Google Git
Sign in
apache / openmeetings / refs/heads/3.1.x / . / openmeetings-webservice / src / main / java / org / apache / openmeetings / webservice / CalendarWebService.java
blob: dca4ee57f0a62693119570ef790f22aae704f9c8 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License") + you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.openmeetings.webservice;
import static org.apache.openmeetings.util.OpenmeetingsVariables.webAppRootKey;
import static org.apache.openmeetings.webservice.Constants.TNS;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import java.util.Set;
import javax.jws.WebMethod;
import javax.jws.WebParam;
import javax.jws.WebService;
import javax.ws.rs.DELETE;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType;
import org.apache.cxf.feature.Features;
import org.apache.openmeetings.db.dao.calendar.AppointmentDao;
import org.apache.openmeetings.db.dao.room.RoomDao;
import org.apache.openmeetings.db.dao.server.SessiondataDao;
import org.apache.openmeetings.db.dao.user.UserDao;
import org.apache.openmeetings.db.dto.basic.ServiceResult;
import org.apache.openmeetings.db.dto.basic.ServiceResult.Type;
import org.apache.openmeetings.db.dto.calendar.AppointmentDTO;
import org.apache.openmeetings.db.entity.calendar.Appointment;
import org.apache.openmeetings.db.entity.user.User;
import org.apache.openmeetings.db.entity.user.User.Right;
import org.apache.openmeetings.db.util.AuthLevelUtil;
import org.apache.openmeetings.webservice.error.ServiceException;
import org.red5.logging.Red5LoggerFactory;
import org.slf4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
/**
* CalendarService contains methods to create, edit delete calendar meetings
*
* @author sebawagner
*
*/
@WebService(serviceName="org.apache.openmeetings.webservice.CalendarWebService", targetNamespace = TNS)
@Features(features = "org.apache.cxf.feature.LoggingFeature")
@Produces({MediaType.APPLICATION_JSON})
@Path("/calendar")
public class CalendarWebService {
private static final Logger log = Red5LoggerFactory.getLogger(CalendarWebService.class, webAppRootKey);
@Autowired
private AppointmentDao appointmentDao;
@Autowired
private SessiondataDao sessionDao;
@Autowired
private UserDao userDao;
@Autowired
private RoomDao roomDao;
/**
* Load appointments by a start / end range for the current SID
*
* @param sid
* The SID of the User. This SID must be marked as Loggedin
* @param start
* start time
* @param end
* end time
*
* @return - list of appointments in range
* @throws {@link ServiceException} in case of any error
*/
@GET
@Path("/{start}/{end}")
public List<AppointmentDTO> range(@QueryParam("sid") @WebParam(name="sid") String sid
, @PathParam("start") @WebParam(name="start") Calendar start
, @PathParam("end") @WebParam(name="end") Calendar end
) throws ServiceException
{
log.debug("range : startdate - " + start.getTime() + ", enddate - " + end.getTime());
try {
Long userId = sessionDao.check(sid);
if (AuthLevelUtil.hasUserLevel(userDao.getRights(userId))) {
return AppointmentDTO.list(appointmentDao.getInRange(userId, start.getTime(), end.getTime()));
} else {
throw new ServiceException("Insufficient permissions"); //TODO code -26
}
} catch (ServiceException err) {
throw err;
} catch (Exception err) {
log.error("[range]", err);
throw new ServiceException(err.getMessage());
}
}
/**
* Load appointments by a start / end range for the userId
*
* @param sid
* The SID of the User. This SID must be marked as Loggedin
* @param userid
* the userId the calendar events should be loaded
* @param start
* start time
* @param end
* end time
*
* @return - list of appointments in range
* @throws {@link ServiceException} in case of any error
*/
@GET
