LabJournalEntryRest xref

View Javadoc
1   package de.dlr.shepard.context.labJournal.endpoints;
2   
3   import de.dlr.shepard.common.exceptions.InvalidHtmlResponse;
4   import de.dlr.shepard.common.util.Constants;
5   import de.dlr.shepard.common.util.HtmlSanitizer;
6   import de.dlr.shepard.context.collection.entities.DataObject;
7   import de.dlr.shepard.context.collection.services.DataObjectService;
8   import de.dlr.shepard.context.labJournal.entities.LabJournalEntry;
9   import de.dlr.shepard.context.labJournal.io.LabJournalEntryIO;
10  import de.dlr.shepard.context.labJournal.services.LabJournalEntryService;
11  import jakarta.enterprise.context.RequestScoped;
12  import jakarta.inject.Inject;
13  import jakarta.validation.Valid;
14  import jakarta.validation.constraints.NotNull;
15  import jakarta.validation.constraints.PositiveOrZero;
16  import jakarta.ws.rs.Consumes;
17  import jakarta.ws.rs.DELETE;
18  import jakarta.ws.rs.GET;
19  import jakarta.ws.rs.POST;
20  import jakarta.ws.rs.PUT;
21  import jakarta.ws.rs.Path;
22  import jakarta.ws.rs.PathParam;
23  import jakarta.ws.rs.Produces;
24  import jakarta.ws.rs.QueryParam;
25  import jakarta.ws.rs.core.Context;
26  import jakarta.ws.rs.core.MediaType;
27  import jakarta.ws.rs.core.Response;
28  import jakarta.ws.rs.core.Response.Status;
29  import jakarta.ws.rs.core.SecurityContext;
30  import java.util.ArrayList;
31  import org.eclipse.microprofile.openapi.annotations.Operation;
32  import org.eclipse.microprofile.openapi.annotations.enums.SchemaType;
33  import org.eclipse.microprofile.openapi.annotations.media.Content;
34  import org.eclipse.microprofile.openapi.annotations.media.Schema;
35  import org.eclipse.microprofile.openapi.annotations.media.SchemaProperty;
36  import org.eclipse.microprofile.openapi.annotations.parameters.Parameter;
37  import org.eclipse.microprofile.openapi.annotations.parameters.RequestBody;
38  import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
39  import org.eclipse.microprofile.openapi.annotations.tags.Tag;
40  
41  //TODO: Much of the functionality of the endpoint functions can be refactored into the LabJournal Service layer
42  
43  @Consumes(MediaType.APPLICATION_JSON)
44  @Path("/" + Constants.LAB_JOURNAL_ENTRIES)
45  @Produces(MediaType.APPLICATION_JSON)
46  @RequestScoped
47  public class LabJournalEntryRest {
48  
49    @Inject
50    LabJournalEntryService labJournalEntryService;
51  
52    @Inject
53    DataObjectService dataObjectService;
54  
55    @Context
56    private SecurityContext securityContext;
57  
58    @GET
59    @Path("/")
60    @Tag(name = Constants.LAB_JOURNAL_ENTRY)
61    @Operation(description = "Get all lab journals in a data object sorted by their creation date (newest first)")
62    @APIResponse(
63      description = "ok",
64      responseCode = "200",
65      content = @Content(schema = @Schema(type = SchemaType.ARRAY, implementation = LabJournalEntryIO.class))
66    )
67    @APIResponse(responseCode = "400", description = "bad request")
68    @APIResponse(responseCode = "401", description = "not authorized")
69    @APIResponse(responseCode = "403", description = "forbidden")
70    @APIResponse(responseCode = "404", description = "not found")
71    @Parameter(name = Constants.DATA_OBJECT_ID, required = true)
72    public Response getLabJournalsByCollection(
73      @QueryParam(Constants.DATA_OBJECT_ID) @NotNull @PositiveOrZero Long dataObjectId
74    ) {
75      DataObject dataObject = dataObjectService.getDataObject(dataObjectId);
76      ArrayList<LabJournalEntryIO> result = new ArrayList<LabJournalEntryIO>();
77      for (var labJournalEntry : labJournalEntryService.getLabJournalEntries(dataObject)) {
78        result.add(new LabJournalEntryIO(labJournalEntry));
79      }
80      return Response.ok(result).build();
81    }
82  
83    @GET
84    @Path("/{" + Constants.LAB_JOURNAL_ENTRY_ID + "}")
85    @Tag(name = Constants.LAB_JOURNAL_ENTRY)
86    @Operation(description = "Get a lab journal")
87    @APIResponse(
88      description = "ok",
89      responseCode = "200",
90      content = @Content(schema = @Schema(implementation = LabJournalEntryIO.class))
91    )
92    @APIResponse(responseCode = "400", description = "bad request")
93    @APIResponse(responseCode = "401", description = "not authorized")
94    @APIResponse(responseCode = "403", description = "forbidden")
95    @APIResponse(responseCode = "404", description = "not found")
96    @Parameter(name = Constants.LAB_JOURNAL_ENTRY_ID, required = true)
97    public Response getLabJournalById(
98      @PathParam(Constants.LAB_JOURNAL_ENTRY_ID) @NotNull @PositiveOrZero Long labJournalEntryId
99    ) {
100     LabJournalEntry labJournalEntry = labJournalEntryService.getLabJournalEntry(labJournalEntryId);
101     return Response.ok(new LabJournalEntryIO(labJournalEntry)).build();
102   }
103 
104   @POST
105   @Path("/")
106   @Tag(name = Constants.LAB_JOURNAL_ENTRY)
107   @Operation(description = "Create a lab journal in a data object")
108   @APIResponse(
109     description = "created",
110     responseCode = "201",
111     content = @Content(schema = @Schema(implementation = LabJournalEntryIO.class))
112   )
113   @APIResponse(
114     description = "bad request",
115     responseCode = "400",
116     content = @Content(schema = @Schema(implementation = InvalidHtmlResponse.class))
117   )
118   @APIResponse(responseCode = "401", description = "not authorized")
119   @APIResponse(responseCode = "403", description = "forbidden")
120   @APIResponse(responseCode = "404", description = "not found")
121   @Parameter(name = Constants.DATA_OBJECT_ID, required = true)
122   public Response createLabJournal(
123     @QueryParam(Constants.DATA_OBJECT_ID) @NotNull @PositiveOrZero Long dataObjectId,
124     @RequestBody(
125       required = true,
126       content = @Content(schema = @Schema(implementation = LabJournalEntryIO.class))
127     ) @Valid LabJournalEntryIO labJournalEntryIO
128   ) {
129     if (!HtmlSanitizer.isSafeHtml(labJournalEntryIO.getJournalContent())) {
130       String sanitizedHtml = HtmlSanitizer.cleanHtmlString(labJournalEntryIO.getJournalContent());
131       return Response.status(Status.BAD_REQUEST)
132         .entity(new InvalidHtmlResponse(labJournalEntryIO.getJournalContent(), sanitizedHtml))
133         .build();
134     }
135 
136     labJournalEntryIO = new LabJournalEntryIO(
137       labJournalEntryService.createLabJournalEntry(dataObjectId, labJournalEntryIO.getJournalContent())
138     );
139     return Response.ok(labJournalEntryIO).status(Status.CREATED).build();
140   }
141 
142   @PUT
143   @Path("/{" + Constants.LAB_JOURNAL_ENTRY_ID + "}")
144   @Tag(name = Constants.LAB_JOURNAL_ENTRY)
145   @Operation(description = "Update a lab journal")
146   @APIResponse(
147     description = "updated",
148     responseCode = "200",
149     content = @Content(schema = @Schema(implementation = LabJournalEntryIO.class))
150   )
151   @APIResponse(
152     description = "bad request",
153     responseCode = "400",
154     content = @Content(schema = @Schema(implementation = InvalidHtmlResponse.class))
155   )
156   @APIResponse(responseCode = "401", description = "not authorized")
157   @APIResponse(responseCode = "403", description = "forbidden")
158   @APIResponse(responseCode = "404", description = "not found")
159   @Parameter(name = Constants.LAB_JOURNAL_ENTRY_ID)
160   public Response updateLabJournal(
161     @PathParam(Constants.LAB_JOURNAL_ENTRY_ID) @NotNull @PositiveOrZero Long labJournalEntryId,
162     @RequestBody(
163       required = true,
164       content = @Content(
165         schema = @Schema(
166           name = "Lab journal content",
167           properties = { @SchemaProperty(name = "journalContent", type = SchemaType.STRING) }
168         )
169       )
170     ) @Valid LabJournalEntryIO labJournalEntryIO
171   ) {
172     LabJournalEntry labJournalEntry = labJournalEntryService.getLabJournalEntry(labJournalEntryId);
173     String userName = securityContext.getUserPrincipal().getName();
174     if (!labJournalEntry.getCreatedBy().getUsername().equals(userName)) return Response.status(
175       Status.FORBIDDEN
176     ).build();
177 
178     if (!HtmlSanitizer.isSafeHtml(labJournalEntryIO.getJournalContent())) {
179       String sanitizedHtml = HtmlSanitizer.cleanHtmlString(labJournalEntryIO.getJournalContent());
180       return Response.status(Status.BAD_REQUEST)
181         .entity(new InvalidHtmlResponse(labJournalEntryIO.getJournalContent(), sanitizedHtml))
182         .build();
183     }
184 
185     labJournalEntry = labJournalEntryService.updateLabJournalEntry(
186       labJournalEntryId,
187       labJournalEntryIO.getJournalContent()
188     );
189     return Response.ok(new LabJournalEntryIO(labJournalEntry)).build();
190   }
191 
192   @DELETE
193   @Path("/{" + Constants.LAB_JOURNAL_ENTRY_ID + "}")
194   @Tag(name = Constants.LAB_JOURNAL_ENTRY)
195   @Operation(description = "Delete a lab journal")
196   @APIResponse(description = "deleted", responseCode = "204")
197   @APIResponse(responseCode = "400", description = "bad request")
198   @APIResponse(responseCode = "401", description = "not authorized")
199   @APIResponse(responseCode = "403", description = "forbidden")
200   @APIResponse(responseCode = "404", description = "not found")
201   @Parameter(name = Constants.LAB_JOURNAL_ENTRY_ID)
202   public Response deleteLabJournal(
203     @PathParam(Constants.LAB_JOURNAL_ENTRY_ID) @NotNull @PositiveOrZero Long labJournalEntryId
204   ) {
205     labJournalEntryService.deleteLabJournalEntry(labJournalEntryId);
206     return Response.status(Status.NO_CONTENT).build();
207   }
208 }