Fixed an issue in GitHub Workflow. (#12)

* Fixed an issue in GitHub Workflow.

* Refactored and enhanced annotations for better clarity and readability in entity models.

* Implemented repository, service and controller for managing AttributeValue entities.

* Changed entity response model.

* Clean up code.

* Changed EntityAttributeId model and repository, service, dtos and controllers related to EntityAttributeId.

* Included authentication scheme definition in the OpenAPI specification.

* Configure Spring Security for specific paths and roles.

* Changed AttributePermission entity and created repository, services.
  Created cache scheduler service, and implement AttributeSecurityExpressionRoot.

* Changed attribute permission entity. Implemented repository and service.
  Code clean up.

Author: nenadjakic

.github/workflows/main.yml

@@ -52,7 +52,7 @@ jobs:
         run: chmod +x ./gradlew
 
       - name: Run build with Gradle Wrapper
-        run: ./gradlew build -x test
+        run: ./gradlew build
 
       - name: Run code coverage verification
         run: ./gradlew testCoverage

build.gradle.kts

@@ -23,21 +23,13 @@ dependencies {
     implementation("org.springframework.boot:spring-boot-starter-web:3.2.4")
     implementation("org.springframework.boot:spring-boot-starter-validation:3.2.4")
     implementation("org.springframework.boot:spring-boot-starter-mail:3.2.4")
+    implementation("org.springframework.boot:spring-boot-starter-cache:3.2.4")
     implementation("io.jsonwebtoken:jjwt-api:0.12.5")
     implementation("io.jsonwebtoken:jjwt-impl:0.12.5")
     implementation("io.jsonwebtoken:jjwt-jackson:0.12.5")
     implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:2.5.0")
-    // implementation("jakarta.xml.bind:jakarta.xml.bind-api:4.0.2")
-    // implementation("org.glassfish.jaxb:jaxb-runtime:4.0.5")
-    // implementation("com.fasterxml.jackson.dataformat:jackson-dataformat-xml:2.17.0")
-
-
-
-    //implementation("jakarta.validation:jakarta.validation-api:3.0.2")
     implementation("org.modelmapper:modelmapper:3.2.0")
-
     runtimeOnly("org.postgresql:postgresql:42.7.3")
-
     testImplementation("org.springframework.boot:spring-boot-starter-test:3.2.4")
     testImplementation("com.h2database:h2:2.2.224")
 
@@ -48,9 +40,11 @@ tasks.test {
     finalizedBy(tasks.jacocoTestReport)
 }
 
-
 tasks.jacocoTestReport {
     dependsOn(tasks.test)
+    reports {
+        csv.required = true
+    }
 }
 
 tasks.jacocoTestCoverageVerification {

src/main/kotlin/com/github/nenadjakic/eav/configuration/MainConfiguration.kt

@@ -1,7 +1,15 @@
 package com.github.nenadjakic.eav.configuration
 
 import com.github.nenadjakic.eav.dto.converter.*
+import io.swagger.v3.oas.models.Components
+import io.swagger.v3.oas.models.OpenAPI
+import io.swagger.v3.oas.models.info.Info
+import io.swagger.v3.oas.models.security.SecurityRequirement
+import io.swagger.v3.oas.models.security.SecurityScheme
 import org.modelmapper.ModelMapper
+import org.springframework.beans.factory.annotation.Value
+import org.springframework.cache.CacheManager
+import org.springframework.cache.concurrent.ConcurrentMapCacheManager
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.data.jpa.repository.config.EnableJpaRepositories
@@ -14,6 +22,7 @@ import org.springframework.security.core.userdetails.UserDetailsService
 import org.springframework.security.crypto.password.PasswordEncoder
 import java.util.*
 
+
 @Configuration
 @EnableJpaRepositories(basePackages = ["com.github.nenadjakic.eav.repository"])
 @EnableAsync
@@ -22,6 +31,29 @@ open class MainConfiguration(
     private val passwordEncoder: PasswordEncoder
 ) {
 
