6 +90,7 @@ public class ImageEndpoint {
} }
@PutMapping("/{id}") @PutMapping("/{id}")
@Transactional
@PreAuthorize("hasRole('DEVELOPER')") @PreAuthorize("hasRole('DEVELOPER')")
@ApiOperation(value = "Update image information", notes = "Polls new information about an image") @ApiOperation(value = "Update image information", notes = "Polls new information about an image")
@ApiResponses({ @ApiResponses({
...@@ -94,12 +99,13 @@ public class ImageEndpoint { ...@@ -94,12 +99,13 @@ public class ImageEndpoint {
@ApiResponse(code = 404, message = "No container found with this id in metadata database."), @ApiResponse(code = 404, message = "No container found with this id in metadata database."),
}) })
public ResponseEntity<ImageDto> update(@NotNull @PathVariable Long id, @RequestBody @Valid ImageChangeDto changeDto) public ResponseEntity<ImageDto> update(@NotNull @PathVariable Long id, @RequestBody @Valid ImageChangeDto changeDto)
throws ImageNotFoundException, DockerClientException { throws ImageNotFoundException {
return ResponseEntity.status(HttpStatus.ACCEPTED) return ResponseEntity.status(HttpStatus.ACCEPTED)
.body(imageMapper.containerImageToImageDto(imageService.update(id, changeDto))); .body(imageMapper.containerImageToImageDto(imageService.update(id, changeDto)));
} }
@DeleteMapping("/{id}") @DeleteMapping("/{id}")
@Transactional
@PreAuthorize("hasRole('DEVELOPER')") @PreAuthorize("hasRole('DEVELOPER')")
@ApiOperation(value = "Delete a image") @ApiOperation(value = "Delete a image")
@ApiResponses({ @ApiResponses({
......
...@@ -26,4 +26,4 @@ eureka: ...@@ -26,4 +26,4 @@ eureka:
client.serviceUrl.defaultZone: http://fda-discovery-service:9090/eureka/ client.serviceUrl.defaultZone: http://fda-discovery-service:9090/eureka/
fda: fda:
ready.path: /ready ready.path: /ready
auth.endpoint: http://fda-authentication-service:9097 gateway.endpoint: http://fda-gateway-service:9095
\ No newline at end of file \ No newline at end of file
...@@ -26,4 +26,4 @@ eureka: ...@@ -26,4 +26,4 @@ eureka:
client.serviceUrl.defaultZone: http://localhost:9090/eureka/ client.serviceUrl.defaultZone: http://localhost:9090/eureka/
fda: fda:
ready.path: ./ready ready.path: ./ready
auth.endpoint: http://localhost:9097 gateway.endpoint: http://localhost:9095
\ No newline at end of file \ No newline at end of file
...@@ -9,13 +9,13 @@ import org.springframework.web.util.DefaultUriBuilderFactory; ...@@ -9,13 +9,13 @@ import org.springframework.web.util.DefaultUriBuilderFactory;
@Configuration @Configuration
public class GatewayConfig { public class GatewayConfig {
@Value("${fda.auth.endpoint}") @Value("${fda.gateway.endpoint}")
private String authEndpoint; private String gatewayEndpoint;
@Bean @Bean
public RestTemplate restTemplate() { public RestTemplate restTemplate() {
final RestTemplate restTemplate = new RestTemplate(); final RestTemplate restTemplate = new RestTemplate();
restTemplate.setUriTemplateHandler(new DefaultUriBuilderFactory(authEndpoint)); restTemplate.setUriTemplateHandler(new DefaultUriBuilderFactory(gatewayEndpoint));
return restTemplate; return restTemplate;
} }
......
...@@ -15,6 +15,7 @@ import org.springframework.beans.factory.annotation.Autowired; ...@@ -15,6 +15,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import javax.validation.Valid; import javax.validation.Valid;
...@@ -38,6 +39,7 @@ public class ContainerDatabaseEndpoint { ...@@ -38,6 +39,7 @@ public class ContainerDatabaseEndpoint {
} }
@GetMapping @GetMapping
@Transactional(readOnly = true)
@ApiOperation(value = "List all databases", notes = "Currently a container supports only databases of the same image, e.g. there is one PostgreSQL engine running with multiple databases inside a container.") @ApiOperation(value = "List all databases", notes = "Currently a container supports only databases of the same image, e.g. there is one PostgreSQL engine running with multiple databases inside a container.")
