All Downloads are FREE. Search and download functionalities are using the official Maven repository.

io.camunda.operate.webapp.rest.DecisionRestService Maven / Gradle / Ivy

There is a newer version: 8.7.0-alpha2
Show newest version
/*
 * Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH under
 * one or more contributor license agreements. See the NOTICE file distributed
 * with this work for additional information regarding copyright ownership.
 * Licensed under the Camunda License 1.0. You may not use this file
 * except in compliance with the Camunda License 1.0.
 */
package io.camunda.operate.webapp.rest;

import io.camunda.operate.util.rest.ValidLongId;
import io.camunda.operate.webapp.InternalAPIErrorController;
import io.camunda.operate.webapp.reader.DecisionReader;
import io.camunda.operate.webapp.rest.dto.DecisionRequestDto;
import io.camunda.operate.webapp.rest.dto.dmn.DecisionGroupDto;
import io.camunda.operate.webapp.rest.exception.NotAuthorizedException;
import io.camunda.operate.webapp.security.identity.IdentityPermission;
import io.camunda.operate.webapp.security.identity.PermissionsService;
import io.camunda.operate.webapp.writer.BatchOperationWriter;
import io.camunda.webapps.schema.entities.operate.dmn.definition.DecisionDefinitionEntity;
import io.camunda.webapps.schema.entities.operation.BatchOperationEntity;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
import java.util.List;
import java.util.Map;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;

@Tag(name = "Decisions")
@RestController
@RequestMapping(value = DecisionRestService.DECISION_URL)
public class DecisionRestService extends InternalAPIErrorController {

  public static final String DECISION_URL = "/api/decisions";

  @Autowired protected DecisionReader decisionReader;

  @Autowired(required = false)
  protected PermissionsService permissionsService;

  @Autowired private BatchOperationWriter batchOperationWriter;

  @Operation(summary = "Get decision DMN XML")
  @GetMapping(path = "/{id}/xml")
  public String getDecisionDiagram(
      @ValidLongId @PathVariable("id") final String decisionDefinitionId) {
    final Long decisionDefinitionKey = Long.valueOf(decisionDefinitionId);
    checkIdentityReadPermission(decisionDefinitionKey);
    return decisionReader.getDiagram(decisionDefinitionKey);
  }

  @Operation(summary = "List decisions grouped by decisionId")
  @GetMapping(path = "/grouped")
  @Deprecated
  public List getDecisionsGrouped() {
    final Map> decisionsGrouped =
        decisionReader.getDecisionsGrouped(new DecisionRequestDto());
    return DecisionGroupDto.createFrom(decisionsGrouped, permissionsService);
  }

  @Operation(summary = "List decisions grouped by decisionId")
  @PostMapping(path = "/grouped")
  public List getDecisionsGrouped(@RequestBody final DecisionRequestDto request) {
    final Map> decisionsGrouped =
        decisionReader.getDecisionsGrouped(request);
    return DecisionGroupDto.createFrom(decisionsGrouped, permissionsService);
  }

  @Operation(summary = "Delete decision definition and dependant resources")
  @DeleteMapping(path = "/{id}")
  @PreAuthorize("hasPermission('write')")
  public BatchOperationEntity deleteDecisionDefinition(
      @ValidLongId @PathVariable("id") final String decisionDefinitionId) {
    final DecisionDefinitionEntity decisionDefinitionEntity =
        decisionReader.getDecision(Long.valueOf(decisionDefinitionId));
    checkIdentityDeletePermission(decisionDefinitionEntity.getDecisionId());
    return batchOperationWriter.scheduleDeleteDecisionDefinition(decisionDefinitionEntity);
  }

  private void checkIdentityReadPermission(final Long decisionDefinitionKey) {
    if (permissionsService != null) {
      final String decisionId = decisionReader.getDecision(decisionDefinitionKey).getDecisionId();
      if (!permissionsService.hasPermissionForDecision(decisionId, IdentityPermission.READ)) {
        throw new NotAuthorizedException(
            String.format("No read permission for decision %s", decisionId));
      }
    }
  }

  private void checkIdentityDeletePermission(final String decisionId) {
    if (permissionsService != null) {
      if (!permissionsService.hasPermissionForDecision(decisionId, IdentityPermission.DELETE)) {
        throw new NotAuthorizedException(
            String.format("No delete permission for decision %s", decisionId));
      }
    }
  }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy