View Javadoc
1   /*
2    * This file is part of ***  M y C o R e  ***
3    * See http://www.mycore.de/ for details.
4    *
5    * MyCoRe is free software: you can redistribute it and/or modify
6    * it under the terms of the GNU General Public License as published by
7    * the Free Software Foundation, either version 3 of the License, or
8    * (at your option) any later version.
9    *
10   * MyCoRe is distributed in the hope that it will be useful,
11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13   * GNU General Public License for more details.
14   *
15   * You should have received a copy of the GNU General Public License
16   * along with MyCoRe.  If not, see <http://www.gnu.org/licenses/>.
17   */
18  
19  package org.mycore.mcr.acl.accesskey.restapi.v2;
20  
21  import static org.mycore.mcr.acl.accesskey.restapi.v2.MCRRestAccessKeyHelper.PARAM_SECRET;
22  import static org.mycore.mcr.acl.accesskey.restapi.v2.MCRRestAccessKeyHelper.QUERY_PARAM_SECRET_ENCODING;
23  import static org.mycore.restapi.v2.MCRRestAuthorizationFilter.PARAM_MCRID;
24  import static org.mycore.restapi.v2.MCRRestUtils.TAG_MYCORE_OBJECT;
25  
26  import org.mycore.datamodel.metadata.MCRObjectID;
27  import org.mycore.mcr.acl.accesskey.model.MCRAccessKey;
28  import org.mycore.restapi.annotations.MCRApiDraft;
29  import org.mycore.restapi.annotations.MCRRequireTransaction;
30  import org.mycore.restapi.converter.MCRObjectIDParamConverterProvider;
31  import org.mycore.restapi.v2.access.MCRRestAPIACLPermission;
32  import org.mycore.restapi.v2.annotation.MCRRestRequiredPermission;
33  
34  import io.swagger.v3.oas.annotations.Operation;
35  import io.swagger.v3.oas.annotations.headers.Header;
36  import io.swagger.v3.oas.annotations.media.ArraySchema;
37  import io.swagger.v3.oas.annotations.media.Content;
38  import io.swagger.v3.oas.annotations.media.Schema;
39  import io.swagger.v3.oas.annotations.parameters.RequestBody;
40  import io.swagger.v3.oas.annotations.responses.ApiResponse;
41  import io.swagger.v3.oas.annotations.tags.Tag;
42  import jakarta.ws.rs.Consumes;
43  import jakarta.ws.rs.DELETE;
44  import jakarta.ws.rs.DefaultValue;
45  import jakarta.ws.rs.GET;
46  import jakarta.ws.rs.POST;
47  import jakarta.ws.rs.PUT;
48  import jakarta.ws.rs.Path;
49  import jakarta.ws.rs.PathParam;
50  import jakarta.ws.rs.Produces;
51  import jakarta.ws.rs.QueryParam;
52  import jakarta.ws.rs.core.Context;
53  import jakarta.ws.rs.core.HttpHeaders;
54  import jakarta.ws.rs.core.MediaType;
55  import jakarta.ws.rs.core.Response;
56  import jakarta.ws.rs.core.UriInfo;
57  
58  @MCRApiDraft("MCRAccessKey")
59  @Path("/objects/{" + PARAM_MCRID + "}/accesskeys")
60  @Tag(name = TAG_MYCORE_OBJECT)
61  public class MCRRestObjectAccessKeys {
62  
63      @Context
64      UriInfo uriInfo;
65  
66      @GET
67      @Operation(
68          summary = "Lists all access keys for an object",
69          responses = {
70              @ApiResponse(responseCode = "200", content = { @Content(mediaType = MediaType.APPLICATION_JSON,
71                  array = @ArraySchema(schema = @Schema(implementation = MCRAccessKey.class))) }),
72              @ApiResponse(responseCode = "" + MCRObjectIDParamConverterProvider.CODE_INVALID, // 400
73                  description = MCRObjectIDParamConverterProvider.MSG_INVALID,
74                  content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
75              @ApiResponse(responseCode = "401",
76                  description = "You do not have create permission and need to authenticate first",
77                  content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
78              @ApiResponse(responseCode = "404", description = "Object or access key does not exist",
79                  content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
80          })
81      @Produces(MediaType.APPLICATION_JSON)
82      @MCRRestRequiredPermission(MCRRestAPIACLPermission.WRITE)
83      public Response listAccessKeysForObject(@PathParam(PARAM_MCRID) final MCRObjectID objectId,
84          @DefaultValue("0") @QueryParam("offset") final int offset,
85          @DefaultValue("128") @QueryParam("limit") final int limit) {
86          return MCRRestAccessKeyHelper.doListAccessKeys(objectId, offset, limit);
87      }
88  
89      @GET
90      @Path("/{" + PARAM_SECRET + "}")
91      @Operation(
92          summary = "Gets access key for an object",
93          responses = {
94              @ApiResponse(responseCode = "200", content = @Content(mediaType = MediaType.APPLICATION_JSON,
95                  schema = @Schema(implementation = MCRAccessKey.class))),
96              @ApiResponse(responseCode = "" + MCRObjectIDParamConverterProvider.CODE_INVALID, // 400
97                  description = MCRObjectIDParamConverterProvider.MSG_INVALID,
98                  content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
99              @ApiResponse(responseCode = "401",
100                 description = "You do not have create permission and need to authenticate first",
101                 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