@ApiResponses({ @ApiResponses({
@ApiResponse(code = 200, message = "All databases running in all containers are listed."), @ApiResponse(code = 200, message = "All databases running in all containers are listed."),
...@@ -52,6 +54,7 @@ public class ContainerDatabaseEndpoint { ...@@ -52,6 +54,7 @@ public class ContainerDatabaseEndpoint {
} }
@PostMapping @PostMapping
@Transactional
@PreAuthorize("hasRole('ROLE_RESEARCHER')") @PreAuthorize("hasRole('ROLE_RESEARCHER')")
@ApiOperation(value = "Creates a new database in a container", notes = "Creates a new database in a container. Note that the backend distincts between numerical (req: categories), nominal (req: max_length) and categorical (req: max_length, siUnit, min, max, mean, median, standard_deviation, histogram) column types.") @ApiOperation(value = "Creates a new database in a container", notes = "Creates a new database in a container. Note that the backend distincts between numerical (req: categories), nominal (req: max_length) and categorical (req: max_length, siUnit, min, max, mean, median, standard_deviation, histogram) column types.")
@ApiResponses({ @ApiResponses({
...@@ -71,6 +74,7 @@ public class ContainerDatabaseEndpoint { ...@@ -71,6 +74,7 @@ public class ContainerDatabaseEndpoint {
} }
@GetMapping("/{databaseId}") @GetMapping("/{databaseId}")
@Transactional(readOnly = true)
@ApiOperation(value = "Get all information about a database") @ApiOperation(value = "Get all information about a database")
@ApiResponses({ @ApiResponses({
@ApiResponse(code = 200, message = "The database information is displayed."), @ApiResponse(code = 200, message = "The database information is displayed."),
...@@ -83,6 +87,7 @@ public class ContainerDatabaseEndpoint { ...@@ -83,6 +87,7 @@ public class ContainerDatabaseEndpoint {
} }
@DeleteMapping("/{databaseId}") @DeleteMapping("/{databaseId}")
@Transactional
@PreAuthorize("hasRole('ROLE_DEVELOPER') or hasRole('ROLE_DATA_STEWARD')") @PreAuthorize("hasRole('ROLE_DEVELOPER') or hasRole('ROLE_DATA_STEWARD')")
@ApiOperation(value = "Delete a database") @ApiOperation(value = "Delete a database")
@ApiResponses({ @ApiResponses({
......
...@@ -31,4 +31,4 @@ eureka: ...@@ -31,4 +31,4 @@ eureka:
fda: fda:
elastic.endpoint: fda-search-service:9200 elastic.endpoint: fda-search-service:9200
ready.path: /ready ready.path: /ready
auth.endpoint: http://fda-authentication-service:9097 gateway.endpoint: http://fda-gateway-service:9095
\ No newline at end of file \ No newline at end of file
...@@ -31,4 +31,4 @@ eureka: ...@@ -31,4 +31,4 @@ eureka:
fda: fda:
elastic.endpoint: localhost:9200 elastic.endpoint: localhost:9200
ready.path: ./ready ready.path: ./ready
auth.endpoint: http://localhost:9097 gateway.endpoint: http://fda-gateway-service:9095
\ No newline at end of file \ No newline at end of file
...@@ -9,13 +9,13 @@ import org.springframework.web.util.DefaultUriBuilderFactory; ...@@ -9,13 +9,13 @@ import org.springframework.web.util.DefaultUriBuilderFactory;
@Configuration @Configuration
public class GatewayConfig { public class GatewayConfig {
@Value("${fda.auth.endpoint}") @Value("${fda.gateway.endpoint}")
private String authEndpoint; private String gatewayEndpoint;
@Bean @Bean
public RestTemplate restTemplate() { public RestTemplate restTemplate() {
final RestTemplate restTemplate = new RestTemplate(); final RestTemplate restTemplate = new RestTemplate();
restTemplate.setUriTemplateHandler(new DefaultUriBuilderFactory(authEndpoint)); restTemplate.setUriTemplateHandler(new DefaultUriBuilderFactory(gatewayEndpoint));
return restTemplate; return restTemplate;
} }
......
...@@ -57,7 +57,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { ...@@ -57,7 +57,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
/* set permissions on endpoints */ /* set permissions on endpoints */
http.authorizeRequests() http.authorizeRequests()
/* our public endpoints */ /* our public endpoints */
.antMatchers(HttpMethod.GET, "container/**/database/**").permitAll() .antMatchers(HttpMethod.GET, "/api/container/**/database/**").permitAll()
/* our private endpoints */ /* our private endpoints */
.anyRequest().authenticated(); .anyRequest().authenticated();
/* add JWT token filter */ /* add JWT token filter */
......
...@@ -26,6 +26,4 @@ eureka: ...@@ -26,6 +26,4 @@ eureka:
client.serviceUrl.defaultZone: http://fda-discovery-service:9090/eureka/ client.serviceUrl.defaultZone: http://fda-discovery-service:9090/eureka/
fda: fda:
ready.path: /ready ready.path: /ready
mapping.path: /root
table.path: /root
gateway.endpoint: http://fda-gateway-service:9095 gateway.endpoint: http://fda-gateway-service:9095
\ No newline at end of file
...@@ -26,6 +26,4 @@ eureka: ...@@ -26,6 +26,4 @@ eureka:
client.serviceUrl.defaultZone: http://localhost:9090/eureka/ client.serviceUrl.defaultZone: http://localhost:9090/eureka/
fda: fda:
ready.path: ~/ ready.path: ~/
mapping.path: rest-service/src/main/resources
table.path: rest-service/src/main/java/at/tuwien/userdb
gateway.endpoint: http://fda-gateway-service:9095 gateway.endpoint: http://fda-gateway-service:9095
\ No newline at end of file
...@@ -9,13 +9,13 @@ import org.springframework.web.util.DefaultUriBuilderFactory; ...@@ -9,13 +9,13 @@ import org.springframework.web.util.DefaultUriBuilderFactory;
@Configuration @Configuration
public class GatewayConfig { public class GatewayConfig {
@Value("${fda.auth.endpoint}") @Value("${fda.gateway.endpoint}")
private String authEndpoint; private String gatewayEndpoint;
@Bean @Bean
public RestTemplate restTemplate() { public RestTemplate restTemplate() {
final RestTemplate restTemplate = new RestTemplate(); final RestTemplate restTemplate = new RestTemplate();
restTemplate.setUriTemplateHandler(new DefaultUriBuilderFactory(authEndpoint)); restTemplate.setUriTemplateHandler(new DefaultUriBuilderFactory(gatewayEndpoint));
return restTemplate; return restTemplate;
} }
......
...@@ -13,6 +13,8 @@ import org.springframework.core.io.InputStreamResource; ...@@ -13,6 +13,8 @@ import org.springframework.core.io.InputStreamResource;
import org.springframework.http.HttpHeaders; import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import javax.validation.Valid; import javax.validation.Valid;
...@@ -34,6 +36,8 @@ public class DataEndpoint { ...@@ -34,6 +36,8 @@ public class DataEndpoint {
} }
@PostMapping("/api/container/{id}/database/{databaseId}/table/{tableId}/data") @PostMapping("/api/container/{id}/database/{databaseId}/table/{tableId}/data")
@PreAuthorize("hasRole('ROLE_RESEARCHER')")
@Transactional
@ApiOperation(value = "Insert values", notes = "Insert Data into a Table in the database. When the location string is set, the data argument is ignored and the location is used as data input") @ApiOperation(value = "Insert values", notes = "Insert Data into a Table in the database. When the location string is set, the data argument is ignored and the location is used as data input")
@ApiResponses({ @ApiResponses({
@ApiResponse(code = 201, message = "Updated the table."), @ApiResponse(code = 201, message = "Updated the table."),
...@@ -64,6 +68,7 @@ public class DataEndpoint { ...@@ -64,6 +68,7 @@ public class DataEndpoint {
} }
@GetMapping("/api/container/{id}/database/{databaseId}/table/{tableId}/data") @GetMapping("/api/container/{id}/database/{databaseId}/table/{tableId}/data")
@Transactional(readOnly = true)
@ApiOperation(value = "Get values", notes = "Get Data from a Table in the database.") @ApiOperation(value = "Get values", notes = "Get Data from a Table in the database.")
