Updated permissions and endpoints for auth service

2ded327f · Martin Weise · fc4e3bb6 · 2ded327f · 2ded327f · 2ded327f
Unverified Commit 2ded327f authored Feb 6, 2022 by Martin Weise
--- a/fda-container-service/rest-service/src/main/java/at/tuwien/endpoints/ContainerEndpoint.java
+++ b/fda-container-service/rest-service/src/main/java/at/tuwien/endpoints/ContainerEndpoint.java
@@ -13,6 +13,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.*;
 import javax.validation.Valid;
@@ -38,6 +39,7 @@ public class ContainerEndpoint {
    }
    @GetMapping
+    @Transactional(readOnly = true)
    @ApiOperation(value = "List all containers", notes = "Lists the containers in the metadata database.")
    @ApiResponses({
            @ApiResponse(code = 200, message = "All containers are listed."),
@@ -52,6 +54,7 @@ public class ContainerEndpoint {
    }
    @PostMapping
+    @Transactional
    @PreAuthorize("hasRole('ROLE_RESEARCHER')")
    @ApiOperation(value = "Creates a new container", notes = "Creates a new container whose image is registered in the metadata database too.")
    @ApiResponses({
@@ -69,6 +72,7 @@ public class ContainerEndpoint {
    }
    @GetMapping("/{id}")
+    @Transactional(readOnly = true)
    @ApiOperation(value = "Get all information about a container", notes = "Since we follow the REST-principle, this method provides more information than the findAll method.")
    @ApiResponses({
            @ApiResponse(code = 200, message = "Get information about container."),
@@ -83,6 +87,7 @@ public class ContainerEndpoint {
    }
    @PutMapping("/{id}")
+    @Transactional
    @PreAuthorize("hasRole('ROLE_RESEARCHER')")
    @ApiOperation(value = "Change the state of a container", notes = "The new state can only be one of START/STOP.")
    @ApiResponses({
@@ -105,6 +110,7 @@ public class ContainerEndpoint {
    }
    @DeleteMapping("/{id}")
+    @Transactional
    @ApiOperation(value = "Delete a container")
    @PreAuthorize("hasRole('ROLE_DATA_STEWARD')")
    @ApiResponses({

--- a/fda-container-service/rest-service/src/main/java/at/tuwien/endpoints/ImageEndpoint.java
+++ b/fda-container-service/rest-service/src/main/java/at/tuwien/endpoints/ImageEndpoint.java
@@ -19,6 +19,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.*;
 import javax.validation.Valid;
@@ -43,6 +44,7 @@ public class ImageEndpoint {
    }
    @GetMapping
+    @Transactional(readOnly = true)
    @ApiOperation(value = "List all images", notes = "Lists the images in the metadata database.")
    @ApiResponses({
            @ApiResponse(code = 200, message = "All images are listed."),
@@ -57,6 +59,7 @@ public class ImageEndpoint {
    }
    @PostMapping
+    @Transactional
    @PreAuthorize("hasRole('ROLE_DEVELOPER')")
    @ApiOperation(value = "Creates a new image", notes = "Creates a new image in the metadata database.")
    @ApiResponses({
@@ -73,6 +76,7 @@ public class ImageEndpoint {
    }
    @GetMapping("/{id}")
+    @Transactional(readOnly = true)
    @ApiOperation(value = "Get all informations about a image", notes = "Since we follow the REST-principle, this method provides more information than the findAll method.")
    @ApiResponses({
            @ApiResponse(code = 200, message = "Get information about container."),
@@ -86,6 +90,7 @@ public class ImageEndpoint {
    }
    @PutMapping("/{id}")
+    @Transactional
    @PreAuthorize("hasRole('DEVELOPER')")
    @ApiOperation(value = "Update image information", notes = "Polls new information about an image")
    @ApiResponses({
@@ -94,12 +99,13 @@ public class ImageEndpoint {
            @ApiResponse(code = 404, message = "No container found with this id in metadata database."),
    })
    public ResponseEntity<ImageDto> update(@NotNull @PathVariable Long id, @RequestBody @Valid ImageChangeDto changeDto)
-            throws ImageNotFoundException, DockerClientException {
+            throws ImageNotFoundException {
        return ResponseEntity.status(HttpStatus.ACCEPTED)
                .body(imageMapper.containerImageToImageDto(imageService.update(id, changeDto)));
    }
    @DeleteMapping("/{id}")
+    @Transactional
    @PreAuthorize("hasRole('DEVELOPER')")
    @ApiOperation(value = "Delete a image")
    @ApiResponses({