@Path("/{userid}/{start}/{end}")
public List<AppointmentDTO> rangeForUser(
@QueryParam("sid") @WebParam(name="sid") String sid
, @PathParam("userid") @WebParam(name="userid") long userid
, @PathParam("start") @WebParam(name="start") Calendar start
, @PathParam("end") @WebParam(name="end") Calendar end
) throws ServiceException
{
log.debug("rangeForUser : startdate - " + start.getTime() + ", enddate - " + end.getTime());
try {
Long authUserId = sessionDao.check(sid);
if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(authUserId))) {
return AppointmentDTO.list(appointmentDao.getInRange(userid, start.getTime(), end.getTime()));
} else {
throw new ServiceException("Insufficient permissions"); //TODO code -26
}
} catch (ServiceException err) {
throw err;
} catch (Exception err) {
log.error("[rangeForUser]", err);
throw new ServiceException(err.getMessage());
}
}
/**
* Get the next Calendar event for the current user of the SID
*
* @param sid
* The SID of the User. This SID must be marked as Loggedin
* @return - next Calendar event
* @throws {@link ServiceException} in case of any error
*/
@GET
@Path("/next")
public AppointmentDTO next(@QueryParam("sid") @WebParam(name="sid") String sid) throws ServiceException {
try {
Long userId = sessionDao.check(sid);
if (AuthLevelUtil.hasUserLevel(userDao.getRights(userId))) {
Appointment a = appointmentDao.getNext(userId, new Date());
return a == null ? null : new AppointmentDTO(a);
} else {
throw new ServiceException("Insufficient permissions"); //TODO code -26
}
} catch (ServiceException err) {
throw err;
} catch (Exception err) {
log.error("[next]", err);
throw new ServiceException(err.getMessage());
}
}
/**
* Get the next Calendar event for userId
*
* @param sid
* The SID of the User. This SID must be marked as Loggedin
* @param userid
* the userId the calendar events should be loaded
*
* @return - next Calendar event
* @throws {@link ServiceException} in case of any error
*/
@GET
@Path("/next/{userid}")
public AppointmentDTO nextForUser(@QueryParam("sid") @WebParam(name="sid") String sid, @PathParam("userid") @WebParam(name="userid") long userid) throws ServiceException {
try {
Long authUserId = sessionDao.check(sid);
if (AuthLevelUtil.hasWebServiceLevel(userDao.getRights(authUserId))) {
Appointment a = appointmentDao.getNext(userid, new Date());
return a == null ? null : new AppointmentDTO(a);
} else {
throw new ServiceException("Insufficient permissions"); //TODO code -26
}
} catch (ServiceException err) {
throw err;
} catch (Exception err) {
log.error("[nextForUser]", err);
throw new ServiceException(err.getMessage());
}
}
/**
*
* Load a calendar event by its room id
*
* @param sid
* @param roomid
* @return - calendar event by its room id
* @throws {@link ServiceException} in case of any error
*/
@GET
@Path("/room/{roomid}")
public AppointmentDTO getByRoom(@QueryParam("sid") @WebParam(name="sid") String sid, @PathParam("roomid") @WebParam(name="roomid") long roomid) throws ServiceException {
try {
Long userId = sessionDao.check(sid);
if (AuthLevelUtil.hasUserLevel(userDao.getRights(userId))) {
Appointment app = appointmentDao.getByRoom(userId, roomid);
if (app != null) {
return new AppointmentDTO(app);
}
} else {
throw new ServiceException("Insufficient permissions"); //TODO code -26
}
} catch (ServiceException err) {
throw err;
} catch (Exception err) {
log.error("[getByRoom]", err);
throw new ServiceException(err.getMessage());
}
return null;
}
/**
* Search a calendar event for the current SID
*
* @param sid
* The SID of the User. This SID must be marked as Loggedin
* @param title
* the search string
*
* @return - calendar event list
* @throws {@link ServiceException} in case of any error
*/
@GET
@Path("/title/{title}")
public List<AppointmentDTO> getByTitle(@QueryParam("sid") @WebParam(name="sid") String sid, @PathParam("title") @WebParam(name="title") String title) throws ServiceException {
try {
Long userId = sessionDao.check(sid);
if (AuthLevelUtil.hasUserLevel(userDao.getRights(userId))) {
return AppointmentDTO.list(appointmentDao.searchAppointmentsByTitle(userId, title));
} else {
throw new ServiceException("Insufficient permissions"); //TODO code -26
}
} catch (ServiceException err) {
throw err;
} catch (Exception err) {
log.error("[getByTitle]", err);
throw new ServiceException(err.getMessage());
}
}
/**
* Save an appointment
*
* @param sid
* The SID of the User. This SID must be marked as Loggedin
* @param appointment
* calendar event
*
* @return - appointment saved
* @throws {@link ServiceException} in case of any error
*/
@WebMethod
@POST
@Path("/") //TODO FIXME update is also here for now
public AppointmentDTO save(@QueryParam("sid") @WebParam(name="sid") String sid, @FormParam("appointment") @WebParam(name="appointment") AppointmentDTO appointment) throws ServiceException {
//Seems to be create
log.debug("save SID:" + sid);
try {
Long userId = sessionDao.check(sid);
log.debug("save userId:" + userId);
User u = userDao.get(userId);
if (!AuthLevelUtil.hasWebServiceLevel(u.getRights())
&& appointment.getOwner() != null
&& !appointment.getOwner().getId().equals(u.getId()))
{
//TODO maybe additional checks are required
log.error("USER/Room modification as SOAP");
throw new ServiceException("Insufficient permissions"); //TODO code -26
}
//TODO check if objects passed with IDs are correct
if (AuthLevelUtil.hasUserLevel(u.getRights())) {
Appointment a = appointment.get(userDao, appointmentDao, u);
if (a.getRoom().getId() != null) {
if (a.getRoom().isAppointment()) {
a.getRoom().setIspublic(false);
} else {
a.setRoom(roomDao.get(a.getRoom().getId()));
}
}
return new AppointmentDTO(appointmentDao.update(a, u.getId()));
} else {
log.error("save : wrong user level");
throw new ServiceException("Insufficient permissions"); //TODO code -26
}
} catch (ServiceException err) {
throw err;
} catch (Exception err) {
log.error("[save]", err);
throw new ServiceException(err.getMessage());
}
}
/**
*
* delete a calendar event
*
* If the given SID is from an Administrator or Web-Service user, the user
* can delete any appointment.<br/>
* If the SID is assigned to a simple user, he can only delete appointments
* where he is also the owner/creator of the appointment
*
* @param sid
* an authenticated SID
* @param id
* the id to delete
* @return {@link ServiceResult} of type SUCCESS
*
* @throws {@link ServiceException} in case of any error
*/
@DELETE
@Path("/{id}")
public ServiceResult delete(@QueryParam("sid") @WebParam(name="sid") String sid, @PathParam("id") @WebParam(name="id") Long id) throws ServiceException {
try {
Long userId = sessionDao.check(sid);
Set<Right> rights = userDao.getRights(userId);
Appointment a = appointmentDao.get(id);
if (AuthLevelUtil.hasWebServiceLevel(rights) || AuthLevelUtil.hasAdminLevel(rights)) {
// fine
} else if (AuthLevelUtil.hasUserLevel(rights)) {
// check if the appointment belongs to the current user
if (!a.getOwner().getId().equals(userId)) {
throw new ServiceException("The Appointment cannot be updated by the given user");
}
} else {
throw new ServiceException("Not allowed to preform that action, Authenticate the SID first");
}
appointmentDao.delete(a, userId);
return new ServiceResult(id, "Deleted", Type.SUCCESS);
} catch (ServiceException err) {
throw err;
} catch (Exception err) {
log.error("[delete]", err);
throw new ServiceException(err.getMessage());
}
}
}