@ApiResponses({ @ApiResponses({
@ApiResponse(code = 200, message = "Get data from the table."), @ApiResponse(code = 200, message = "Get data from the table."),
...@@ -100,6 +105,7 @@ public class DataEndpoint { ...@@ -100,6 +105,7 @@ public class DataEndpoint {
} }
@RequestMapping(value = "/api/container/{id}/database/{databaseId}/table/{tableId}/data", method = RequestMethod.HEAD) @RequestMapping(value = "/api/container/{id}/database/{databaseId}/table/{tableId}/data", method = RequestMethod.HEAD)
@Transactional(readOnly = true)
@ApiOperation(value = "Get values", notes = "Get Data Count from a Table in the database.") @ApiOperation(value = "Get values", notes = "Get Data Count from a Table in the database.")
@ApiResponses({ @ApiResponses({
@ApiResponse(code = 200, message = "Get data from the table."), @ApiResponse(code = 200, message = "Get data from the table."),
...@@ -125,6 +131,7 @@ public class DataEndpoint { ...@@ -125,6 +131,7 @@ public class DataEndpoint {
* todo use dbs internal export functionality * todo use dbs internal export functionality
*/ */
@GetMapping(value = "/api/container/{id}/database/{databaseId}/table/{tableId}/export") @GetMapping(value = "/api/container/{id}/database/{databaseId}/table/{tableId}/export")
@Transactional(readOnly = true)
@ApiOperation(value = "Download export", notes = "Get Data from a Table in the database.") @ApiOperation(value = "Download export", notes = "Get Data from a Table in the database.")
@ApiResponses({ @ApiResponses({
@ApiResponse(code = 200, message = "Get data from the table."), @ApiResponse(code = 200, message = "Get data from the table."),
......
...@@ -13,6 +13,8 @@ import lombok.extern.log4j.Log4j2; ...@@ -13,6 +13,8 @@ import lombok.extern.log4j.Log4j2;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import javax.validation.Valid; import javax.validation.Valid;
...@@ -35,6 +37,8 @@ public class QueryEndpoint { ...@@ -35,6 +37,8 @@ public class QueryEndpoint {
} }
@PutMapping("/execute") @PutMapping("/execute")
@Transactional
@PreAuthorize("hasRole('ROLE_RESEARCHER')")
@ApiOperation(value = "executes a query and save the results") @ApiOperation(value = "executes a query and save the results")
@ApiResponses(value = { @ApiResponses(value = {
@ApiResponse(code = 200, message = "Executed the query, Saved it and return the results"), @ApiResponse(code = 200, message = "Executed the query, Saved it and return the results"),
...@@ -63,6 +67,8 @@ public class QueryEndpoint { ...@@ -63,6 +67,8 @@ public class QueryEndpoint {
} }
@PostMapping("/save") @PostMapping("/save")
@Transactional
@PreAuthorize("hasRole('ROLE_RESEARCHER')")
@ApiOperation(value = "saves a query without execution") @ApiOperation(value = "saves a query without execution")
@ApiResponses(value = { @ApiResponses(value = {
@ApiResponse(code = 200, message = "Executed the query, Saved it and return the results"), @ApiResponse(code = 200, message = "Executed the query, Saved it and return the results"),
...@@ -81,6 +87,8 @@ public class QueryEndpoint { ...@@ -81,6 +87,8 @@ public class QueryEndpoint {
} }
@PutMapping("/execute/{queryId}") @PutMapping("/execute/{queryId}")
@Transactional
@PreAuthorize("hasRole('ROLE_RESEARCHER')")
@ApiOperation(value = "re-executes a query by given id") @ApiOperation(value = "re-executes a query by given id")
@ApiResponses(value = { @ApiResponses(value = {
@ApiResponse(code = 200, message = "Re-Execute a saved query and return the results"), @ApiResponse(code = 200, message = "Re-Execute a saved query and return the results"),
......
