Skip to content

Commit

Permalink
Merge branch 'dev' into feature/#785
Browse files Browse the repository at this point in the history
  • Loading branch information
schoicsiro authored Oct 9, 2023
2 parents 1a3c819 + 56e4762 commit d53804b
Show file tree
Hide file tree
Showing 9 changed files with 105 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,9 @@ profileEditor.controller('CommentController', function (profileService, util, co
}
comment.children.push(data);
} else {
if (!Array.isArray(self.comments)) {
self.comments = [];
}
self.comments.push(data);
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -80,10 +80,24 @@ profileEditor.controller('UserAccessController', function (messageService, util,
});
};

self.privateModeChanged = function() {
self.privateModeChanged = function(form, isOptionChanged) {
if (self.opus.privateCollection) {
self.roles.push(userRole);
} else {
if (isOptionChanged) {
var hasRole_USER = self.users.find(it => it.role === 'ROLE_USER')
if (hasRole_USER) {
self.users = self.users.filter(it => it.role !== 'ROLE_USER')
var data = {privateCollection: self.opus.privateCollection, authorities: self.users};
var promise = profileService.updateUsers(self.opusId, data);
promise.then(function () {
form.$setPristine();
messageService.success("User access has been successfully updated.");
}, function () {
messageService.alert("An error has occurred while updating user access.");
});
}
}
self.roles.splice(4, 1)
}
};
Expand Down
39 changes: 39 additions & 0 deletions grails-app/controllers/au/org/ala/profile/api/ApiController.groovy
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import au.ala.org.ws.security.RequireApiKey
import au.org.ala.profile.hub.BaseController
import au.org.ala.profile.hub.MapService
import au.org.ala.profile.hub.ProfileService
import au.org.ala.profile.security.GrantAccess
import au.org.ala.profile.security.RequiresAccessToken
import grails.converters.JSON

Expand All @@ -24,6 +25,7 @@ import au.org.ala.plugins.openapi.Path
type = SecuritySchemeType.HTTP,
scheme = "bearer"
)

@RequireApiKey()
class ApiController extends BaseController {
static namespace = "v1"
Expand Down Expand Up @@ -106,6 +108,43 @@ class ApiController extends BaseController {
}
}

@GrantAccess
@Path("/api/opus")
@Operation(
summary = "Get all public collections",
operationId = "/api/opus",
method = "GET",
responses = [
@ApiResponse(
responseCode = "200",
content = @Content(
mediaType = "application/json",
array = @ArraySchema(
schema = @Schema(
implementation = CollectionList.class
)
)
)
),
@ApiResponse(responseCode = "400",
description = "opusId is a required parameter"),
@ApiResponse(responseCode = "403",
description = "You do not have the necessary permissions to perform this action."),
@ApiResponse(responseCode = "405",
description = "An unexpected error has occurred while processing your request."),
@ApiResponse(responseCode = "404",
description = "Collection not found"),
@ApiResponse(responseCode = "500",
description = "An unexpected error has occurred while processing your request.")
]
)
def getListCollections () {
List opus = profileService.getOpus() as List
List filtered = opus.findAll(it-> !it.privateCollection)
.collect{new CollectionList(uuid: it.uuid, shortName:it.shortName, title:it.title, thumbnailUrl:it.thumbnailUrl, description:it.description)}
render filtered as JSON
}

@Path("/api/opus/{opusId}/profile")
@Operation(
summary = "List profiles in a collection",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package au.org.ala.profile.api

import au.org.ala.profile.hub.ProfileService
import au.org.ala.profile.security.RequiresAccessToken
import au.org.ala.profile.security.GrantAccess
import au.org.ala.web.AuthService
import grails.converters.JSON
import org.apache.http.HttpStatus
Expand Down Expand Up @@ -38,6 +39,8 @@ class ApiInterceptor {
} else {
authorised = true
}
} else if (method?.isAnnotationPresent(GrantAccess)){
authorised = true
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -265,6 +265,7 @@ class UrlMappings {
get "/opus/$opusId/profile/$profileId/image/thumbnail/$imageId" (version: "1.0", controller: "api", action: "retrieveLocalThumbnailImage", namespace: "v1")
get "/opus/$opusId/profile/$profileId/attribute/$attributeId" (version: "1.0", controller: "api", action: "getAttributes", namespace: "v1")
get "/opus/$opusId/profile/$profileId/draft" (version: "1.0", controller: "api", action: "getDraftProfile", namespace: "v1")
get "/opus" (version: "1.0", controller: "api", action: "getListCollections", namespace: "v1")
}

"/openapi/$action?/$id?(.$format)?"(controller: "openApi")
Expand Down
10 changes: 7 additions & 3 deletions grails-app/views/opus/_editAccessControl.gsp
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,16 @@
<div class="checkbox padding-bottom-1">
<label for="privateCollection" class="inline-label">
<input id="privateCollection" type="checkbox" name="privateCollection"
ng-change="userCtrl.privateModeChanged()"
ng-change="userCtrl.privateModeChanged(UserForm, true)"
ng-model="userCtrl.opus.privateCollection" ng-false-value="false">
Make this collection private
</label>
<div class="small padding-left-1" ng-show="userCtrl.opus.privateCollection">
When the collection is 'private' only people who have been added to the collection with at least the 'User' role will be allowed to view the profiles within the collection.
<p class="bg-info alert alert-danger">
<span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>
<span class="sr-only">Error:</span>When you change collection private to public, existing all users who have USER ROLE will be deleted.
</p>
</div>
</div>

Expand Down Expand Up @@ -118,8 +122,8 @@
<div class="row">
<div class="col-md-12" ng-show="userCtrl.accessControlTab == 'user'">
<div class="btn-group">
<button class="btn btn-default" ng-click="userCtrl.addUser(UserForm)"><i
class="fa fa-plus"></i> Add user</button>
<button class="btn btn-default" ng-click="userCtrl.addUser(UserForm)">
<i class="fa fa-plus"></i> Add user</button>
<button class="btn btn-default" ng-click="userCtrl.reset(UserForm)">Reset</button>
</div>
<save-button ng-click="userCtrl.save(UserForm)" form="UserForm"></save-button>
Expand Down
12 changes: 12 additions & 0 deletions src/main/groovy/au/org/ala/profile/api/CollectionList.groovy
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
package au.org.ala.profile.api

import groovy.transform.ToString

@ToString
class CollectionList {
String uuid
String shortName
String title
String thumbnailUrl
String description
}
13 changes: 13 additions & 0 deletions src/main/groovy/au/org/ala/profile/security/GrantAccess.groovy
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
package au.org.ala.profile.security

import java.lang.annotation.*

/**
* Annotation to check that a valid collection-specific access token has been provided.
*/
@Target([ElementType.TYPE, ElementType.METHOD])
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface GrantAccess {

}
12 changes: 12 additions & 0 deletions src/test/groovy/au/org/ala/profile/api/ApiControllerSpec.groovy
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,7 @@ class ApiControllerSpec extends Specification implements ControllerUnitTest<ApiC
'opus1' | '123' | 'a,b' | 200
}


void "getLocalImage should be provided with opus id and profile id and imageId parameters"() {
when:
params.opusId = opusId
Expand Down Expand Up @@ -179,5 +180,16 @@ class ApiControllerSpec extends Specification implements ControllerUnitTest<ApiC
where:
type | opusId | profileId | imageId | responseCode
'PRIVATE' |'opus1' | '123' | '1.png' | 200

void "getOpusList should be provided"() {
setup:
profileService.getOpusList()>> [[uuid: 'abc',shortName:'alatest',title:'title1',desciption:'desc1',thubnailUrl:'test.png']]

when:
controller.getListCollections()

then:
response.status == 200

}
}

0 comments on commit d53804b

Please sign in to comment.