SEBSERV-107 fixes
This commit is contained in:
anhefti
parent
ceb7308f30
commit
3d20038a1e
19 changed files with 122 additions and 78 deletions
|
|
@ -32,19 +32,55 @@ import ch.ethz.seb.sebserver.gbl.util.Utils;
|
||||||
* defines API specific convenience functions to access this parameter with given type and conversion of needed. */
|
* defines API specific convenience functions to access this parameter with given type and conversion of needed. */
|
||||||
public class POSTMapper {
|
public class POSTMapper {
|
||||||
|
|
||||||
public static final POSTMapper EMPTY_MAP = new POSTMapper(null);
|
public static final POSTMapper EMPTY_MAP = new POSTMapper(null, null);
|
||||||
|
|
||||||
protected final MultiValueMap<String, String> params;
|
protected final MultiValueMap<String, String> params;
|
||||||
|
|
||||||
public POSTMapper(final MultiValueMap<String, String> params) {
|
public POSTMapper(final MultiValueMap<String, String> params, final String uriQueryString) {
|
||||||
super();
|
super();
|
||||||
this.params = params != null
|
this.params = params != null
|
||||||
? new LinkedMultiValueMap<>(params)
|
? new LinkedMultiValueMap<>(params)
|
||||||
: new LinkedMultiValueMap<>();
|
: new LinkedMultiValueMap<>();
|
||||||
|
|
||||||
|
if (uriQueryString != null) {
|
||||||
|
handleEncodedURIParams(uriQueryString);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// NOTE: this is a workaround since URI parameter are not automatically decoded in the HTTPServletRequest
|
||||||
|
// while parameter from form-urlencoded body part are.
|
||||||
|
// I also tried to set application property: server.tomcat.uri-encoding=UTF-8 bit with no effect.
|
||||||
|
// TODO Didn't found a better solution for now but if there is some time, we should find a better solution
|
||||||
|
private void handleEncodedURIParams(final String uriQueryString) {
|
||||||
|
final MultiValueMap<String, String> override = new LinkedMultiValueMap<>();
|
||||||
|
this.params
|
||||||
|
.entrySet()
|
||||||
|
.stream()
|
||||||
|
.forEach(entry -> {
|
||||||
|
if (uriQueryString.contains(entry.getKey())) {
|
||||||
|
override.put(
|
||||||
|
entry.getKey(),
|
||||||
|
entry.getValue().stream()
|
||||||
|
.map(val -> decode(val))
|
||||||
|
.collect(Collectors.toList()));
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
if (!override.isEmpty()) {
|
||||||
|
this.params.putAll(override);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private String decode(final String val) {
|
||||||
|
try {
|
||||||
|
return Utils.decodeFormURL_UTF_8(val);
|
||||||
|
} catch (final Exception e) {
|
||||||
|
return val;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getString(final String name) {
|
public String getString(final String name) {
|
||||||
return Utils.decodeFormURL_UTF_8(this.params.getFirst(name));
|
return this.params.getFirst(name);
|
||||||
}
|
}
|
||||||
|
|
||||||
public char[] getCharArray(final String name) {
|
public char[] getCharArray(final String name) {
|
||||||
|
|
|
||||||
|
|
@ -475,7 +475,7 @@ public final class Utils {
|
||||||
}
|
}
|
||||||
|
|
||||||
public static String toSQLWildcard(final String text) {
|
public static String toSQLWildcard(final String text) {
|
||||||
return (text == null) ? null : Constants.PERCENTAGE + text + Constants.PERCENTAGE;
|
return (text == null) ? null : Constants.PERCENTAGE + text.replace("%", "\\%") + Constants.PERCENTAGE;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static String hash_SHA_256_Base_16(final CharSequence chars) {
|
public static String hash_SHA_256_Base_16(final CharSequence chars) {
|
||||||
|
|
@ -487,7 +487,7 @@ public final class Utils {
|
||||||
final MessageDigest digest = MessageDigest.getInstance(Constants.SHA_256);
|
final MessageDigest digest = MessageDigest.getInstance(Constants.SHA_256);
|
||||||
final byte[] encodedHash = digest.digest(toByteArray(chars));
|
final byte[] encodedHash = digest.digest(toByteArray(chars));
|
||||||
return Hex.encodeHexString(encodedHash);
|
return Hex.encodeHexString(encodedHash);
|
||||||
} catch (NoSuchAlgorithmException e) {
|
} catch (final NoSuchAlgorithmException e) {
|
||||||
throw new RuntimeException("Failed to hash text: ", e);
|
throw new RuntimeException("Failed to hash text: ", e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -8,18 +8,14 @@
|
||||||
|
|
||||||
package ch.ethz.seb.sebserver.gui.service.remote.webservice.api;
|
package ch.ethz.seb.sebserver.gui.service.remote.webservice.api;
|
||||||
|
|
||||||
import ch.ethz.seb.sebserver.gbl.Constants;
|
import java.io.IOException;
|
||||||
import ch.ethz.seb.sebserver.gbl.api.APIMessage;
|
import java.io.InputStream;
|
||||||
import ch.ethz.seb.sebserver.gbl.api.EntityType;
|
import java.util.Arrays;
|
||||||
import ch.ethz.seb.sebserver.gbl.api.JSONMapper;
|
import java.util.HashMap;
|
||||||
import ch.ethz.seb.sebserver.gbl.model.Entity;
|
import java.util.List;
|
||||||
import ch.ethz.seb.sebserver.gbl.model.Page;
|
import java.util.Map;
|
||||||
import ch.ethz.seb.sebserver.gbl.model.PageSortOrder;
|
import java.util.function.Function;
|
||||||
import ch.ethz.seb.sebserver.gbl.util.Result;
|
|
||||||
import ch.ethz.seb.sebserver.gbl.util.Utils;
|
|
||||||
import com.fasterxml.jackson.core.JsonParseException;
|
|
||||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
|
||||||
import com.fasterxml.jackson.core.type.TypeReference;
|
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
@ -36,13 +32,19 @@ import org.springframework.web.client.RestClientResponseException;
|
||||||
import org.springframework.web.client.RestTemplate;
|
import org.springframework.web.client.RestTemplate;
|
||||||
import org.springframework.web.util.UriComponentsBuilder;
|
import org.springframework.web.util.UriComponentsBuilder;
|
||||||
|
|
||||||
import java.io.IOException;
|
import com.fasterxml.jackson.core.JsonParseException;
|
||||||
import java.io.InputStream;
|
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||||
import java.util.Arrays;
|
import com.fasterxml.jackson.core.type.TypeReference;
|
||||||
import java.util.HashMap;
|
|
||||||
import java.util.List;
|
import ch.ethz.seb.sebserver.gbl.Constants;
|
||||||
import java.util.Map;
|
import ch.ethz.seb.sebserver.gbl.api.APIMessage;
|
||||||
import java.util.function.Function;
|
import ch.ethz.seb.sebserver.gbl.api.EntityType;
|
||||||
|
import ch.ethz.seb.sebserver.gbl.api.JSONMapper;
|
||||||
|
import ch.ethz.seb.sebserver.gbl.model.Entity;
|
||||||
|
import ch.ethz.seb.sebserver.gbl.model.Page;
|
||||||
|
import ch.ethz.seb.sebserver.gbl.model.PageSortOrder;
|
||||||
|
import ch.ethz.seb.sebserver.gbl.util.Result;
|
||||||
|
import ch.ethz.seb.sebserver.gbl.util.Utils;
|
||||||
|
|
||||||
public abstract class RestCall<T> {
|
public abstract class RestCall<T> {
|
||||||
|
|
||||||
|
|
@ -291,7 +293,7 @@ public abstract class RestCall<T> {
|
||||||
}
|
}
|
||||||
|
|
||||||
public RestCallBuilder withQueryParam(final String name, final String value) {
|
public RestCallBuilder withQueryParam(final String name, final String value) {
|
||||||
this.queryParams.put(name, Arrays.asList(value));
|
this.queryParams.add(name, value);
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -110,24 +110,4 @@ public class RestServiceImpl implements RestService {
|
||||||
return restCall.newBuilder();
|
return restCall.newBuilder();
|
||||||
}
|
}
|
||||||
|
|
||||||
// @Override
|
|
||||||
// public <T> PageAction activation(final PageAction action) {
|
|
||||||
// if (action.restCallType() == null) {
|
|
||||||
// throw new IllegalArgumentException("ActionDefinition needs to define a restCallType to use this action");
|
|
||||||
// }
|
|
||||||
//
|
|
||||||
// @SuppressWarnings("unchecked")
|
|
||||||
// final Class<? extends RestCall<T>> restCallType =
|
|
||||||
// (Class<? extends RestCall<T>>) action.restCallType();
|
|
||||||
//
|
|
||||||
// this.getBuilder(restCallType)
|
|
||||||
// .withURIVariable(
|
|
||||||
// API.PARAM_MODEL_ID,
|
|
||||||
// action.pageContext().getAttribute(AttributeKeys.ENTITY_ID))
|
|
||||||
// .call()
|
|
||||||
// .onErrorDo(t -> action.pageContext().notifyError(t));
|
|
||||||
//
|
|
||||||
// return action;
|
|
||||||
// }
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -46,11 +46,11 @@ import ch.ethz.seb.sebserver.gbl.util.Utils;
