Skip to content

Commit

Permalink
Revert "OAM-200: added delete endpoint with rights"
Browse files Browse the repository at this point in the history 
This reverts commit fd63632.
  • Loading branch information
@tsznaj
tsznaj committed Jun 17, 2024
1 parent fd63632 commit 598c5b2
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 73 deletions.
9 changes: 1 addition & 8 deletions src/main/java/org/openlmis/fulfillment/service/PermissionService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@
import static org.apache.commons.lang3.StringUtils.startsWith;
import static org.openlmis.fulfillment.i18n.MessageKeys.ORDER_NOT_FOUND;

import java.util.List;
import java.util.UUID;
import javax.validation.constraints.NotNull;
import org.openlmis.fulfillment.domain.Order;
Expand Down Expand Up @@ -53,7 +52,6 @@ public class PermissionService {
public static final String ORDERS_VIEW = "ORDERS_VIEW";
public static final String ORDERS_EDIT = "ORDERS_EDIT";
public static final String ORDER_CREATE = "ORDER_CREATE";
public static final String ORDER_DELETE = "ORDER_DELETE";
public static final String SHIPMENTS_VIEW = "SHIPMENTS_VIEW";
public static final String SHIPMENTS_EDIT = "SHIPMENTS_EDIT";
static final String SYSTEM_SETTINGS_MANAGE = "SYSTEM_SETTINGS_MANAGE";
Expand Down Expand Up @@ -154,12 +152,6 @@ public void canCreateOrder(Order order) {
checkPermission(ORDER_CREATE, order.getReceivingFacilityId());
}

public void canDeleteOrders(List<UUID> ids) {
for (UUID id : ids) {
checkPermission(ORDER_DELETE, id);
}
}

/**
* Checks if user has permission to view Shipments.
*
Expand Down Expand Up @@ -309,4 +301,5 @@ private boolean checkServiceToken(boolean allowApiKey,

return false;
}

}
54 changes: 16 additions & 38 deletions src/main/java/org/openlmis/fulfillment/web/OrderController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@
import java.nio.charset.StandardCharsets;
import java.text.DecimalFormat;
import java.text.DecimalFormatSymbols;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
Expand Down Expand Up @@ -75,7 +74,6 @@
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.stereotype.Controller;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.CollectionUtils;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
Expand Down Expand Up @@ -195,16 +193,16 @@ public OrderDto createRequisitionLessOrder(@RequestBody OrderDto orderDto) {
/**
* Allows updating orders.
*
* @param orderId UUID of order which we want to update
* @param orderId UUID of order which we want to update
* @param orderDto An order bound to the request body
* @return updated order
*/
@PutMapping("/orders/{id}")
@ResponseBody
public OrderDto updateOrder(
@PathVariable("id") UUID orderId,
@RequestBody OrderDto orderDto,
BindingResult bindingResult
@PathVariable("id") UUID orderId,
@RequestBody OrderDto orderDto,
BindingResult bindingResult
) {
permissionService.canCreateOrder(orderDto);

Expand All @@ -222,15 +220,15 @@ public OrderDto updateOrder(
/**
* Send requisition-less order.
*
* @param orderId UUID of order
* @param orderId UUID of order
* @param orderDto An order bound to the request body
*/
@PutMapping("/orders/{id}/requisitionLess/send")
@ResponseBody
public void sendRequisitionLessOrder(
@PathVariable("id") UUID orderId,
@RequestBody OrderDto orderDto,
BindingResult bindingResult
@PathVariable("id") UUID orderId,
@RequestBody OrderDto orderDto,
BindingResult bindingResult
) {
permissionService.canCreateOrder(orderDto);

Expand All @@ -257,7 +255,7 @@ public void sendRequisitionLessOrder(
@ResponseStatus(HttpStatus.OK)
@ResponseBody
public Iterable<BasicOrderDto> batchCreateOrders(@RequestBody List<OrderDto> orders,
OAuth2Authentication authentication) {
OAuth2Authentication authentication) {
List<Order> newOrders = orders
.stream()
.map(order -> createSingleOrder(order, authentication))
Expand Down Expand Up @@ -319,7 +317,7 @@ public NumberOfOrdersData getOrdersData() {
public OrderStatsData getOrderStatusesStatsData() {
Profiler profiler = new Profiler("GET_ORDER_STATISTICS_DATA");
profiler.setLogger(XLOGGER);
UUID facilityId = authenticationHelper.getCurrentUser().getHomeFacilityId();
UUID facilityId = authenticationHelper.getCurrentUser().getHomeFacilityId();
if (facilityId == null) {
return new OrderStatsData();
}
Expand All @@ -334,7 +332,7 @@ public OrderStatsData getOrderStatusesStatsData() {
* Get chosen order.
*
* @param orderId UUID of order whose we want to get
* @param expand a set of field names to expand
* @param expand a set of field names to expand
* @return OrderDto.
*/
@RequestMapping(value = "/orders/{id}", method = RequestMethod.GET)
Expand All @@ -358,7 +356,7 @@ public OrderDto getOrder(@PathVariable("id") UUID orderId,
@ResponseBody
public List<UUID> getRequestingFacilities(
@RequestParam(name = "supplyingFacilityId", required = false)
List<UUID> supplyingFacilityIds) {
List<UUID> supplyingFacilityIds) {
return orderRepository.getRequestingFacilities(supplyingFacilityIds);
}

Expand All @@ -371,7 +369,7 @@ public List<UUID> getRequestingFacilities(
@RequestMapping(value = "/orders/{id}/print", method = RequestMethod.GET)
@ResponseStatus(HttpStatus.OK)
public ResponseEntity<byte[]> printOrder(@PathVariable("id") UUID orderId,
@RequestParam("format") String format) throws IOException {
@RequestParam("format") String format) throws IOException {

Order order = orderRepository.findById(orderId)
.orElseThrow(() -> new OrderNotFoundException(orderId));
Expand Down Expand Up @@ -434,9 +432,9 @@ public ResponseEntity<byte[]> printOrder(@PathVariable("id") UUID orderId,
@RequestMapping(value = "/orders/{id}/export", method = RequestMethod.GET)
@ResponseStatus(HttpStatus.OK)
public void export(@PathVariable("id") UUID orderId,
@RequestParam(value = "type", required = false,
defaultValue = TYPE_CSV) String type,
HttpServletResponse response) throws IOException {
@RequestParam(value = "type", required = false,
defaultValue = TYPE_CSV) String type,
HttpServletResponse response) throws IOException {
if (!TYPE_CSV.equals(type)) {
String msg = "Export type: " + type + " not allowed";
XLOGGER.warn(msg);
Expand Down Expand Up @@ -499,26 +497,6 @@ public ResultDto<Boolean> retryOrderTransfer(@PathVariable("id") UUID id) {
return new ResultDto<>(TRANSFER_FAILED != order.getStatus());
}

@RequestMapping(value = "/orders", method = RequestMethod.DELETE)
@ResponseStatus(HttpStatus.OK)
public void deleteMultipleOrders(@RequestParam(name = "ids") List<UUID> ids) {

if (CollectionUtils.isEmpty(ids)) {
XLOGGER.info("Nothing to delete");
}
Iterable<Order> orders = orderRepository.findAllById(ids);
List<UUID> receivingIds = new ArrayList<>();
orders.forEach(order -> {
receivingIds.add(order.getReceivingFacilityId());
});

permissionService.canDeleteOrders(receivingIds);

for (UUID id : ids) {
orderRepository.deleteById(id);
}
}

private Order createSingleOrder(OrderDto orderDto,
OAuth2Authentication authentication) {

Expand Down
27 changes: 0 additions & 27 deletions src/main/resources/api-definition.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -367,33 +367,6 @@ resourceTypes:
body:
application/json:
schema: localizedMessage
delete:
is: [ secured ]
description: Removes many orders by id. This endpoint requires ORDERE_DELETE right.
body:
application/json:
schema:
type: "array",
items: {
type: "string",
}
responses:
"204":
headers:
Keep-Alive:
"404":
body:
application/json:
schema: localizedErrorResponse
"409":
body:
application/json:
"403":
headers:
Keep-Alive:
body:
application/json:
schema: localizedErrorResponse
/requisitionLess:
post:
is: [ secured ]
Expand Down

0 comments on commit 598c5b2

Please sign in to comment.