Merge branch 'apimgmt' into 'master'

Api mgmt

Some api ret cleanups ( any logged in user could create rest credentials for ANY other user in ANY event!)
Initial rest management pages

See merge request !341

code/moya-beans-client/ejbModule/fi/codecrew/moya/beans/ApiApplicationBeanLocal.java

@@ -18,34 +18,19 @@
  */
 package fi.codecrew.moya.beans;
 
-import fi.codecrew.moya.model.ApiApplicationInstance;
+import java.util.List;
 
 import javax.ejb.Local;
 
+import fi.codecrew.moya.model.ApiApplication;
+import fi.codecrew.moya.model.ApiApplicationInstance;
+
 @Local
 public interface ApiApplicationBeanLocal {
 
-	/**
-	 * Creates applicationinstance for currentuser and application specified in application key
-	 * @param applicationKey
-	 * @return
-	 */
-	public ApiApplicationInstance createInstance(String applicationKey);
+	List<ApiApplication> findMyApplications();
 
-	/**
-	 * Creates new enabled applicationinstance for current user
-	 *
-	 * @param applicationkey
-	 * @return
-	 */
-	ApiApplicationInstance createApplicationInstance(String applicationkey);
+	List<ApiApplication> findAllApplications();
 
-	/**
-	 * creates new disabled applicationInstance for specified user
-	 *
-	 * @param applicationkey
-	 * @param username
-	 * @return
-	 */
-	ApiApplicationInstance createApplicationInstance(String applicationkey, String username);
+	ApiApplicationInstance createApplicationInstance(ApiApplication application);
 }

code/moya-beans-client/ejbModule/fi/codecrew/moya/beans/api/ApiBeanLocal.java

+package fi.codecrew.moya.beans.api;
+
+import java.util.List;
+
+import javax.ejb.Local;
+
+import fi.codecrew.moya.model.ApiApplication;
+import fi.codecrew.moya.model.EventUser;
+
+@Local
+public interface ApiBeanLocal {
+
+	List<ApiApplication> getApplications();
+	List<ApiApplication> getApplicationsForUser(EventUser user);
+
+}

code/moya-beans/ejbModule/fi/codecrew/moya/beans/ApiApplicationBean.java

@@ -19,14 +19,18 @@
 package fi.codecrew.moya.beans;
 
 import java.util.Calendar;
+import java.util.List;
 
+import javax.annotation.security.DeclareRoles;
+import javax.annotation.security.RolesAllowed;
 import javax.ejb.EJB;
-import javax.ejb.EJBAccessException;
 import javax.ejb.LocalBean;
 import javax.ejb.Singleton;
 
+import fi.codecrew.moya.enums.apps.SpecialPermission;
 import fi.codecrew.moya.facade.ApiApplicationFacade;
 import fi.codecrew.moya.facade.ApiApplicationInstanceFacade;
+import fi.codecrew.moya.facade.EventUserFacade;
 import fi.codecrew.moya.model.ApiApplication;
 import fi.codecrew.moya.model.ApiApplicationInstance;
 import fi.codecrew.moya.model.EventUser;
@@ -38,9 +42,9 @@ import fi.codecrew.moya.utilities.moyamessage.MoyaEventType;
  */
 @Singleton
 @LocalBean
+@DeclareRoles(SpecialPermission.S_SUPERADMIN)
 public class ApiApplicationBean implements ApiApplicationBeanLocal {
 
-
 	@EJB
 	ApiApplicationFacade applicationFacade;
 
@@ -51,6 +55,8 @@ public class ApiApplicationBean implements ApiApplicationBeanLocal {
 	ApiApplicationInstanceFacade instanceFacade;
 
 	@EJB
+	private EventUserFacade eventUserFacade;
+	@EJB
 	EventBean eventBean;
 
 	@EJB
@@ -59,7 +65,6 @@ public class ApiApplicationBean implements ApiApplicationBeanLocal {
 	@EJB
 	UserBean userBean;
 
