1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.mycore.mcr.acl.accesskey.restapi.v2;
20
21 import static org.mycore.mcr.acl.accesskey.restapi.v2.MCRRestAccessKeyHelper.PARAM_SECRET;
22 import static org.mycore.mcr.acl.accesskey.restapi.v2.MCRRestAccessKeyHelper.QUERY_PARAM_SECRET_ENCODING;
23 import static org.mycore.restapi.v2.MCRRestAuthorizationFilter.PARAM_MCRID;
24 import static org.mycore.restapi.v2.MCRRestUtils.TAG_MYCORE_OBJECT;
25
26 import org.mycore.datamodel.metadata.MCRObjectID;
27 import org.mycore.mcr.acl.accesskey.model.MCRAccessKey;
28 import org.mycore.restapi.annotations.MCRApiDraft;
29 import org.mycore.restapi.annotations.MCRRequireTransaction;
30 import org.mycore.restapi.converter.MCRObjectIDParamConverterProvider;
31 import org.mycore.restapi.v2.access.MCRRestAPIACLPermission;
32 import org.mycore.restapi.v2.annotation.MCRRestRequiredPermission;
33
34 import io.swagger.v3.oas.annotations.Operation;
35 import io.swagger.v3.oas.annotations.headers.Header;
36 import io.swagger.v3.oas.annotations.media.ArraySchema;
37 import io.swagger.v3.oas.annotations.media.Content;
38 import io.swagger.v3.oas.annotations.media.Schema;
39 import io.swagger.v3.oas.annotations.parameters.RequestBody;
40 import io.swagger.v3.oas.annotations.responses.ApiResponse;
41 import io.swagger.v3.oas.annotations.tags.Tag;
42 import jakarta.ws.rs.Consumes;
43 import jakarta.ws.rs.DELETE;
44 import jakarta.ws.rs.DefaultValue;
45 import jakarta.ws.rs.GET;
46 import jakarta.ws.rs.POST;
47 import jakarta.ws.rs.PUT;
48 import jakarta.ws.rs.Path;
49 import jakarta.ws.rs.PathParam;
50 import jakarta.ws.rs.Produces;
51 import jakarta.ws.rs.QueryParam;
52 import jakarta.ws.rs.core.Context;
53 import jakarta.ws.rs.core.HttpHeaders;
54 import jakarta.ws.rs.core.MediaType;
55 import jakarta.ws.rs.core.Response;
56 import jakarta.ws.rs.core.UriInfo;
57
58 @MCRApiDraft("MCRAccessKey")
59 @Path("/objects/{" + PARAM_MCRID + "}/accesskeys")
60 @Tag(name = TAG_MYCORE_OBJECT)
61 public class MCRRestObjectAccessKeys {
62
63 @Context
64 UriInfo uriInfo;
65
66 @GET
67 @Operation(
68 summary = "Lists all access keys for an object",
69 responses = {
70 @ApiResponse(responseCode = "200", content = { @Content(mediaType = MediaType.APPLICATION_JSON,
71 array = @ArraySchema(schema = @Schema(implementation = MCRAccessKey.class))) }),
72 @ApiResponse(responseCode = "" + MCRObjectIDParamConverterProvider.CODE_INVALID,
73 description = MCRObjectIDParamConverterProvider.MSG_INVALID,
74 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
75 @ApiResponse(responseCode = "401",
76 description = "You do not have create permission and need to authenticate first",
77 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
78 @ApiResponse(responseCode = "404", description = "Object or access key does not exist",
79 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
80 })
81 @Produces(MediaType.APPLICATION_JSON)
82 @MCRRestRequiredPermission(MCRRestAPIACLPermission.WRITE)
83 public Response listAccessKeysForObject(@PathParam(PARAM_MCRID) final MCRObjectID objectId,
84 @DefaultValue("0") @QueryParam("offset") final int offset,
85 @DefaultValue("128") @QueryParam("limit") final int limit) {
86 return MCRRestAccessKeyHelper.doListAccessKeys(objectId, offset, limit);
87 }
88
89 @GET
90 @Path("/{" + PARAM_SECRET + "}")
91 @Operation(
92 summary = "Gets access key for an object",
93 responses = {
94 @ApiResponse(responseCode = "200", content = @Content(mediaType = MediaType.APPLICATION_JSON,
95 schema = @Schema(implementation = MCRAccessKey.class))),
96 @ApiResponse(responseCode = "" + MCRObjectIDParamConverterProvider.CODE_INVALID,
97 description = MCRObjectIDParamConverterProvider.MSG_INVALID,
98 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
99 @ApiResponse(responseCode = "401",
100 description = "You do not have create permission and need to authenticate first",
101 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
102 @ApiResponse(responseCode = "404", description = "Object or access key does not exist",
103 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
104 })
105 @Produces(MediaType.APPLICATION_JSON)
106 @MCRRestRequiredPermission(MCRRestAPIACLPermission.WRITE)
