fix(rest): Added a commit message while create a moderation request.

Signed-off-by: Nikesh kumar <[email protected]>
eclipse-sw360 · May 13, 2024 · fcd4263 · fcd4263
1 parent 6d12f46
commit fcd4263
Show file tree

Hide file tree

Showing 2 changed files with 146 additions and 76 deletions.
diff --git a/...er/src/main/java/org/eclipse/sw360/rest/resourceserver/component/ComponentController.java b/...er/src/main/java/org/eclipse/sw360/rest/resourceserver/component/ComponentController.java
@@ -41,6 +41,7 @@
 import org.eclipse.sw360.datahandler.thrift.components.Release;
 import org.eclipse.sw360.datahandler.thrift.components.ReleaseLink;
 import org.eclipse.sw360.datahandler.thrift.projects.Project;
+import org.eclipse.sw360.datahandler.thrift.users.RequestedAction;
 import org.eclipse.sw360.datahandler.thrift.users.User;
 import org.eclipse.sw360.datahandler.thrift.vendors.Vendor;
 import org.eclipse.sw360.datahandler.thrift.vulnerabilities.VulnerabilityDTO;
@@ -94,6 +95,7 @@
 import java.util.function.Consumer;
 import java.util.stream.Collectors;
 
+import static org.eclipse.sw360.datahandler.permissions.PermissionUtils.makePermission;
 import static org.springframework.hateoas.server.mvc.WebMvcLinkBuilder.linkTo;
 
 @BasePathAwareController
@@ -106,6 +108,8 @@ public class ComponentController implements RepresentationModelProcessor<Reposit
     private static final Logger log = LogManager.getLogger(ComponentController.class);
     private static final ImmutableMap<String, String> RESPONSE_BODY_FOR_MODERATION_REQUEST = ImmutableMap.<String, String>builder()
             .put("message", "Moderation request is created").build();
+    private static final ImmutableMap<String, String> RESPONSE_BODY_FOR_MODERATION_REQUEST_WITH_COMMIT = ImmutableMap.<String, String>builder()
+            .put("message", "Unauthorized user or empty commit message passed.").build();
 
     @NonNull
     private final Sw360ComponentService componentService;
@@ -360,27 +364,37 @@ public ResponseEntity<EntityModel<Component>> patchComponent(
             @Parameter(description = "The id of the component to be updated.")
             @PathVariable("id") String id,
             @Parameter(description = "The component with updated fields.")
-            @RequestBody ComponentDTO updateComponentDto
+            @RequestBody ComponentDTO updateComponentDto,
+            @RequestParam(value = "comment", required = false) String comment
     ) throws TException {
         User user = restControllerHelper.getSw360UserFromAuthentication();
         Component sw360Component = componentService.getComponentForUserById(id, user);
         sw360Component = this.restControllerHelper.updateComponent(sw360Component, updateComponentDto);
+        user.setCommentMadeDuringModerationRequest(comment);
         Set<AttachmentDTO> attachmentDTOS = updateComponentDto.getAttachmentDTOs();
         if (!CommonUtils.isNullOrEmptyCollection(attachmentDTOS)) {
             Set<Attachment> attachments = new HashSet<>();
-            for (AttachmentDTO attachmentDTO: attachmentDTOS) {
+            for (AttachmentDTO attachmentDTO : attachmentDTOS) {
                 attachments.add(restControllerHelper.convertToAttachment(attachmentDTO, user));
             }
             sw360Component.setAttachments(attachments);
         } else {
             sw360Component.setAttachments(null);
         }
-        RequestStatus updateComponentStatus = componentService.updateComponent(sw360Component, user);
-        HalResource<Component> userHalResource = createHalComponent(sw360Component, user);
-        if (updateComponentStatus == RequestStatus.SENT_TO_MODERATOR) {
-            return new ResponseEntity(RESPONSE_BODY_FOR_MODERATION_REQUEST, HttpStatus.ACCEPTED);
+        if (!isWriteActionAllowedOnComponent(sw360Component, user) && comment == null) {
+            return new ResponseEntity(RESPONSE_BODY_FOR_MODERATION_REQUEST_WITH_COMMIT, HttpStatus.FORBIDDEN);
+        } else {
+            RequestStatus updateComponentStatus = componentService.updateComponent(sw360Component, user);
+            HalResource<Component> userHalResource = createHalComponent(sw360Component, user);
+            if (updateComponentStatus == RequestStatus.SENT_TO_MODERATOR) {
+                return new ResponseEntity(RESPONSE_BODY_FOR_MODERATION_REQUEST, HttpStatus.ACCEPTED);
+            }
+            return new ResponseEntity<>(userHalResource, HttpStatus.OK);
         }
-        return new ResponseEntity<>(userHalResource, HttpStatus.OK);
+    }
+
+    private boolean isWriteActionAllowedOnComponent(Component component, User user) {
+        return makePermission(component, user).isActionAllowed(RequestedAction.WRITE);
     }
 
