Merge pull request #52 from DiSSCo/feature/tombstoning-objects

Tombstone metadata
DiSSCo · Sep 17, 2024 · 2c0b7bc · 2c0b7bc
2 parents f228e1c + 8d5168a
commit 2c0b7bc
Show file tree

Hide file tree

Showing 39 changed files with 841 additions and 254 deletions.
diff --git a/.github/workflows/.trivyignore b/.github/workflows/.trivyignore
@@ -1,5 +1,3 @@
-# September 5 2024
-# Issues in base image in the libexpat library, needs to be fixed in a new version of the image
-CVE-2024-45490
-CVE-2024-45491
-CVE-2024-45492
+# September 16 2024
+# Issue in spring, spring boot needs to upgrade to 6.1.13
+CVE-2024-38816
diff --git a/src/main/java/eu/dissco/orchestration/backend/controller/DataMappingController.java b/src/main/java/eu/dissco/orchestration/backend/controller/DataMappingController.java
@@ -1,11 +1,14 @@
 package eu.dissco.orchestration.backend.controller;
 
+import static eu.dissco.orchestration.backend.utils.ControllerUtils.getAgent;
+
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import eu.dissco.orchestration.backend.domain.ObjectType;
 import eu.dissco.orchestration.backend.domain.jsonapi.JsonApiListWrapper;
 import eu.dissco.orchestration.backend.domain.jsonapi.JsonApiRequestWrapper;
 import eu.dissco.orchestration.backend.domain.jsonapi.JsonApiWrapper;
+import eu.dissco.orchestration.backend.exception.ForbiddenException;
 import eu.dissco.orchestration.backend.exception.NotFoundException;
 import eu.dissco.orchestration.backend.exception.ProcessingFailedException;
 import eu.dissco.orchestration.backend.properties.ApplicationProperties;
@@ -42,9 +45,9 @@ public class DataMappingController {
   @PostMapping(consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
   public ResponseEntity<JsonApiWrapper> createDataMapping(Authentication authentication,
       @RequestBody JsonApiRequestWrapper requestBody, HttpServletRequest servletRequest)
-      throws JsonProcessingException, ProcessingFailedException {
+      throws JsonProcessingException, ProcessingFailedException, ForbiddenException {
     var dataMapping = getDataMappingRequestFromRequest(requestBody);
-    var userId = authentication.getName();
+    var userId = getAgent(authentication).getId();
     log.info("Received create request for data mapping: {} from user: {}", dataMapping, userId);
     String path = appProperties.getBaseUrl() + servletRequest.getRequestURI();
     var result = service.createDataMapping(dataMapping, userId, path);
@@ -55,10 +58,10 @@ public ResponseEntity<JsonApiWrapper> createDataMapping(Authentication authentic
   public ResponseEntity<JsonApiWrapper> updateDataMapping(Authentication authentication,
       @PathVariable("prefix") String prefix, @PathVariable("suffix") String suffix,
       @RequestBody JsonApiRequestWrapper requestBody, HttpServletRequest servletRequest)
-      throws JsonProcessingException, NotFoundException, ProcessingFailedException {
+      throws JsonProcessingException, NotFoundException, ProcessingFailedException, ForbiddenException {
     var dataMapping = getDataMappingRequestFromRequest(requestBody);
     var id = prefix + '/' + suffix;
-    var userId = authentication.getName();
+    var userId = getAgent(authentication).getId();
     log.info("Received update request for data mapping: {} from user: {}", dataMapping, userId);
     String path = appProperties.getBaseUrl() + servletRequest.getRequestURI();
     var result = service.updateDataMapping(id, dataMapping, userId, path);
@@ -71,13 +74,13 @@ public ResponseEntity<JsonApiWrapper> updateDataMapping(Authentication authentic
 