+    private fun createAPIKeyScheme(): SecurityScheme {
+        return SecurityScheme().type(SecurityScheme.Type.HTTP)
+            .bearerFormat("JWT")
+            .scheme("bearer")
+    }
+
+    @Bean
+    fun openAPI(@Value("\${application.name}") name: String?, @Value("\${application.version}") version: String?): OpenAPI {
+        return OpenAPI()
+            .info(
+                Info()
+                    .title(name)
+                    .version(version)
+            )
+            .addSecurityItem(SecurityRequirement().addList("Bearer_Authentication"))
+            .components(Components().addSecuritySchemes("Bearer_Authentication", createAPIKeyScheme()))
+    }
+
+    @Bean
+    open fun cacheManager() : CacheManager {
+        return ConcurrentMapCacheManager("roles", "attributePermissions")
+    }
+
     @Bean
     open fun modelMapper(): ModelMapper {
         val modelMapper = ModelMapper()
@@ -32,6 +64,7 @@ open class MainConfiguration(
         modelMapper.addConverter(AttributeUpdateRequestToAttributeConverter())
         modelMapper.addConverter(AttributeValueToAttributeValueResponseConverter())
         modelMapper.addConverter(EntityTypeToEntityTypeResponseConverter())
+        modelMapper.addConverter(AttributeValueAddRequestToAttributeValueConverter())
 
         return modelMapper
     }

src/main/kotlin/com/github/nenadjakic/eav/configuration/SecurityConfiguration.kt

@@ -3,34 +3,44 @@ package com.github.nenadjakic.eav.configuration
 import com.github.nenadjakic.eav.security.filter.JwtAuthenticationFilter
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
+import org.springframework.security.access.vote.RoleVoter
 import org.springframework.security.authentication.AuthenticationProvider
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.core.GrantedAuthorityDefaults
 import org.springframework.security.config.http.SessionCreationPolicy
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
 
+
 @Configuration
 @EnableWebSecurity
+@EnableMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
 open class SecurityConfiguration(
     private val authenticationProvider: AuthenticationProvider,
     private val jwtAuthenticationFilter: JwtAuthenticationFilter
 ) {
 
+    @Bean
+    open fun grantedAuthorityDefaults() : GrantedAuthorityDefaults {
+        return GrantedAuthorityDefaults("");
+    }
+
     @Bean
     open fun filterChain(http: HttpSecurity): SecurityFilterChain {
         http.csrf { it.disable() }
         http.httpBasic { it.disable() }
         http.sessionManagement { it.sessionCreationPolicy(SessionCreationPolicy.STATELESS) }
 
         http.authorizeHttpRequests {
+            it.requestMatchers("/swagger-ui.html", "/swagger-ui/**", "/swagger-resources/**", "/v3/api-docs/**").permitAll()
             it.requestMatchers("/auth/**").permitAll()
-            it.anyRequest().permitAll()
+            it.anyRequest().authenticated()
         }
 
         http.authenticationProvider(authenticationProvider)
         http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter::class.java)
         return http.build()
     }
-
 }

src/main/kotlin/com/github/nenadjakic/eav/configuration/WebConfiguration.kt

@@ -6,5 +6,4 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer
 
 @Configuration
 @EnableWebMvc
-open class WebConfiguration : WebMvcConfigurer {
-}
+open class WebConfiguration : WebMvcConfigurer

src/main/kotlin/com/github/nenadjakic/eav/controller/AttributeValueController.kt

@@ -1,29 +1,130 @@
 package com.github.nenadjakic.eav.controller
 
+import com.github.nenadjakic.eav.dto.AttributeValueAddRequest
 import com.github.nenadjakic.eav.dto.AttributeValueResponse
+import com.github.nenadjakic.eav.entity.AttributeValue
 import com.github.nenadjakic.eav.extension.collectionMap
 import com.github.nenadjakic.eav.service.AttributeValueService
+import io.swagger.v3.oas.annotations.Operation
+import io.swagger.v3.oas.annotations.responses.ApiResponse
+import io.swagger.v3.oas.annotations.responses.ApiResponses
 import io.swagger.v3.oas.annotations.tags.Tag
+import jakarta.validation.Valid
 import org.modelmapper.ModelMapper
 import org.springframework.http.ResponseEntity
+import org.springframework.validation.annotation.Validated
+import org.springframework.web.bind.annotation.DeleteMapping
 import org.springframework.web.bind.annotation.GetMapping
 import org.springframework.web.bind.annotation.PathVariable
+import org.springframework.web.bind.annotation.PostMapping
+import org.springframework.web.bind.annotation.PutMapping
+import org.springframework.web.bind.annotation.RequestBody
 import org.springframework.web.bind.annotation.RequestMapping
 import org.springframework.web.bind.annotation.RestController
+import org.springframework.web.servlet.support.ServletUriComponentsBuilder
 
 @Tag(name = "Attribute-value controller", description = "API endpoints for managing values of attributes.")
 @RestController
 @RequestMapping("/attribute-value")
+@Validated
 open class AttributeValueController(
     val modelMapper: ModelMapper,
     val attributeValueService: AttributeValueService
 ) {
 
+    @Operation(
+        operationId = "findAttributeValueById",
+        summary = "Get attribute-value by id.",
+        description = "Returns an attribute-value with the specified id (entityId-attributeId)."
+    )
+    @ApiResponses(
+        value = [
+            ApiResponse(responseCode = "200", description = "Successfully retrieved attribute-value."),
+            ApiResponse(responseCode = "404", description = "Attribute-value not found.")
+        ]
+    )
+    @GetMapping("/{entityId}-{attributeId}")
+    open fun findById(@PathVariable entityId: Long, @PathVariable attributeId: Long): ResponseEntity<AttributeValueResponse> {
+        val attributeValue = attributeValueService.findById(entityId, attributeId)
+        val response = attributeValue?.let { modelMapper.map(attributeValue, AttributeValueResponse::class.java) }
+
+        return ResponseEntity.ofNullable(response)
+    }
+
+    @Operation(
+        operationId = "findAttributeValueByEntityId",
+        summary = "Get all attribute-value by entitiyId.",
+        description = "Returns all attribute-values with the specified entityId."
+    )
+    @ApiResponses(
+        value = [
+            ApiResponse(responseCode = "200", description = "Successfully retrieved attribute-value."),
+            ApiResponse(responseCode = "404", description = "Attribute-value not found.")
+        ]
+    )
     @GetMapping("entity/{entityId}")
     open fun findByEntityId(@PathVariable entityId: Long): ResponseEntity<List<AttributeValueResponse>> {
         val attributeValues = attributeValueService.findByEntityId(entityId)
         val response = modelMapper.collectionMap(attributeValues, AttributeValueResponse::class.java)
         return ResponseEntity.ok(response)
     }
 
+    @Operation(
+        operationId = "createAttributeValue",
+        summary = "Create attribute-vale.",
+        description = "Creates a new attribute-value based on the provided model."
+    )
+    @ApiResponses(
+        value = [
+            ApiResponse(responseCode = "201", description = "Attribute-value created successfully."),
+            ApiResponse(responseCode = "400", description = "Invalid request data.")
+        ]
+    )
+    @PostMapping
+    open fun create(@RequestBody @Valid attributeValueAddRequest: AttributeValueAddRequest): ResponseEntity<Void> {
+        val attributeValue = modelMapper.map(attributeValueAddRequest, AttributeValue::class.java)
+        val createdAttributeValue = attributeValueService.create(attributeValue)
+
+        val location = ServletUriComponentsBuilder
+            .fromCurrentRequest()
+            .path("/{entityId}-{attributeId}")
+            .buildAndExpand(createdAttributeValue.entity.id, createdAttributeValue.attribute.id)
+            .toUri()
+
+        return ResponseEntity.created(location).build()
+    }
+
+    @Operation(
+        operationId = "updateAttributeValue",
+        summary = "Update attribute-value.",
+        description = "Updates an existing attribute-value based on the provided model."
+    )
+    @ApiResponses(
+        value = [
+            ApiResponse(responseCode = "204", description = "Attribute-value updated successfully."),
+            ApiResponse(responseCode = "400", description = "Invalid request data.")
+        ]
+    )
+    @PutMapping
+    open fun update(@RequestBody @Valid attributeValueAddRequest: AttributeValueAddRequest): ResponseEntity<Void> {
+        val attributeValue = modelMapper.map(attributeValueAddRequest, AttributeValue::class.java)
+        attributeValueService.update(attributeValue)
+        return ResponseEntity.noContent().build()
+    }
+
+    @Operation(
+        operationId = "deleteAttributeValueById",
+        summary = "Delete attribute-value by id.",
+        description = "Deletes an attribute-value with the specified id."
+    )
+    @ApiResponses(
+        value = [
+            ApiResponse(responseCode = "204", description = "Attribute-value deleted successfully")
+        ]
+    )
+    @DeleteMapping
+    open fun deleteById(@PathVariable entityId: Long, @PathVariable attributeId: Long): ResponseEntity<Void> {
+        attributeValueService.deleteById(entityId, attributeId)
+        return ResponseEntity.noContent().build()
+    }
 }

src/main/kotlin/com/github/nenadjakic/eav/controller/EavReadController.kt

@@ -3,6 +3,7 @@ package com.github.nenadjakic.eav.controller
 import org.springframework.data.domain.Page
 import org.springframework.http.MediaType
 import org.springframework.http.ResponseEntity
+import org.springframework.security.access.prepost.PreAuthorize
 import org.springframework.web.bind.annotation.GetMapping
 import org.springframework.web.bind.annotation.PathVariable
 import org.springframework.web.bind.annotation.RequestParam
@@ -15,12 +16,15 @@ import org.springframework.web.bind.annotation.RequestParam
  */
 interface EavReadController<RE> {
 
+    @PreAuthorize("hasRole('READER')")
     @GetMapping(produces = [MediaType.APPLICATION_JSON_VALUE])
     fun findAll(): ResponseEntity<List<RE>>
 
+    @PreAuthorize("hasRole('READER')")
     @GetMapping(value = ["/page"], produces = [MediaType.APPLICATION_JSON_VALUE])
     fun findPage(@RequestParam pageNumber: Int, @RequestParam(required = false) pageSize: Int?): ResponseEntity<Page<RE>>
 
+    @PreAuthorize("hasRole('READER')")
     @GetMapping(value = ["/{id}"], produces = [MediaType.APPLICATION_JSON_VALUE])
     fun findById(@PathVariable id: Long): ResponseEntity<RE>
 }

src/main/kotlin/com/github/nenadjakic/eav/controller/EavWriteController.kt

@@ -3,6 +3,7 @@ package com.github.nenadjakic.eav.controller
 import jakarta.validation.Valid
 import org.springframework.http.MediaType
 import org.springframework.http.ResponseEntity
+import org.springframework.security.access.prepost.PreAuthorize
 import org.springframework.validation.annotation.Validated
 import org.springframework.web.bind.annotation.DeleteMapping
 import org.springframework.web.bind.annotation.PathVariable
@@ -20,13 +21,16 @@ import org.springframework.web.bind.annotation.RequestBody
 @Validated
 interface EavWriteController<CR, UR> {
 
+    @PreAuthorize("hasRole('WRITER')")
     @PostMapping(consumes = [MediaType.APPLICATION_JSON_VALUE],
         produces = [MediaType.APPLICATION_JSON_VALUE])
     fun create(@Valid @RequestBody model:CR): ResponseEntity<Void>
 
+    @PreAuthorize("hasRole('WRITER')")
     @PutMapping(consumes = [MediaType.APPLICATION_JSON_VALUE])
     fun update(@Valid @RequestBody model:UR): ResponseEntity<Void>
 
+    @PreAuthorize("hasRole('WRITER')")
     @DeleteMapping("/{id}")
     fun deleteById(@PathVariable id: Long): ResponseEntity<Void>
 }

src/main/kotlin/com/github/nenadjakic/eav/dto/AttributeValueAddRequest.kt

@@ -0,0 +1,13 @@
+package com.github.nenadjakic.eav.dto
+
+import jakarta.validation.constraints.NotNull
+
+class AttributeValueAddRequest {
+    @NotNull
+    var entityId: Long? = null
+
+    @NotNull
+    var attributeId: Long? = null
+
+    var value: String? = null
+}

src/main/kotlin/com/github/nenadjakic/eav/dto/AttributeValueResponse.kt

@@ -1,9 +1,22 @@
 package com.github.nenadjakic.eav.dto
 
-data class AttributeValueResponse(
+data class EntitySimpleResponse(
     val entityId: Long,
-    val entityName: String,
+)
+
+data class AttributeSimpleResponse(
     val attributeId: Long,
     val attributeName: String,
+)
+
+data class AttributeValueSimpleResponse(
+    val attribute : AttributeSimpleResponse,
+    val value: Any?
+)
+
+data class AttributeValueResponse(
+    val entitiy: EntitySimpleResponse,
+    //TODO. Should be list
+    val attributes: AttributeSimpleResponse,
     val value: Any
 )

src/main/kotlin/com/github/nenadjakic/eav/dto/EntityResponse.kt

@@ -2,5 +2,6 @@ package com.github.nenadjakic.eav.dto
 
 data class EntityResponse(
     val id: Long,
-    val entityType: EntityTypeSimpleResponse
+    val entityType: EntityTypeSimpleResponse,
+    val attributeValues: List<AttributeValueSimpleResponse>
 )