HAWKULAR-59 - Added listing of pending invitations

hawkular · Oct 5, 2015 · a457887 · a457887
1 parent e7c1c0c
commit a457887
Show file tree

Hide file tree

Showing 8 changed files with 273 additions and 1 deletion.
diff --git a/accounts/src/main/java/org/hawkular/accounts/backend/boundary/InvitationEndpoint.java b/accounts/src/main/java/org/hawkular/accounts/backend/boundary/InvitationEndpoint.java
@@ -22,18 +22,23 @@
 import javax.inject.Inject;
 import javax.persistence.EntityManager;
 import javax.validation.constraints.NotNull;
+import javax.ws.rs.GET;
 import javax.ws.rs.POST;
 import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
+import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Response;
 
 import org.hawkular.accounts.api.CurrentUser;
 import org.hawkular.accounts.api.InvitationService;
+import org.hawkular.accounts.api.NamedOperation;
 import org.hawkular.accounts.api.OrganizationService;
+import org.hawkular.accounts.api.PermissionChecker;
 import org.hawkular.accounts.api.RoleService;
 import org.hawkular.accounts.api.internal.adapter.HawkularAccounts;
 import org.hawkular.accounts.api.model.HawkularUser;
 import org.hawkular.accounts.api.model.Invitation;
+import org.hawkular.accounts.api.model.Operation;
 import org.hawkular.accounts.api.model.Organization;
 import org.hawkular.accounts.api.model.OrganizationMembership;
 import org.hawkular.accounts.api.model.Role;
@@ -71,9 +76,48 @@ public class InvitationEndpoint {
     @Inject
     Event<InvitationCreatedEvent> event;
 
+    @Inject
+    PermissionChecker permissionChecker;
+
+    @Inject
+    @NamedOperation("organization-list-invitations")
+    Operation operationListInvitations;
+
+    @Inject
+    @NamedOperation("organization-invite")
+    Operation operationInvite;
+
+    @GET
+    public Response listPendingInvitations(@QueryParam("organizationId") String organizationId) {
+        Organization organization = organizationService.get(organizationId);
+
+        if (null == organization) {
+            String message = "The organization could not be found.";
+            return Response.status(Response.Status.NOT_FOUND).entity(message).build();
+        }
+
+        if (!permissionChecker.isAllowedTo(operationListInvitations, organizationId)) {
+            String message = "Insufficient permissions to list the pending invitations for this organization.";
+            return Response.status(Response.Status.FORBIDDEN).entity(message).build();
+        }
+
+        return Response.ok(invitationService.getPendingInvitationsForOrganization(organization)).build();
+    }
+
     @POST
     public Response inviteUserToOrganization(@NotNull InvitationRequest request) {
         Organization organization = organizationService.get(request.getOrganizationId());
+
+        if (null == organization) {
+            String message = "The organization could not be found.";
+            return Response.status(Response.Status.NOT_FOUND).entity(message).build();
+        }
+
+        if (!permissionChecker.isAllowedTo(operationInvite, organization.getId())) {
+            String message = "Insufficient permissions to list the pending invitations for this organization.";
+            return Response.status(Response.Status.FORBIDDEN).entity(message).build();
+        }
+
         Role role = roleService.getByName(DEFAULT_ROLE);
 
         String[] emails = request.getEmails().split("[, ]");

diff --git a/accounts/src/main/java/org/hawkular/accounts/backend/boundary/PermissionEndpoint.java b/accounts/src/main/java/org/hawkular/accounts/backend/boundary/PermissionEndpoint.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2015 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.hawkular.accounts.backend.boundary;
+
+import javax.annotation.security.PermitAll;
+import javax.ejb.Stateless;
+import javax.inject.Inject;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Response;
+
+import org.hawkular.accounts.api.OperationService;
+import org.hawkular.accounts.api.PermissionChecker;
+import org.hawkular.accounts.api.ResourceService;
+import org.hawkular.accounts.api.model.Operation;
+import org.hawkular.accounts.api.model.Persona;
+import org.hawkular.accounts.api.model.Resource;
+import org.hawkular.accounts.backend.entity.rest.PermissionResponse;
+
+/**
+ * @author Juraci Paixão Kröhling
+ */
+@Path("/permissions")
+@PermitAll
+@Stateless
+public class PermissionEndpoint {
+
+    @Inject
+    PermissionChecker permissionChecker;
+
+    @Inject
+    OperationService operationService;
+
+    @Inject
+    ResourceService resourceService;
+
+    @Inject
+    Persona persona;
+
+    @GET
+    public Response isAllowedTo(@QueryParam("operation") String operationName,
+                                @QueryParam("resourceId") String resourceId) {
+
+        if (null == resourceId) {
+            String message = "The given resource ID is invalid (null).";
+            return Response.status(Response.Status.BAD_REQUEST).entity(message).build();
+        }
+
+        if (null == operationName || operationName.isEmpty()) {
+            String message = "The given operation name is invalid (null or empty).";
+            return Response.status(Response.Status.BAD_REQUEST).entity(message).build();
+        }
+
+        Resource resource = resourceService.get(resourceId);
+        if (null == resource) {
+            String message = "The given resource ID is invalid (not found).";
+            return Response.status(Response.Status.NOT_FOUND).entity(message).build();
+        }
+
+        Operation operation = operationService.getByName(operationName);
+        if (null == operation) {
+            String message = "The given operation is invalid (not found).";
+            return Response.status(Response.Status.NOT_FOUND).entity(message).build();
+        }
+
+        boolean isAllowedTo = permissionChecker.isAllowedTo(operation, resource);
+        PermissionResponse response = new PermissionResponse(isAllowedTo);
+
+        return Response.ok(response).build();
+    }
+
+}
diff --git a/accounts/src/main/java/org/hawkular/accounts/backend/boundary/RoleEndpoint.java b/accounts/src/main/java/org/hawkular/accounts/backend/boundary/RoleEndpoint.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2015 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.hawkular.accounts.backend.boundary;
+
+import java.util.Set;
+
+import javax.annotation.security.PermitAll;
+import javax.ejb.Stateless;
+import javax.inject.Inject;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Response;
+
+import org.hawkular.accounts.api.PersonaService;
+import org.hawkular.accounts.api.ResourceService;
+import org.hawkular.accounts.api.model.Persona;
+import org.hawkular.accounts.api.model.Resource;
+import org.hawkular.accounts.api.model.Role;
+
+/**
+ * @author Juraci Paixão Kröhling
+ */
+@Path("/roles")
+@PermitAll
+@Stateless
+public class RoleEndpoint {
+
+    @Inject
+    Persona persona;
+
+    @Inject
+    PersonaService personaService;
+
+    @Inject
+    ResourceService resourceService;
+
+    @GET
+    public Response getRoleForResource(@QueryParam("resourceId") String resourceId) {
+        if (null == resourceId) {
+            String message = "The given resource ID is invalid (null).";
+            return Response.status(Response.Status.BAD_REQUEST).entity(message).build();
+        }
+
+        Resource resource = resourceService.get(resourceId);
+        Set<Role> roles = personaService.getEffectiveRolesForResource(persona, resource);
+
+        return Response.ok(roles).build();
+    }
+
+}
diff --git a/accounts/src/main/java/org/hawkular/accounts/backend/control/SetupHawkularAccountsImpl.java b/accounts/src/main/java/org/hawkular/accounts/backend/control/SetupHawkularAccountsImpl.java
@@ -105,6 +105,14 @@ public void setup() {
 