   @ResponseStatus(HttpStatus.NO_CONTENT)
   @DeleteMapping(value = "/{prefix}/{suffix}", produces = MediaType.APPLICATION_JSON_VALUE)
-  public ResponseEntity<Void> deleteDataMapping(Authentication authentication,
+  public ResponseEntity<Void> tombstoneDataMapping(Authentication authentication,
       @PathVariable("prefix") String prefix, @PathVariable("suffix") String suffix)
-      throws NotFoundException {
+      throws NotFoundException, ProcessingFailedException, ForbiddenException {
     String id = prefix + "/" + suffix;
-    var userId = authentication.getName();
-    log.info("Received delete request for mapping: {} from user: {}", id, userId);
-    service.deleteDataMapping(id, userId);
+    var agent = getAgent(authentication);
+    log.info("Received delete request for mapping: {} from user: {}", id, agent.getId());
+    service.tombstoneDataMapping(id, agent);
     return ResponseEntity.status(HttpStatus.NO_CONTENT).build();
   }
 

diff --git a/...n/java/eu/dissco/orchestration/backend/controller/MachineAnnotationServiceController.java b/...n/java/eu/dissco/orchestration/backend/controller/MachineAnnotationServiceController.java
@@ -1,11 +1,14 @@
 package eu.dissco.orchestration.backend.controller;
 
+import static eu.dissco.orchestration.backend.utils.ControllerUtils.getAgent;
+
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import eu.dissco.orchestration.backend.domain.ObjectType;
 import eu.dissco.orchestration.backend.domain.jsonapi.JsonApiListWrapper;
 import eu.dissco.orchestration.backend.domain.jsonapi.JsonApiRequestWrapper;
 import eu.dissco.orchestration.backend.domain.jsonapi.JsonApiWrapper;
+import eu.dissco.orchestration.backend.exception.ForbiddenException;
 import eu.dissco.orchestration.backend.exception.NotFoundException;
 import eu.dissco.orchestration.backend.exception.ProcessingFailedException;
 import eu.dissco.orchestration.backend.properties.ApplicationProperties;
@@ -43,9 +46,9 @@ public class MachineAnnotationServiceController {
   public ResponseEntity<JsonApiWrapper> createMachineAnnotationService(
       Authentication authentication,
       @RequestBody JsonApiRequestWrapper requestBody, HttpServletRequest servletRequest)
-      throws JsonProcessingException, ProcessingFailedException {
+      throws JsonProcessingException, ProcessingFailedException, ForbiddenException {
     var machineAnnotationService = getMachineAnnotation(requestBody);
-    var userId = authentication.getName();
+    var userId = getAgent(authentication).getId();
     log.info("Received create request for machine annotation service: {} from user: {}",
         machineAnnotationService, userId);
     String path = appProperties.getBaseUrl() + servletRequest.getRequestURI();
@@ -58,9 +61,9 @@ public ResponseEntity<JsonApiWrapper> updateMachineAnnotationService(
       Authentication authentication,
       @PathVariable("prefix") String prefix, @PathVariable("suffix") String suffix,
       @RequestBody JsonApiRequestWrapper requestBody, HttpServletRequest servletRequest)
-      throws JsonProcessingException, NotFoundException, ProcessingFailedException {
+      throws JsonProcessingException, NotFoundException, ProcessingFailedException, ForbiddenException {
     var machineAnnotationService = getMachineAnnotation(requestBody);
-    var userId = authentication.getName();
+    var userId = getAgent(authentication).getId();
     var id = prefix + '/' + suffix;
     log.info("Received update request for machine annotation service: {} from user: {}", id,
         userId);
@@ -75,14 +78,14 @@ public ResponseEntity<JsonApiWrapper> updateMachineAnnotationService(
 
   @ResponseStatus(HttpStatus.NO_CONTENT)
   @DeleteMapping(value = "/{prefix}/{suffix}", produces = MediaType.APPLICATION_JSON_VALUE)
-  public ResponseEntity<Void> deleteMachineAnnotationService(Authentication authentication,
+  public ResponseEntity<Void> tombstoneMachineAnnotationService(Authentication authentication,
       @PathVariable("prefix") String prefix, @PathVariable("suffix") String suffix)
-      throws NotFoundException, ProcessingFailedException {
+      throws NotFoundException, ProcessingFailedException, ForbiddenException {
     String id = prefix + "/" + suffix;
-    var userId = authentication.getName();
+    var agent = getAgent(authentication);
     log.info("Received delete request for machine annotation service: {} from user: {}", id,
-        userId);
-    service.deleteMachineAnnotationService(id, userId);
+        agent.getId());
+    service.tombstoneMachineAnnotationService(id, agent);
     return ResponseEntity.status(HttpStatus.NO_CONTENT).build();
   }
 

diff --git a/...n/java/eu/dissco/orchestration/backend/controller/RestResponseEntityExceptionHandler.java b/...n/java/eu/dissco/orchestration/backend/controller/RestResponseEntityExceptionHandler.java
@@ -1,6 +1,7 @@
 package eu.dissco.orchestration.backend.controller;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
+import eu.dissco.orchestration.backend.exception.ForbiddenException;
 import eu.dissco.orchestration.backend.exception.NotFoundException;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -29,4 +30,10 @@ public ResponseEntity<String> jsonProcessingException(JsonProcessingException e)
   public ResponseEntity<String> illegalArgumentException(IllegalArgumentException e) {
     return ResponseEntity.status(HttpStatus.CONFLICT).body(e.getMessage());
   }
+
+  @ResponseStatus(HttpStatus.FORBIDDEN)
+  @ExceptionHandler(ForbiddenException.class)
+  public ResponseEntity<String> forbiddenException(ForbiddenException e) {
+    return ResponseEntity.status(HttpStatus.FORBIDDEN).body(e.getMessage());
+  }
 }
diff --git a/src/main/java/eu/dissco/orchestration/backend/controller/SourceSystemController.java b/src/main/java/eu/dissco/orchestration/backend/controller/SourceSystemController.java
@@ -1,11 +1,14 @@
 package eu.dissco.orchestration.backend.controller;
 
+import static eu.dissco.orchestration.backend.utils.ControllerUtils.getAgent;
+
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import eu.dissco.orchestration.backend.domain.ObjectType;
 import eu.dissco.orchestration.backend.domain.jsonapi.JsonApiListWrapper;
 import eu.dissco.orchestration.backend.domain.jsonapi.JsonApiRequestWrapper;
 import eu.dissco.orchestration.backend.domain.jsonapi.JsonApiWrapper;
+import eu.dissco.orchestration.backend.exception.ForbiddenException;
 import eu.dissco.orchestration.backend.exception.NotFoundException;
 import eu.dissco.orchestration.backend.exception.ProcessingFailedException;
 import eu.dissco.orchestration.backend.properties.ApplicationProperties;
@@ -43,10 +46,10 @@ public class SourceSystemController {
   @PostMapping(consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
   public ResponseEntity<JsonApiWrapper> createSourceSystem(Authentication authentication,
       @RequestBody JsonApiRequestWrapper requestBody, HttpServletRequest servletRequest)
-      throws IOException, NotFoundException, ProcessingFailedException {
+      throws IOException, NotFoundException, ProcessingFailedException, ForbiddenException {
     var sourceSystemRequest = getSourceSystemFromRequest(requestBody);
     String path = appProperties.getBaseUrl() + servletRequest.getRequestURI();
-    var userId = authentication.getName();
+    var userId = getAgent(authentication).getId();
     log.info("Received create request for source system: {} from user: {}", sourceSystemRequest,
         userId);
     var result = service.createSourceSystem(sourceSystemRequest, userId, path);
@@ -58,10 +61,10 @@ public ResponseEntity<JsonApiWrapper> updateSourceSystem(Authentication authenti
       @PathVariable("prefix") String prefix, @PathVariable("suffix") String suffix,
       @RequestParam(name = "trigger", defaultValue = "false") boolean trigger,
       @RequestBody JsonApiRequestWrapper requestBody, HttpServletRequest servletRequest)
-      throws IOException, NotFoundException, ProcessingFailedException {
+      throws IOException, NotFoundException, ProcessingFailedException, ForbiddenException {
     var sourceSystemRequest = getSourceSystemFromRequest(requestBody);
     var id = prefix + '/' + suffix;
-    var userId = authentication.getName();
+    var userId = getAgent(authentication).getId();
     log.info("Received update request for source system: {} from user: {}", id, userId);
     String path = appProperties.getBaseUrl() + servletRequest.getRequestURI();
     var result = service.updateSourceSystem(id, sourceSystemRequest, userId, path, trigger);
@@ -74,13 +77,13 @@ public ResponseEntity<JsonApiWrapper> updateSourceSystem(Authentication authenti
 