...@@ -10,6 +10,7 @@ import io.swagger.annotations.ApiResponse; ...@@ -10,6 +10,7 @@ import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses; import io.swagger.annotations.ApiResponses;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import javax.validation.constraints.NotNull; import javax.validation.constraints.NotNull;
...@@ -29,6 +30,7 @@ public class StoreEndpoint { ...@@ -29,6 +30,7 @@ public class StoreEndpoint {
} }
@GetMapping @GetMapping
@Transactional(readOnly = true)
@ApiOperation(value = "List all queries", notes = "Lists all already executed queries") @ApiOperation(value = "List all queries", notes = "Lists all already executed queries")
@ApiResponses({ @ApiResponses({
@ApiResponse(code = 200, message = "All queries are listed."), @ApiResponse(code = 200, message = "All queries are listed."),
...@@ -43,6 +45,7 @@ public class StoreEndpoint { ...@@ -43,6 +45,7 @@ public class StoreEndpoint {
} }
@GetMapping("/{queryId}") @GetMapping("/{queryId}")
@Transactional(readOnly = true)
@ApiOperation(value = "Find a query", notes = "Find a query") @ApiOperation(value = "Find a query", notes = "Find a query")
@ApiResponses({ @ApiResponses({
@ApiResponse(code = 200, message = "All queries are listed."), @ApiResponse(code = 200, message = "All queries are listed."),
......
package at.tuwien.endpoint; package at.tuwien.endpoint;
import at.tuwien.api.database.VersionDto; import at.tuwien.api.database.VersionDto;
import at.tuwien.api.database.query.QueryResultDto;
import at.tuwien.exception.*; import at.tuwien.exception.*;
import at.tuwien.mapper.StoreMapper; import at.tuwien.mapper.StoreMapper;
import at.tuwien.querystore.Version; import at.tuwien.querystore.Version;
...@@ -12,9 +11,9 @@ import io.swagger.annotations.ApiResponses; ...@@ -12,9 +11,9 @@ import io.swagger.annotations.ApiResponses;
import lombok.extern.log4j.Log4j2; import lombok.extern.log4j.Log4j2;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import javax.transaction.Transactional;
import javax.validation.constraints.NotNull; import javax.validation.constraints.NotNull;
import java.util.List; import java.util.List;
import java.util.stream.Collectors; import java.util.stream.Collectors;
...@@ -34,8 +33,8 @@ public class VersionEndpoint { ...@@ -34,8 +33,8 @@ public class VersionEndpoint {
this.storeMapper = storeMapper; this.storeMapper = storeMapper;
} }
@Transactional
@GetMapping @GetMapping
@Transactional(readOnly = true)
@ApiOperation(value = "Get values", notes = "Get Data from a Table in the database.") @ApiOperation(value = "Get values", notes = "Get Data from a Table in the database.")
@ApiResponses({ @ApiResponses({
@ApiResponse(code = 200, message = "Get data from the table."), @ApiResponse(code = 200, message = "Get data from the table."),
......
...@@ -9,13 +9,13 @@ import org.springframework.web.util.DefaultUriBuilderFactory; ...@@ -9,13 +9,13 @@ import org.springframework.web.util.DefaultUriBuilderFactory;
@Configuration @Configuration
public class GatewayConfig { public class GatewayConfig {
@Value("${fda.auth.endpoint}") @Value("${fda.gateway.endpoint}")
private String authEndpoint; private String gatewayEndpoint;
@Bean @Bean
public RestTemplate restTemplate() { public RestTemplate restTemplate() {
final RestTemplate restTemplate = new RestTemplate(); final RestTemplate restTemplate = new RestTemplate();
restTemplate.setUriTemplateHandler(new DefaultUriBuilderFactory(authEndpoint)); restTemplate.setUriTemplateHandler(new DefaultUriBuilderFactory(gatewayEndpoint));
return restTemplate; return restTemplate;
} }
......