                 .setup("organization-update")
                 .add("Maintainer")
+                .persist()
+
+                .setup("organization-invite")
+                .add("Administrator")
+                .persist()
+
+                .setup("organization-list-invitations")
+                .add("Administrator")
                 .persist();
 
         logger.infoFinishedSetupAccounts();

diff --git a/accounts/src/main/java/org/hawkular/accounts/backend/entity/rest/PermissionResponse.java b/accounts/src/main/java/org/hawkular/accounts/backend/entity/rest/PermissionResponse.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2015 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.hawkular.accounts.backend.entity.rest;
+
+/**
+ * @author Juraci Paixão Kröhling
+ */
+public class PermissionResponse {
+
+    private boolean permitted = false;
+
+    public PermissionResponse() {
+    }
+
+    public PermissionResponse(boolean permitted) {
+        this.permitted = permitted;
+    }
+
+    public boolean isPermitted() {
+        return permitted;
+    }
+
+    public void setPermitted(boolean permitted) {
+        this.permitted = permitted;
+    }
+}
diff --git a/api/src/main/java/org/hawkular/accounts/api/InvitationService.java b/api/src/main/java/org/hawkular/accounts/api/InvitationService.java
@@ -16,7 +16,10 @@
  */
 package org.hawkular.accounts.api;
 
+import java.util.List;
+
 import org.hawkular.accounts.api.model.Invitation;
+import org.hawkular.accounts.api.model.Organization;
 
 /**
  * @author Juraci Paixão Kröhling
@@ -37,4 +40,11 @@ public interface InvitationService {
      */
     Invitation get(String id);
 
+    /**
+     * Retrieves the pending invitations for the given organization.
+     * @param organization    the organization of which pending invitations are queried from.
+     * @return  a List of Invitation which are not accepted yet.
+     */
+    List<Invitation> getPendingInvitationsForOrganization(Organization organization);
+
 }
diff --git a/api/src/main/java/org/hawkular/accounts/api/internal/impl/InvitationServiceImpl.java b/api/src/main/java/org/hawkular/accounts/api/internal/impl/InvitationServiceImpl.java
@@ -30,6 +30,7 @@
 import org.hawkular.accounts.api.internal.adapter.HawkularAccounts;
 import org.hawkular.accounts.api.model.Invitation;
 import org.hawkular.accounts.api.model.Invitation_;
+import org.hawkular.accounts.api.model.Organization;
 
 /**
  * @author Juraci Paixão Kröhling
@@ -88,4 +89,21 @@ public Invitation get(String id) {
 
         return null;
     }
+
+    @Override public List<Invitation> getPendingInvitationsForOrganization(Organization organization) {
+        if (null == organization) {
+            throw new IllegalArgumentException("The given Organization is invalid (null).");
+        }
+
+        CriteriaBuilder builder = em.getCriteriaBuilder();
+        CriteriaQuery<Invitation> query = builder.createQuery(Invitation.class);
+        Root<Invitation> root = query.from(Invitation.class);
+        query.select(root);
+        query.where(
+                builder.equal(root.get(Invitation_.organization), organization),
+                builder.isNull(root.get(Invitation_.acceptedAt))
+        );
+
+        return em.createQuery(query).getResultList();
+    }
 }
diff --git a/api/src/main/java/org/hawkular/accounts/api/internal/impl/OrganizationServiceImpl.java b/api/src/main/java/org/hawkular/accounts/api/internal/impl/OrganizationServiceImpl.java
@@ -87,7 +87,7 @@ public void deleteOrganization(Organization organization) {
     @Override
     public Organization get(String id) {
         if (null == id) {
-            throw new IllegalArgumentException("The given resource ID is invalid (null).");
+            throw new IllegalArgumentException("The given organization ID is invalid (null).");
         }
 
         CriteriaBuilder builder = em.getCriteriaBuilder();