|
||||||
public class FilterMap extends POSTMapper {
|
public class FilterMap extends POSTMapper {
|
||||||
|
|
||||||
public FilterMap() {
|
public FilterMap() {
|
||||||
super(new LinkedMultiValueMap<>());
|
super(new LinkedMultiValueMap<>(), null);
|
||||||
}
|
}
|
||||||
|
|
||||||
public FilterMap(final MultiValueMap<String, String> params) {
|
public FilterMap(final MultiValueMap<String, String> params, final String uriQueryString) {
|
||||||
super(params);
|
super(params, uriQueryString);
|
||||||
}
|
}
|
||||||
|
|
||||||
public Integer getActiveAsInt() {
|
public Integer getActiveAsInt() {
|
||||||
|
|
@ -309,7 +309,7 @@ public class FilterMap extends POSTMapper {
|
||||||
}
|
}
|
||||||
|
|
||||||
public FilterMap create() {
|
public FilterMap create() {
|
||||||
return new FilterMap(this.filterMap.params);
|
return new FilterMap(this.filterMap.params, null);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,7 @@ import java.util.stream.Collectors;
|
||||||
|
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.joda.time.DateTime;
|
import org.joda.time.DateTime;
|
||||||
|
import org.joda.time.DateTimeZone;
|
||||||
|
|
||||||
import ch.ethz.seb.sebserver.gbl.model.Page;
|
import ch.ethz.seb.sebserver.gbl.model.Page;
|
||||||
import ch.ethz.seb.sebserver.gbl.model.exam.QuizData;
|
import ch.ethz.seb.sebserver.gbl.model.exam.QuizData;
|
||||||
|
|
@ -23,7 +24,6 @@ import ch.ethz.seb.sebserver.gbl.model.institution.LmsSetup;
|
||||||
import ch.ethz.seb.sebserver.gbl.model.institution.LmsSetupTestResult;
|
import ch.ethz.seb.sebserver.gbl.model.institution.LmsSetupTestResult;
|
||||||
import ch.ethz.seb.sebserver.gbl.util.Result;
|
import ch.ethz.seb.sebserver.gbl.util.Result;
|
||||||
import ch.ethz.seb.sebserver.webservice.servicelayer.dao.FilterMap;
|
import ch.ethz.seb.sebserver.webservice.servicelayer.dao.FilterMap;
|
||||||
import org.joda.time.DateTimeZone;
|
|
||||||
|
|
||||||
/** Defines the LMS API access service interface with all functionality needed to access
|
/** Defines the LMS API access service interface with all functionality needed to access
|
||||||
* a LMS API within a given LmsSetup configuration.
|
* a LMS API within a given LmsSetup configuration.
|
||||||
|
|
@ -149,7 +149,7 @@ public interface LmsAPIService {
|
||||||
}
|
}
|
||||||
|
|
||||||
return new Page<>(
|
return new Page<>(
|
||||||
(quizzes.size() / pageSize),
|
quizzes.size() / pageSize + 1,
|
||||||
pageNumber,
|
pageNumber,
|
||||||
sortAttribute,
|
sortAttribute,
|
||||||
quizzes.subList(start, end));
|
quizzes.subList(start, end));
|
||||||
|
|
|
||||||
|
|
@ -10,6 +10,8 @@ package ch.ethz.seb.sebserver.webservice.weblayer.api;
|
||||||
|
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
|
||||||
import org.mybatis.dynamic.sql.SqlTable;
|
import org.mybatis.dynamic.sql.SqlTable;
|
||||||
import org.springframework.http.MediaType;
|
import org.springframework.http.MediaType;
|
||||||
import org.springframework.util.MultiValueMap;
|
import org.springframework.util.MultiValueMap;
|
||||||
|
|
@ -82,12 +84,13 @@ public class ClientEventController extends ReadonlyEntityController<ClientEvent,
|
||||||
@RequestParam(name = Page.ATTR_PAGE_NUMBER, required = false) final Integer pageNumber,
|
@RequestParam(name = Page.ATTR_PAGE_NUMBER, required = false) final Integer pageNumber,
|
||||||
@RequestParam(name = Page.ATTR_PAGE_SIZE, required = false) final Integer pageSize,
|
@RequestParam(name = Page.ATTR_PAGE_SIZE, required = false) final Integer pageSize,
|
||||||
@RequestParam(name = Page.ATTR_SORT, required = false) final String sort,
|
@RequestParam(name = Page.ATTR_SORT, required = false) final String sort,
|
||||||
@RequestParam final MultiValueMap<String, String> allRequestParams) {
|
@RequestParam final MultiValueMap<String, String> allRequestParams,
|
||||||
|
final HttpServletRequest request) {
|
||||||
|
|
||||||
// at least current user must have base read access for specified entity type within its own institution
|
// at least current user must have base read access for specified entity type within its own institution
|
||||||
checkReadPrivilege(institutionId);
|
checkReadPrivilege(institutionId);
|
||||||
|
|
||||||
final FilterMap filterMap = new FilterMap(allRequestParams);
|
final FilterMap filterMap = new FilterMap(allRequestParams, request.getQueryString());
|
||||||
|
|
||||||
// if current user has no read access for specified entity type within other institution
|
// if current user has no read access for specified entity type within other institution
|
||||||
// then the current users institutionId is put as a SQL filter criteria attribute to extends query performance
|
// then the current users institutionId is put as a SQL filter criteria attribute to extends query performance
|
||||||
|
|
@ -104,7 +107,7 @@ public class ClientEventController extends ReadonlyEntityController<ClientEvent,
|
||||||
getSQLTableOfEntity().name(),
|
getSQLTableOfEntity().name(),
|
||||||
() -> this.clientEventDAO.allMatchingExtended(filterMap, this::hasReadAccess))
|
() -> this.clientEventDAO.allMatchingExtended(filterMap, this::hasReadAccess))
|
||||||
.getOrThrow();
|
.getOrThrow();
|
||||||
} catch (Exception e) {
|
} catch (final Exception e) {
|
||||||
e.printStackTrace();
|
e.printStackTrace();
|
||||||
throw e;
|
throw e;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -332,12 +332,13 @@ public class ConfigurationNodeController extends EntityController<ConfigurationN
|
||||||
@RequestParam(name = Page.ATTR_PAGE_NUMBER, required = false) final Integer pageNumber,
|
@RequestParam(name = Page.ATTR_PAGE_NUMBER, required = false) final Integer pageNumber,
|
||||||
@RequestParam(name = Page.ATTR_PAGE_SIZE, required = false) final Integer pageSize,
|
@RequestParam(name = Page.ATTR_PAGE_SIZE, required = false) final Integer pageSize,
|
||||||
@RequestParam(name = Page.ATTR_SORT, required = false) final String sort,
|
@RequestParam(name = Page.ATTR_SORT, required = false) final String sort,
|
||||||
@RequestParam final MultiValueMap<String, String> allRequestParams) {
|
@RequestParam final MultiValueMap<String, String> allRequestParams,
|
||||||
|
final HttpServletRequest request) {
|
||||||
|
|
||||||
// at least current user must have read access for specified entity type within its own institution
|
// at least current user must have read access for specified entity type within its own institution
|
||||||
checkReadPrivilege(institutionId);
|
checkReadPrivilege(institutionId);
|
||||||
|
|
||||||
final FilterMap filterMap = new FilterMap(allRequestParams);
|
final FilterMap filterMap = new FilterMap(allRequestParams, request.getQueryString());
|
||||||
|
|
||||||
// if current user has no read access for specified entity type within other institution
|
// if current user has no read access for specified entity type within other institution
|
||||||
// then the current users institutionId is put as a SQL filter criteria attribute to extends query performance
|
// then the current users institutionId is put as a SQL filter criteria attribute to extends query performance
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,7 @@ import java.util.Collection;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.validation.Valid;
|
import javax.validation.Valid;
|
||||||
|
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
|
|
@ -127,12 +128,13 @@ public abstract class EntityController<T extends Entity, M extends Entity> {
|
||||||
@RequestParam(name = Page.ATTR_PAGE_NUMBER, required = false) final Integer pageNumber,
|
@RequestParam(name = Page.ATTR_PAGE_NUMBER, required = false) final Integer pageNumber,
|
||||||
@RequestParam(name = Page.ATTR_PAGE_SIZE, required = false) final Integer pageSize,
|
@RequestParam(name = Page.ATTR_PAGE_SIZE, required = false) final Integer pageSize,
|
||||||
@RequestParam(name = Page.ATTR_SORT, required = false) final String sort,
|
@RequestParam(name = Page.ATTR_SORT, required = false) final String sort,
|
||||||
@RequestParam final MultiValueMap<String, String> allRequestParams) {
|
@RequestParam final MultiValueMap<String, String> allRequestParams,
|
||||||
|
final HttpServletRequest request) {
|
||||||
|
|
||||||
// at least current user must have read access for specified entity type within its own institution
