Package org.trustdeck.controller
Class PermissionRESTController
java.lang.Object
org.trustdeck.controller.PermissionRESTController
@RestController
@EnableMethodSecurity
@RequestMapping("/api/permissions")
public class PermissionRESTController
extends Object
Provides the REST API for the permission endpoints.
This controller handles requests related to users and permissions.
- Author:
- Eric Wündisch, Armin Müller
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionorg.springframework.http.ResponseEntity<?> getPermissions(String domainName, String userId, String responseContentType, jakarta.servlet.http.HttpServletRequest request) Retrieves the permissions of a user for a specific domain.org.springframework.http.ResponseEntity<?> searchUsers(String query, String responseContentType, jakarta.servlet.http.HttpServletRequest request) Searches for users based on a search term.org.springframework.http.ResponseEntity<?> updateACEPermission(String domainName, String userId, List<PermissionDTO> permissions, String responseContentType, jakarta.servlet.http.HttpServletRequest request) Updates the ACE-specific permission for a user in a domain.org.springframework.http.ResponseEntity<?> updateKINGPermission(String projectName, String userId, List<PermissionDTO> permissions, String responseContentType, jakarta.servlet.http.HttpServletRequest request) Updates the KING-specific permission for a user in a project.
-
Constructor Details
-
PermissionRESTController
public PermissionRESTController()
-
-
Method Details
-
searchUsers
@GetMapping("/users") @PreAuthorize("hasRole(\'permission-manager\')") public org.springframework.http.ResponseEntity<?> searchUsers(@RequestParam(name="query",required=true) String query, @RequestHeader(name="accept",required=false) String responseContentType, jakarta.servlet.http.HttpServletRequest request) Searches for users based on a search term.- Parameters:
query- the search termresponseContentType- (optional) the response content typerequest- the request object, injected by Spring Boot- Returns:
- a 200-OK status with the (possibly empty) list of users matching the query
- a 206-PARTIAL_CONTENT status with a truncated list when more than the maximum number of results are available
- a 400-BAD_REQUEST status when the required query parameter is missing
-
getPermissions
@GetMapping("/{domainName}") @PreAuthorize("@auth.hasDomainRoleRelationship(#root, #domainName, \'permission-manager\')") public org.springframework.http.ResponseEntity<?> getPermissions(@PathVariable("domainName") String domainName, @RequestParam(name="userId",required=true) String userId, @RequestHeader(name="accept",required=false) String responseContentType, jakarta.servlet.http.HttpServletRequest request) Retrieves the permissions of a user for a specific domain.- Parameters:
domainName- the name of the domainuserId- the ID of the userresponseContentType- (optional) the response content typerequest- the request object, injected by Spring Boot- Returns:
- a 200-OK status with the list of permissions for the user in the given domain
- a 400-BAD_REQUEST status when domainName or userId is missing or empty
-
updateACEPermission
@PutMapping("/{domainName}") @PreAuthorize("hasRole(\'permission-manager\')") public org.springframework.http.ResponseEntity<?> updateACEPermission(@PathVariable("domainName") String domainName, @RequestParam(name="userId",required=true) String userId, @RequestBody List<PermissionDTO> permissions, @RequestHeader(name="accept",required=false) String responseContentType, jakarta.servlet.http.HttpServletRequest request) Updates the ACE-specific permission for a user in a domain.- Parameters:
domainName- the name of the domainuserId- the ID of the userpermissions- the list of permissions to be createdresponseContentType- (optional) the response content typerequest- the request object, injected by Spring Boot- Returns:
- a 200-OK status when the user's permissions were successfully synchronized with the provided list
- a 400-BAD_REQUEST status when the provided permissions list is empty or contains invalid entries
- a 404-NOT_FOUND status when the specified domain does not exist or cannot be resolved
-
updateKINGPermission
@PutMapping("/{projectName}") @PreAuthorize("hasRole(\'permission-manager\')") public org.springframework.http.ResponseEntity<?> updateKINGPermission(@PathVariable("projectName") String projectName, @RequestParam(name="userId",required=true) String userId, @RequestBody List<PermissionDTO> permissions, @RequestHeader(name="accept",required=false) String responseContentType, jakarta.servlet.http.HttpServletRequest request) Updates the KING-specific permission for a user in a project.- Parameters:
projectName- the name of the projectuserId- the ID of the userpermissions- the list of permissions to be createdresponseContentType- (optional) the response content typerequest- the request object, injected by Spring Boot- Returns:
- a 200-OK status when the user's permissions were successfully synchronized with the provided list
- a 400-BAD_REQUEST status when the provided permissions list is empty or contains invalid entries
- a 404-NOT_FOUND status when the specified domain does not exist or cannot be resolved
-