-
 	/**
 	 * Default constructor.
 	 */
@@ -67,32 +72,17 @@ public class ApiApplicationBean implements ApiApplicationBeanLocal {
 		// TODO Auto-generated constructor stub
 	}
 
-
 	@Override
-	public ApiApplicationInstance createInstance(String applicationKey) {
-		return null;
-	}
-
-	@Override
-	public ApiApplicationInstance createApplicationInstance(String applicationkey) {
-
-		ApiApplication application = applicationFacade.findByAppid(applicationkey);
-
-		if(application == null)
-			return null;
-
-
-
-		// we do not liek anonymous
-		if(permissionBean.getCurrentUser().isAnonymous())
-			throw new EJBAccessException("Anonmous cannot login application to software, sorry!.");
+	@RolesAllowed(SpecialPermission.S_USER)
+	public ApiApplicationInstance createApplicationInstance(ApiApplication application) {
 
 		// ugly as shit sanitation for eventName, sorry
-		String eventName = eventBean.getCurrentEvent().getName().replace(" ","_").replace("ä", "a").replace("ö","o").replace("Ä","A").replace("Ö","O").replace("å","a").replace("Å","A");
+		String eventName = eventBean.getCurrentEvent().getName().replace(" ", "_").replace("ä", "a").replace("ö", "o")
+				.replace("Ä", "A").replace("Ö", "O").replace("å", "a").replace("Å", "A");
 
-		String authname = permissionBean.getCurrentUser().getLogin()+"_"+application.getName()+"_"+eventName;
+		String authname = permissionBean.getCurrentUser().getLogin() + "_" + application.getName() + "_" + eventName;
 
-		while(instanceFacade.findInstance(application, authname) != null) {
+		while (instanceFacade.findInstance(application, authname) != null) {
 			authname += "_";
 		}
 
@@ -100,52 +90,30 @@ public class ApiApplicationBean implements ApiApplicationBeanLocal {
 
 		instance.setApplication(application);
 		instance.setAuthname(authname);
-		instance.setName(application.getName() + " for user: "+permissionBean.getCurrentUser().getLogin());
+		instance.setName(application.getName() + " for user: " + permissionBean.getCurrentUser().getLogin());
 		instance.setCreated(Calendar.getInstance().getTime());
 		instance.setEnabled(true);
 		instance.setEventuser(permissionBean.getCurrentUser());
 		instance.setSecretKey(PasswordFunctions.generateRandomString(30));
 		instanceFacade.create(instance);
 
-		loggingBean.sendMessage(MoyaEventType.APPLICATION_INSTANCE_CREATED, "New applicationinstance created for software: ", application);
+		loggingBean.sendMessage(MoyaEventType.APPLICATION_INSTANCE_CREATED,
+				"New applicationinstance created for software: ", application);
 
 		return instance;
 	}
 
 	@Override
-	public ApiApplicationInstance createApplicationInstance(String applicationkey, String username) {
-		ApiApplication application = applicationFacade.findByAppid(applicationkey);
-
-		if(application == null)
-			return null;
-
-		EventUser user = userBean.findEventuserByLoginUnsecure(username);
-
-		if(user == null)
-			return null;
-
-		// ugly as shit sanitation for eventName, sorry
-		String eventName = eventBean.getCurrentEvent().getName().replace(" ","_").replace("ä", "a").replace("ö","o").replace("Ä","A").replace("Ö","O").replace("å","a").replace("Å","A");
-
-		String authname = user.getLogin()+"_"+application.getName()+"_"+eventName;
-
-		while(instanceFacade.findInstance(application, authname) != null) {
-			authname += "_";
-		}
-
-		ApiApplicationInstance instance = new ApiApplicationInstance();
-
-		instance.setApplication(application);
-		instance.setAuthname(authname);
-		instance.setName(application.getName() + " for user: "+user.getLogin());
-		instance.setCreated(Calendar.getInstance().getTime());
-		instance.setEnabled(false);
-		instance.setEventuser(user);
-		instance.setSecretKey(PasswordFunctions.generateRandomString(30));
-		instanceFacade.create(instance);
-
-		loggingBean.sendMessage(MoyaEventType.APPLICATION_INSTANCE_CREATED, "New applicationinstance created for software: ", application, " user: ", username);
+	@RolesAllowed(SpecialPermission.S_USER)
+	public List<ApiApplication> findMyApplications() {
+		EventUser curruser = permissionBean.getCurrentUser();
+		return applicationFacade.findForUser(curruser);
+	}
 
-		return instance;
+	@Override
+	@RolesAllowed(SpecialPermission.S_SUPERADMIN)
+	public List<ApiApplication> findAllApplications() {
+		return applicationFacade.findAll();
 	}
+
 }

code/moya-beans/ejbModule/fi/codecrew/moya/beans/UserBean.java

@@ -1146,11 +1146,7 @@ public class UserBean implements UserBeanLocal {
 		return eventUser;
 	}
 
-	@PermitAll
-	public EventUser findEventuserByLoginUnsecure(String username) {
-		return eventUserFacade.findByLogin(username);
-	}
-
+	
 	@Override
 	@RolesAllowed(EventPermission.S_MANAGE_EVENT)
 	public EventUser getUserByAuthcode(String authcode) {

code/moya-beans/ejbModule/fi/codecrew/moya/facade/ApiApplicationFacade.java

@@ -18,6 +18,9 @@
  */
 package fi.codecrew.moya.facade;
 
+import java.util.List;
+
+import javax.ejb.EJB;
 import javax.ejb.LocalBean;
 import javax.ejb.Stateless;
 import javax.persistence.criteria.CriteriaBuilder;
@@ -26,6 +29,7 @@ import javax.persistence.criteria.Root;
 
 import fi.codecrew.moya.model.ApiApplication;
 import fi.codecrew.moya.model.ApiApplication_;
+import fi.codecrew.moya.model.EventUser;
 
 @Stateless
 @LocalBean
@@ -36,6 +40,7 @@ public class ApiApplicationFacade extends IntegerPkGenericFacade<ApiApplication>
 
 	}
 
+	@EJB
 	public ApiApplication findByAppid(String appId) {
 		CriteriaBuilder cb = getEm().getCriteriaBuilder();
 		CriteriaQuery<ApiApplication> q = cb.createQuery(ApiApplication.class);
@@ -45,4 +50,22 @@ public class ApiApplicationFacade extends IntegerPkGenericFacade<ApiApplication>
 
 	}
 
+	public List<ApiApplication> findAll() {
+		CriteriaBuilder cb = getEm().getCriteriaBuilder();
+		CriteriaQuery<ApiApplication> q = cb.createQuery(ApiApplication.class);
+		Root<ApiApplication> root = q.from(ApiApplication.class);
+		return getEm().createQuery(q).getResultList();
+
+	}
+
+	public List<ApiApplication> findForUser(EventUser curruser) {
+		CriteriaBuilder cb = getEm().getCriteriaBuilder();
+		CriteriaQuery<ApiApplication> q = cb.createQuery(ApiApplication.class);
+		Root<ApiApplication> root = q.from(ApiApplication.class);
+		q.where(cb.equal(root.get(ApiApplication_.developer), curruser));
+		
+		return getEm().createQuery(q).getResultList();
+
+	}
+
 }

code/moya-web/WebContent/api/index.xhtml

+<!DOCTYPE html 
+     PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"
+	xmlns:ui="http://java.sun.com/jsf/facelets"
+	xmlns:h="http://java.sun.com/jsf/html"
+	xmlns:f="http://java.sun.com/jsf/core"
+	xmlns:c="http://java.sun.com/jsp/jstl/core"
+	xmlns:p="http://primefaces.org/ui">
+<h:body>
+	<ui:composition template="#{sessionHandler.template}">
+
+		<f:metadata>
+			<f:event type="preRenderView"
+				listener="#{applicationApiView.initApplicationListView}" />
+		</f:metadata>
+		<ui:define name="content">
+			<button></button>
+			
+			<div style="display:none;" id="createApp">
+			
+			</div>
+
+
+			<h1>#{i18n['apiapp.edit.applist']}</h1>
+
+
+			<p:dataTable value="#{applicationApiView.applist}" var="app">
+				<p:column headerText="#{i18n['apiapp.name']}">
+					
+					<h:outputText value="#{app.name}" />
+				</p:column>
+				<p:column headerText="#{i18n['apiapp.description']">
+					<h:outputText value="#{app.description}" />
+				</p:column>
+				<p:column>
+					<h:outputText value="#{app.created}">
+						<f:convertDateTime pattern="#{sessionHandler.datetimeFormat}"
+							timeZone="#{sessionHandler.timezone}" />
+					</h:outputText>
+				</p:column>
+				<p:column headerText="#{i18n['apiapp.enabled']}">
+					<h:outputText value="#{app.enabled}" />
+				</p:column>
+
+			</p:dataTable>
+
+		</ui:define>
+
+	</ui:composition>
+</h:body>
+</html>
\ No newline at end of file

code/moya-web/src/main/java/fi/codecrew/moya/rest/appconfig/v1/InstancesV1.java

-package fi.codecrew.moya.rest.appconfig.v1;
-
-import java.security.Principal;
-
-import javax.ejb.EJB;
-import javax.enterprise.context.RequestScoped;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.FormParam;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.wordnik.swagger.annotations.Api;
-import com.wordnik.swagger.annotations.ApiOperation;
-import com.wordnik.swagger.annotations.ApiResponse;
-
-import fi.codecrew.moya.beans.ApiApplicationBeanLocal;
-import fi.codecrew.moya.beans.PermissionBeanLocal;
-import fi.codecrew.moya.model.ApiApplicationInstance;
-import fi.codecrew.moya.rest.PojoUtils;
-import fi.codecrew.moya.rest.pojo.appconfig.v1.ApplicationInstancePojo;
-
-/**
- * Created by tuukka on 28.3.2015.
- */
-
-@RequestScoped
-@Path("/appconfig/v1/instances")
-@Consumes({MediaType.APPLICATION_JSON})
-@Produces({MediaType.APPLICATION_JSON + "; charset=UTF-8"})
-@Api(value = "/appconfig/v1/instances", description = "Application instances")
-public class InstancesV1 {
-
-	@EJB
-	PermissionBeanLocal permissionBean;
-
-
-	@EJB
-	ApiApplicationBeanLocal applicationBean;
-
-	private static final Logger logger = LoggerFactory.getLogger(InstancesV1.class);
-
-	@Context
-	private HttpServletRequest servletRequest;
-
-
-	@POST
-	@Path("/create/")
-	@ApiOperation(value = "Creates new unauthorized application instance for user to enable", response = ApplicationInstancePojo.class)
-	@ApiResponse(code = 200, message = "Returns instance-object, which includes keys etc.")
-	@Consumes({MediaType.APPLICATION_FORM_URLENCODED})
-	public Response createApplicationInstance(@FormParam("appkey") String applicationkey,
-											  @FormParam("username") String username) {
-
-		ApiApplicationInstance instance = applicationBean.createApplicationInstance(applicationkey, username);
-
-		if (instance == null)
-			return Response.status(Response.Status.BAD_REQUEST).build();
-
-		return Response.ok(PojoUtils.parseApplicationInstance(instance)).build();
-	}
-
-
-
-	@POST
-	@Path("/createAuthorized/")
-	@ApiOperation(value = "Creates new authorized application instance for user. Only for trusted applications. TODO: also way to create disabled applicationinstance for user to enable", response = ApplicationInstancePojo.class)
-	@ApiResponse(code = 200, message = "Returns instance-object, which includes keys etc.")
-	@Consumes({MediaType.APPLICATION_FORM_URLENCODED})
-	public Response createApplicationInstance(@FormParam("appkey") String applicationkey,
-											  @FormParam("username") String username,
-											  @FormParam("password") String password) {
-
-
-		// Copypasta from user / auth -restview
-		logger.info("Tried to login with rest {} , {}", username, password);
-		try {
-
-			Principal principal = servletRequest.getUserPrincipal();
-			if (principal != null) {
-				logger.info("Current username {}", principal.getName());
-
-				if (principal.getName() != null && !principal.getName().equals(username)) {
-					logger.info("Trying to logout from user {}", principal.getName());
-					servletRequest.logout();
-				}
-			}
-			if (principal == null || principal.getName() == null || !principal.getName().equals(username)) {
-
-				servletRequest.getSession(true);
-				servletRequest.login(username, password);
-			}
-		} catch (ServletException e) {
-			logger.info("Rest login failed");
-		}
-		// end of copypasta
-
-
-		if (permissionBean.getCurrentUser().isAnonymous()) {
-			return Response.status(Response.Status.FORBIDDEN).build();
-		}
-
-		ApiApplicationInstance instance = applicationBean.createApplicationInstance(applicationkey);
-
-		if (instance == null)
-			return Response.status(Response.Status.BAD_REQUEST).build();
-
-		return Response.ok(PojoUtils.parseApplicationInstance(instance)).build();
-
-	}
-
-}

code/moya-web/src/main/java/fi/codecrew/moya/web/api/ApplicationApiView.java

+package fi.codecrew.moya.web.api;
+
+import java.util.List;
+
+import javax.ejb.EJB;
+import javax.enterprise.context.ConversationScoped;
+import javax.inject.Named;
+
+import org.primefaces.component.log.Log;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import fi.codecrew.moya.beans.ApiApplicationBeanLocal;
+import fi.codecrew.moya.beans.PermissionBeanLocal;
+import fi.codecrew.moya.beans.api.ApiBeanLocal;
+import fi.codecrew.moya.enums.apps.EventPermission;
+import fi.codecrew.moya.enums.apps.SpecialPermission;
+import fi.codecrew.moya.model.ApiApplication;
+import fi.codecrew.moya.model.EventUser;
+import fi.codecrew.moya.web.cdiview.GenericCDIView;
+
+@Named
+@ConversationScoped
+public class ApplicationApiView extends GenericCDIView {
+
+	private static final long serialVersionUID = -5137452386861332063L;
+
+	@EJB
+	private ApiApplicationBeanLocal apibean;
+
+	@EJB
+	private PermissionBeanLocal permbean;
+
+	private List<ApiApplication> applist;
+
+	private ApiApplication newApplication = new ApiApplication();
+
+	private List<ApiApplication> allApps;
+
+	private static final Logger logger = LoggerFactory.getLogger(ApplicationApiView.class);
+
+	public void initApplicationListView() {
+		if (super.requirePermissions(permbean.isLoggedIn()) && applist == null) {
+			EventUser curruser = permbean.getCurrentUser();
+			if (permbean.hasPermission(SpecialPermission.SUPERADMIN)) {
+				applist = apibean.findAllApplications();
+			} else {
+				applist = apibean.findMyApplications();
+			}
+		}
+	}
+
+	public List<ApiApplication> getApplist() {
+		return applist;
+	}
+
+	public void setApplist(List<ApiApplication> applist) {
+		this.applist = applist;
+	}
+
+	public ApiApplication getNewApplication() {
+		return newApplication;
+	}
+
+	public void setNewApplication(ApiApplication newApplication) {
+		this.newApplication = newApplication;
+	}
+
+	public List<ApiApplication> getAllApps() {
+		return allApps;
+	}
+
+	public void setAllApps(List<ApiApplication> allApps) {
+		this.allApps = allApps;
+	}
+}