Example 6 with Dac
use of org.broadinstitute.consent.http.models.Dac in project consent by DataBiosphere.
the class DacResource method addDacChair.
@POST
@Path("{dacId}/chair/{userId}")
@RolesAllowed({ ADMIN, CHAIRPERSON })
public Response addDacChair(@Auth AuthUser authUser, @PathParam("dacId") Integer dacId, @PathParam("userId") Integer userId) {
checkUserExistsInDac(dacId, userId);
Role role = dacService.getChairpersonRole();
User user = findDacUser(userId);
Dac dac = findDacById(dacId);
checkUserRoleInDac(dac, authUser);
try {
User member = dacService.addDacMember(role, user, dac);
return Response.ok().entity(member).build();
} catch (Exception e) {
return createExceptionResponse(e);
}
}
Also used :
Role(org.broadinstitute.consent.http.models.Role)
AuthUser(org.broadinstitute.consent.http.models.AuthUser)
User(org.broadinstitute.consent.http.models.User)
Dac(org.broadinstitute.consent.http.models.Dac)
BadRequestException(javax.ws.rs.BadRequestException)
NotFoundException(javax.ws.rs.NotFoundException)
NotAuthorizedException(javax.ws.rs.NotAuthorizedException)
Path(javax.ws.rs.Path)
RolesAllowed(javax.annotation.security.RolesAllowed)
POST(javax.ws.rs.POST)
Example 7 with Dac
use of org.broadinstitute.consent.http.models.Dac in project consent by DataBiosphere.
the class DacResource method checkUserRoleInDac.
/**
* - Admins can make any modifications to any Dac chairs or members
* - Chairpersons can only make modifications to chairs and members in a DAC that they are a
* chairperson in.
*
* @param dac The Dac
* @param authUser The AuthUser
* @throws NotAuthorizedException Not authorized
*/
private void checkUserRoleInDac(Dac dac, AuthUser authUser) throws NotAuthorizedException {
User user = userService.findUserByEmail(authUser.getEmail());
if (user.getRoles().stream().anyMatch(ur -> ur.getRoleId().equals(UserRoles.ADMIN.getRoleId()))) {
return;
}
NotAuthorizedException e = new NotAuthorizedException("User not authorized");
if (Objects.isNull(dac.getChairpersons()) || dac.getChairpersons().isEmpty()) {
throw e;
}
Optional<User> chair = dac.getChairpersons().stream().filter(u -> u.getDacUserId().equals(user.getDacUserId())).findFirst();
if (chair.isEmpty()) {
throw e;
}
}
Also used :
PathParam(javax.ws.rs.PathParam)
RolesAllowed(javax.annotation.security.RolesAllowed)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
Inject(com.google.inject.Inject)
Path(javax.ws.rs.Path)
Auth(io.dropwizard.auth.Auth)
DatasetDTO(org.broadinstitute.consent.http.models.dto.DatasetDTO)
UserRoles(org.broadinstitute.consent.http.enumeration.UserRoles)
Level(java.util.logging.Level)
QueryParam(javax.ws.rs.QueryParam)
Gson(com.google.gson.Gson)
UserService(org.broadinstitute.consent.http.service.UserService)
AuthUser(org.broadinstitute.consent.http.models.AuthUser)
BadRequestException(javax.ws.rs.BadRequestException)
Role(org.broadinstitute.consent.http.models.Role)
DELETE(javax.ws.rs.DELETE)
POST(javax.ws.rs.POST)
Set(java.util.Set)
User(org.broadinstitute.consent.http.models.User)
Logger(java.util.logging.Logger)
NotFoundException(javax.ws.rs.NotFoundException)
Dac(org.broadinstitute.consent.http.models.Dac)
Objects(java.util.Objects)
List(java.util.List)
Response(javax.ws.rs.core.Response)
DacService(org.broadinstitute.consent.http.service.DacService)
Optional(java.util.Optional)
NotAuthorizedException(javax.ws.rs.NotAuthorizedException)
PUT(javax.ws.rs.PUT)
AuthUser(org.broadinstitute.consent.http.models.AuthUser)
User(org.broadinstitute.consent.http.models.User)
NotAuthorizedException(javax.ws.rs.NotAuthorizedException)
Example 8 with Dac
use of org.broadinstitute.consent.http.models.Dac in project consent by DataBiosphere.
the class DacResource method updateDac.