     @PreAuthorize("hasAuthority('WRITE')")
@@ -500,18 +514,26 @@ public ResponseEntity<EntityModel<Attachment>> patchComponentAttachmentInfo(
             @Parameter(description = "The id of the attachment.")
             @PathVariable("attachmentId") String attachmentId,
             @Parameter(description = "The attachment info to be updated.")
-            @RequestBody Attachment attachmentData
+            @RequestBody Attachment attachmentData,
+            @RequestParam(value = "comment", required = false) String comment
+
     ) throws TException {
         final User sw360User = restControllerHelper.getSw360UserFromAuthentication();
         final Component sw360Component = componentService.getComponentForUserById(id, sw360User);
         Set<Attachment> attachments = sw360Component.getAttachments();
-        Attachment updatedAttachment = attachmentService.updateAttachment(attachments, attachmentData, attachmentId, sw360User);
+        sw360User.setCommentMadeDuringModerationRequest(comment);
+        Attachment updatedAttachment = attachmentService.updateAttachment(attachments, attachmentData, attachmentId,
+                sw360User);
         RequestStatus updateComponentStatus = componentService.updateComponent(sw360Component, sw360User);
-        if (updateComponentStatus == RequestStatus.SENT_TO_MODERATOR) {
-            return new ResponseEntity(RESPONSE_BODY_FOR_MODERATION_REQUEST, HttpStatus.ACCEPTED);
+        if (!isWriteActionAllowedOnComponent(sw360Component, sw360User) && comment == null) {
+            return new ResponseEntity(RESPONSE_BODY_FOR_MODERATION_REQUEST_WITH_COMMIT, HttpStatus.FORBIDDEN);
+        } else {
+            if (updateComponentStatus == RequestStatus.SENT_TO_MODERATOR) {
+                return new ResponseEntity(RESPONSE_BODY_FOR_MODERATION_REQUEST, HttpStatus.ACCEPTED);
+            }
+            EntityModel<Attachment> attachmentResource = EntityModel.of(updatedAttachment);
+            return new ResponseEntity<>(attachmentResource, HttpStatus.OK);
         }
-        EntityModel<Attachment> attachmentResource = EntityModel.of(updatedAttachment);
-        return new ResponseEntity<>(attachmentResource, HttpStatus.OK);
     }
 
     @Operation(

diff --git a/...server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/ProjectController.java b/...server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/ProjectController.java
@@ -156,6 +156,7 @@
 
 import static org.eclipse.sw360.datahandler.common.CommonUtils.wrapThriftOptionalReplacement;
 import static org.eclipse.sw360.datahandler.common.WrappedException.wrapTException;
+import static org.eclipse.sw360.datahandler.permissions.PermissionUtils.makePermission;
 import static org.eclipse.sw360.rest.resourceserver.Sw360ResourceServer.REPORT_FILENAME_MAPPING;
 import static org.springframework.hateoas.server.mvc.WebMvcLinkBuilder.linkTo;
 
@@ -183,6 +184,8 @@ public class ProjectController implements RepresentationModelProcessor<Repositor
             .put(Project._Fields.RELEASE_RELATION_NETWORK, "dependencyNetwork").build();
     private static final ImmutableMap<String, String> RESPONSE_BODY_FOR_MODERATION_REQUEST = ImmutableMap.<String, String>builder()
             .put("message", "Moderation request is created").build();
+    private static final ImmutableMap<String, String> RESPONSE_BODY_FOR_MODERATION_REQUEST_WITH_COMMIT = ImmutableMap.<String, String>builder()
+            .put("message", "Unauthorized user or empty commit message passed.").build();
     private static final List<String> enumReleaseRelationshipValues = Stream.of(ReleaseRelationship.values())
             .map(ReleaseRelationship::name)
             .collect(Collectors.toList());
@@ -659,7 +662,8 @@ public ResponseEntity linkToProjects(
                             // TODO: Add example for MAP value
                     }
             )
-            @RequestBody List<String> projectIdsInRequestBody
+            @RequestBody List<String> projectIdsInRequestBody,
+            @RequestParam(value = "comment", required = false) String comment
     ) throws URISyntaxException, TException {
 
