Sonar and swagger improvements for permissions API (#8524)

* improve swagger annotations * Add missing "throw exception" line * @SuppressWarnings("squid:MaximumInheritanceDepth") for coded exceptions
molgenis · Jun 3, 2019 · 13ff009 · 13ff009
1 parent 3d62942
commit 13ff009
Show file tree

Hide file tree

Showing 6 changed files with 27 additions and 10 deletions.
diff --git a/...nis-api-permissions/src/main/java/org/molgenis/api/permissions/PermissionsController.java b/...nis-api-permissions/src/main/java/org/molgenis/api/permissions/PermissionsController.java
@@ -30,6 +30,7 @@
 import org.molgenis.api.permissions.exceptions.PageWithoutPageSizeException;
 import org.molgenis.api.permissions.exceptions.UnsupportedPermissionQueryException;
 import org.molgenis.api.permissions.exceptions.UserAndRoleException;
+import org.molgenis.api.permissions.exceptions.rsql.PermissionQueryParseException;
 import org.molgenis.api.permissions.model.request.DeletePermissionRequest;
 import org.molgenis.api.permissions.model.request.ObjectPermissionsRequest;
 import org.molgenis.api.permissions.model.request.PermissionRequest;
@@ -109,6 +110,7 @@ public PermissionsController(
   @PostMapping(value = TYPES + "/{" + TYPE_ID + "}")
   @ApiOperation(
       value = "Create a type this enables row level secure an entity",
+      code = 201,
       response = ResponseEntity.class)
   public ResponseEntity enableRLS(
       HttpServletRequest request, @PathVariable(value = TYPE_ID) String typeId) {
@@ -123,22 +125,23 @@ private URI getUriFromRequest(HttpServletRequest request) {
   @DeleteMapping(value = TYPES + "/{" + TYPE_ID + "}")
   @ApiOperation(
       value = "Delete a type this removes row level security from an entity",
+      code = 204,
       response = ResponseEntity.class)
   public ResponseEntity disableRLS(@PathVariable(value = TYPE_ID) String typeId) {
     permissionService.deleteType(typeId);
     return ResponseEntity.noContent().build();
   }
 
   @GetMapping(value = TYPES)
-  @ApiOperation(value = "Get a list of ACL types in the system", response = ResponseEntity.class)
+  @ApiOperation(value = "Get a list of ACL types in the system", response = ApiResponse.class)
   public ApiResponse getRlsEntities() {
     return ApiResponse.create(convertTypes(permissionService.getLabelledTypes()));
   }
 
   @GetMapping(value = TYPES + "/permissions/{" + TYPE_ID + "}")
   @ApiOperation(
       value = "Get a list of permissions that can be used on a type",
-      response = List.class)
+      response = ApiResponse.class)
   public ApiResponse getSuitablePermissions(@PathVariable(value = TYPE_ID) String typeId) {
     return ApiResponse.create(
         permissionService.getSuitablePermissionsForType(typeId).stream()
@@ -147,7 +150,7 @@ public ApiResponse getSuitablePermissions(@PathVariable(value = TYPE_ID) String
   }
 
   @PostMapping(value = OBJECTS + "/{" + TYPE_ID + "}/{" + OBJECT_ID + "}")
-  @ApiOperation(value = "Create a type for a entity", response = ResponseEntity.class)
+  @ApiOperation(value = "Create a type for a entity", code = 201, response = ResponseEntity.class)
   public ResponseEntity createAcl(
       HttpServletRequest request,
       @PathVariable(TYPE_ID) String typeId,
@@ -160,7 +163,7 @@ public ResponseEntity createAcl(
   @ApiOperation(
       value =
           "Get a list object's for a type. Typically this is a row in a row level secured entity.",
-      response = List.class)
+      response = PagedApiResponse.class)
   public PagedApiResponse getAcls(
       @PathVariable(value = TYPE_ID) String typeId,
       @RequestParam(value = "page", required = false) Integer page,
@@ -182,7 +185,7 @@ public PagedApiResponse getAcls(
   }
 
   @GetMapping(value = "{" + TYPE_ID + "}/{" + OBJECT_ID + "}")
-  @ApiOperation(value = "Gets permissions on a single object", response = ResponseEntity.class)
+  @ApiOperation(value = "Gets permissions on a single object", response = ApiResponse.class)
   public ApiResponse getPermissionsForObject(
       @PathVariable(TYPE_ID) String typeId,
       @PathVariable(OBJECT_ID) String identifier,
@@ -202,7 +205,7 @@ public ApiResponse getPermissionsForObject(
   @GetMapping(value = "{" + TYPE_ID + "}")
   @ApiOperation(
       value = "Gets all permissions for all objects of a certain type",
-      response = ResponseEntity.class)
+      response = PagedApiResponse.class)
   public PagedApiResponse getPermissionsForType(
       @PathVariable(value = TYPE_ID) String typeId,
       @RequestParam(value = "q", required = false) String queryString,
@@ -233,7 +236,7 @@ public PagedApiResponse getPermissionsForType(
   @GetMapping()
   @ApiOperation(
       value = "Gets all permissions for one or more users or roles",
-      response = ResponseEntity.class)
+      response = ApiResponse.class)
   public ApiResponse getPermissionsForUser(
       @RequestParam(value = "q", required = false) String queryString,
       @RequestParam(value = "inheritance", defaultValue = "false", required = false)
@@ -246,6 +249,7 @@ public ApiResponse getPermissionsForUser(
   @PatchMapping(value = "{" + TYPE_ID + "}/{" + OBJECT_ID + "}")
   @ApiOperation(
       value = "Update a permission on a single object for one or more users or roles",
+      code = 204,
       response = ResponseEntity.class)
   public ResponseEntity setPermission(
       @PathVariable(value = TYPE_ID) String typeId,
@@ -259,6 +263,7 @@ public ResponseEntity setPermission(
   @PatchMapping(value = "{" + TYPE_ID + "}")
   @ApiOperation(
       value = "Update a list of permissions on objects of a certain type",
+      code = 204,
       response = ResponseEntity.class)
   public ResponseEntity setTypePermissions(
       @PathVariable(value = TYPE_ID) String typeId,
@@ -269,7 +274,10 @@ public ResponseEntity setTypePermissions(
   }
 