102             @ApiResponse(responseCode = "404", description = "Object or access key does not exist",
103                 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
104         })
105     @Produces(MediaType.APPLICATION_JSON)
106     @MCRRestRequiredPermission(MCRRestAPIACLPermission.WRITE)
107     public Response getAccessKeyFromObject(@PathParam(PARAM_MCRID) final MCRObjectID objectId,
108         @PathParam(PARAM_SECRET) final String secret,
109         @QueryParam(QUERY_PARAM_SECRET_ENCODING) final String secretEncoding) {
110         return MCRRestAccessKeyHelper.doGetAccessKey(objectId, secret, secretEncoding);
111     }
112 
113     @POST
114     @Operation(
115         summary = "Creates an access key for an object",
116         responses = {
117             @ApiResponse(responseCode = "201", description = "Access key was successfully created",
118                 headers = @Header(name = HttpHeaders.LOCATION)),
119             @ApiResponse(responseCode = "400", description = "Invalid ID or invalid access key",
120                 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
121             @ApiResponse(responseCode = "401",
122                 description = "You do not have create permission and need to authenticate first",
123                 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
124             @ApiResponse(responseCode = "404", description = "Object does not exist",
125                 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
126         })
127     @RequestBody(required = true,
128         content = @Content(mediaType = MediaType.APPLICATION_JSON,
129             schema = @Schema(implementation = MCRAccessKey.class)))
130     @Consumes(MediaType.APPLICATION_JSON)
131     @Produces(MediaType.APPLICATION_JSON)
132     @MCRRestRequiredPermission(MCRRestAPIACLPermission.WRITE)
133     @MCRRequireTransaction
134     public Response createAccessKeyForObject(@PathParam(PARAM_MCRID) final MCRObjectID objectId,
135         final String accessKeyJson) {
136         return MCRRestAccessKeyHelper.doCreateAccessKey(objectId, accessKeyJson, uriInfo);
137     }
138 
139     @PUT
140     @Path("/{" + PARAM_SECRET + "}")
141     @Operation(
142         summary = "Updates an access key for an object",
143         responses = {
144             @ApiResponse(responseCode = "204", description = "Access key was successfully updated"),
145             @ApiResponse(responseCode = "400", description = "Invalid ID or invalid access key",
146                 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
147             @ApiResponse(responseCode = "401",
148                 description = "You do not have create permission and need to authenticate first",
149                 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
150             @ApiResponse(responseCode = "404", description = "Object or access key does not exist",
151                 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
152         })
153     @RequestBody(required = true,
154         content = @Content(mediaType = MediaType.APPLICATION_JSON,
155             schema = @Schema(implementation = MCRAccessKey.class)))
156     @Consumes(MediaType.APPLICATION_JSON)
157     @Produces(MediaType.APPLICATION_JSON)
158     @MCRRestRequiredPermission(MCRRestAPIACLPermission.WRITE)
159     @MCRRequireTransaction
160     public Response updateAccessKeyFromObject(@PathParam(PARAM_MCRID) final MCRObjectID objectId,
161         @PathParam(PARAM_SECRET) final String secret, final String accessKeyJson,
162         @QueryParam(QUERY_PARAM_SECRET_ENCODING) final String secretEncoding) {
163         return MCRRestAccessKeyHelper.doUpdateAccessKey(objectId, secret, accessKeyJson, secretEncoding);
164     }
165 
166     @DELETE
167     @Path("/{" + PARAM_SECRET + "}")
168     @Operation(
169         summary = "Deletes an access key from an object",
170         responses = {
171             @ApiResponse(responseCode = "204", description = "Access key was successfully deleted"),
172             @ApiResponse(responseCode = "" + MCRObjectIDParamConverterProvider.CODE_INVALID, // 400
173                 description = MCRObjectIDParamConverterProvider.MSG_INVALID,
174                 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
175             @ApiResponse(responseCode = "401",
176                 description = "You do not have create permission and need to authenticate first",
177                 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
178             @ApiResponse(responseCode = "404", description = "Object or access key does not exist",
179                 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
180         })
181     @Produces(MediaType.APPLICATION_JSON)
182     @MCRRestRequiredPermission(MCRRestAPIACLPermission.WRITE)
183     @MCRRequireTransaction
184     public Response removeAccessKeyFromObject(@PathParam(PARAM_MCRID) final MCRObjectID objectId,
185         @PathParam(PARAM_SECRET) final String secret,
186         @QueryParam(QUERY_PARAM_SECRET_ENCODING) final String secretEncoding) {
187         return MCRRestAccessKeyHelper.doRemoveAccessKey(objectId, secret, secretEncoding);
188     }
189 }