more tests

src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/api/ReadonlyEntityController.java

@@ -13,9 +13,16 @@ import java.util.List;
 import javax.servlet.http.HttpServletRequest;
 import javax.validation.Valid;
 
-import org.mybatis.dynamic.sql.SqlTable;
+import org.springframework.http.MediaType;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.util.MultiValueMap;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
 
+import ch.ethz.seb.sebserver.gbl.api.API;
 import ch.ethz.seb.sebserver.gbl.api.POSTMapper;
 import ch.ethz.seb.sebserver.gbl.api.authorization.PrivilegeType;
 import ch.ethz.seb.sebserver.gbl.model.Entity;
@@ -24,6 +31,7 @@ import ch.ethz.seb.sebserver.gbl.util.Result;
 import ch.ethz.seb.sebserver.webservice.servicelayer.PaginationService;
 import ch.ethz.seb.sebserver.webservice.servicelayer.authorization.AuthorizationService;
 import ch.ethz.seb.sebserver.webservice.servicelayer.authorization.PermissionDeniedException;
+import ch.ethz.seb.sebserver.webservice.servicelayer.authorization.UserService;
 import ch.ethz.seb.sebserver.webservice.servicelayer.bulkaction.BulkActionService;
 import ch.ethz.seb.sebserver.webservice.servicelayer.dao.EntityDAO;
 import ch.ethz.seb.sebserver.webservice.servicelayer.dao.UserActivityLogDAO;
@@ -51,43 +59,62 @@ public abstract class ReadonlyEntityController<T extends Entity, M extends Entit
     }
 
     @Override
-    public T savePut(@Valid final T modifyData) {
+    @RequestMapping(
-        throw new UnsupportedOperationException(ONLY_READ_ACCESS);
+            method = RequestMethod.PUT,
+            consumes = MediaType.APPLICATION_JSON_VALUE,
+            produces = MediaType.APPLICATION_JSON_VALUE)
+    public T savePut(@Valid @RequestBody final T modifyData) {
+        throw new AccessDeniedException(ONLY_READ_ACCESS);
     }
 
     @Override
-    public T create(final MultiValueMap<String, String> allRequestParams, final Long institutionId,
+    @RequestMapping(
+            method = RequestMethod.POST,
+            consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE,
+            produces = MediaType.APPLICATION_JSON_VALUE)
+    public T create(
+            @RequestParam final MultiValueMap<String, String> allRequestParams,
+            @RequestParam(
+                    name = API.PARAM_INSTITUTION_ID,
+                    required = true,
+                    defaultValue = UserService.USERS_INSTITUTION_AS_DEFAULT) final Long institutionId,
             final HttpServletRequest request) {
-        throw new UnsupportedOperationException(ONLY_READ_ACCESS);
+
+        throw new AccessDeniedException(ONLY_READ_ACCESS);
     }
 
     @Override
+    @RequestMapping(
+            path = API.MODEL_ID_VAR_PATH_SEGMENT,
+            method = RequestMethod.DELETE,
+            produces = MediaType.APPLICATION_JSON_VALUE)
     public EntityProcessingReport hardDelete(
-            final String modelId,
+            @PathVariable final String modelId,
-            final boolean addIncludes,
+            @RequestParam(name = API.PARAM_BULK_ACTION_ADD_INCLUDES, defaultValue = "false") final boolean addIncludes,
-            final List<String> includes) {
+            @RequestParam(name = API.PARAM_BULK_ACTION_INCLUDES, required = false) final List<String> includes) {
-        throw new UnsupportedOperationException(ONLY_READ_ACCESS);
+        throw new AccessDeniedException(ONLY_READ_ACCESS);
     }
 
     @Override
+    @RequestMapping(
+            method = RequestMethod.DELETE,
+            consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE,
+            produces = MediaType.APPLICATION_JSON_VALUE)
     public EntityProcessingReport hardDeleteAll(
-            final List<String> ids,
+            @RequestParam(name = API.PARAM_MODEL_ID_LIST) final List<String> ids,
-            final boolean addIncludes,
+            @RequestParam(name = API.PARAM_BULK_ACTION_ADD_INCLUDES, defaultValue = "false") final boolean addIncludes,
-            final List<String> includes,
+            @RequestParam(name = API.PARAM_BULK_ACTION_INCLUDES, required = false) final List<String> includes,
-            final Long institutionId) {
+            @RequestParam(
+                    name = API.PARAM_INSTITUTION_ID,
+                    required = true,
+                    defaultValue = UserService.USERS_INSTITUTION_AS_DEFAULT) final Long institutionId) {
 
-        throw new UnsupportedOperationException(ONLY_READ_ACCESS);
+        throw new AccessDeniedException(ONLY_READ_ACCESS);
-    }
-
-    @Override
-    protected SqlTable getSQLTableOfEntity() {
-        // TODO Auto-generated method stub
-        return null;
     }
 
     @Override
     protected M createNew(final POSTMapper postParams) {
-        throw new UnsupportedOperationException(ONLY_READ_ACCESS);
+        throw new AccessDeniedException(ONLY_READ_ACCESS);
     }
 
     @Override

src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/admin/UserActivityLogAPITest.java

@@ -9,7 +9,7 @@
 package ch.ethz.seb.sebserver.webservice.integration.api.admin;
 
 import static org.junit.Assert.*;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 import org.joda.time.DateTime;
@@ -17,6 +17,8 @@ import org.junit.Test;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.test.context.jdbc.Sql;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
 
 import com.fasterxml.jackson.core.type.TypeReference;
 
@@ -307,4 +309,39 @@ public class UserActivityLogAPITest extends AdministrationAPIIntegrationTester {
         assertTrue(logs.content.isEmpty());
     }
 
+    @Test
+    public void testReadonly() throws Exception {
+        final String token = getSebAdminAccess();
+        this.mockMvc
+                .perform(put(this.endpoint + API.USER_ACTIVITY_LOG_ENDPOINT)
+                        .header("Authorization", "Bearer " + token)
+                        .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
+                        .content("{"
+                                + "  \"id\" : 3,"
+                                + "  \"userUuid\" : \"userUUID\","
+                                + "  \"username\" : \"username\","
+                                + "  \"timestamp\" : 123,"
+                                + "  \"activityType\" : \"EXPORT\","
+                                + "  \"entityType\" : \"USER\","
+                                + "  \"entityId\" : \"5\","
+                                + "  \"message\" : \"message\""
+                                + "}"))
+                .andExpect(status().isForbidden());
+
+        final MultiValueMap<String, String> multiValueMap = new LinkedMultiValueMap<>();
+        multiValueMap.add("institutionId", "1");
+        this.mockMvc
+                .perform(post(this.endpoint + API.USER_ACTIVITY_LOG_ENDPOINT)
+                        .header("Authorization", "Bearer " + token)
+                        .contentType(MediaType.APPLICATION_FORM_URLENCODED)
+                        .params(multiValueMap))
+                .andExpect(status().isForbidden());
+
+        this.mockMvc
+                .perform(delete(this.endpoint + API.USER_ACTIVITY_LOG_ENDPOINT + "/12")
+                        .header("Authorization", "Bearer " + token))
+                .andExpect(status().isForbidden());
+
+    }
+
 }