   @PostMapping(value = "{" + TYPE_ID + "}")
-  @ApiOperation(value = "Create a list of permissions on an type for a single user or role")
+  @ApiOperation(
+      value = "Create a list of permissions on an type for a single user or role",
+      code = 201,
+      response = ResponseEntity.class)
   public ResponseEntity<Object> createPermissions(
       HttpServletRequest request,
       @PathVariable(value = TYPE_ID) String typeId,
@@ -280,7 +288,10 @@ public ResponseEntity<Object> createPermissions(
   }
 
   @PostMapping(value = "{" + TYPE_ID + "}/{" + OBJECT_ID + "}")
-  @ApiOperation(value = "Create a permission on an object for a single user or role")
+  @ApiOperation(
+      value = "Create a permission on an object for a single user or role",
+      code = 201,
+      response = ResponseEntity.class)
   public ResponseEntity<Object> createPermission(
       HttpServletRequest request,
       @PathVariable(value = TYPE_ID) String typeId,
@@ -295,6 +306,7 @@ public ResponseEntity<Object> createPermission(
   @DeleteMapping(value = "{" + TYPE_ID + "}/{" + OBJECT_ID + "}")
   @ApiOperation(
       value = "Delete a permission on an object for a single user or role",
+      code = 204,
       response = ResponseEntity.class)
   public ResponseEntity deletePermission(
       @PathVariable(value = TYPE_ID) String typeId,
@@ -315,7 +327,7 @@ private Set<Sid> getSidsFromQuery(String queryString) {
             new LinkedHashSet<>(
                 userRoleTools.getSids(permissionsQuery.getUsers(), permissionsQuery.getRoles()));
       } catch (RSQLParserException e) {
-
+        throw new PermissionQueryParseException(e);
       }
     }
     return sids;

diff --git a/...main/java/org/molgenis/api/permissions/exceptions/rsql/PermissionQueryParseException.java b/...main/java/org/molgenis/api/permissions/exceptions/rsql/PermissionQueryParseException.java
@@ -5,6 +5,7 @@
 import cz.jirutka.rsql.parser.RSQLParserException;
 import org.molgenis.i18n.BadRequestException;
 
+@SuppressWarnings("squid:MaximumInheritanceDepth")
 public class PermissionQueryParseException extends BadRequestException {
   private static final String ERROR_CODE = "PRM07";
 

diff --git a/...va/org/molgenis/api/permissions/exceptions/rsql/UnknownPermissionQueryParamException.java b/...va/org/molgenis/api/permissions/exceptions/rsql/UnknownPermissionQueryParamException.java
@@ -4,6 +4,7 @@
 
 import org.molgenis.i18n.BadRequestException;
 
+@SuppressWarnings("squid:MaximumInheritanceDepth")
 public class UnknownPermissionQueryParamException extends BadRequestException {
   private static final String ERROR_CODE = "PRM01";
 

diff --git a/...molgenis/api/permissions/exceptions/rsql/UnsupportedPermissionQueryOperatorException.java b/...molgenis/api/permissions/exceptions/rsql/UnsupportedPermissionQueryOperatorException.java
@@ -2,6 +2,7 @@
 
 import org.molgenis.i18n.BadRequestException;
 
+@SuppressWarnings("squid:MaximumInheritanceDepth")
 public class UnsupportedPermissionQueryOperatorException extends BadRequestException {
   private static final String ERROR_CODE = "PRM02";
 

diff --git a/...ecurity/src/main/java/org/molgenis/data/security/exception/AclAlreadyExistsException.java b/...ecurity/src/main/java/org/molgenis/data/security/exception/AclAlreadyExistsException.java
@@ -4,6 +4,7 @@
 
 import org.molgenis.data.DataAlreadyExistsException;
 
+@SuppressWarnings("squid:MaximumInheritanceDepth")
 public class AclAlreadyExistsException extends DataAlreadyExistsException {
   private static final String ERROR_CODE = "DS35";
 

diff --git a/...ty/src/main/java/org/molgenis/data/security/exception/AclClassAlreadyExistsException.java b/...ty/src/main/java/org/molgenis/data/security/exception/AclClassAlreadyExistsException.java
@@ -4,6 +4,7 @@
 
 import org.molgenis.data.DataAlreadyExistsException;
 
+@SuppressWarnings("squid:MaximumInheritanceDepth")
 public class AclClassAlreadyExistsException extends DataAlreadyExistsException {
   private static final String ERROR_CODE = "DS29";