--- a/fda-container-service/rest-service/src/main/resources/application-docker.yml
+++ b/fda-container-service/rest-service/src/main/resources/application-docker.yml
@@ -26,4 +26,4 @@ eureka:
  client.serviceUrl.defaultZone: http://fda-discovery-service:9090/eureka/
 fda:
  ready.path: /ready
-  auth.endpoint: http://fda-authentication-service:9097
+  gateway.endpoint: http://fda-gateway-service:9095
\ No newline at end of file
--- a/fda-container-service/rest-service/src/main/resources/application.yml
+++ b/fda-container-service/rest-service/src/main/resources/application.yml
@@ -26,4 +26,4 @@ eureka:
  client.serviceUrl.defaultZone: http://localhost:9090/eureka/
 fda:
  ready.path: ./ready
-  auth.endpoint: http://localhost:9097
+  gateway.endpoint: http://localhost:9095
\ No newline at end of file
--- a/fda-container-service/services/src/main/java/at/tuwien/config/GatewayConfig.java
+++ b/fda-container-service/services/src/main/java/at/tuwien/config/GatewayConfig.java
@@ -9,13 +9,13 @@ import org.springframework.web.util.DefaultUriBuilderFactory;
 @Configuration
 public class GatewayConfig {
-    @Value("${fda.auth.endpoint}")
+    @Value("${fda.gateway.endpoint}")
-    private String authEndpoint;
+    private String gatewayEndpoint;
    @Bean
    public RestTemplate restTemplate() {
        final RestTemplate restTemplate =  new RestTemplate();
-        restTemplate.setUriTemplateHandler(new DefaultUriBuilderFactory(authEndpoint));
+        restTemplate.setUriTemplateHandler(new DefaultUriBuilderFactory(gatewayEndpoint));
        return restTemplate;
    }

--- a/fda-database-service/rest-service/src/main/java/at/tuwien/endpoints/ContainerDatabaseEndpoint.java
+++ b/fda-database-service/rest-service/src/main/java/at/tuwien/endpoints/ContainerDatabaseEndpoint.java
@@ -15,6 +15,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.*;
 import javax.validation.Valid;
@@ -38,6 +39,7 @@ public class ContainerDatabaseEndpoint {
    }
    @GetMapping
+    @Transactional(readOnly = true)
    @ApiOperation(value = "List all databases", notes = "Currently a container supports only databases of the same image, e.g. there is one PostgreSQL engine running with multiple databases inside a container.")
    @ApiResponses({
            @ApiResponse(code = 200, message = "All databases running in all containers are listed."),
@@ -52,6 +54,7 @@ public class ContainerDatabaseEndpoint {
    }
    @PostMapping
+    @Transactional
    @PreAuthorize("hasRole('ROLE_RESEARCHER')")
    @ApiOperation(value = "Creates a new database in a container", notes = "Creates a new database in a container. Note that the backend distincts between numerical (req: categories), nominal (req: max_length) and categorical (req: max_length, siUnit, min, max, mean, median, standard_deviation, histogram) column types.")
    @ApiResponses({
@@ -71,6 +74,7 @@ public class ContainerDatabaseEndpoint {
    }
    @GetMapping("/{databaseId}")
+    @Transactional(readOnly = true)
    @ApiOperation(value = "Get all information about a database")
    @ApiResponses({
            @ApiResponse(code = 200, message = "The database information is displayed."),
@@ -83,6 +87,7 @@ public class ContainerDatabaseEndpoint {
    }
    @DeleteMapping("/{databaseId}")
+    @Transactional
    @PreAuthorize("hasRole('ROLE_DEVELOPER') or hasRole('ROLE_DATA_STEWARD')")
    @ApiOperation(value = "Delete a database")
    @ApiResponses({