...@@ -58,6 +58,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { ...@@ -58,6 +58,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
http.authorizeRequests() http.authorizeRequests()
/* our public endpoints */ /* our public endpoints */
.antMatchers(HttpMethod.GET, "/api/container/**/database/data/**").permitAll() .antMatchers(HttpMethod.GET, "/api/container/**/database/data/**").permitAll()
.antMatchers(HttpMethod.GET, "/api/container/**/database/**/table/**/data/**").permitAll()
.antMatchers(HttpMethod.GET, "/api/container/**/database/**/table/**/export/**").permitAll()
.antMatchers(HttpMethod.GET, "/api/container/**/database/query/**").permitAll() .antMatchers(HttpMethod.GET, "/api/container/**/database/query/**").permitAll()
.antMatchers(HttpMethod.GET, "/api/container/**/database/**/query/**").permitAll() .antMatchers(HttpMethod.GET, "/api/container/**/database/**/query/**").permitAll()
.antMatchers(HttpMethod.GET, "/api/container/**/database/**/version/**").permitAll() .antMatchers(HttpMethod.GET, "/api/container/**/database/**/version/**").permitAll()
......
...@@ -42,6 +42,7 @@ public class TableEndpoint { ...@@ -42,6 +42,7 @@ public class TableEndpoint {
} }
@GetMapping @GetMapping
@Transactional(readOnly = true)
@ApiOperation(value = "List all tables", notes = "Lists the tables in the metadata database for this database.") @ApiOperation(value = "List all tables", notes = "Lists the tables in the metadata database for this database.")
@ApiResponses({ @ApiResponses({
@ApiResponse(code = 200, message = "All tables are listed."), @ApiResponse(code = 200, message = "All tables are listed."),
...@@ -57,6 +58,7 @@ public class TableEndpoint { ...@@ -57,6 +58,7 @@ public class TableEndpoint {
} }
@PostMapping @PostMapping
@Transactional
@PreAuthorize("hasRole('ROLE_RESEARCHER')") @PreAuthorize("hasRole('ROLE_RESEARCHER')")
@ApiOperation(value = "Create a table", notes = "Creates a new table for a database, requires a running container.") @ApiOperation(value = "Create a table", notes = "Creates a new table for a database, requires a running container.")
@ApiResponses({ @ApiResponses({
...@@ -81,6 +83,7 @@ public class TableEndpoint { ...@@ -81,6 +83,7 @@ public class TableEndpoint {
@GetMapping("/{tableId}") @GetMapping("/{tableId}")
@Transactional(readOnly = true)
@ApiOperation(value = "Get information about table", notes = "Lists the information of a table from the metadata database for this database.") @ApiOperation(value = "Get information about table", notes = "Lists the information of a table from the metadata database for this database.")
@ApiResponses({ @ApiResponses({
@ApiResponse(code = 200, message = "All tables are listed."), @ApiResponse(code = 200, message = "All tables are listed."),
...@@ -96,6 +99,7 @@ public class TableEndpoint { ...@@ -96,6 +99,7 @@ public class TableEndpoint {
} }
@PutMapping("/{tableId}") @PutMapping("/{tableId}")
@Transactional
@ApiOperation(value = "Update a table", notes = "Update a table in the database.") @ApiOperation(value = "Update a table", notes = "Update a table in the database.")
@ApiResponses({ @ApiResponses({
@ApiResponse(code = 200, message = "Updated the table."), @ApiResponse(code = 200, message = "Updated the table."),
...@@ -111,6 +115,7 @@ public class TableEndpoint { ...@@ -111,6 +115,7 @@ public class TableEndpoint {
} }
@DeleteMapping("/{tableId}") @DeleteMapping("/{tableId}")
@Transactional
@PreAuthorize("hasRole('ROLE_DEVELOPER') or hasRole('ROLE_DATA_STEWARD')") @PreAuthorize("hasRole('ROLE_DEVELOPER') or hasRole('ROLE_DATA_STEWARD')")
@ApiOperation(value = "Delete a table", notes = "Delete a table in the database.") @ApiOperation(value = "Delete a table", notes = "Delete a table in the database.")
@ApiResponses({ @ApiResponses({
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment