[Pki-devel] [PATCH] 570 TPS REST services.
Endi Sukma Dewata
edewata at redhat.com
Sat Apr 11 04:27:47 UTC 2015
The REST services have been modified to support submit and cancel
actions. The ACL has been fixed to allow admins and agents to
change the status.
--
Endi S. Dewata
-------------- next part --------------
From cb9ff63a3f73f1834c37a769c829bfa6726be4dd Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata at redhat.com>
Date: Fri, 10 Apr 2015 12:38:14 -0400
Subject: [PATCH] Fixed TPS REST services.
The REST services have been modified to support submit and cancel
actions. The ACL has been fixed to allow admins and agents to
change the status.
https://fedorahosted.org/pki/ticket/1292
---
.../tps/authenticator/AuthenticatorClient.java | 2 +-
.../tps/authenticator/AuthenticatorResource.java | 4 +-
.../certsrv/tps/connector/ConnectorClient.java | 2 +-
.../certsrv/tps/connector/ConnectorResource.java | 4 +-
.../certsrv/tps/profile/ProfileClient.java | 2 +-
.../certsrv/tps/profile/ProfileMappingClient.java | 2 +-
.../tps/profile/ProfileMappingResource.java | 4 +-
.../certsrv/tps/profile/ProfileResource.java | 4 +-
base/tps/shared/conf/acl.ldif | 8 +--
base/tps/shared/conf/acl.properties | 2 +-
.../server/tps/rest/AuthenticatorService.java | 73 ++++++++++++++++------
.../server/tps/rest/ConnectorService.java | 71 +++++++++++++++------
.../server/tps/rest/ProfileMappingService.java | 71 +++++++++++++++------
.../dogtagpki/server/tps/rest/ProfileService.java | 41 +++++++++---
14 files changed, 208 insertions(+), 82 deletions(-)
diff --git a/base/common/src/com/netscape/certsrv/tps/authenticator/AuthenticatorClient.java b/base/common/src/com/netscape/certsrv/tps/authenticator/AuthenticatorClient.java
index 293c470b7e76272fcda252857e8738ecd4d53c59..533811173537b375dd8be14b352f92d96887b4ea 100644
--- a/base/common/src/com/netscape/certsrv/tps/authenticator/AuthenticatorClient.java
+++ b/base/common/src/com/netscape/certsrv/tps/authenticator/AuthenticatorClient.java
@@ -61,7 +61,7 @@ public class AuthenticatorClient extends Client {
}
public AuthenticatorData changeAuthenticatorStatus(String authenticatorID, String action) {
- Response response = resource.changeAuthenticatorStatus(authenticatorID, action);
+ Response response = resource.changeStatus(authenticatorID, action);
return client.getEntity(response, AuthenticatorData.class);
}
diff --git a/base/common/src/com/netscape/certsrv/tps/authenticator/AuthenticatorResource.java b/base/common/src/com/netscape/certsrv/tps/authenticator/AuthenticatorResource.java
index d21ad552c9692cd1790feb46ad40a5363fdab5b9..c94dd8af82ec394e61d28480c004ca5b6d4565f2 100644
--- a/base/common/src/com/netscape/certsrv/tps/authenticator/AuthenticatorResource.java
+++ b/base/common/src/com/netscape/certsrv/tps/authenticator/AuthenticatorResource.java
@@ -67,9 +67,9 @@ public interface AuthenticatorResource {
@POST
@Path("{authenticatorID}")
- @ACLMapping("authenticators.approve")
+ @ACLMapping("authenticators.change-status")
@ClientResponseType(entityType=AuthenticatorData.class)
- public Response changeAuthenticatorStatus(
+ public Response changeStatus(
@PathParam("authenticatorID") String authenticatorID,
@QueryParam("action") String action);
diff --git a/base/common/src/com/netscape/certsrv/tps/connector/ConnectorClient.java b/base/common/src/com/netscape/certsrv/tps/connector/ConnectorClient.java
index 7870a7d4d6b3c5f8911e8c922d8112a3c4e7c3be..a4b55bdf1cceeccd5639d4bdfd9f930eeddfd8d4 100644
--- a/base/common/src/com/netscape/certsrv/tps/connector/ConnectorClient.java
+++ b/base/common/src/com/netscape/certsrv/tps/connector/ConnectorClient.java
@@ -61,7 +61,7 @@ public class ConnectorClient extends Client {
}
public ConnectorData changeConnectorStatus(String connectorID, String action) {
- Response response = resource.changeConnectorStatus(connectorID, action);
+ Response response = resource.changeStatus(connectorID, action);
return client.getEntity(response, ConnectorData.class);
}
diff --git a/base/common/src/com/netscape/certsrv/tps/connector/ConnectorResource.java b/base/common/src/com/netscape/certsrv/tps/connector/ConnectorResource.java
index 9df4bffcac41af9ce8179b011efe3f2c57cbdc1b..bede85c70819ba02c912cba52bc6f4c53b9bbb42 100644
--- a/base/common/src/com/netscape/certsrv/tps/connector/ConnectorResource.java
+++ b/base/common/src/com/netscape/certsrv/tps/connector/ConnectorResource.java
@@ -67,9 +67,9 @@ public interface ConnectorResource {
@POST
@Path("{connectorID}")
- @ACLMapping("connectors.approve")
+ @ACLMapping("connectors.change-status")
@ClientResponseType(entityType=ConnectorData.class)
- public Response changeConnectorStatus(
+ public Response changeStatus(
@PathParam("connectorID") String connectorID,
@QueryParam("action") String action);
diff --git a/base/common/src/com/netscape/certsrv/tps/profile/ProfileClient.java b/base/common/src/com/netscape/certsrv/tps/profile/ProfileClient.java
index 3a659291e8d380124e413123e134d5d6117c495f..951748d917e3a01d5ef9ee9e688787771924f286 100644
--- a/base/common/src/com/netscape/certsrv/tps/profile/ProfileClient.java
+++ b/base/common/src/com/netscape/certsrv/tps/profile/ProfileClient.java
@@ -65,7 +65,7 @@ public class ProfileClient extends Client {
}
public ProfileData changeProfileStatus(String profileID, String action) {
- Response response = resource.changeProfileStatus(profileID, action);
+ Response response = resource.changeStatus(profileID, action);
return client.getEntity(response, ProfileData.class);
}
diff --git a/base/common/src/com/netscape/certsrv/tps/profile/ProfileMappingClient.java b/base/common/src/com/netscape/certsrv/tps/profile/ProfileMappingClient.java
index dafc25f4113b5a6b8e7d1f9f5a66c821b79a893d..b2e03f293e72885177dc54faf292a3bc9f15e9f2 100644
--- a/base/common/src/com/netscape/certsrv/tps/profile/ProfileMappingClient.java
+++ b/base/common/src/com/netscape/certsrv/tps/profile/ProfileMappingClient.java
@@ -61,7 +61,7 @@ public class ProfileMappingClient extends Client {
}
public ProfileMappingData changeProfileMappingStatus(String profileMappingID, String action) {
- Response response = resource.changeProfileMappingStatus(profileMappingID, action);
+ Response response = resource.changeStatus(profileMappingID, action);
return client.getEntity(response, ProfileMappingData.class);
}
diff --git a/base/common/src/com/netscape/certsrv/tps/profile/ProfileMappingResource.java b/base/common/src/com/netscape/certsrv/tps/profile/ProfileMappingResource.java
index 5b819b8991c34206c5472c94d6137fc3b6ea24c3..0308615f5683e8a57a5d20e0760d3dc5f1711119 100644
--- a/base/common/src/com/netscape/certsrv/tps/profile/ProfileMappingResource.java
+++ b/base/common/src/com/netscape/certsrv/tps/profile/ProfileMappingResource.java
@@ -67,9 +67,9 @@ public interface ProfileMappingResource {
@POST
@Path("{profileMappingID}")
- @ACLMapping("profiles-mappings.approve")
+ @ACLMapping("profiles-mappings.change-status")
@ClientResponseType(entityType=ProfileMappingData.class)
- public Response changeProfileMappingStatus(
+ public Response changeStatus(
@PathParam("profileMappingID") String profileMappingID,
@QueryParam("action") String action);
diff --git a/base/common/src/com/netscape/certsrv/tps/profile/ProfileResource.java b/base/common/src/com/netscape/certsrv/tps/profile/ProfileResource.java
index 48d3a8c4d57217ed4e9a0663eb130e3b1dda4f66..8f0ebd065a5239e72edb860f29cf265b4f06e40a 100644
--- a/base/common/src/com/netscape/certsrv/tps/profile/ProfileResource.java
+++ b/base/common/src/com/netscape/certsrv/tps/profile/ProfileResource.java
@@ -67,9 +67,9 @@ public interface ProfileResource {
@POST
@Path("{profileID}")
- @ACLMapping("profiles.approve")
+ @ACLMapping("profiles.change-status")
@ClientResponseType(entityType=ProfileData.class)
- public Response changeProfileStatus(
+ public Response changeStatus(
@PathParam("profileID") String profileID,
@QueryParam("action") String action);
diff --git a/base/tps/shared/conf/acl.ldif b/base/tps/shared/conf/acl.ldif
index 41b38137b64ab60d9329d3b1e926e8580a23d0cc..d69c69e2924597aefa61b30c849a270a754d1413 100644
--- a/base/tps/shared/conf/acl.ldif
+++ b/base/tps/shared/conf/acl.ldif
@@ -21,13 +21,13 @@ resourceACLS: certServer.admin.certificate:import:allow (import) user="anybody":
resourceACLS: certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody":Anybody may submit an enrollment request
resourceACLS: certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to clone the configuration.
resourceACLS: certServer.tps.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout
-resourceACLS: certServer.tps.authenticators:read,add,modify,approve,remove:allow (read,add,modify,approve,remove) group="Administrators":Only admins can access authenticators.
+resourceACLS: certServer.tps.authenticators:read,change-status,add,modify,remove:allow (read,change-status,add,modify,remove) group="Administrators":Only admins can access authenticators.
resourceACLS: certServer.tps.audit:read,modify:allow (read,modify) group="Administrators":Only admins can access configuration.
resourceACLS: certServer.tps.config:read,modify:allow (read,modify) group="Administrators":Only admins can access configuration.
-resourceACLS: certServer.tps.connectors:read,add,modify,approve,remove:allow (read,add,modify,approve,remove) group="Administrators":Only admins can access connectors.
+resourceACLS: certServer.tps.connectors:read,change-status,add,modify,remove:allow (read,change-status,add,modify,remove) group="Administrators":Only admins can access connectors.
resourceACLS: certServer.tps.groups:execute:allow (execute) group="Administrators":Admins may execute group operations
resourceACLS: certServer.tps.users:execute:allow (execute) group="Administrators":Admins may execute user operations
-resourceACLS: certServer.tps.profiles:read,add,modify,approve,remove:allow (read) group="Administrators" || group="TPS Agents" ; allow (add,modify,remove) group="Administrators" ; allow (approve) group="TPS Agents":Admins and agents can read, but only admins can add, modify, and remove, and only agents can approve.
-resourceACLS: certServer.tps.profile-mappings:read,add,modify,approve,remove:allow (read,add,modify,approve,remove) group="Administrators" :Only admins can access profile mappings.
+resourceACLS: certServer.tps.profiles:read,change-status,add,modify,remove:allow (read,change-status) group="Administrators" || group="TPS Agents" ; allow (add,modify,remove) group="Administrators" :Admins and agents can read and change status, but only admins can add, modify, and remove.
+resourceACLS: certServer.tps.profile-mappings:read,change-status,add,modify,remove:allow (read,change-status,add,modify,remove) group="Administrators" :Only admins can access profile mappings.
resourceACLS: certServer.tps.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests.
resourceACLS: certServer.tps.tokens:read,add,modify,remove:allow (read) group="Administrators" || group="TPS Agents" || group="TPS Operators"; allow (add,remove) group="Administrators" ; allow (modify) group="TPS Agents":Admins, agents, operators can read tokens, but only admins can add and remove tokens, and only agents can modify tokens.
diff --git a/base/tps/shared/conf/acl.properties b/base/tps/shared/conf/acl.properties
index 840c0610e6826d2e1e48074026c6e5d73dbccf29..2d2dc717ad56b4267a9dbe98d79ceaf87bc25f1d 100644
--- a/base/tps/shared/conf/acl.properties
+++ b/base/tps/shared/conf/acl.properties
@@ -20,7 +20,7 @@ config.modify = certServer.tps.config,modify
connectors.read = certServer.tps.connectors,read
connectors.add = certServer.tps.connectors,add
connectors.modify = certServer.tps.connectors,modify
-connectors.approve = certServer.tps.connectors,approve
+connectors.change-status = certServer.tps.connectors,change-status
connectors.remove = certServer.tps.connectors,remove
groups = certServer.tps.groups,execute
profiles.read = certServer.tps.profiles,read
diff --git a/base/tps/src/org/dogtagpki/server/tps/rest/AuthenticatorService.java b/base/tps/src/org/dogtagpki/server/tps/rest/AuthenticatorService.java
index f02598d62bdf18152de73fa5dfa73b9af81651d0..2ebc1d6ac416b5da204f8178983577b483e2ee2e 100644
--- a/base/tps/src/org/dogtagpki/server/tps/rest/AuthenticatorService.java
+++ b/base/tps/src/org/dogtagpki/server/tps/rest/AuthenticatorService.java
@@ -141,11 +141,12 @@ public class AuthenticatorService extends PKIService implements AuthenticatorRes
return createOKResponse(response);
} catch (PKIException e) {
+ CMS.debug("AuthenticatorService: " + e);
throw e;
} catch (Exception e) {
- e.printStackTrace();
- throw new PKIException(e.getMessage());
+ CMS.debug(e);
+ throw new PKIException(e);
}
}
@@ -163,11 +164,12 @@ public class AuthenticatorService extends PKIService implements AuthenticatorRes
return createOKResponse(createAuthenticatorData(database.getRecord(authenticatorID)));
} catch (PKIException e) {
+ CMS.debug("AuthenticatorService: " + e);
throw e;
} catch (Exception e) {
- e.printStackTrace();
- throw new PKIException(e.getMessage());
+ CMS.debug(e);
+ throw new PKIException(e);
}
}
@@ -196,11 +198,12 @@ public class AuthenticatorService extends PKIService implements AuthenticatorRes
return createCreatedResponse(authenticatorData, authenticatorData.getLink().getHref());
} catch (PKIException e) {
+ CMS.debug("AuthenticatorService: " + e);
throw e;
} catch (Exception e) {
- e.printStackTrace();
- throw new PKIException(e.getMessage());
+ CMS.debug(e);
+ throw new PKIException(e);
}
}
@@ -253,21 +256,22 @@ public class AuthenticatorService extends PKIService implements AuthenticatorRes
return createOKResponse(authenticatorData);
} catch (PKIException e) {
+ CMS.debug("AuthenticatorService: " + e);
throw e;
} catch (Exception e) {
- e.printStackTrace();
- throw new PKIException(e.getMessage());
+ CMS.debug(e);
+ throw new PKIException(e);
}
}
@Override
- public Response changeAuthenticatorStatus(String authenticatorID, String action) {
+ public Response changeStatus(String authenticatorID, String action) {
if (authenticatorID == null) throw new BadRequestException("Authenticator ID is null.");
if (action == null) throw new BadRequestException("Action is null.");
- CMS.debug("AuthenticatorService.changeAuthenticatorStatus(\"" + authenticatorID + "\")");
+ CMS.debug("AuthenticatorService.changeStatus(\"" + authenticatorID + "\", \"" + action + "\")");
try {
TPSSubsystem subsystem = (TPSSubsystem)CMS.getSubsystem(TPSSubsystem.ID);
@@ -276,31 +280,58 @@ public class AuthenticatorService extends PKIService implements AuthenticatorRes
AuthenticatorRecord record = database.getRecord(authenticatorID);
String status = record.getStatus();
+ Principal principal = servletRequest.getUserPrincipal();
+ boolean canApprove = database.canApprove(principal);
+
if (Constants.CFG_DISABLED.equals(status)) {
- if ("enable".equals(action)) {
- status = Constants.CFG_ENABLED;
+
+ if (database.requiresApproval()) {
+
+ if ("submit".equals(action) && !canApprove) {
+ status = Constants.CFG_PENDING_APPROVAL;
+
+ } else if ("enable".equals(action) && canApprove) {
+ status = Constants.CFG_ENABLED;
+
+ } else {
+ throw new BadRequestException("Invalid action: " + action);
+ }
+
} else {
- throw new BadRequestException("Invalid action: " + action);
+ if ("enable".equals(action)) {
+ status = Constants.CFG_ENABLED;
+
+ } else {
+ throw new BadRequestException("Invalid action: " + action);
+ }
}
} else if (Constants.CFG_ENABLED.equals(status)) {
+
if ("disable".equals(action)) {
status = Constants.CFG_DISABLED;
+
} else {
throw new BadRequestException("Invalid action: " + action);
}
} else if (Constants.CFG_PENDING_APPROVAL.equals(status)) {
- if ("approve".equals(action)) {
+
+ if ("approve".equals(action) && canApprove) {
status = Constants.CFG_ENABLED;
- } else if ("reject".equals(action)) {
+
+ } else if ("reject".equals(action) && canApprove) {
status = Constants.CFG_DISABLED;
+
+ } else if ("cancel".equals(action) && !canApprove) {
+ status = Constants.CFG_DISABLED;
+
} else {
throw new BadRequestException("Invalid action: " + action);
}
} else {
- throw new PKIException("Invalid authenticator status: " + status);
+ throw new PKIException("Invalid status: " + status);
}
record.setStatus(status);
@@ -311,11 +342,12 @@ public class AuthenticatorService extends PKIService implements AuthenticatorRes
return createOKResponse(authenticatorData);
} catch (PKIException e) {
+ CMS.debug("AuthenticatorService: " + e);
throw e;
} catch (Exception e) {
- e.printStackTrace();
- throw new PKIException(e.getMessage());
+ CMS.debug(e);
+ throw new PKIException(e);
}
}
@@ -342,11 +374,12 @@ public class AuthenticatorService extends PKIService implements AuthenticatorRes
return createNoContentResponse();
} catch (PKIException e) {
+ CMS.debug("AuthenticatorService: " + e);
throw e;
} catch (Exception e) {
- e.printStackTrace();
- throw new PKIException(e.getMessage());
+ CMS.debug(e);
+ throw new PKIException(e);
}
}
}
diff --git a/base/tps/src/org/dogtagpki/server/tps/rest/ConnectorService.java b/base/tps/src/org/dogtagpki/server/tps/rest/ConnectorService.java
index 9e558c7d36a15d87437831d9d8c49330e4f5b9c2..1936b2e2eb090f947f69d972c1a8888b7f4ec326 100644
--- a/base/tps/src/org/dogtagpki/server/tps/rest/ConnectorService.java
+++ b/base/tps/src/org/dogtagpki/server/tps/rest/ConnectorService.java
@@ -141,11 +141,12 @@ public class ConnectorService extends PKIService implements ConnectorResource {
return createOKResponse(response);
} catch (PKIException e) {
+ CMS.debug("ConnectorService: " + e);
throw e;
} catch (Exception e) {
- e.printStackTrace();
- throw new PKIException(e.getMessage());
+ CMS.debug(e);
+ throw new PKIException(e);
}
}
@@ -163,11 +164,12 @@ public class ConnectorService extends PKIService implements ConnectorResource {
return createOKResponse(createConnectorData(database.getRecord(connectorID)));
} catch (PKIException e) {
+ CMS.debug("ConnectorService: " + e);
throw e;
} catch (Exception e) {
- e.printStackTrace();
- throw new PKIException(e.getMessage());
+ CMS.debug(e);
+ throw new PKIException(e);
}
}
@@ -196,11 +198,12 @@ public class ConnectorService extends PKIService implements ConnectorResource {
return createCreatedResponse(connectorData, connectorData.getLink().getHref());
} catch (PKIException e) {
+ CMS.debug("ConnectorService: " + e);
throw e;
} catch (Exception e) {
- e.printStackTrace();
- throw new PKIException(e.getMessage());
+ CMS.debug(e);
+ throw new PKIException(e);
}
}
@@ -253,21 +256,22 @@ public class ConnectorService extends PKIService implements ConnectorResource {
return createOKResponse(connectorData);
} catch (PKIException e) {
+ CMS.debug("ConnectorService: " + e);
throw e;
} catch (Exception e) {
- e.printStackTrace();
- throw new PKIException(e.getMessage());
+ CMS.debug(e);
+ throw new PKIException(e);
}
}
@Override
- public Response changeConnectorStatus(String connectorID, String action) {
+ public Response changeStatus(String connectorID, String action) {
if (connectorID == null) throw new BadRequestException("Connector ID is null.");
if (action == null) throw new BadRequestException("Action is null.");
- CMS.debug("ConnectorService.changeConnectorStatus(\"" + connectorID + "\")");
+ CMS.debug("ConnectorService.changeStatus(\"" + connectorID + "\", \"" + action + "\")");
try {
TPSSubsystem subsystem = (TPSSubsystem)CMS.getSubsystem(TPSSubsystem.ID);
@@ -276,25 +280,52 @@ public class ConnectorService extends PKIService implements ConnectorResource {
ConnectorRecord record = database.getRecord(connectorID);
String status = record.getStatus();
+ Principal principal = servletRequest.getUserPrincipal();
+ boolean canApprove = database.canApprove(principal);
+
if (Constants.CFG_DISABLED.equals(status)) {
- if ("enable".equals(action)) {
- status = Constants.CFG_ENABLED;
+
+ if (database.requiresApproval()) {
+
+ if ("submit".equals(action) && !canApprove) {
+ status = Constants.CFG_PENDING_APPROVAL;
+
+ } else if ("enable".equals(action) && canApprove) {
+ status = Constants.CFG_ENABLED;
+
+ } else {
+ throw new BadRequestException("Invalid action: " + action);
+ }
+
} else {
- throw new BadRequestException("Invalid action: " + action);
+ if ("enable".equals(action)) {
+ status = Constants.CFG_ENABLED;
+
+ } else {
+ throw new BadRequestException("Invalid action: " + action);
+ }
}
} else if (Constants.CFG_ENABLED.equals(status)) {
+
if ("disable".equals(action)) {
status = Constants.CFG_DISABLED;
+
} else {
throw new BadRequestException("Invalid action: " + action);
}
} else if (Constants.CFG_PENDING_APPROVAL.equals(status)) {
- if ("approve".equals(action)) {
+
+ if ("approve".equals(action) && canApprove) {
status = Constants.CFG_ENABLED;
- } else if ("reject".equals(action)) {
+
+ } else if ("reject".equals(action) && canApprove) {
status = Constants.CFG_DISABLED;
+
+ } else if ("cancel".equals(action) && !canApprove) {
+ status = Constants.CFG_DISABLED;
+
} else {
throw new BadRequestException("Invalid action: " + action);
}
@@ -311,11 +342,12 @@ public class ConnectorService extends PKIService implements ConnectorResource {
return createOKResponse(connectorData);
} catch (PKIException e) {
+ CMS.debug("ConnectorService: " + e);
throw e;
} catch (Exception e) {
- e.printStackTrace();
- throw new PKIException(e.getMessage());
+ CMS.debug(e);
+ throw new PKIException(e);
}
}
@@ -342,11 +374,12 @@ public class ConnectorService extends PKIService implements ConnectorResource {
return createNoContentResponse();
} catch (PKIException e) {
+ CMS.debug("ConnectorService: " + e);
throw e;
} catch (Exception e) {
- e.printStackTrace();
- throw new PKIException(e.getMessage());
+ CMS.debug(e);
+ throw new PKIException(e);
}
}
}
diff --git a/base/tps/src/org/dogtagpki/server/tps/rest/ProfileMappingService.java b/base/tps/src/org/dogtagpki/server/tps/rest/ProfileMappingService.java
index 3286043bf96712d00fe988f4f5c750c2efda7271..970dfde1dd6e2fdf6e4b27471d3ffc40092f1fff 100644
--- a/base/tps/src/org/dogtagpki/server/tps/rest/ProfileMappingService.java
+++ b/base/tps/src/org/dogtagpki/server/tps/rest/ProfileMappingService.java
@@ -141,11 +141,12 @@ public class ProfileMappingService extends PKIService implements ProfileMappingR
return createOKResponse(response);
} catch (PKIException e) {
+ CMS.debug("ProfileMappingService: " + e);
throw e;
} catch (Exception e) {
- e.printStackTrace();
- throw new PKIException(e.getMessage());
+ CMS.debug(e);
+ throw new PKIException(e);
}
}
@@ -161,11 +162,12 @@ public class ProfileMappingService extends PKIService implements ProfileMappingR
return createOKResponse(createProfileMappingData(database.getRecord(profileMappingID)));
} catch (PKIException e) {
+ CMS.debug("ProfileMappingService: " + e);
throw e;
} catch (Exception e) {
- e.printStackTrace();
- throw new PKIException(e.getMessage());
+ CMS.debug(e);
+ throw new PKIException(e);
}
}
@@ -192,11 +194,12 @@ public class ProfileMappingService extends PKIService implements ProfileMappingR
return createCreatedResponse(profileMappingData, profileMappingData.getLink().getHref());
} catch (PKIException e) {
+ CMS.debug("ProfileMappingService: " + e);
throw e;
} catch (Exception e) {
- e.printStackTrace();
- throw new PKIException(e.getMessage());
+ CMS.debug(e);
+ throw new PKIException(e);
}
}
@@ -246,21 +249,22 @@ public class ProfileMappingService extends PKIService implements ProfileMappingR
return createOKResponse(profileMappingData);
} catch (PKIException e) {
+ CMS.debug("ProfileMappingService: " + e);
throw e;
} catch (Exception e) {
- e.printStackTrace();
- throw new PKIException(e.getMessage());
+ CMS.debug(e);
+ throw new PKIException(e);
}
}
@Override
- public Response changeProfileMappingStatus(String profileMappingID, String action) {
+ public Response changeStatus(String profileMappingID, String action) {
if (profileMappingID == null) throw new BadRequestException("Profile mapping ID is null.");
if (action == null) throw new BadRequestException("Action is null.");
- CMS.debug("ProfileMappingService.changeProfileMappingStatus(\"" + profileMappingID + "\")");
+ CMS.debug("ProfileMappingService.changeStatus(\"" + profileMappingID + "\", \"" + action + "\")");
try {
TPSSubsystem subsystem = (TPSSubsystem)CMS.getSubsystem(TPSSubsystem.ID);
@@ -269,25 +273,52 @@ public class ProfileMappingService extends PKIService implements ProfileMappingR
ProfileMappingRecord record = database.getRecord(profileMappingID);
String status = record.getStatus();
+ Principal principal = servletRequest.getUserPrincipal();
+ boolean canApprove = database.canApprove(principal);
+
if (Constants.CFG_DISABLED.equals(status)) {
- if ("enable".equals(action)) {
- status = Constants.CFG_ENABLED;
+
+ if (database.requiresApproval()) {
+
+ if ("submit".equals(action) && !canApprove) {
+ status = Constants.CFG_PENDING_APPROVAL;
+
+ } else if ("enable".equals(action) && canApprove) {
+ status = Constants.CFG_ENABLED;
+
+ } else {
+ throw new BadRequestException("Invalid action: " + action);
+ }
+
} else {
- throw new BadRequestException("Invalid action: " + action);
+ if ("enable".equals(action)) {
+ status = Constants.CFG_ENABLED;
+
+ } else {
+ throw new BadRequestException("Invalid action: " + action);
+ }
}
} else if (Constants.CFG_ENABLED.equals(status)) {
+
if ("disable".equals(action)) {
status = Constants.CFG_DISABLED;
+
} else {
throw new BadRequestException("Invalid action: " + action);
}
} else if (Constants.CFG_PENDING_APPROVAL.equals(status)) {
- if ("approve".equals(action)) {
+
+ if ("approve".equals(action) && canApprove) {
status = Constants.CFG_ENABLED;
- } else if ("reject".equals(action)) {
+
+ } else if ("reject".equals(action) && canApprove) {
status = Constants.CFG_DISABLED;
+
+ } else if ("cancel".equals(action) && !canApprove) {
+ status = Constants.CFG_DISABLED;
+
} else {
throw new BadRequestException("Invalid action: " + action);
}
@@ -304,11 +335,12 @@ public class ProfileMappingService extends PKIService implements ProfileMappingR
return createOKResponse(profileMappingData);
} catch (PKIException e) {
+ CMS.debug("ProfileMappingService: " + e);
throw e;
} catch (Exception e) {
- e.printStackTrace();
- throw new PKIException(e.getMessage());
+ CMS.debug(e);
+ throw new PKIException(e);
}
}
@@ -333,11 +365,12 @@ public class ProfileMappingService extends PKIService implements ProfileMappingR
return createNoContentResponse();
} catch (PKIException e) {
+ CMS.debug("ProfileMappingService: " + e);
throw e;
} catch (Exception e) {
- e.printStackTrace();
- throw new PKIException(e.getMessage());
+ CMS.debug(e);
+ throw new PKIException(e);
}
}
}
diff --git a/base/tps/src/org/dogtagpki/server/tps/rest/ProfileService.java b/base/tps/src/org/dogtagpki/server/tps/rest/ProfileService.java
index 4a6b8c68c08cb7398b7b4e5b7ca54ec0e5aeb76e..5fc243073afa4d799f5d3cbb980c6e875bc1cdef 100644
--- a/base/tps/src/org/dogtagpki/server/tps/rest/ProfileService.java
+++ b/base/tps/src/org/dogtagpki/server/tps/rest/ProfileService.java
@@ -267,12 +267,12 @@ public class ProfileService extends PKIService implements ProfileResource {
}
@Override
- public Response changeProfileStatus(String profileID, String action) {
+ public Response changeStatus(String profileID, String action) {
if (profileID == null) throw new BadRequestException("Profile ID is null.");
if (action == null) throw new BadRequestException("Action is null.");
- CMS.debug("ProfileService.changeProfileStatus(\"" + profileID + "\")");
+ CMS.debug("ProfileService.changeStatus(\"" + profileID + "\", \"" + action + "\")");
try {
TPSSubsystem subsystem = (TPSSubsystem)CMS.getSubsystem(TPSSubsystem.ID);
@@ -281,25 +281,52 @@ public class ProfileService extends PKIService implements ProfileResource {
ProfileRecord record = database.getRecord(profileID);
String status = record.getStatus();
+ Principal principal = servletRequest.getUserPrincipal();
+ boolean canApprove = database.canApprove(principal);
+
if (Constants.CFG_DISABLED.equals(status)) {
- if ("enable".equals(action)) {
- status = Constants.CFG_ENABLED;
+
+ if (database.requiresApproval()) {
+
+ if ("submit".equals(action) && !canApprove) {
+ status = Constants.CFG_PENDING_APPROVAL;
+
+ } else if ("enable".equals(action) && canApprove) {
+ status = Constants.CFG_ENABLED;
+
+ } else {
+ throw new BadRequestException("Invalid action: " + action);
+ }
+
} else {
- throw new BadRequestException("Invalid action: " + action);
+ if ("enable".equals(action)) {
+ status = Constants.CFG_ENABLED;
+
+ } else {
+ throw new BadRequestException("Invalid action: " + action);
+ }
}
} else if (Constants.CFG_ENABLED.equals(status)) {
+
if ("disable".equals(action)) {
status = Constants.CFG_DISABLED;
+
} else {
throw new BadRequestException("Invalid action: " + action);
}
} else if (Constants.CFG_PENDING_APPROVAL.equals(status)) {
- if ("approve".equals(action)) {
+
+ if ("approve".equals(action) && canApprove) {
status = Constants.CFG_ENABLED;
- } else if ("reject".equals(action)) {
+
+ } else if ("reject".equals(action) && canApprove) {
status = Constants.CFG_DISABLED;
+
+ } else if ("cancel".equals(action) && !canApprove) {
+ status = Constants.CFG_DISABLED;
+
} else {
throw new BadRequestException("Invalid action: " + action);
}
--
1.9.3
More information about the Pki-devel
mailing list