LabJournalEntryRest xref

View Javadoc
1   package de.dlr.shepard.context.labJournal.endpoints;
2   
3   import de.dlr.shepard.common.exceptions.InvalidHtmlResponse;
4   import de.dlr.shepard.common.util.Constants;
5   import de.dlr.shepard.common.util.HtmlSanitizer;
6   import de.dlr.shepard.context.collection.entities.DataObject;
7   import de.dlr.shepard.context.collection.services.DataObjectService;
8   import de.dlr.shepard.context.labJournal.entities.LabJournalEntry;
9   import de.dlr.shepard.context.labJournal.io.LabJournalEntryIO;
10  import de.dlr.shepard.context.labJournal.services.LabJournalEntryService;
11  import jakarta.enterprise.context.RequestScoped;
12  import jakarta.inject.Inject;
13  import jakarta.validation.Valid;
14  import jakarta.validation.constraints.NotNull;
15  import jakarta.validation.constraints.PositiveOrZero;
16  import jakarta.ws.rs.Consumes;
17  import jakarta.ws.rs.DELETE;
18  import jakarta.ws.rs.GET;
19  import jakarta.ws.rs.POST;
20  import jakarta.ws.rs.PUT;
21  import jakarta.ws.rs.Path;
22  import jakarta.ws.rs.PathParam;
23  import jakarta.ws.rs.Produces;
24  import jakarta.ws.rs.QueryParam;
25  import jakarta.ws.rs.core.Context;
26  import jakarta.ws.rs.core.MediaType;
27  import jakarta.ws.rs.core.Response;
28  import jakarta.ws.rs.core.Response.Status;
29  import jakarta.ws.rs.core.SecurityContext;
30  import java.util.ArrayList;
31  import org.eclipse.microprofile.openapi.annotations.Operation;
32  import org.eclipse.microprofile.openapi.annotations.enums.SchemaType;
33  import org.eclipse.microprofile.openapi.annotations.media.Content;
34  import org.eclipse.microprofile.openapi.annotations.media.Schema;
35  import org.eclipse.microprofile.openapi.annotations.media.SchemaProperty;
36  import org.eclipse.microprofile.openapi.annotations.parameters.Parameter;
37  import org.eclipse.microprofile.openapi.annotations.parameters.RequestBody;
38  import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
39  import org.eclipse.microprofile.openapi.annotations.tags.Tag;
40  
41  //TODO: Much of the functionality of the endpoint functions can be refactored into the LabJournal Service layer
42  
43  @Consumes(MediaType.APPLICATION_JSON)
44  @Path("/" + Constants.LAB_JOURNAL_ENTRIES)
45  @Produces(MediaType.APPLICATION_JSON)
46  @RequestScoped
47  public class LabJournalEntryRest {
48  
49    @Inject
50    LabJournalEntryService labJournalEntryService;
51  
52    @Inject
53    DataObjectService dataObjectService;
54  
55    @Context
56    private SecurityContext securityContext;
57  
58    @GET
59    @Path("/")
60    @Tag(name = Constants.LAB_JOURNAL_ENTRY)
61    @Operation(description = "Get all lab journals in a data object sorted by their creation date (newest first)")
62    @APIResponse(
63      description = "ok",
64      responseCode = "200",
65      content = @Content(schema = @Schema(type = SchemaType.ARRAY, implementation = LabJournalEntryIO.class))
66    )
67    @APIResponse(responseCode = "400", description = "bad request")
68    @APIResponse(responseCode = "401", description = "not authorized")
69    @APIResponse(responseCode = "403", description = "forbidden")
70    @APIResponse(responseCode = "404", description = "not found")
71    @Parameter(name = Constants.DATA_OBJECT_ID, required = true)
72    public Response getLabJournalsByCollection(
73      @QueryParam(Constants.DATA_OBJECT_ID) @NotNull @PositiveOrZero Long dataObjectId
74    ) {
75      DataObject dataObject = dataObjectService.getDataObject(dataObjectId);
76      ArrayList<LabJournalEntryIO> result = new ArrayList<LabJournalEntryIO>();
77      for (var labJournalEntry : labJournalEntryService.getLabJournalEntries(dataObject)) {
78        result.add(new LabJournalEntryIO(labJournalEntry));
79      }
80      return Response.ok(result).build();
81    }
82  
83    @GET
84    @Path("/{" + Constants.LAB_JOURNAL_ENTRY_ID + "}")
85    @Tag(name = Constants.LAB_JOURNAL_ENTRY)
86    @Operation(description = "Get a lab journal")
87    @APIResponse(
88      description = "ok",
89      responseCode = "200",
90      content = @Content(schema = @Schema(implementation = LabJournalEntryIO.class))
91    )
92    @APIResponse(responseCode = "400", description = "bad request")
93    @APIResponse(responseCode = "401", description = "not authorized")
94    @APIResponse(responseCode = "403", description = "forbidden")
95    @APIResponse(responseCode = "404", description = "not found")
96    @Parameter(name = Constants.LAB_JOURNAL_ENTRY_ID, required = true)
97    public Response getLabJournalById(
98      @PathParam(Constants.LAB_JOURNAL_ENTRY_ID) @NotNull @PositiveOrZero Long labJournalEntryId
99    ) {
100     LabJournalEntry labJournalEntry = labJournalEntryService.getLabJournalEntry(labJournalEntryId);
101     return Response.ok(new LabJournalEntryIO(labJournalEntry)).build();
102   }
103 
104   @POST
105   @Path("/")
106   @Tag(name = Constants.LAB_JOURNAL_ENTRY)
107   @Operation(description = "Create a lab journal in a data object")
108   @APIResponse(
109     description = "created",
110     responseCode = "201",
111     content = @Content(schema = @Schema(implementation = LabJournalEntryIO.class))
112   )
113   @APIResponse(description = "not found", responseCode = "404")
114   @APIResponse(
115     description = "bad request",
116     responseCode = "400",
117     content = @Content(schema = @Schema(implementation = InvalidHtmlResponse.class))
118   )
119   @APIResponse(responseCode = "401", description = "not authorized")
120   @APIResponse(responseCode = "403", description = "forbidden")
121   @APIResponse(responseCode = "404", description = "not found")
122   @Parameter(name = Constants.DATA_OBJECT_ID, required = true)
123   public Response createLabJournal(
124     @QueryParam(Constants.DATA_OBJECT_ID) @NotNull @PositiveOrZero Long dataObjectId,
125     @RequestBody(
126       required = true,
127       content = @Content(schema = @Schema(implementation = LabJournalEntryIO.class))
128     ) @Valid LabJournalEntryIO labJournalEntryIO
129   ) {
130     if (!HtmlSanitizer.isSafeHtml(labJournalEntryIO.getJournalContent())) {
131       String sanitizedHtml = HtmlSanitizer.cleanHtmlString(labJournalEntryIO.getJournalContent());
132       return Response.status(Status.BAD_REQUEST)
133         .entity(new InvalidHtmlResponse(labJournalEntryIO.getJournalContent(), sanitizedHtml))
134         .build();
135     }
136 
137     labJournalEntryIO = new LabJournalEntryIO(
138       labJournalEntryService.createLabJournalEntry(dataObjectId, labJournalEntryIO.getJournalContent())
139     );
140     return Response.ok(labJournalEntryIO).status(Status.CREATED).build();
141   }
142 
143   @PUT
144   @Path("/{" + Constants.LAB_JOURNAL_ENTRY_ID + "}")
145   @Tag(name = Constants.LAB_JOURNAL_ENTRY)
146   @Operation(description = "Update a lab journal")
147   @APIResponse(
148     description = "updated",
149     responseCode = "200",
150     content = @Content(schema = @Schema(implementation = LabJournalEntryIO.class))
151   )
152   @APIResponse(description = "not found", responseCode = "404")
153   @APIResponse(
154     description = "bad request",
155     responseCode = "400",
156     content = @Content(schema = @Schema(implementation = InvalidHtmlResponse.class))
157   )
158   @APIResponse(responseCode = "401", description = "not authorized")
159   @APIResponse(responseCode = "403", description = "forbidden")
160   @APIResponse(responseCode = "404", description = "not found")
161   @Parameter(name = Constants.LAB_JOURNAL_ENTRY_ID)
162   public Response updateLabJournal(
163     @PathParam(Constants.LAB_JOURNAL_ENTRY_ID) @NotNull @PositiveOrZero Long labJournalEntryId,
164     @RequestBody(
165       required = true,
166       content = @Content(
167         schema = @Schema(
168           name = "Lab journal content",
169           properties = { @SchemaProperty(name = "journalContent", type = SchemaType.STRING) }
170         )
171       )
172     ) @Valid LabJournalEntryIO labJournalEntryIO
173   ) {
174     LabJournalEntry labJournalEntry = labJournalEntryService.getLabJournalEntry(labJournalEntryId);
175     String userName = securityContext.getUserPrincipal().getName();
176     if (!labJournalEntry.getCreatedBy().getUsername().equals(userName)) return Response.status(
177       Status.FORBIDDEN
178     ).build();
179 
180     if (!HtmlSanitizer.isSafeHtml(labJournalEntryIO.getJournalContent())) {
181       String sanitizedHtml = HtmlSanitizer.cleanHtmlString(labJournalEntryIO.getJournalContent());
182       return Response.status(Status.BAD_REQUEST)
183         .entity(new InvalidHtmlResponse(labJournalEntryIO.getJournalContent(), sanitizedHtml))
184         .build();
185     }
186 
187     labJournalEntry = labJournalEntryService.updateLabJournalEntry(
188       labJournalEntryId,
189       labJournalEntryIO.getJournalContent()
190     );
191     return Response.ok(new LabJournalEntryIO(labJournalEntry)).build();
192   }
193 
194   @DELETE
195   @Path("/{" + Constants.LAB_JOURNAL_ENTRY_ID + "}")
196   @Tag(name = Constants.LAB_JOURNAL_ENTRY)
197   @Operation(description = "Delete a lab journal")
198   @APIResponse(description = "deleted", responseCode = "204")
199   @APIResponse(responseCode = "400", description = "bad request")
200   @APIResponse(responseCode = "401", description = "not authorized")
201   @APIResponse(responseCode = "403", description = "forbidden")
202   @APIResponse(responseCode = "404", description = "not found")
203   @Parameter(name = Constants.LAB_JOURNAL_ENTRY_ID)
204   public Response deleteLabJournal(
205     @PathParam(Constants.LAB_JOURNAL_ENTRY_ID) @NotNull @PositiveOrZero Long labJournalEntryId
206   ) {
207     labJournalEntryService.deleteLabJournalEntry(labJournalEntryId);
208     return Response.status(Status.NO_CONTENT).build();
209   }
210 }