     User sw360User = restControllerHelper.getSw360UserFromAuthentication();
@@ -674,32 +678,39 @@ public ResponseEntity linkToProjects(
 
     try {
 
-        for(String projId: projectIdsInRequestBody) {
-            Project proj = projectService.getProjectForUserById(projId, sw360User);
-            Map<String, ProjectProjectRelationship> linkedProject= proj.getLinkedProjects();
+		for (String projId : projectIdsInRequestBody) {
+			Project proj = projectService.getProjectForUserById(projId, sw360User);
+			sw360User.setCommentMadeDuringModerationRequest(comment);
+			if (!isWriteActionAllowedOnProject(proj, sw360User) && comment == null) {
+				return new ResponseEntity(RESPONSE_BODY_FOR_MODERATION_REQUEST_WITH_COMMIT, HttpStatus.ACCEPTED);
 
-            if (proj.getLinkedProjects().keySet().contains(id)) {
-                alreadyLinkedIds.add(projId);
-                continue;
-            }
+			} else {
+				Map<String, ProjectProjectRelationship> linkedProject = proj.getLinkedProjects();
 
-            linkedProject.put(id, new ProjectProjectRelationship(ProjectRelationship.CONTAINED).setEnableSvm(sourceProj.isEnableSvm()));
-            proj.setLinkedProjects(linkedProject);
-            String cyclicLinkedProjectPath = projectService.getCyclicLinkedProjectPath(proj, sw360User);
-            if (!CommonUtils.isNullEmptyOrWhitespace(cyclicLinkedProjectPath)) {
-                idsWithCyclicPath.add(cyclicLinkedProjectPath);
-                continue;
-            }
+				if (proj.getLinkedProjects().keySet().contains(id)) {
+					alreadyLinkedIds.add(projId);
+					continue;
+				}
 
-            RequestStatus updatedstatus = projectService.updateProject(proj, sw360User);
-            if (updatedstatus == RequestStatus.SUCCESS) {
-                linkedProjectIds.add(projId);
-            }
+				linkedProject.put(id, new ProjectProjectRelationship(ProjectRelationship.CONTAINED)
+						.setEnableSvm(sourceProj.isEnableSvm()));
+				proj.setLinkedProjects(linkedProject);
+				String cyclicLinkedProjectPath = projectService.getCyclicLinkedProjectPath(proj, sw360User);
+				if (!CommonUtils.isNullEmptyOrWhitespace(cyclicLinkedProjectPath)) {
+					idsWithCyclicPath.add(cyclicLinkedProjectPath);
+					continue;
+				}
 
-            if (updatedstatus == RequestStatus.SENT_TO_MODERATOR) {
-                idsSentToModerator.add(projId);
-            }
-        }
+				RequestStatus updatedstatus = projectService.updateProject(proj, sw360User);
+				if (updatedstatus == RequestStatus.SUCCESS) {
+					linkedProjectIds.add(projId);
+				}
+
+				if (updatedstatus == RequestStatus.SENT_TO_MODERATOR) {
+					idsSentToModerator.add(projId);
+				}
+			}
+		}
 
         if (!alreadyLinkedIds.isEmpty()) {
             responseMap.put("Message regarding already linked project(s)", "Project ids are: " + alreadyLinkedIds);
@@ -735,6 +746,10 @@ public ResponseEntity linkToProjects(
     return new ResponseEntity<>(responseResource, status);
     }
 
+    private boolean isWriteActionAllowedOnProject(Project project, User user) {
+        return makePermission(project, user).isActionAllowed(RequestedAction.WRITE);
+    }
+
     @PreAuthorize("hasAuthority('WRITE')")
     @Operation(
             summary = "Append new releases to existing releases in a project.",
@@ -752,14 +767,22 @@ public ResponseEntity patchReleases(
                             // TODO: Add example for MAP value
                     }
             )
-            @RequestBody Object releaseURIs
-    ) throws URISyntaxException, TException {
-        RequestStatus patchReleasesStatus = addOrPatchReleasesToProject(id, releaseURIs, true);
-        if (patchReleasesStatus == RequestStatus.SENT_TO_MODERATOR) {
-            return new ResponseEntity<>(RESPONSE_BODY_FOR_MODERATION_REQUEST, HttpStatus.ACCEPTED);
-        }
-        return new ResponseEntity<>(HttpStatus.CREATED);
-    }
+            @RequestBody Object releaseURIs,
+            @RequestParam(value = "comment", required = false) String comment
+	) throws URISyntaxException, TException {
+		final User sw360User = restControllerHelper.getSw360UserFromAuthentication();
+		Project project = projectService.getProjectForUserById(id, sw360User);
+		sw360User.setCommentMadeDuringModerationRequest(comment);
+		if (!isWriteActionAllowedOnProject(project, sw360User) && comment == null) {
+			return new ResponseEntity(RESPONSE_BODY_FOR_MODERATION_REQUEST_WITH_COMMIT, HttpStatus.ACCEPTED);
+		} else {
+			RequestStatus patchReleasesStatus = addOrPatchReleasesToProject(id, releaseURIs, true);
+			if (patchReleasesStatus == RequestStatus.SENT_TO_MODERATOR) {
+				return new ResponseEntity<>(RESPONSE_BODY_FOR_MODERATION_REQUEST, HttpStatus.ACCEPTED);
+			}
+			return new ResponseEntity<>(HttpStatus.CREATED);
+		}
+	}
 
     @PreAuthorize("hasAuthority('WRITE')")
     @Operation(
@@ -778,17 +801,25 @@ public ResponseEntity<?> linkPackages(
             @Parameter(description = "Set of package IDs to be linked.",
                     example = "[\"3765276512\",\"5578999\",\"3765276513\"]"
             )
-            @RequestBody Set<String> packagesInRequestBody
-    ) throws URISyntaxException, TException {
-        if(!packageService.validatePackageIds(packagesInRequestBody)){
-            return new ResponseEntity<>("Package ID invalid! ", HttpStatus.NOT_FOUND);
-        }
-        RequestStatus linkPackageStatus = linkOrUnlinkPackages(id, packagesInRequestBody, true);
-        if (linkPackageStatus == RequestStatus.SENT_TO_MODERATOR) {
-            return new ResponseEntity<>(RESPONSE_BODY_FOR_MODERATION_REQUEST, HttpStatus.ACCEPTED);
-        }
-        return new ResponseEntity<>(HttpStatus.CREATED);
-    }
+            @RequestBody Set<String> packagesInRequestBody,
+            @RequestParam(value = "comment", required = false) String comment
+	) throws URISyntaxException, TException {
+		if (!packageService.validatePackageIds(packagesInRequestBody)) {
+			return new ResponseEntity<>("Package ID invalid! ", HttpStatus.NOT_FOUND);
+		}
+		final User sw360User = restControllerHelper.getSw360UserFromAuthentication();
+		Project project = projectService.getProjectForUserById(id, sw360User);
+		sw360User.setCommentMadeDuringModerationRequest(comment);
+		if (!isWriteActionAllowedOnProject(project, sw360User) && comment == null) {
+			return new ResponseEntity(RESPONSE_BODY_FOR_MODERATION_REQUEST_WITH_COMMIT, HttpStatus.ACCEPTED);
+		} else {
+			RequestStatus linkPackageStatus = linkOrUnlinkPackages(id, packagesInRequestBody, true);
+			if (linkPackageStatus == RequestStatus.SENT_TO_MODERATOR) {
+				return new ResponseEntity<>(RESPONSE_BODY_FOR_MODERATION_REQUEST, HttpStatus.ACCEPTED);
+			}
+			return new ResponseEntity<>(HttpStatus.CREATED);
+		}
+	}
 
     @PreAuthorize("hasAuthority('WRITE')")
     @Operation(
@@ -807,17 +838,25 @@ public ResponseEntity<?> patchPackages(
             @Parameter(description = "Set of package IDs to be linked.",
                     example = "[\"3765276512\",\"5578999\",\"3765276513\"]"
             )
-            @RequestBody Set<String> packagesInRequestBody
-    ) throws URISyntaxException, TException {
-        if(!packageService.validatePackageIds(packagesInRequestBody)){
-            return new ResponseEntity<>("Package ID invalid! ", HttpStatus.NOT_FOUND);
-        }
-        RequestStatus patchPackageStatus = linkOrUnlinkPackages(id, packagesInRequestBody, false);
-        if (patchPackageStatus == RequestStatus.SENT_TO_MODERATOR) {
-            return new ResponseEntity<>(RESPONSE_BODY_FOR_MODERATION_REQUEST, HttpStatus.ACCEPTED);
-        }
-        return new ResponseEntity<>(HttpStatus.CREATED);
-    }
+            @RequestBody Set<String> packagesInRequestBody,
+            @RequestParam(value = "comment", required = false) String comment
+	) throws URISyntaxException, TException {
+		if (!packageService.validatePackageIds(packagesInRequestBody)) {
+			return new ResponseEntity<>("Package ID invalid! ", HttpStatus.NOT_FOUND);
+		}
+		final User sw360User = restControllerHelper.getSw360UserFromAuthentication();
+		Project project = projectService.getProjectForUserById(id, sw360User);
+		sw360User.setCommentMadeDuringModerationRequest(comment);
+		if (!isWriteActionAllowedOnProject(project, sw360User) && comment == null) {
+			return new ResponseEntity(RESPONSE_BODY_FOR_MODERATION_REQUEST_WITH_COMMIT, HttpStatus.ACCEPTED);
+		} else {
+			RequestStatus patchPackageStatus = linkOrUnlinkPackages(id, packagesInRequestBody, false);
+			if (patchPackageStatus == RequestStatus.SENT_TO_MODERATOR) {
+				return new ResponseEntity<>(RESPONSE_BODY_FOR_MODERATION_REQUEST, HttpStatus.ACCEPTED);
+			}
+			return new ResponseEntity<>(HttpStatus.CREATED);
+		}
+	}
 
     @Operation(
             description = "Get releases of a single project.",
@@ -1414,17 +1453,26 @@ public ResponseEntity<EntityModel<Project>> patchProject(
         Project sw360Project = projectService.getProjectForUserById(id, user);
         Project updateProject = convertToProject(reqBodyMap);
         updateProject.unsetReleaseRelationNetwork();
-        sw360Project = this.restControllerHelper.updateProject(sw360Project, updateProject, reqBodyMap, mapOfProjectFieldsToRequestBody);
-        if (SW360Constants.ENABLE_FLEXIBLE_PROJECT_RELEASE_RELATIONSHIP && updateProject.getReleaseIdToUsage() != null) {
-            sw360Project.unsetReleaseRelationNetwork();
-            projectService.syncReleaseRelationNetworkAndReleaseIdToUsage(sw360Project, user);
-        }
-        RequestStatus updateProjectStatus = projectService.updateProject(sw360Project, user);
-        HalResource<Project> userHalResource = createHalProject(sw360Project, user);
-        if (updateProjectStatus == RequestStatus.SENT_TO_MODERATOR) {
-            return new ResponseEntity(RESPONSE_BODY_FOR_MODERATION_REQUEST, HttpStatus.ACCEPTED);
+        String comment = (String) reqBodyMap.get("comment");
+        user.setCommentMadeDuringModerationRequest(comment);
+
+        if (isWriteActionAllowedOnProject(updateProject, user) && comment == null) {
+            return new ResponseEntity(RESPONSE_BODY_FOR_MODERATION_REQUEST_WITH_COMMIT, HttpStatus.ACCEPTED);
+        } else {
+            sw360Project = this.restControllerHelper.updateProject(sw360Project, updateProject, reqBodyMap,
+                    mapOfProjectFieldsToRequestBody);
+            if (SW360Constants.ENABLE_FLEXIBLE_PROJECT_RELEASE_RELATIONSHIP
+                    && updateProject.getReleaseIdToUsage() != null) {
+                sw360Project.unsetReleaseRelationNetwork();
+                projectService.syncReleaseRelationNetworkAndReleaseIdToUsage(sw360Project, user);
+            }
+            RequestStatus updateProjectStatus = projectService.updateProject(sw360Project, user);
+            HalResource<Project> userHalResource = createHalProject(sw360Project, user);
+            if (updateProjectStatus == RequestStatus.SENT_TO_MODERATOR) {
+                return new ResponseEntity(RESPONSE_BODY_FOR_MODERATION_REQUEST, HttpStatus.ACCEPTED);
+            }
+            return new ResponseEntity<>(userHalResource, HttpStatus.OK);
         }
-        return new ResponseEntity<>(userHalResource, HttpStatus.OK);
     }
 
     @Operation(