@PUT
@Produces("application/json")
@RolesAllowed({ ADMIN })
public Response updateDac(@Auth AuthUser authUser, String json) {
Dac dac = new Gson().fromJson(json, Dac.class);
if (dac == null) {
throw new BadRequestException("DAC is required");
}
if (dac.getDacId() == null) {
throw new BadRequestException("DAC ID is required");
}
if (dac.getName() == null) {
throw new BadRequestException("DAC Name is required");
}
if (dac.getDescription() == null) {
throw new BadRequestException("DAC Description is required");
}
dacService.updateDac(dac.getName(), dac.getDescription(), dac.getDacId());
Dac savedDac = dacService.findById(dac.getDacId());
return Response.ok().entity(savedDac).build();
}
Also used :
Dac(org.broadinstitute.consent.http.models.Dac)
Gson(com.google.gson.Gson)
BadRequestException(javax.ws.rs.BadRequestException)
RolesAllowed(javax.annotation.security.RolesAllowed)
Produces(javax.ws.rs.Produces)
PUT(javax.ws.rs.PUT)
Example 9 with Dac
use of org.broadinstitute.consent.http.models.Dac in project consent by DataBiosphere.
the class DacResource method removeDacChair.
@DELETE
@Path("{dacId}/chair/{userId}")
@RolesAllowed({ ADMIN, CHAIRPERSON })
public Response removeDacChair(@Auth AuthUser authUser, @PathParam("dacId") Integer dacId, @PathParam("userId") Integer userId) {
Role role = dacService.getChairpersonRole();
User user = findDacUser(userId);
Dac dac = findDacById(dacId);
checkUserRoleInDac(dac, authUser);
try {
dacService.removeDacMember(role, user, dac);
return Response.ok().build();
} catch (Exception e) {
return createExceptionResponse(e);
}
}
Also used :
Role(org.broadinstitute.consent.http.models.Role)
AuthUser(org.broadinstitute.consent.http.models.AuthUser)
User(org.broadinstitute.consent.http.models.User)
Dac(org.broadinstitute.consent.http.models.Dac)
BadRequestException(javax.ws.rs.BadRequestException)
NotFoundException(javax.ws.rs.NotFoundException)
NotAuthorizedException(javax.ws.rs.NotAuthorizedException)
Path(javax.ws.rs.Path)
DELETE(javax.ws.rs.DELETE)
RolesAllowed(javax.annotation.security.RolesAllowed)
Example 10 with Dac
use of org.broadinstitute.consent.http.models.Dac in project consent by DataBiosphere.
the class DacResource method removeDacMember.
@DELETE
@Path("{dacId}/member/{userId}")
@RolesAllowed({ ADMIN, CHAIRPERSON })
public Response removeDacMember(@Auth AuthUser authUser, @PathParam("dacId") Integer dacId, @PathParam("userId") Integer userId) {
Role role = dacService.getMemberRole();
User user = findDacUser(userId);
Dac dac = findDacById(dacId);
checkUserRoleInDac(dac, authUser);
try {
dacService.removeDacMember(role, user, dac);
return Response.ok().build();
} catch (Exception e) {
return createExceptionResponse(e);
}
}
Also used :
Role(org.broadinstitute.consent.http.models.Role)
AuthUser(org.broadinstitute.consent.http.models.AuthUser)
User(org.broadinstitute.consent.http.models.User)
Dac(org.broadinstitute.consent.http.models.Dac)
BadRequestException(javax.ws.rs.BadRequestException)
NotFoundException(javax.ws.rs.NotFoundException)
NotAuthorizedException(javax.ws.rs.NotAuthorizedException)
Path(javax.ws.rs.Path)
DELETE(javax.ws.rs.DELETE)
RolesAllowed(javax.annotation.security.RolesAllowed)
Aggregations
Dac (org.broadinstitute.consent.http.models.Dac)125
Test (org.junit.Test)99
User (org.broadinstitute.consent.http.models.User)81
Consent (org.broadinstitute.consent.http.models.Consent)65
DataSet (org.broadinstitute.consent.http.models.DataSet)58
Election (org.broadinstitute.consent.http.models.Election)53
Vote (org.broadinstitute.consent.http.models.Vote)37
AuthUser (org.broadinstitute.consent.http.models.AuthUser)30
ElectionReviewVote (org.broadinstitute.consent.http.models.ElectionReviewVote)22
Date (java.util.Date)19
Response (javax.ws.rs.core.Response)19
DataAccessRequest (org.broadinstitute.consent.http.models.DataAccessRequest)15
UserRole (org.broadinstitute.consent.http.models.UserRole)14
BadRequestException (javax.ws.rs.BadRequestException)13
NotFoundException (javax.ws.rs.NotFoundException)12
Role (org.broadinstitute.consent.http.models.Role)11
DacBuilder (org.broadinstitute.consent.http.models.DacBuilder)10
ArrayList (java.util.ArrayList)8
RolesAllowed (javax.annotation.security.RolesAllowed)8
List (java.util.List)7