--- a/fda-database-service/rest-service/src/main/resources/application-docker.yml
+++ b/fda-database-service/rest-service/src/main/resources/application-docker.yml
@@ -31,4 +31,4 @@ eureka:
 fda:
  elastic.endpoint: fda-search-service:9200
  ready.path: /ready
-  auth.endpoint: http://fda-authentication-service:9097
+  gateway.endpoint: http://fda-gateway-service:9095
\ No newline at end of file
--- a/fda-database-service/rest-service/src/main/resources/application.yml
+++ b/fda-database-service/rest-service/src/main/resources/application.yml
@@ -31,4 +31,4 @@ eureka:
 fda:
  elastic.endpoint: localhost:9200
  ready.path: ./ready
-  auth.endpoint: http://localhost:9097
+  gateway.endpoint: http://fda-gateway-service:9095
\ No newline at end of file
--- a/fda-database-service/services/src/main/java/at/tuwien/config/GatewayConfig.java
+++ b/fda-database-service/services/src/main/java/at/tuwien/config/GatewayConfig.java
@@ -9,13 +9,13 @@ import org.springframework.web.util.DefaultUriBuilderFactory;
 @Configuration
 public class GatewayConfig {
-    @Value("${fda.auth.endpoint}")
+    @Value("${fda.gateway.endpoint}")
-    private String authEndpoint;
+    private String gatewayEndpoint;
    @Bean
    public RestTemplate restTemplate() {
        final RestTemplate restTemplate =  new RestTemplate();
-        restTemplate.setUriTemplateHandler(new DefaultUriBuilderFactory(authEndpoint));
+        restTemplate.setUriTemplateHandler(new DefaultUriBuilderFactory(gatewayEndpoint));
        return restTemplate;
    }

--- a/fda-database-service/services/src/main/java/at/tuwien/config/WebSecurityConfig.java
+++ b/fda-database-service/services/src/main/java/at/tuwien/config/WebSecurityConfig.java
@@ -57,7 +57,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        /* set permissions on endpoints */
        http.authorizeRequests()
                /* our public endpoints */
-                .antMatchers(HttpMethod.GET, "container/**/database/**").permitAll()
+                .antMatchers(HttpMethod.GET, "/api/container/**/database/**").permitAll()
                /* our private endpoints */
                .anyRequest().authenticated();
        /* add JWT token filter */

--- a/fda-identifier-service/rest-service/src/main/resources/application-docker.yml
+++ b/fda-identifier-service/rest-service/src/main/resources/application-docker.yml
@@ -26,6 +26,4 @@ eureka:
  client.serviceUrl.defaultZone: http://fda-discovery-service:9090/eureka/
 fda:
  ready.path: /ready
-  mapping.path: /root
-  table.path: /root
  gateway.endpoint: http://fda-gateway-service:9095
\ No newline at end of file
--- a/fda-identifier-service/rest-service/src/main/resources/application.yml
+++ b/fda-identifier-service/rest-service/src/main/resources/application.yml
@@ -26,6 +26,4 @@ eureka:
  client.serviceUrl.defaultZone: http://localhost:9090/eureka/
 fda:
  ready.path: ~/
-  mapping.path: rest-service/src/main/resources
-  table.path: rest-service/src/main/java/at/tuwien/userdb
  gateway.endpoint: http://fda-gateway-service:9095
\ No newline at end of file
--- a/fda-identifier-service/services/src/main/java/at/tuwien/config/GatewayConfig.java
+++ b/fda-identifier-service/services/src/main/java/at/tuwien/config/GatewayConfig.java
@@ -9,13 +9,13 @@ import org.springframework.web.util.DefaultUriBuilderFactory;
 @Configuration
 public class GatewayConfig {
-    @Value("${fda.auth.endpoint}")
+    @Value("${fda.gateway.endpoint}")
-    private String authEndpoint;
+    private String gatewayEndpoint;
    @Bean
    public RestTemplate restTemplate() {
        final RestTemplate restTemplate =  new RestTemplate();
-        restTemplate.setUriTemplateHandler(new DefaultUriBuilderFactory(authEndpoint));
+        restTemplate.setUriTemplateHandler(new DefaultUriBuilderFactory(gatewayEndpoint));
        return restTemplate;
    }

--- a/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/DataEndpoint.java
+++ b/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/DataEndpoint.java
@@ -13,6 +13,8 @@ import org.springframework.core.io.InputStreamResource;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.*;
 import javax.validation.Valid;
@@ -34,6 +36,8 @@ public class DataEndpoint {
    }
    @PostMapping("/api/container/{id}/database/{databaseId}/table/{tableId}/data")
+    @PreAuthorize("hasRole('ROLE_RESEARCHER')")
+    @Transactional
    @ApiOperation(value = "Insert values", notes = "Insert Data into a Table in the database. When the location string is set, the data argument is ignored and the location is used as data input")
    @ApiResponses({
            @ApiResponse(code = 201, message = "Updated the table."),
@@ -64,6 +68,7 @@ public class DataEndpoint {
    }
    @GetMapping("/api/container/{id}/database/{databaseId}/table/{tableId}/data")
+    @Transactional(readOnly = true)
    @ApiOperation(value = "Get values", notes = "Get Data from a Table in the database.")
    @ApiResponses({
            @ApiResponse(code = 200, message = "Get data from the table."),
@@ -100,6 +105,7 @@ public class DataEndpoint {
    }
    @RequestMapping(value = "/api/container/{id}/database/{databaseId}/table/{tableId}/data", method = RequestMethod.HEAD)
+    @Transactional(readOnly = true)
    @ApiOperation(value = "Get values", notes = "Get Data Count from a Table in the database.")
    @ApiResponses({
            @ApiResponse(code = 200, message = "Get data from the table."),
@@ -125,6 +131,7 @@ public class DataEndpoint {
     * todo use dbs internal export functionality
     */
    @GetMapping(value = "/api/container/{id}/database/{databaseId}/table/{tableId}/export")
+    @Transactional(readOnly = true)
    @ApiOperation(value = "Download export", notes = "Get Data from a Table in the database.")
    @ApiResponses({
            @ApiResponse(code = 200, message = "Get data from the table."),

--- a/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/QueryEndpoint.java
+++ b/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/QueryEndpoint.java
@@ -13,6 +13,8 @@ import lombok.extern.log4j.Log4j2;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.*;
 import javax.validation.Valid;
@@ -35,6 +37,8 @@ public class QueryEndpoint {
    }
    @PutMapping("/execute")
+    @Transactional
+    @PreAuthorize("hasRole('ROLE_RESEARCHER')")
    @ApiOperation(value = "executes a query and save the results")
    @ApiResponses(value = {
            @ApiResponse(code = 200, message = "Executed the query, Saved it and return the results"),
@@ -63,6 +67,8 @@ public class QueryEndpoint {
    }
    @PostMapping("/save")
+    @Transactional
+    @PreAuthorize("hasRole('ROLE_RESEARCHER')")
    @ApiOperation(value = "saves a query without execution")
    @ApiResponses(value = {
            @ApiResponse(code = 200, message = "Executed the query, Saved it and return the results"),
@@ -81,6 +87,8 @@ public class QueryEndpoint {
    }
    @PutMapping("/execute/{queryId}")
+    @Transactional
+    @PreAuthorize("hasRole('ROLE_RESEARCHER')")
    @ApiOperation(value = "re-executes a query by given id")
    @ApiResponses(value = {
            @ApiResponse(code = 200, message = "Re-Execute a saved query and return the results"),

--- a/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/StoreEndpoint.java
+++ b/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/StoreEndpoint.java
@@ -10,6 +10,7 @@ import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
+import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.*;
 import javax.validation.constraints.NotNull;
@@ -29,6 +30,7 @@ public class StoreEndpoint {
    }
    @GetMapping
+    @Transactional(readOnly = true)
    @ApiOperation(value = "List all queries", notes = "Lists all already executed queries")
    @ApiResponses({
            @ApiResponse(code = 200, message = "All queries are listed."),
@@ -43,6 +45,7 @@ public class StoreEndpoint {
    }
    @GetMapping("/{queryId}")
+    @Transactional(readOnly = true)
    @ApiOperation(value = "Find a query", notes = "Find a query")
    @ApiResponses({
            @ApiResponse(code = 200, message = "All queries are listed."),

--- a/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/VersionEndpoint.java
+++ b/fda-query-service/rest-service/src/main/java/at/tuwien/endpoint/VersionEndpoint.java
 package at.tuwien.endpoint;
 import at.tuwien.api.database.VersionDto;
-import at.tuwien.api.database.query.QueryResultDto;
 import at.tuwien.exception.*;
 import at.tuwien.mapper.StoreMapper;
 import at.tuwien.querystore.Version;
@@ -12,9 +11,9 @@ import io.swagger.annotations.ApiResponses;
 import lombok.extern.log4j.Log4j2;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
+import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.*;
-import javax.transaction.Transactional;
 import javax.validation.constraints.NotNull;
 import java.util.List;
 import java.util.stream.Collectors;
@@ -34,8 +33,8 @@ public class VersionEndpoint {
        this.storeMapper = storeMapper;
    }
-    @Transactional
    @GetMapping
+    @Transactional(readOnly = true)
    @ApiOperation(value = "Get values", notes = "Get Data from a Table in the database.")
    @ApiResponses({
            @ApiResponse(code = 200, message = "Get data from the table."),

--- a/fda-query-service/services/src/main/java/at/tuwien/config/GatewayConfig.java
+++ b/fda-query-service/services/src/main/java/at/tuwien/config/GatewayConfig.java
@@ -9,13 +9,13 @@ import org.springframework.web.util.DefaultUriBuilderFactory;
 @Configuration
 public class GatewayConfig {
-    @Value("${fda.auth.endpoint}")
+    @Value("${fda.gateway.endpoint}")
-    private String authEndpoint;
+    private String gatewayEndpoint;
    @Bean
    public RestTemplate restTemplate() {
        final RestTemplate restTemplate =  new RestTemplate();
-        restTemplate.setUriTemplateHandler(new DefaultUriBuilderFactory(authEndpoint));
+        restTemplate.setUriTemplateHandler(new DefaultUriBuilderFactory(gatewayEndpoint));
        return restTemplate;
    }

--- a/fda-query-service/services/src/main/java/at/tuwien/config/WebSecurityConfig.java
+++ b/fda-query-service/services/src/main/java/at/tuwien/config/WebSecurityConfig.java
@@ -58,6 +58,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        http.authorizeRequests()
                /* our public endpoints */
                .antMatchers(HttpMethod.GET, "/api/container/**/database/data/**").permitAll()
+                .antMatchers(HttpMethod.GET, "/api/container/**/database/**/table/**/data/**").permitAll()
+                .antMatchers(HttpMethod.GET, "/api/container/**/database/**/table/**/export/**").permitAll()
                .antMatchers(HttpMethod.GET, "/api/container/**/database/query/**").permitAll()
                .antMatchers(HttpMethod.GET, "/api/container/**/database/**/query/**").permitAll()
                .antMatchers(HttpMethod.GET, "/api/container/**/database/**/version/**").permitAll()

--- a/fda-table-service/rest-service/src/main/java/at/tuwien/endpoints/TableEndpoint.java
+++ b/fda-table-service/rest-service/src/main/java/at/tuwien/endpoints/TableEndpoint.java
@@ -42,6 +42,7 @@ public class TableEndpoint {
    }
    @GetMapping
+    @Transactional(readOnly = true)
    @ApiOperation(value = "List all tables", notes = "Lists the tables in the metadata database for this database.")
    @ApiResponses({
            @ApiResponse(code = 200, message = "All tables are listed."),
@@ -57,6 +58,7 @@ public class TableEndpoint {
    }
    @PostMapping
+    @Transactional
    @PreAuthorize("hasRole('ROLE_RESEARCHER')")
    @ApiOperation(value = "Create a table", notes = "Creates a new table for a database, requires a running container.")
    @ApiResponses({
@@ -81,6 +83,7 @@ public class TableEndpoint {
    @GetMapping("/{tableId}")
+    @Transactional(readOnly = true)
    @ApiOperation(value = "Get information about table", notes = "Lists the information of a table from the metadata database for this database.")
    @ApiResponses({
            @ApiResponse(code = 200, message = "All tables are listed."),
@@ -96,6 +99,7 @@ public class TableEndpoint {
    }
    @PutMapping("/{tableId}")
+    @Transactional
    @ApiOperation(value = "Update a table", notes = "Update a table in the database.")
    @ApiResponses({
            @ApiResponse(code = 200, message = "Updated the table."),
@@ -111,6 +115,7 @@ public class TableEndpoint {
    }
    @DeleteMapping("/{tableId}")
+    @Transactional
    @PreAuthorize("hasRole('ROLE_DEVELOPER') or hasRole('ROLE_DATA_STEWARD')")
    @ApiOperation(value = "Delete a table", notes = "Delete a table in the database.")
    @ApiResponses({