107 public Response getAccessKeyFromObject(@PathParam(PARAM_MCRID) final MCRObjectID objectId,
108 @PathParam(PARAM_SECRET) final String secret,
109 @QueryParam(QUERY_PARAM_SECRET_ENCODING) final String secretEncoding) {
110 return MCRRestAccessKeyHelper.doGetAccessKey(objectId, secret, secretEncoding);
111 }
112
113 @POST
114 @Operation(
115 summary = "Creates an access key for an object",
116 responses = {
117 @ApiResponse(responseCode = "201", description = "Access key was successfully created",
118 headers = @Header(name = HttpHeaders.LOCATION)),
119 @ApiResponse(responseCode = "400", description = "Invalid ID or invalid access key",
120 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
121 @ApiResponse(responseCode = "401",
122 description = "You do not have create permission and need to authenticate first",
123 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
124 @ApiResponse(responseCode = "404", description = "Object does not exist",
125 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
126 })
127 @RequestBody(required = true,
128 content = @Content(mediaType = MediaType.APPLICATION_JSON,
129 schema = @Schema(implementation = MCRAccessKey.class)))
130 @Consumes(MediaType.APPLICATION_JSON)
131 @Produces(MediaType.APPLICATION_JSON)
132 @MCRRestRequiredPermission(MCRRestAPIACLPermission.WRITE)
133 @MCRRequireTransaction
134 public Response createAccessKeyForObject(@PathParam(PARAM_MCRID) final MCRObjectID objectId,
135 final String accessKeyJson) {
136 return MCRRestAccessKeyHelper.doCreateAccessKey(objectId, accessKeyJson, uriInfo);
137 }
138
139 @PUT
140 @Path("/{" + PARAM_SECRET + "}")
141 @Operation(
142 summary = "Updates an access key for an object",
143 responses = {
144 @ApiResponse(responseCode = "204", description = "Access key was successfully updated"),
145 @ApiResponse(responseCode = "400", description = "Invalid ID or invalid access key",
146 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
147 @ApiResponse(responseCode = "401",
148 description = "You do not have create permission and need to authenticate first",
149 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
150 @ApiResponse(responseCode = "404", description = "Object or access key does not exist",
151 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
152 })
153 @RequestBody(required = true,
154 content = @Content(mediaType = MediaType.APPLICATION_JSON,
155 schema = @Schema(implementation = MCRAccessKey.class)))
156 @Consumes(MediaType.APPLICATION_JSON)
157 @Produces(MediaType.APPLICATION_JSON)
158 @MCRRestRequiredPermission(MCRRestAPIACLPermission.WRITE)
159 @MCRRequireTransaction
160 public Response updateAccessKeyFromObject(@PathParam(PARAM_MCRID) final MCRObjectID objectId,
161 @PathParam(PARAM_SECRET) final String secret, final String accessKeyJson,
162 @QueryParam(QUERY_PARAM_SECRET_ENCODING) final String secretEncoding) {
163 return MCRRestAccessKeyHelper.doUpdateAccessKey(objectId, secret, accessKeyJson, secretEncoding);
164 }
165
166 @DELETE
167 @Path("/{" + PARAM_SECRET + "}")
168 @Operation(
169 summary = "Deletes an access key from an object",
170 responses = {
171 @ApiResponse(responseCode = "204", description = "Access key was successfully deleted"),
172 @ApiResponse(responseCode = "" + MCRObjectIDParamConverterProvider.CODE_INVALID,
173 description = MCRObjectIDParamConverterProvider.MSG_INVALID,
174 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
175 @ApiResponse(responseCode = "401",
176 description = "You do not have create permission and need to authenticate first",
177 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
178 @ApiResponse(responseCode = "404", description = "Object or access key does not exist",
179 content = { @Content(mediaType = MediaType.APPLICATION_JSON) }),
180 })
181 @Produces(MediaType.APPLICATION_JSON)
182 @MCRRestRequiredPermission(MCRRestAPIACLPermission.WRITE)
183 @MCRRequireTransaction
184 public Response removeAccessKeyFromObject(@PathParam(PARAM_MCRID) final MCRObjectID objectId,
185 @PathParam(PARAM_SECRET) final String secret,
186 @QueryParam(QUERY_PARAM_SECRET_ENCODING) final String secretEncoding) {
187 return MCRRestAccessKeyHelper.doRemoveAccessKey(objectId, secret, secretEncoding);
188 }
189 }