Restrict visibility of Component, Release, and Project on the new frontend

[shi9qiu]

As SW360 gradually moves to the new frontend, we are facing such an issue:

User can set the visibility of projects. While user can also set the visibility of components and releases by enabling the visibility restriction function by setting the configuration file. However, it doesn't work on the new frontend for now. So we need to make this setting function effective in the new frontend as well.

To achieve this, I will modify some APIs. These APIs are mainly related to fetching data for projects, components, and releases from the backend (GET method). When users request inaccessible data, filter or mask operations will be performed to restrict the visibility.

Later, I will share which APIs will be involved and what modifications we will make to each API.

[shi9qiu]

@KoukiHama

[EttingerK]

Please ensure, that the restriction of visibility is configurable. We do not want to restrict any visibility of components and releases. Even with projects we are discussing, if that should be used in the future.

[shi9qiu]

@EttingerK Thank you for the comments. Yes, the restriction of the visibility for components and releases will be configurable as before.

[shi9qiu]

@KoukiHama @heliocastro @ag4ums @EttingerK

The following endpoints will be modified to restrict the visibility of Components and Releases. Please note that this feature is configurable and these changes will only take effect if the feature is enabled in sw360.properties (component.visibility.restriction.enabled=true).

Component:

Endpoint	Http method	How to deal with inaccessible data	Details
/components	GET	Filter the inaccessible data	Only the accessible components will be included in the response body.
/components/usedBy	GET	Filter the inaccessible data	Only the accessible components will be included in the response body. But use "sw360:restrictedResources" to show the number of restricted resource （Ref：https://github.com/eclipse-sw360/sw360/pull/2107） .
/components/recentComponents	GET	Filter the inaccessible data	Show the list of recent 5 components created bu user.
/components/mySubscriptions	GET	Filter the inaccessible data	Only the accessible components will be included in the response body. But use "sw360:restrictedResources" field to show the number of restricted components.
/components/searchByExternalIds	GET	Filter the inaccessible data	Only the accessible components will be included in the response body. But use "sw360:restrictedResources" field to show the number of restricted components.
/components/{id}	GET	Return 403 Error	If requested component is inaccessible, return 403 Error.
/components/{id}/attachments	GET	Return 403 Error	If requested component is inaccessible, return 403 Error.
/components/{id}/releases	GET	Return 403 Error	If requested component is inaccessible, return 403 Error.
/components/{componentId}/attachments/{attachmentId}	GET	Return 403 Error	If requested component is inaccessible, return 403 Error.
/components/{componentId}/attachments/download	GET	Return 403 Error	If requested component is inaccessible, return 403 Error.
/components/{id}/vulnerabilities	GET	Return 403 Error	If requested component is inaccessible, return 403 Error.

Release:

Endpoint	Http method	How to deal with inaccessible data	Details
/releases	GET	Filter the inaccessible data	Only the accessible releases will be included in the response body.
/releases/usedBy/{id}	GET	Filter the inaccessible data	Only the accessible components will be included in the response body. But use "sw360:restrictedResources" to show the number of restricted resource （Ref：https://github.com/eclipse-sw360/sw360/pull/2107） .
/releases/recentReleases	GET	Filter the inaccessible data	Show the list of recent 5 releases created bu user.
/releases/mySubscriptions	GET	Filter the inaccessible data	Only the accessible releases will be included in the response body. But use "sw360:restrictedResources" field to show the number of restricted releases.
/releases/searchByExternalIds	GET	Filter the inaccessible data	Only the accessible releases will be included in the response body. But use "sw360:restrictedResources" field to show the number of restricted releases.
/releases/{id}	GET	Return 403 Error	If requested release is inaccessible, return 403 Error.
/releases/{id}/vulnerabilities	GET	Return 403 Error	If requested release is inaccessible, return 403 Error.
/releases/{id}/attachments	GET	Return 403 Error	If requested release is inaccessible, return 403 Error.
/releases/{releaseId}/attachments/download	GET	Return 403 Error	If requested release is inaccessible, return 403 Error.
/releases/{releaseId}/attachments/{attachmentId}	GET	Return 403 Error	If requested release is inaccessible, return 403 Error.
/releases/{id}/checkFossologyProcessStatus}	GET	Return 403 Error	If requested release is inaccessible, return 403 Error.
/releases/{id}/triggerFossologyProcess	GET	Return 403 Error	If requested release is inaccessible, return 403 Error.
/releases/{id}/reloadFossologyReport	GET	Return 403 Error	If requested release is inaccessible, return 403 Error.
/releases/{id}/spdxLicensesInfo	GET	Return 403 Error	If requested release is inaccessible, return 403 Error.
/releases/{id}/assessmentSummaryInfo	GET	Return 403 Error	If requested release is inaccessible, return 403 Error.