|
// at least current user must have read access for specified entity type within its own institution
|
||||||
checkReadPrivilege(institutionId);
|
checkReadPrivilege(institutionId);
|
||||||
|
|
||||||
final FilterMap filterMap = new FilterMap(allRequestParams);
|
final FilterMap filterMap = new FilterMap(allRequestParams, request.getQueryString());
|
||||||
|
|
||||||
// if current user has no read access for specified entity type within other institution
|
// if current user has no read access for specified entity type within other institution
|
||||||
// then the current users institutionId is put as a SQL filter criteria attribute to extends query performance
|
// then the current users institutionId is put as a SQL filter criteria attribute to extends query performance
|
||||||
|
|
@ -163,12 +165,13 @@ public abstract class EntityController<T extends Entity, M extends Entity> {
|
||||||
name = API.PARAM_INSTITUTION_ID,
|
name = API.PARAM_INSTITUTION_ID,
|
||||||
required = true,
|
required = true,
|
||||||
defaultValue = UserService.USERS_INSTITUTION_AS_DEFAULT) final Long institutionId,
|
defaultValue = UserService.USERS_INSTITUTION_AS_DEFAULT) final Long institutionId,
|
||||||
@RequestParam final MultiValueMap<String, String> allRequestParams) {
|
@RequestParam final MultiValueMap<String, String> allRequestParams,
|
||||||
|
final HttpServletRequest request) {
|
||||||
|
|
||||||
// at least current user must have read access for specified entity type within its own institution
|
// at least current user must have read access for specified entity type within its own institution
|
||||||
checkReadPrivilege(institutionId);
|
checkReadPrivilege(institutionId);
|
||||||
|
|
||||||
final FilterMap filterMap = new FilterMap(allRequestParams);
|
final FilterMap filterMap = new FilterMap(allRequestParams, request.getQueryString());
|
||||||
|
|
||||||
// if current user has no read access for specified entity type within other institution then its own institution,
|
// if current user has no read access for specified entity type within other institution then its own institution,
|
||||||
// then the current users institutionId is put as a SQL filter criteria attribute to extends query performance
|
// then the current users institutionId is put as a SQL filter criteria attribute to extends query performance
|
||||||
|
|
@ -262,12 +265,13 @@ public abstract class EntityController<T extends Entity, M extends Entity> {
|
||||||
@RequestParam(
|
@RequestParam(
|
||||||
name = API.PARAM_INSTITUTION_ID,
|
name = API.PARAM_INSTITUTION_ID,
|
||||||
required = true,
|
required = true,
|
||||||
defaultValue = UserService.USERS_INSTITUTION_AS_DEFAULT) final Long institutionId) {
|
defaultValue = UserService.USERS_INSTITUTION_AS_DEFAULT) final Long institutionId,
|
||||||
|
final HttpServletRequest request) {
|
||||||
|
|
||||||
// check modify privilege for requested institution and concrete entityType
|
// check modify privilege for requested institution and concrete entityType
|
||||||
this.checkModifyPrivilege(institutionId);
|
this.checkModifyPrivilege(institutionId);
|
||||||
|
|
||||||
final POSTMapper postMap = new POSTMapper(allRequestParams)
|
final POSTMapper postMap = new POSTMapper(allRequestParams, request.getQueryString())
|
||||||
.putIfAbsent(API.PARAM_INSTITUTION_ID, String.valueOf(institutionId));
|
.putIfAbsent(API.PARAM_INSTITUTION_ID, String.valueOf(institutionId));
|
||||||
|
|
||||||
final M requestModel = this.createNew(postMap);
|
final M requestModel = this.createNew(postMap);
|
||||||
|
|
|
||||||
|
|
@ -98,7 +98,7 @@ public class ExamAPI_V1_Controller {
|
||||||
return CompletableFuture.supplyAsync(
|
return CompletableFuture.supplyAsync(
|
||||||
() -> {
|
() -> {
|
||||||
|
|
||||||
final POSTMapper mapper = new POSTMapper(formParams);
|
final POSTMapper mapper = new POSTMapper(formParams, request.getQueryString());
|
||||||
|
|
||||||
final String remoteAddr = request.getRemoteAddr();
|
final String remoteAddr = request.getRemoteAddr();
|
||||||
final Long institutionId = (instIdRequestParam != null)
|
final Long institutionId = (instIdRequestParam != null)