   @ResponseStatus(HttpStatus.NO_CONTENT)
   @DeleteMapping(value = "/{prefix}/{suffix}", produces = MediaType.APPLICATION_JSON_VALUE)
-  public ResponseEntity<Void> deleteSourceSystem(Authentication authentication,
+  public ResponseEntity<Void> tombstoneSourceSystem(Authentication authentication,
       @PathVariable("prefix") String prefix, @PathVariable("suffix") String suffix)
-      throws NotFoundException, ProcessingFailedException {
+      throws NotFoundException, ProcessingFailedException, ForbiddenException {
     String id = prefix + "/" + suffix;
-    var userId = authentication.getName();
-    log.info("Received delete request for mapping: {} from user: {}", id, userId);
-    service.deleteSourceSystem(id, userId);
+    var agent = getAgent(authentication);
+    log.info("Received delete request for mapping: {} from user: {}", id, agent.getId());
+    service.tombstoneSourceSystem(id, agent);
     return ResponseEntity.status(HttpStatus.NO_CONTENT).build();
   }
 

diff --git a/src/main/java/eu/dissco/orchestration/backend/exception/ForbiddenException.java b/src/main/java/eu/dissco/orchestration/backend/exception/ForbiddenException.java
@@ -0,0 +1,10 @@
+package eu.dissco.orchestration.backend.exception;
+
+public class ForbiddenException extends Exception {
+
+  public ForbiddenException(String message) {
+    super(message);
+  }
+
+
+}
diff --git a/src/main/java/eu/dissco/orchestration/backend/exception/PidAuthenticationException.java b/src/main/java/eu/dissco/orchestration/backend/exception/PidAuthenticationException.java
diff --git a/src/main/java/eu/dissco/orchestration/backend/exception/PidCreationException.java b/src/main/java/eu/dissco/orchestration/backend/exception/PidCreationException.java
diff --git a/src/main/java/eu/dissco/orchestration/backend/exception/PidException.java b/src/main/java/eu/dissco/orchestration/backend/exception/PidException.java
@@ -0,0 +1,9 @@
+package eu.dissco.orchestration.backend.exception;
+
+public class PidException extends Exception {
+
+  public PidException(String s) {
+    super(s);
+  }
+
+}
diff --git a/src/main/java/eu/dissco/orchestration/backend/repository/DataMappingRepository.java b/src/main/java/eu/dissco/orchestration/backend/repository/DataMappingRepository.java
@@ -8,7 +8,7 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import eu.dissco.orchestration.backend.exception.DisscoJsonBMappingException;
 import eu.dissco.orchestration.backend.schema.DataMapping;
-import java.util.Date;
+import java.time.Instant;
 import java.util.List;
 import java.util.Optional;
 import lombok.RequiredArgsConstructor;
@@ -86,10 +86,13 @@ public List<DataMapping> getDataMappings(int pageNum, int pageSize) {
         .fetch(this::mapToDataMapping);
   }
 
-  public void deleteDataMapping(String id, Date deleted) {
+  public void tombstoneDataMapping(DataMapping tombstoneDataMapping, Instant timestamp) {
     context.update(DATA_MAPPING)
-        .set(DATA_MAPPING.DATE_TOMBSTONED, deleted.toInstant())
-        .where(DATA_MAPPING.ID.eq(removeProxy(id)))
+        .set(DATA_MAPPING.DATE_TOMBSTONED, timestamp)
+        .set(DATA_MAPPING.DATE_MODIFIED, timestamp)
+        .set(DATA_MAPPING.VERSION, tombstoneDataMapping.getSchemaVersion())
+        .set(DATA_MAPPING.DATA, mapToJSONB(tombstoneDataMapping))
+        .where(DATA_MAPPING.ID.eq(removeProxy(tombstoneDataMapping.getId())))
         .execute();
   }
 

diff --git a/...n/java/eu/dissco/orchestration/backend/repository/MachineAnnotationServiceRepository.java b/...n/java/eu/dissco/orchestration/backend/repository/MachineAnnotationServiceRepository.java
@@ -9,7 +9,7 @@
 import eu.dissco.orchestration.backend.exception.DisscoJsonBMappingException;
 import eu.dissco.orchestration.backend.schema.Agent;
 import eu.dissco.orchestration.backend.schema.MachineAnnotationService;
-import java.util.Date;
+import java.time.Instant;
 import java.util.List;
 import java.util.Optional;
 import lombok.RequiredArgsConstructor;
@@ -76,10 +76,13 @@ private MachineAnnotationService mapToMas(Record1<JSONB> record1) {
     }
   }
 
-  public void deleteMachineAnnotationService(String id, Date deleted) {
+  public void tombstoneMachineAnnotationService(MachineAnnotationService tombstoneMas, Instant timestamp) {
     context.update(MACHINE_ANNOTATION_SERVICE)
-        .set(MACHINE_ANNOTATION_SERVICE.DATE_TOMBSTONED, deleted.toInstant())
-        .where(MACHINE_ANNOTATION_SERVICE.ID.eq(removeProxy(id)))
+        .set(MACHINE_ANNOTATION_SERVICE.DATE_TOMBSTONED, timestamp)
+        .set(MACHINE_ANNOTATION_SERVICE.DATE_MODIFIED, timestamp)
+        .set(MACHINE_ANNOTATION_SERVICE.VERSION, tombstoneMas.getSchemaVersion())
+        .set(MACHINE_ANNOTATION_SERVICE.DATA, mapToJSONB(tombstoneMas))
+        .where(MACHINE_ANNOTATION_SERVICE.ID.eq(removeProxy(tombstoneMas.getId())))
         .execute();
   }
 

diff --git a/src/main/java/eu/dissco/orchestration/backend/repository/SourceSystemRepository.java b/src/main/java/eu/dissco/orchestration/backend/repository/SourceSystemRepository.java
@@ -9,7 +9,7 @@
 import eu.dissco.orchestration.backend.database.jooq.enums.TranslatorType;
 import eu.dissco.orchestration.backend.exception.DisscoJsonBMappingException;
 import eu.dissco.orchestration.backend.schema.SourceSystem;
-import java.util.Date;
+import java.time.Instant;
 import java.util.List;
 import java.util.Optional;
 import lombok.RequiredArgsConstructor;
@@ -79,10 +79,13 @@ public Optional<SourceSystem> getActiveSourceSystem(String id) {
         .fetchOptional(this::mapToSourceSystem);
   }
 
-  public void deleteSourceSystem(String id, Date deleted) {
+  public void tombstoneSourceSystem(SourceSystem tombstoneSourceSystem, Instant timestamp) {
     context.update(SOURCE_SYSTEM)
-        .set(SOURCE_SYSTEM.DATE_TOMBSTONED, deleted.toInstant())
-        .where(SOURCE_SYSTEM.ID.eq(removeProxy(id)))
+        .set(SOURCE_SYSTEM.DATE_TOMBSTONED, timestamp)
+        .set(SOURCE_SYSTEM.DATE_MODIFIED, timestamp)
+        .set(SOURCE_SYSTEM.VERSION, tombstoneSourceSystem.getSchemaVersion())
+        .set(SOURCE_SYSTEM.DATA, mapToJSONB(tombstoneSourceSystem))
+        .where(SOURCE_SYSTEM.ID.eq(removeProxy(tombstoneSourceSystem.getId())))
         .execute();
   }