# HG changeset patch # User Severin Gehwolf # Date 1376914280 -7200 # Node ID 1fd7faa8502a843c9deada113a056d86fefb39c3 # Parent 945e5d5c60ba57a01c805f4dd273a4ec09a25412 Separate add-pojo/replace-pojo entry points. Reviewed-by: neugens Review-thread: http://icedtea.classpath.org/pipermail/thermostat/2013-August/007977.html diff -r 945e5d5c60ba -r 1fd7faa8502a web/client/src/main/java/com/redhat/thermostat/web/client/internal/WebStorage.java --- a/web/client/src/main/java/com/redhat/thermostat/web/client/internal/WebStorage.java Tue Aug 20 11:18:22 2013 +0200 +++ b/web/client/src/main/java/com/redhat/thermostat/web/client/internal/WebStorage.java Mon Aug 19 14:11:20 2013 +0200 @@ -304,7 +304,7 @@ @Override public void apply() { int categoryId = getCategoryId(getCategory()); - putImpl(new WebInsert(categoryId, false), getPojo()); + addImpl(new WebInsert(categoryId), getPojo()); } } @@ -314,7 +314,7 @@ @Override public void apply() { int categoryId = getCategoryId(getCategory()); - putImpl(new WebInsert(categoryId, true), getPojo()); + replaceImpl(new WebInsert(categoryId), getPojo()); } } @@ -641,17 +641,25 @@ replace.setCategory(into); return replace; } + + private void addImpl(WebInsert insert, final Pojo pojo) throws StorageException { + List formParams = getPutFormParams(insert, pojo); + post(endpoint + "/add-pojo", formParams).close(); + } - private void putImpl(WebInsert insert, final Pojo pojo) throws StorageException { - + private List getPutFormParams(WebInsert insert, Pojo pojo) { maybeAddAgentId(pojo); NameValuePair insertParam = new BasicNameValuePair("insert", gson.toJson(insert)); NameValuePair pojoParam = new BasicNameValuePair("pojo", gson.toJson(pojo)); List formparams = Arrays.asList(insertParam, pojoParam); - post(endpoint + "/put-pojo", formparams).close(); + return formparams; + } + private void replaceImpl(WebInsert insert, final Pojo pojo) throws StorageException { + List formparams = getPutFormParams(insert, pojo); + post(endpoint + "/replace-pojo", formparams).close(); } private void maybeAddAgentId(final Pojo pojo) throws AssertionError { diff -r 945e5d5c60ba -r 1fd7faa8502a web/client/src/test/java/com/redhat/thermostat/web/client/internal/WebStorageTest.java --- a/web/client/src/test/java/com/redhat/thermostat/web/client/internal/WebStorageTest.java Tue Aug 20 11:18:22 2013 +0200 +++ b/web/client/src/test/java/com/redhat/thermostat/web/client/internal/WebStorageTest.java Mon Aug 19 14:11:20 2013 +0200 @@ -391,7 +391,7 @@ } @Test - public void testPut() throws IOException, JsonSyntaxException, ClassNotFoundException { + public void testReplace() throws IOException, JsonSyntaxException, ClassNotFoundException { TestObj obj = new TestObj(); obj.setProperty1("fluff"); @@ -416,7 +416,6 @@ assertEquals("insert", parts[0]); WebInsert insert = gson.fromJson(parts[1], WebInsert.class); assertEquals(42, insert.getCategoryId()); - assertEquals(true, insert.isReplace()); parts = params[1].split("="); assertEquals(2, parts.length); diff -r 945e5d5c60ba -r 1fd7faa8502a web/common/src/main/java/com/redhat/thermostat/web/common/WebInsert.java --- a/web/common/src/main/java/com/redhat/thermostat/web/common/WebInsert.java Tue Aug 20 11:18:22 2013 +0200 +++ b/web/common/src/main/java/com/redhat/thermostat/web/common/WebInsert.java Mon Aug 19 14:11:20 2013 +0200 @@ -41,14 +41,12 @@ public class WebInsert { private int categoryId; - private boolean replace; public WebInsert() { } - public WebInsert(int categoryId, boolean replace) { + public WebInsert(int categoryId) { this.categoryId = categoryId; - this.replace = replace; } public int getCategoryId() { @@ -59,14 +57,5 @@ this.categoryId = categoryId; } - public boolean isReplace() { - return replace; - } - - public void setReplace(boolean replace) { - this.replace = replace; - } - - } diff -r 945e5d5c60ba -r 1fd7faa8502a web/server/src/main/java/com/redhat/thermostat/web/server/WebStorageEndPoint.java --- a/web/server/src/main/java/com/redhat/thermostat/web/server/WebStorageEndPoint.java Tue Aug 20 11:18:22 2013 +0200 +++ b/web/server/src/main/java/com/redhat/thermostat/web/server/WebStorageEndPoint.java Mon Aug 19 14:11:20 2013 +0200 @@ -231,11 +231,12 @@ String cmd = uri.substring(lastPartIdx + 1); if (cmd.equals("prepare-statement")) { prepareStatement(req, resp); - } - else if (cmd.equals("query-execute")) { + } else if (cmd.equals("query-execute")) { queryExecute(req, resp); - } else if (cmd.equals("put-pojo")) { - putPojo(req, resp); + } else if (cmd.equals("add-pojo")) { + addPojo(req, resp); + } else if (cmd.equals("replace-pojo")) { + replacePojo(req, resp); } else if (cmd.equals("register-category")) { registerCategory(req, resp); } else if (cmd.equals("remove-pojo")) { @@ -519,24 +520,34 @@ } } - @WebStoragePathHandler( path = "put-pojo" ) - private void putPojo(HttpServletRequest req, HttpServletResponse resp) { + @WebStoragePathHandler( path = "add-pojo" ) + private void addPojo(HttpServletRequest req, HttpServletResponse resp) { + if (! isAuthorized(req, resp, Roles.APPEND)) { + return; + } String insertParam = req.getParameter("insert"); WebInsert insert = gson.fromJson(insertParam, WebInsert.class); int categoryId = insert.getCategoryId(); Category category = getCategoryFromId(categoryId); - Put targetPut = null; - if (insert.isReplace()) { - if (! isAuthorized(req, resp, Roles.REPLACE)) { - return; - } - targetPut = storage.createReplace(category); - } else { - if (! isAuthorized(req, resp, Roles.APPEND)) { - return; - } - targetPut = storage.createAdd(category); + Put targetPut = storage.createAdd(category); + Class pojoCls = category.getDataClass(); + String pojoParam = req.getParameter("pojo"); + Pojo pojo = gson.fromJson(pojoParam, pojoCls); + targetPut.setPojo(pojo); + targetPut.apply(); + resp.setStatus(HttpServletResponse.SC_OK); + } + + @WebStoragePathHandler( path = "replace-pojo" ) + private void replacePojo(HttpServletRequest req, HttpServletResponse resp) { + if (! isAuthorized(req, resp, Roles.REPLACE)) { + return; } + String insertParam = req.getParameter("insert"); + WebInsert insert = gson.fromJson(insertParam, WebInsert.class); + int categoryId = insert.getCategoryId(); + Category category = getCategoryFromId(categoryId); + Put targetPut = storage.createReplace(category); Class pojoCls = category.getDataClass(); String pojoParam = req.getParameter("pojo"); Pojo pojo = gson.fromJson(pojoParam, pojoCls); diff -r 945e5d5c60ba -r 1fd7faa8502a web/server/src/main/java/com/redhat/thermostat/web/server/auth/Roles.java --- a/web/server/src/main/java/com/redhat/thermostat/web/server/auth/Roles.java Tue Aug 20 11:18:22 2013 +0200 +++ b/web/server/src/main/java/com/redhat/thermostat/web/server/auth/Roles.java Mon Aug 19 14:11:20 2013 +0200 @@ -55,6 +55,14 @@ */ final String GRANT_VMS_READ_BY_USERNAME_ALL = "thermostat-vms-grant-read-username-ALL"; /** + * Allows for a user to read any file from storage. + */ + final String GRANT_FILES_READ_ALL = "thermostat-files-grant-read-filename-ALL"; + /** + * Allows for a user to write any file to storage. + */ + final String GRANT_FILES_WRITE_ALL = "thermostat-files-grant-write-filename-ALL"; + /** * Allows for a user to see records tied to any agent. */ final String GRANT_AGENTS_READ_ALL = "thermostat-agents-grant-read-agentId-ALL"; diff -r 945e5d5c60ba -r 1fd7faa8502a web/server/src/test/java/com/redhat/thermostat/web/server/WebStorageEndpointTest.java --- a/web/server/src/test/java/com/redhat/thermostat/web/server/WebStorageEndpointTest.java Tue Aug 20 11:18:22 2013 +0200 +++ b/web/server/src/test/java/com/redhat/thermostat/web/server/WebStorageEndpointTest.java Mon Aug 19 14:11:20 2013 +0200 @@ -251,7 +251,7 @@ // manually maintained list of path handlers which should include // authorization checks final String[] authPaths = new String[] { - "prepare-statement", "query-execute", "put-pojo", "register-category", "remove-pojo", + "prepare-statement", "query-execute", "add-pojo", "replace-pojo", "register-category", "remove-pojo", "update-pojo", "save-file", "load-file", "purge", "ping", "generate-token", "verify-token" }; @@ -873,7 +873,7 @@ } @Test - public void authorizedReplacePutPojo() throws Exception { + public void authorizedReplacePojo() throws Exception { String[] roleNames = new String[] { Roles.REPLACE, Roles.REGISTER_CATEGORY, @@ -903,14 +903,14 @@ String endpoint = getEndpoint(); - URL url = new URL(endpoint + "/put-pojo"); + URL url = new URL(endpoint + "/replace-pojo"); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("POST"); sendAuthentication(conn, testuser, password); conn.setDoOutput(true); conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); - WebInsert insert = new WebInsert(categoryId, true); + WebInsert insert = new WebInsert(categoryId); Gson gson = new Gson(); OutputStreamWriter out = new OutputStreamWriter(conn.getOutputStream()); out.write("insert="); @@ -927,7 +927,7 @@ } @Test - public void unauthorizedReplacePutPojo() throws Exception { + public void unauthorizedReplacePojo() throws Exception { String[] insufficientRoleNames = new String[] { Roles.REGISTER_CATEGORY, Roles.ACCESS_REALM @@ -948,7 +948,7 @@ registerCategory(testuser, password); String endpoint = getEndpoint(); - URL url = new URL(endpoint + "/put-pojo"); + URL url = new URL(endpoint + "/replace-pojo"); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("POST"); sendAuthentication(conn, testuser, password); @@ -956,7 +956,7 @@ conn.setDoOutput(true); conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); // replace - WebInsert insert = new WebInsert(categoryId, true); + WebInsert insert = new WebInsert(categoryId); Gson gson = new Gson(); OutputStreamWriter out = new OutputStreamWriter(conn.getOutputStream()); out.write("insert="); @@ -972,7 +972,7 @@ } @Test - public void authorizedInsertPutPojo() throws Exception { + public void authorizedAddPojo() throws Exception { String[] roleNames = new String[] { Roles.APPEND, Roles.REGISTER_CATEGORY, @@ -1002,14 +1002,14 @@ String endpoint = getEndpoint(); - URL url = new URL(endpoint + "/put-pojo"); + URL url = new URL(endpoint + "/add-pojo"); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("POST"); sendAuthentication(conn, testuser, password); conn.setDoOutput(true); conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); - WebInsert ins = new WebInsert(categoryId, false); + WebInsert ins = new WebInsert(categoryId); Gson gson = new Gson(); OutputStreamWriter out = new OutputStreamWriter(conn.getOutputStream()); out.write("insert="); @@ -1026,7 +1026,7 @@ } @Test - public void unauthorizedInsertPutPojo() throws Exception { + public void unauthorizedAddPojo() throws Exception { String[] insufficientRoleNames = new String[] { Roles.REGISTER_CATEGORY, Roles.ACCESS_REALM @@ -1047,7 +1047,7 @@ registerCategory(testuser, password); String endpoint = getEndpoint(); - URL url = new URL(endpoint + "/put-pojo"); + URL url = new URL(endpoint + "/add-pojo"); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("POST"); sendAuthentication(conn, testuser, password); @@ -1055,7 +1055,7 @@ conn.setDoOutput(true); conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); // replace - WebInsert insert = new WebInsert(categoryId, false); + WebInsert insert = new WebInsert(categoryId); Gson gson = new Gson(); OutputStreamWriter out = new OutputStreamWriter(conn.getOutputStream()); out.write("insert=");