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,7 @@ import java.util.Set;
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
import javax.servlet.ServletOutputStream;
|
import javax.servlet.ServletOutputStream;
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
import javax.validation.Valid;
|
import javax.validation.Valid;
|
||||||
|
|
||||||
|
|
@ -135,7 +136,8 @@ public class ExamAdministrationController extends EntityController<Exam, Exam> {
|
||||||
@RequestParam(name = Page.ATTR_PAGE_NUMBER, required = false) final Integer pageNumber,
|
@RequestParam(name = Page.ATTR_PAGE_NUMBER, required = false) final Integer pageNumber,
|
||||||
@RequestParam(name = Page.ATTR_PAGE_SIZE, required = false) final Integer pageSize,
|
@RequestParam(name = Page.ATTR_PAGE_SIZE, required = false) final Integer pageSize,
|
||||||
@RequestParam(name = Page.ATTR_SORT, required = false) final String sort,
|
@RequestParam(name = Page.ATTR_SORT, required = false) final String sort,
|
||||||
@RequestParam final MultiValueMap<String, String> allRequestParams) {
|
@RequestParam final MultiValueMap<String, String> allRequestParams,
|
||||||
|
final HttpServletRequest request) {
|
||||||
|
|
||||||
checkReadPrivilege(institutionId);
|
checkReadPrivilege(institutionId);
|
||||||
|
|
||||||
|
|
@ -145,7 +147,7 @@ public class ExamAdministrationController extends EntityController<Exam, Exam> {
|
||||||
if (StringUtils.isBlank(sort) ||
|
if (StringUtils.isBlank(sort) ||
|
||||||
this.paginationService.isNativeSortingSupported(ExamRecordDynamicSqlSupport.examRecord, sort)) {
|
this.paginationService.isNativeSortingSupported(ExamRecordDynamicSqlSupport.examRecord, sort)) {
|
||||||
|
|
||||||
return super.getPage(institutionId, pageNumber, pageSize, sort, allRequestParams);
|
return super.getPage(institutionId, pageNumber, pageSize, sort, allRequestParams, request);
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
|
|
@ -156,7 +158,7 @@ public class ExamAdministrationController extends EntityController<Exam, Exam> {
|
||||||
|
|
||||||
final List<Exam> exams = new ArrayList<>(
|
final List<Exam> exams = new ArrayList<>(
|
||||||
this.examDAO
|
this.examDAO
|
||||||
.allMatching(new FilterMap(allRequestParams), this::hasReadAccess)
|
.allMatching(new FilterMap(allRequestParams, request.getQueryString()), this::hasReadAccess)
|
||||||
.getOrThrow());
|
.getOrThrow());
|
||||||
|
|
||||||
return buildSortedExamPage(
|
return buildSortedExamPage(
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,8 @@
|
||||||
|
|
||||||
package ch.ethz.seb.sebserver.webservice.weblayer.api;
|
package ch.ethz.seb.sebserver.webservice.weblayer.api;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
|
||||||
import org.mybatis.dynamic.sql.SqlTable;
|
import org.mybatis.dynamic.sql.SqlTable;
|
||||||
import org.springframework.http.MediaType;
|
import org.springframework.http.MediaType;
|
||||||
import org.springframework.util.MultiValueMap;
|
import org.springframework.util.MultiValueMap;
|
||||||
|
|
@ -135,11 +137,12 @@ public class ExamConfigurationMappingController extends EntityController<ExamCon
|
||||||
@RequestParam(
|
@RequestParam(
|
||||||
name = API.PARAM_INSTITUTION_ID,
|
name = API.PARAM_INSTITUTION_ID,
|
||||||
required = true,
|
required = true,
|
||||||
defaultValue = UserService.USERS_INSTITUTION_AS_DEFAULT) final Long institutionId) {
|
defaultValue = UserService.USERS_INSTITUTION_AS_DEFAULT) final Long institutionId,
|
||||||
|
final HttpServletRequest request) {
|
||||||
|
|
||||||
// check modify privilege for requested institution and concrete entityType
|
// check modify privilege for requested institution and concrete entityType
|
||||||
this.checkModifyPrivilege(institutionId);
|
this.checkModifyPrivilege(institutionId);
|
||||||
final POSTMapper postMap = new POSTMapper(allRequestParams)
|
final POSTMapper postMap = new POSTMapper(allRequestParams, request.getQueryString())
|
||||||
.putIfAbsent(API.PARAM_INSTITUTION_ID, String.valueOf(institutionId));
|
.putIfAbsent(API.PARAM_INSTITUTION_ID, String.valueOf(institutionId));
|
||||||
|
|
||||||
final ExamConfigurationMap requestModel = this.createNew(postMap);
|
final ExamConfigurationMap requestModel = this.createNew(postMap);
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,7 @@ import java.util.EnumSet;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.validation.Valid;
|
import javax.validation.Valid;
|
||||||
|
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
|
|
@ -119,14 +120,15 @@ public class ExamMonitoringController {
|
||||||
@RequestParam(name = Page.ATTR_PAGE_NUMBER, required = false) final Integer pageNumber,
|
@RequestParam(name = Page.ATTR_PAGE_NUMBER, required = false) final Integer pageNumber,
|
||||||
@RequestParam(name = Page.ATTR_PAGE_SIZE, required = false) final Integer pageSize,
|
@RequestParam(name = Page.ATTR_PAGE_SIZE, required = false) final Integer pageSize,
|
||||||
@RequestParam(name = Page.ATTR_SORT, required = false) final String sort,
|
@RequestParam(name = Page.ATTR_SORT, required = false) final String sort,
|
||||||
@RequestParam final MultiValueMap<String, String> allRequestParams) {
|
@RequestParam final MultiValueMap<String, String> allRequestParams,
|
||||||
|
final HttpServletRequest request) {
|
||||||
|
|
||||||
this.authorization.checkRole(
|
this.authorization.checkRole(
|
||||||
institutionId,
|
institutionId,
|
||||||
EntityType.EXAM,
|
EntityType.EXAM,
|
||||||
UserRole.EXAM_SUPPORTER);
|
UserRole.EXAM_SUPPORTER);
|
||||||
|
|
||||||
final FilterMap filterMap = new FilterMap(allRequestParams);
|
final FilterMap filterMap = new FilterMap(allRequestParams, request.getQueryString());
|
||||||
|
|
||||||
// if current user has no read access for specified entity type within other institution
|
// if current user has no read access for specified entity type within other institution
|
||||||
// then the current users institutionId is put as a SQL filter criteria attribute to extends query performance
|
// then the current users institutionId is put as a SQL filter criteria attribute to extends query performance
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,8 @@
|
||||||
|
|
||||||
package ch.ethz.seb.sebserver.webservice.weblayer.api;
|
package ch.ethz.seb.sebserver.webservice.weblayer.api;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
|
||||||
import org.springframework.beans.factory.annotation.Value;
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
import org.springframework.http.MediaType;
|
import org.springframework.http.MediaType;
|
||||||
import org.springframework.util.MultiValueMap;
|
import org.springframework.util.MultiValueMap;
|
||||||
|
|
@ -78,14 +80,15 @@ public class QuizController {
|
||||||
@RequestParam(name = Page.ATTR_PAGE_NUMBER, required = false) final Integer pageNumber,
|
@RequestParam(name = Page.ATTR_PAGE_NUMBER, required = false) final Integer pageNumber,
|
||||||
@RequestParam(name = Page.ATTR_PAGE_SIZE, required = false) final Integer pageSize,
|
@RequestParam(name = Page.ATTR_PAGE_SIZE, required = false) final Integer pageSize,
|
||||||
@RequestParam(name = Page.ATTR_SORT, required = false) final String sort,
|
@RequestParam(name = Page.ATTR_SORT, required = false) final String sort,
|
||||||
@RequestParam final MultiValueMap<String, String> allRequestParams) {
|
@RequestParam final MultiValueMap<String, String> allRequestParams,
|
||||||
|
final HttpServletRequest request) {
|
||||||
|
|
||||||
this.authorization.check(
|
this.authorization.check(
|
||||||
PrivilegeType.READ,
|
PrivilegeType.READ,
|
||||||
EntityType.EXAM,
|
EntityType.EXAM,
|
||||||
institutionId);
|
institutionId);
|
||||||
|
|
||||||
final FilterMap filterMap = new FilterMap(allRequestParams);
|
final FilterMap filterMap = new FilterMap(allRequestParams, request.getQueryString());
|
||||||
// if current user has no read access for specified entity type within other institution
|
// if current user has no read access for specified entity type within other institution
|
||||||
// then the current users institutionId is put as a SQL filter criteria attribute to extends query performance
|
// then the current users institutionId is put as a SQL filter criteria attribute to extends query performance
|
||||||
if (!this.authorization.hasGrant(PrivilegeType.READ, EntityType.EXAM)) {
|
if (!this.authorization.hasGrant(PrivilegeType.READ, EntityType.EXAM)) {
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@
|
||||||
|
|
||||||
package ch.ethz.seb.sebserver.webservice.weblayer.api;
|
package ch.ethz.seb.sebserver.webservice.weblayer.api;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.validation.Valid;
|
import javax.validation.Valid;
|
||||||
|
|
||||||
import org.springframework.util.MultiValueMap;
|
import org.springframework.util.MultiValueMap;
|
||||||
|
|
@ -52,7 +53,8 @@ public abstract class ReadonlyEntityController<T extends Entity, M extends Entit
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public T create(final MultiValueMap<String, String> allRequestParams, final Long institutionId) {
|
public T create(final MultiValueMap<String, String> allRequestParams, final Long institutionId,
|
||||||
|
final HttpServletRequest request) {
|
||||||
throw new UnsupportedOperationException(ONLY_READ_ACCESS);
|
throw new UnsupportedOperationException(ONLY_READ_ACCESS);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,8 @@ package ch.ethz.seb.sebserver.webservice.weblayer.api;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
|
||||||
import org.springframework.beans.factory.annotation.Qualifier;
|
import org.springframework.beans.factory.annotation.Qualifier;
|
||||||
import org.springframework.http.MediaType;
|
import org.springframework.http.MediaType;
|
||||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||||
|
|
@ -62,9 +64,11 @@ public class RegisterUserController {
|
||||||
method = RequestMethod.POST,
|
method = RequestMethod.POST,
|
||||||
consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE,
|
consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE,
|
||||||
produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
|
produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
|
||||||
public UserInfo registerNewUser(@RequestParam final MultiValueMap<String, String> allRequestParams) {
|
public UserInfo registerNewUser(
|
||||||
|
@RequestParam final MultiValueMap<String, String> allRequestParams,
|
||||||
|
final HttpServletRequest request) {
|
||||||
|
|
||||||
final POSTMapper postMap = new POSTMapper(allRequestParams)
|
final POSTMapper postMap = new POSTMapper(allRequestParams, request.getQueryString())
|
||||||
.putIfAbsent(USER_ROLE.REFERENCE_NAME, UserRole.EXAM_SUPPORTER.name());
|
.putIfAbsent(USER_ROLE.REFERENCE_NAME, UserRole.EXAM_SUPPORTER.name());
|
||||||
final UserMod userMod = new UserMod(null, postMap);
|
final UserMod userMod = new UserMod(null, postMap);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -3,4 +3,5 @@ spring.profiles.include=dev-ws,dev-gui
|
||||||
server.address=localhost
|
server.address=localhost
|
||||||
server.port=8080
|
server.port=8080
|
||||||
server.servlet.context-path=/
|
server.servlet.context-path=/
|
||||||
|
server.tomcat.uri-encoding=UTF-8
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,7 @@ server.servlet.context-path=/
|
||||||
# Tomcat
|
# Tomcat
|
||||||
server.tomcat.max-threads=1000
|
server.tomcat.max-threads=1000
|
||||||
server.tomcat.accept-count=300
|
server.tomcat.accept-count=300
|
||||||
|
server.tomcat.uri-encoding=UTF-8
|
||||||
|
|
||||||
### encoding
|
### encoding
|
||||||
file.encoding=UTF-8
|
file.encoding=UTF-8
|
||||||
|
|
|
||||||
|
|
@ -34,6 +34,7 @@ public class ClientConfigTest extends GuiIntegrationTest {
|
||||||
|
|
||||||
final Result<SebClientConfig> call = restService.getBuilder(NewClientConfig.class)
|
final Result<SebClientConfig> call = restService.getBuilder(NewClientConfig.class)
|
||||||
.withQueryParam(Domain.SEB_CLIENT_CONFIGURATION.ATTR_NAME, "new client config")
|
.withQueryParam(Domain.SEB_CLIENT_CONFIGURATION.ATTR_NAME, "new client config")
|
||||||
|
.withFormParam("Test", "new client config")
|
||||||
.withFormParam(SebClientConfig.ATTR_CONFIG_PURPOSE, SebClientConfig.ConfigPurpose.START_EXAM.name())
|
.withFormParam(SebClientConfig.ATTR_CONFIG_PURPOSE, SebClientConfig.ConfigPurpose.START_EXAM.name())
|
||||||
.call();
|
.call();
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue