LabJournalEntryRest.java
package de.dlr.shepard.labJournal.endpoints;
import de.dlr.shepard.exceptions.InvalidHtmlResponse;
import de.dlr.shepard.labJournal.entities.LabJournalEntry;
import de.dlr.shepard.labJournal.io.LabJournalEntryIO;
import de.dlr.shepard.labJournal.services.LabJournalEntryService;
import de.dlr.shepard.neo4Core.entities.DataObject;
import de.dlr.shepard.neo4Core.services.DataObjectService;
import de.dlr.shepard.util.Constants;
import de.dlr.shepard.util.HtmlSanitizer;
import jakarta.enterprise.context.RequestScoped;
import jakarta.inject.Inject;
import jakarta.validation.Valid;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DELETE;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.Response.Status;
import jakarta.ws.rs.core.SecurityContext;
import java.util.ArrayList;
import org.eclipse.microprofile.openapi.annotations.Operation;
import org.eclipse.microprofile.openapi.annotations.enums.SchemaType;
import org.eclipse.microprofile.openapi.annotations.media.Content;
import org.eclipse.microprofile.openapi.annotations.media.Schema;
import org.eclipse.microprofile.openapi.annotations.media.SchemaProperty;
import org.eclipse.microprofile.openapi.annotations.parameters.Parameter;
import org.eclipse.microprofile.openapi.annotations.parameters.RequestBody;
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
import org.eclipse.microprofile.openapi.annotations.tags.Tag;
@Consumes(MediaType.APPLICATION_JSON)
@Path("/" + Constants.LAB_JOURNAL_ENTRIES)
@Produces(MediaType.APPLICATION_JSON)
@RequestScoped
public class LabJournalEntryRest {
private LabJournalEntryService labJournalEntryService;
private DataObjectService dataObjectService;
@Context
private SecurityContext securityContext;
@Inject
public LabJournalEntryRest(LabJournalEntryService labJournalEntryService, DataObjectService dataObjectService) {
this.labJournalEntryService = labJournalEntryService;
this.dataObjectService = dataObjectService;
}
@GET
@Path("/")
@Tag(name = Constants.LAB_JOURNAL_ENTRY)
@Operation(description = "Get all lab journals in a data object")
@APIResponse(
description = "ok",
responseCode = "200",
content = @Content(schema = @Schema(type = SchemaType.ARRAY, implementation = LabJournalEntryIO.class))
)
@APIResponse(description = "not found", responseCode = "404")
@Parameter(name = Constants.DATA_OBJECT_ID, required = true)
public Response getLabJournalsByCollection(@QueryParam(Constants.DATA_OBJECT_ID) long dataObjectId) {
DataObject dataObject = dataObjectService.getDataObjectByShepardId(dataObjectId);
ArrayList<LabJournalEntryIO> result = new ArrayList<LabJournalEntryIO>();
for (var labJournalEntry : labJournalEntryService.getLabJournalEntries(dataObject)) {
result.add(new LabJournalEntryIO(labJournalEntry));
}
return Response.ok(result).build();
}
@GET
@Path("/{" + Constants.LAB_JOURNAL_ENTRY_ID + "}")
@Tag(name = Constants.LAB_JOURNAL_ENTRY)
@Operation(description = "Get a lab journal")
@APIResponse(
description = "ok",
responseCode = "200",
content = @Content(schema = @Schema(implementation = LabJournalEntryIO.class))
)
@APIResponse(description = "not found", responseCode = "404")
@Parameter(name = Constants.LAB_JOURNAL_ENTRY_ID)
public Response getLabJournalById(@PathParam(Constants.LAB_JOURNAL_ENTRY_ID) long labJournalEntryId) {
LabJournalEntry labJournalEntry = labJournalEntryService.getLabJournalEntry(labJournalEntryId);
return Response.ok(new LabJournalEntryIO(labJournalEntry)).build();
}
@POST
@Path("/")
@Tag(name = Constants.LAB_JOURNAL_ENTRY)
@Operation(description = "Create a lab journal in a data object")
@APIResponse(
description = "created",
responseCode = "201",
content = @Content(schema = @Schema(implementation = LabJournalEntryIO.class))
)
@APIResponse(description = "not found", responseCode = "404")
@APIResponse(
description = "bad request",
responseCode = "400",
content = @Content(schema = @Schema(implementation = InvalidHtmlResponse.class))
)
@Parameter(name = Constants.DATA_OBJECT_ID)
public Response createLabJournal(
@QueryParam(Constants.DATA_OBJECT_ID) long dataObjectId,
@RequestBody(
required = true,
content = @Content(schema = @Schema(implementation = LabJournalEntryIO.class))
) @Valid LabJournalEntryIO labJournalEntryIO
) {
if (!HtmlSanitizer.isSafeHtml(labJournalEntryIO.getJournalContent())) {
String sanitizedHtml = HtmlSanitizer.cleanHtmlString(labJournalEntryIO.getJournalContent());
return Response.status(Status.BAD_REQUEST)
.entity(new InvalidHtmlResponse(labJournalEntryIO.getJournalContent(), sanitizedHtml))
.build();
}
labJournalEntryIO = new LabJournalEntryIO(
labJournalEntryService.createLabJournalEntry(
dataObjectId,
labJournalEntryIO.getJournalContent(),
securityContext.getUserPrincipal().getName()
)
);
return Response.ok(labJournalEntryIO).status(Status.CREATED).build();
}
@PUT
@Path("/{" + Constants.LAB_JOURNAL_ENTRY_ID + "}")
@Tag(name = Constants.LAB_JOURNAL_ENTRY)
@Operation(description = "Update a lab journal")
@APIResponse(
description = "updated",
responseCode = "200",
content = @Content(schema = @Schema(implementation = LabJournalEntryIO.class))
)
@APIResponse(description = "not found", responseCode = "404")
@APIResponse(
description = "bad request",
responseCode = "400",
content = @Content(schema = @Schema(implementation = InvalidHtmlResponse.class))
)
@Parameter(name = Constants.LAB_JOURNAL_ENTRY_ID)
public Response updateLabJournal(
@PathParam(Constants.LAB_JOURNAL_ENTRY_ID) long labJournalEntryId,
@RequestBody(
required = true,
content = @Content(
schema = @Schema(
name = "Lab journal content",
properties = { @SchemaProperty(name = "journalContent", type = SchemaType.STRING) }
)
)
) @Valid LabJournalEntryIO labJournalEntryIO
) {
if (!HtmlSanitizer.isSafeHtml(labJournalEntryIO.getJournalContent())) {
String sanitizedHtml = HtmlSanitizer.cleanHtmlString(labJournalEntryIO.getJournalContent());
return Response.status(Status.BAD_REQUEST)
.entity(new InvalidHtmlResponse(labJournalEntryIO.getJournalContent(), sanitizedHtml))
.build();
}
LabJournalEntry labJournalEntry = labJournalEntryService.getLabJournalEntry(labJournalEntryId);
String userName = securityContext.getUserPrincipal().getName();
if (!labJournalEntry.getCreatedBy().getUsername().equals(userName)) return Response.status(
Status.FORBIDDEN
).build();
labJournalEntry = labJournalEntryService.updateLabJournalEntry(
labJournalEntryId,
labJournalEntryIO.getJournalContent(),
securityContext.getUserPrincipal().getName()
);
return Response.ok(new LabJournalEntryIO(labJournalEntry)).build();
}
@DELETE
@Path("/{" + Constants.LAB_JOURNAL_ENTRY_ID + "}")
@Tag(name = Constants.LAB_JOURNAL_ENTRY)
@Operation(description = "Delete a lab journal")
@APIResponse(description = "deleted", responseCode = "204")
@APIResponse(description = "not found", responseCode = "404")
@Parameter(name = Constants.LAB_JOURNAL_ENTRY_ID)
public Response deleteLabJournal(@PathParam(Constants.LAB_JOURNAL_ENTRY_ID) long labJournalEntryId) {
labJournalEntryService.deleteLabJournalEntry(labJournalEntryId, securityContext.getUserPrincipal().getName());
return Response.status(Status.NO_CONTENT).build();
}
}