diff --git a/src/main/kotlin/com/restapi/Main.kt b/src/main/kotlin/com/restapi/Main.kt index 1d71d6a..cc87717 100644 --- a/src/main/kotlin/com/restapi/Main.kt +++ b/src/main/kotlin/com/restapi/Main.kt @@ -6,7 +6,6 @@ import com.restapi.config.AppConfig.Companion.appConfig import com.restapi.config.Auth.validateAuthToken import com.restapi.controllers.* import com.restapi.domain.DataNotFoundException -import com.restapi.domain.ReminderLog import com.restapi.domain.Session.currentTenant import com.restapi.domain.Session.currentUser import com.restapi.domain.Session.currentUserPlants @@ -45,270 +44,272 @@ fun main(args: Array) { //ratelimit based on IP Only RateLimitUtil.keyFunction = { ctx -> ctx.header("X-Forwarded-For")?.split(",")?.get(0) ?: ctx.ip() } Javalin.create { cfg -> - cfg.http.generateEtags = true - if (appConfig.corsEnabled()) { - cfg.plugins.enableCors { container -> - container.add { - it.allowHost( - "http://localhost:5173", *appConfig.corsHosts().toTypedArray() - ) - } + cfg.http.generateEtags = true + if (appConfig.corsEnabled()) { + cfg.plugins.enableCors { container -> + container.add { + it.allowHost( + "http://localhost:5173", *appConfig.corsHosts().toTypedArray() + ) } } - cfg.http.defaultContentType = ContentType.JSON - cfg.compression.gzipOnly() - cfg.jsonMapper(JavalinJackson(objectMapper)) - cfg.accessManager(AppAccessManager()) - }.routes { - path("/auth") { + } + cfg.http.defaultContentType = ContentType.JSON + cfg.compression.gzipOnly() + cfg.jsonMapper(JavalinJackson(objectMapper)) + cfg.accessManager(AppAccessManager()) + }.routes { + path("/auth") { - get("/endpoint", Auth::endPoint) - get("/init", Auth::init) - get("/code", Auth::code) - get("/keys", Auth::keys) - post("/refresh", Auth::refreshToken) + get("/endpoint", Auth::endPoint) + get("/init", Auth::init) + get("/code", Auth::code) + get("/keys", Auth::keys) + post("/refresh", Auth::refreshToken) + } + before("/api/*") { ctx -> + + NaiveRateLimit.requestPerTimeUnit( + ctx, appConfig.rateLimit().getOrDefault(30), TimeUnit.MINUTES + ) + + val authToken = ctx.getAuthHeader() ?: throw UnauthorizedResponse() + + + //there are 2 scenarios, 1) auth user for admin 2) non user for flow, we need to handle both + + setAuthorizedUser(validateAuthToken(authToken = authToken)) + + if (appConfig.enforcePayloadEncryption()) { + //todo: decrypt the request from user } - before("/api/*") { ctx -> + } + after("/api/*") { - NaiveRateLimit.requestPerTimeUnit( - ctx, appConfig.rateLimit().getOrDefault(30), TimeUnit.MINUTES - ) + val md = MessageDigest.getInstance("SHA-512") + md.update((it.result() ?: "").toByteArray()) + val aMessageDigest = md.digest() - val authToken = ctx.getAuthHeader() ?: throw UnauthorizedResponse() + val outEncoded: String = Base64.getEncoder().encodeToString(aMessageDigest) + it.header("X-Checksum", outEncoded) + it.header("X-Signature", signPayload(outEncoded)) + if (appConfig.enforcePayloadEncryption()) { + //todo: encrypt and send the response back to user + } - //there are 2 scenarios, 1) auth user for admin 2) non user for flow, we need to handle both + } + path("/api") { - setAuthorizedUser(validateAuthToken(authToken = authToken)) + get("/plants") { + it.json(currentUserPlants()) + } + post("/audit/{action}") { + logger.warn("User ${currentUser()} of tenant ${currentTenant()} has performed ${it.pathParam("action")} @ ${LocalDateTime.now()}") + it.json(mapOf("status" to true)) + } - if (appConfig.enforcePayloadEncryption()) { - //todo: decrypt the request from user + path("/vendor") { + path("/") { + post("", VendorCtrl::create, Roles(Role.Explicit("ROLE_VENDOR_CREATE"))) + post("/batch", VendorCtrl::createBatch, Roles(Role.Explicit("ROLE_VENDOR_CREATE"))) + get("/{id}", VendorCtrl::get, Roles(Role.Explicit("ROLE_VENDOR_VIEW", "ROLE_VENDOR_CREATE"))) + post( + "/getAll", VendorCtrl::getAll, Roles(Role.Explicit("ROLE_VENDOR_VIEW", "ROLE_VENDOR_CREATE")) + ) + get( + "quotes/{id}", VendorCtrl::getQuotes, Roles(Role.Explicit("ROLE_QUOTE_VIEW", "ROLE_QUOTE_CREATE", "ROLE_VENDOR_VIEW")) + ) + get("pos/{id}", VendorCtrl::getPos, Roles(Role.Explicit("ROLE_PO_VIEW", "ROLE_PO_CREATE`"))) + put("/rate/{id}/{rating}", VendorCtrl::rate, Roles(Role.Explicit("ROLE_VENDOR_CREATE"))) + put("/{id}", VendorCtrl::update, Roles(Role.Explicit("ROLE_VENDOR_CREATE"))) + } + path("/incoming") { + post("", IncomingInventoryCtrl::create, Roles(Role.Explicit("ROLE_INVENTORY_CREATE"))) + get("/next", IncomingInventoryCtrl::getNextNum, Roles(Role.Explicit("ROLE_INVENTORY_CREATE"))) + get( + "/{id}", IncomingInventoryCtrl::get, Roles(Role.Explicit("ROLE_INVENTORY_VIEW", "ROLE_INVENTORY_CREATE")) + ) + put("/{id}", IncomingInventoryCtrl::update, Roles(Role.Explicit("ROLE_INVENTORY_CREATE"))) + post( + "/getAll", IncomingInventoryCtrl::getAll, Roles(Role.Explicit("ROLE_INVENTORY_CREATE", "ROLE_INVENTORY_VIEW")) + ) + } + path("/outgoing") { + post("", OutgoingInventoryCtrl::create, Roles(Role.Explicit("ROLE_INVENTORY_CREATE"))) + get("/next", OutgoingInventoryCtrl::getNextNum, Roles(Role.Explicit("ROLE_INVENTORY_CREATE"))) + get( + "/{id}", OutgoingInventoryCtrl::get, Roles(Role.Explicit("ROLE_INVENTORY_VIEW", "ROLE_INVENTORY_CREATE")) + ) + put("/{id}", OutgoingInventoryCtrl::update, Roles(Role.Explicit("ROLE_INVENTORY_CREATE"))) + post( + "/getAll", OutgoingInventoryCtrl::getAll, Roles(Role.Explicit("ROLE_INVENTORY_CREATE", "ROLE_INVENTORY_VIEW")) + ) + } + path("/invoice") { + post("", InvoiceCtrl::create, Roles(Role.Explicit("ROLE_INVOICE_CREATE"))) + get("/next", InvoiceCtrl::getNextNum, Roles(Role.Explicit("ROLE_INVOICE_CREATE"))) + get( + "/{id}", InvoiceCtrl::get, Roles(Role.Explicit("ROLE_INVOICE_VIEW", "ROLE_INVOICE_CREATE")) + ) + put("/{id}", InvoiceCtrl::update, Roles(Role.Explicit("ROLE_INVOICE_CREATE"))) + post( + "/getAll", InvoiceCtrl::getAll, Roles(Role.Explicit("ROLE_INVOICE_CREATE", "ROLE_INVOICE_VIEW")) + ) + } + path("/payment") { + post("", PaymentCtrl::create, Roles(Role.Explicit("ROLE_PAYMENT_CREATE"))) + get( + "/{id}", PaymentCtrl::get, Roles(Role.Explicit("ROLE_PAYMENT_VIEW", "ROLE_PAYMENT_CREATE")) + ) + put("/{id}", PaymentCtrl::update, Roles(Role.Explicit("ROLE_PAYMENT_CREATE"))) + post( + "/getAll", PaymentCtrl::getAll, Roles(Role.Explicit("ROLE_PAYMENT_CREATE", "ROLE_PAYMENT_VIEW")) + ) + delete("/{id}", PaymentCtrl::delete, Roles(Role.Explicit("ROLE_PAYMENT_CREATE"))) + } + path("/fleet") { + + post("", FleetCtrl::create, Roles(Role.Explicit("ROLE_FLEET_CREATE"))) + get( + "/{id}", FleetCtrl::get, Roles(Role.Explicit("ROLE_FLEET_VIEW", "ROLE_FLEET_CREATE")) + ) + put("/{id}", FleetCtrl::update, Roles(Role.Explicit("ROLE_FLEET_CREATE"))) + post( + "/getAll", FleetCtrl::getAll, Roles(Role.Explicit("ROLE_FLEET_CREATE", "ROLE_FLEET_VIEW")) + ) + delete("/{id}", FleetCtrl::delete, Roles(Role.Explicit("ROLE_FLEET_CREATE"))) + } + path("/renewal") { + post("", RenewalCtrl::create, Roles(Role.Explicit("ROLE_FLEET_CREATE"))) + get( + "/{id}", RenewalCtrl::get, Roles(Role.Explicit("ROLE_FLEET_VIEW", "ROLE_FLEET_CREATE")) + ) + put("/{id}", RenewalCtrl::update, Roles(Role.Explicit("ROLE_FLEET_CREATE"))) + post( + "/getAll", RenewalCtrl::getAll, Roles(Role.Explicit("ROLE_FLEET_CREATE", "ROLE_FLEET_VIEW")) + ) + delete("/{id}", RenewalCtrl::delete, Roles(Role.Explicit("ROLE_FLEET_CREATE"))) + } + path("/reminder") { + post("", ReminderCtrl::create, Roles(Role.Explicit("ROLE_REMINDER_CREATE"))) + get( + "/{id}", ReminderCtrl::get, Roles(Role.Explicit("ROLE_REMINDER_VIEW", "ROLE_REMINDER_CREATE")) + ) + put("/{id}", ReminderCtrl::update, Roles(Role.Explicit("ROLE_REMINDER_CREATE"))) + post( + "/getAll", ReminderLogCtrl::getAll, Roles(Role.Explicit("ROLE_REMINDER_CREATE", "ROLE_REMINDER_VIEW")) + ) + post( + "/done", ReminderLogCtrl::done, Roles(Role.Explicit("ROLE_REMAINDER_CREATE")) + ) + get( + "/getAll/{id}", ReminderCtrl::getAllByFleetId, Roles(Role.Explicit("ROLE_REMINDER_CREATE", "ROLE_REMINDER_VIEW")) + ) + delete( + "/{id}", ReminderCtrl::delete, Roles(Role.Explicit("ROLE_REMINDER_CREATE")) + ) + } + path("/vehicle") { + post("", VehicleCtrl::create, Roles(Role.Explicit("ROLE_FLEET_CREATE"))) + get( + "/{id}", VehicleCtrl::get, Roles(Role.Explicit("ROLE_FLEET_VIEW", "ROLE_FLEET_CREATE")) + ) + put("/{id}", VehicleCtrl::update, Roles(Role.Explicit("ROLE_FLEET_CREATE"))) + post( + "/getAll", VehicleCtrl::getAll, Roles(Role.Explicit("ROLE_FLEET_CREATE", "ROLE_FLEET_VIEW")) + ) + } + path("/fleetType") { + post("", FleetTypeCtrl::create, Roles(Role.Explicit("ROLE_FLEET_CREATE"))) + get( + "/{id}", FleetTypeCtrl::get, Roles(Role.Explicit("ROLE_FLEET_VIEW", "ROLE_FLEET_CREATE")) + ) + put("/{id}", FleetTypeCtrl::update, Roles(Role.Explicit("ROLE_FLEET_CREATE"))) + post( + "/getAll", FleetTypeCtrl::getAll, Roles(Role.Explicit("ROLE_FLEET_CREATE", "ROLE_FLEET_VIEW")) + ) + } + path("/po") { + get("/next", PurchaseOrderCtrl::getNextNum, Roles(Role.Explicit("ROLE_PO_CREATE"))) + post("", PurchaseOrderCtrl::create, Roles(Role.Explicit("ROLE_PO_CREATE"))) + post("/batch", PurchaseOrderCtrl::createBatch, Roles(Role.Explicit("ROLE_PO_CREATE"))) + post( + "/getAll", PurchaseOrderCtrl::getAll, Roles(Role.Explicit("ROLE_PO_CREATE", "ROLE_PO_VIEW", "ROLE_VENDOR_CREATE")) + ) + get( + "/{id}", PurchaseOrderCtrl::get, Roles(Role.Explicit("ROLE_PO_CREATE", "ROLE_PO_VIEW", "ROLE_QUOTE_CREATE")) + ) + put("/{id}", PurchaseOrderCtrl::update, Roles(Role.Explicit("ROLE_PO_CREATE"))) + put("/approve/{id}", PurchaseOrderCtrl::approve, Roles(Role.Explicit())) + put("/reject/{id}", PurchaseOrderCtrl::reject, Roles(Role.Explicit())) + get("/refQuote/{id}", PurchaseOrderCtrl::quoteReference, Roles(Role.Explicit("ROLE_PO_CREATE"))) + } + path("/quote") { + get("/next", QuotationCtrl::getNextNum, Roles(Role.Explicit("ROLE_QUOTE_CREATE"))) + post("", QuotationCtrl::create, Roles(Role.Explicit("ROLE_QUOTE_CREATE"))) + post("/batch", QuotationCtrl::createBatch, Roles(Role.Explicit("ROLE_QUOTE_CREATE"))) + post( + "/getAll", QuotationCtrl::getAll, Roles(Role.Explicit("ROLE_QUOTE_CREATE", "ROLE_QUOTE_VIEW")) + ) + get("/{id}", QuotationCtrl::get, Roles(Role.Explicit("ROLE_QUOTE_VIEW", "ROLE_QUOTE_CREATE"))) + put("/{id}", QuotationCtrl::update, Roles(Role.Explicit("ROLE_QUOTE_CREATE"))) + delete("/{id}", QuotationCtrl::delete, Roles(Role.Explicit("ROLE_QUOTE_CREATE"))) + } + path("/product") { + post("", ProductCtrl::create, Roles(Role.Explicit("ROLE_PRODUCT_CREATE"))) + put("/{id}", ProductCtrl::update, Roles(Role.Explicit("ROLE_PRODUCT_CREATE"))) + delete("/{id}", ProductCtrl::delete, Roles(Role.Explicit("ROLE_PRODUCT_CREATE"))) + patch("/{id}", ProductCtrl::patch, Roles(Role.Explicit("ROLE_PRODUCT_CREATE"))) + post("/getAll", ProductCtrl::getAll, Roles(Role.Explicit("ROLE_PRODUCT_VIEW"))) + get("/{id}", ProductCtrl::get, Roles(Role.Explicit("ROLE_PRODUCT_VIEW"))) + } + path("/doc") { + post("", DocumentCtrl::create, Roles(Role.Explicit("ROLE_DOC_CREATE"))) + //why type and refid are clubbed ?? + get( + "/{type}/{refId}", DocumentCtrl::getWithRefId, Roles(Role.Explicit("ROLE_DOC_VIEW", "ROLE_PRODUCT_CREATE")) + ) + get("/{id}", DocumentCtrl::get, Roles(Role.Explicit("ROLE_DOC_VIEW", "ROLE_PRODUCT_CREATE"))) + get( + "/print/{id}", DocumentCtrl::print, Roles(Role.Explicit("ROLE_DOC_CREATE", "ROLE_DOC_VIEW")) + ) + delete("/{id}", DocumentCtrl::delete, Roles(Role.Explicit("ROLE_DOC_CREATE"))) + } + path("/reqForQuote") { + post( + "", RequestForQuote::create, Roles(Role.Explicit("ROLE_QUOTE_CREATE", "ROLE_PO_CREATE", "ROLE_RFQ_CREATE")) + ) + get( + "/{id}", RequestForQuote::get, Roles(Role.Explicit("ROLE_RFQ_CREATE", "ROLE_RFQ_VIEW", "ROLE_QUOTE_VIEW", "ROLE_PO_VIEW")) + ) + put( + "/{id}", RequestForQuote::update, Roles(Role.Explicit("ROLE_QUOTE_CREATE", "ROLE_PO_CREATE", "ROLE_RFQ_CREATE")) + ) } } - after("/api/*") { + post("/script/database/{name}", Entities::executeStoredProcedure, Roles(adminRole, Role.DbOps)) + post("/script/{file}/{name}", Entities::executeScript, Roles(adminRole, Role.DbOps)) - val md = MessageDigest.getInstance("SHA-512") - md.update((it.result() ?: "").toByteArray()) - val aMessageDigest = md.digest() + get("/{entity}/{id}", Entities::view, Roles(adminRole, viewRole)) + post("/{entity}/query/{id}", Entities::sqlQueryById, Roles(adminRole, viewRole)) + post("/{entity}/query", Entities::sqlQueryRaw, Roles(adminRole, viewRole)) + post("/{entity}", Entities::create, Roles(adminRole, createRole)) - val outEncoded: String = Base64.getEncoder().encodeToString(aMessageDigest) - it.header("X-Checksum", outEncoded) - it.header("X-Signature", signPayload(outEncoded)) + put("/{entity}/approve/{id}", Entities::approve, Roles(adminRole, approveOrRejectRole)) + put("/{entity}/reject/{id}", Entities::reject, Roles(adminRole, approveOrRejectRole)) + put("/{entity}/{action}/{id}", Entities::action, Roles(adminRole, Role.Entity)) - if (appConfig.enforcePayloadEncryption()) { - //todo: encrypt and send the response back to user - } - - } - path("/api") { - - get("/plants") { - it.json(currentUserPlants()) - } - post("/audit/{action}") { - logger.warn("User ${currentUser()} of tenant ${currentTenant()} has performed ${it.pathParam("action")} @ ${LocalDateTime.now()}") - it.json(mapOf("status" to true)) - } - - path("/vendor") { - path("/") { - post("", VendorCtrl::create, Roles(Role.Explicit("ROLE_VENDOR_CREATE"))) - post("/batch", VendorCtrl::createBatch, Roles(Role.Explicit("ROLE_VENDOR_CREATE"))) - get("/{id}", VendorCtrl::get, Roles(Role.Explicit("ROLE_VENDOR_VIEW", "ROLE_VENDOR_CREATE"))) - post( - "/getAll", VendorCtrl::getAll, Roles(Role.Explicit("ROLE_VENDOR_VIEW", "ROLE_VENDOR_CREATE")) - ) - get( - "quotes/{id}", VendorCtrl::getQuotes, Roles(Role.Explicit("ROLE_QUOTE_VIEW", "ROLE_QUOTE_CREATE", "ROLE_VENDOR_VIEW")) - ) - get("pos/{id}", VendorCtrl::getPos, Roles(Role.Explicit("ROLE_PO_VIEW", "ROLE_PO_CREATE`"))) - put("/rate/{id}/{rating}", VendorCtrl::rate, Roles(Role.Explicit("ROLE_VENDOR_CREATE"))) - put("/{id}", VendorCtrl::update, Roles(Role.Explicit("ROLE_VENDOR_CREATE"))) - } - path("/incoming") { - post("", IncomingInventoryCtrl::create, Roles(Role.Explicit("ROLE_INVENTORY_CREATE"))) - get("/next", IncomingInventoryCtrl::getNextNum, Roles(Role.Explicit("ROLE_INVENTORY_CREATE"))) - get( - "/{id}", IncomingInventoryCtrl::get, Roles(Role.Explicit("ROLE_INVENTORY_VIEW", "ROLE_INVENTORY_CREATE")) - ) - put("/{id}", IncomingInventoryCtrl::update, Roles(Role.Explicit("ROLE_INVENTORY_CREATE"))) - post( - "/getAll", IncomingInventoryCtrl::getAll, Roles(Role.Explicit("ROLE_INVENTORY_CREATE", "ROLE_INVENTORY_VIEW")) - ) - } - path("/outgoing") { - post("", OutgoingInventoryCtrl::create, Roles(Role.Explicit("ROLE_INVENTORY_CREATE"))) - get("/next", OutgoingInventoryCtrl::getNextNum, Roles(Role.Explicit("ROLE_INVENTORY_CREATE"))) - get( - "/{id}", OutgoingInventoryCtrl::get, Roles(Role.Explicit("ROLE_INVENTORY_VIEW", "ROLE_INVENTORY_CREATE")) - ) - put("/{id}", OutgoingInventoryCtrl::update, Roles(Role.Explicit("ROLE_INVENTORY_CREATE"))) - post( - "/getAll", OutgoingInventoryCtrl::getAll, Roles(Role.Explicit("ROLE_INVENTORY_CREATE", "ROLE_INVENTORY_VIEW")) - ) - } - path("/invoice") { - post("", InvoiceCtrl::create, Roles(Role.Explicit("ROLE_INVOICE_CREATE"))) - get("/next", InvoiceCtrl::getNextNum, Roles(Role.Explicit("ROLE_INVOICE_CREATE"))) - get( - "/{id}", InvoiceCtrl::get, Roles(Role.Explicit("ROLE_INVOICE_VIEW", "ROLE_INVOICE_CREATE")) - ) - put("/{id}", InvoiceCtrl::update, Roles(Role.Explicit("ROLE_INVOICE_CREATE"))) - post( - "/getAll", InvoiceCtrl::getAll, Roles(Role.Explicit("ROLE_INVOICE_CREATE", "ROLE_INVOICE_VIEW")) - ) - } - path("/payment") { - post("", PaymentCtrl::create, Roles(Role.Explicit("ROLE_PAYMENT_CREATE"))) - get( - "/{id}", PaymentCtrl::get, Roles(Role.Explicit("ROLE_PAYMENT_VIEW", "ROLE_PAYMENT_CREATE")) - ) - put("/{id}", PaymentCtrl::update, Roles(Role.Explicit("ROLE_PAYMENT_CREATE"))) - post( - "/getAll", PaymentCtrl::getAll, Roles(Role.Explicit("ROLE_PAYMENT_CREATE", "ROLE_PAYMENT_VIEW")) - ) - delete("/{id}", PaymentCtrl::delete, Roles(Role.Explicit("ROLE_PAYMENT_CREATE"))) - } - path("/fleet") { - - post("", FleetCtrl::create, Roles(Role.Explicit("ROLE_FLEET_CREATE"))) - get( - "/{id}", FleetCtrl::get, Roles(Role.Explicit("ROLE_FLEET_VIEW", "ROLE_FLEET_CREATE")) - ) - put("/{id}", FleetCtrl::update, Roles(Role.Explicit("ROLE_FLEET_CREATE"))) - post( - "/getAll", FleetCtrl::getAll, Roles(Role.Explicit("ROLE_FLEET_CREATE", "ROLE_FLEET_VIEW")) - ) - delete("/{id}", FleetCtrl::delete, Roles(Role.Explicit("ROLE_FLEET_CREATE"))) - } - path("/renewal") { - post("", RenewalCtrl::create, Roles(Role.Explicit("ROLE_FLEET_CREATE"))) - get( - "/{id}", RenewalCtrl::get, Roles(Role.Explicit("ROLE_FLEET_VIEW", "ROLE_FLEET_CREATE")) - ) - put("/{id}", RenewalCtrl::update, Roles(Role.Explicit("ROLE_FLEET_CREATE"))) - post( - "/getAll", RenewalCtrl::getAll, Roles(Role.Explicit("ROLE_FLEET_CREATE", "ROLE_FLEET_VIEW")) - ) - delete("/{id}", RenewalCtrl::delete, Roles(Role.Explicit("ROLE_FLEET_CREATE"))) - } - path("/reminder") { - post("", ReminderCtrl::create, Roles(Role.Explicit("ROLE_REMINDER_CREATE"))) - get( - "/{id}", ReminderCtrl::get, Roles(Role.Explicit("ROLE_REMINDER_VIEW", "ROLE_REMINDER_CREATE")) - ) - put("/{id}", ReminderCtrl::update, Roles(Role.Explicit("ROLE_REMINDER_CREATE"))) - post( - "/getAll", ReminderLogCtrl::getAll, Roles(Role.Explicit("ROLE_REMINDER_CREATE", "ROLE_REMINDER_VIEW")) - ) - post( - "/done", ReminderLogCtrl::done, Roles(Role.Explicit("ROLE_REMAINDER_CREATE")) - ) - get( - "/getAll/{id}", ReminderCtrl::getAllByFleetId, Roles(Role.Explicit("ROLE_REMINDER_CREATE", "ROLE_REMINDER_VIEW")) - ) - delete( - "/{id}", ReminderCtrl::delete, Roles(Role.Explicit("ROLE_REMINDER_CREATE")) - ) - } - path("/vehicle") { - post("", VehicleCtrl::create, Roles(Role.Explicit("ROLE_FLEET_CREATE"))) - get( - "/{id}", VehicleCtrl::get, Roles(Role.Explicit("ROLE_FLEET_VIEW", "ROLE_FLEET_CREATE")) - ) - put("/{id}", VehicleCtrl::update, Roles(Role.Explicit("ROLE_FLEET_CREATE"))) - post( - "/getAll", VehicleCtrl::getAll, Roles(Role.Explicit("ROLE_FLEET_CREATE", "ROLE_FLEET_VIEW")) - ) - } - path("/fleetType") { - post("", FleetTypeCtrl::create, Roles(Role.Explicit("ROLE_FLEET_CREATE"))) - get( - "/{id}", FleetTypeCtrl::get, Roles(Role.Explicit("ROLE_FLEET_VIEW", "ROLE_FLEET_CREATE")) - ) - put("/{id}", FleetTypeCtrl::update, Roles(Role.Explicit("ROLE_FLEET_CREATE"))) - post( - "/getAll", FleetTypeCtrl::getAll, Roles(Role.Explicit("ROLE_FLEET_CREATE", "ROLE_FLEET_VIEW")) - ) - } - path("/po") { - get("/next", PurchaseOrderCtrl::getNextNum, Roles(Role.Explicit("ROLE_PO_CREATE"))) - post("", PurchaseOrderCtrl::create, Roles(Role.Explicit("ROLE_PO_CREATE"))) - post("/batch", PurchaseOrderCtrl::createBatch, Roles(Role.Explicit("ROLE_PO_CREATE"))) - post( - "/getAll", PurchaseOrderCtrl::getAll, Roles(Role.Explicit("ROLE_PO_CREATE", "ROLE_PO_VIEW", "ROLE_VENDOR_CREATE")) - ) - get( - "/{id}", PurchaseOrderCtrl::get, Roles(Role.Explicit("ROLE_PO_CREATE", "ROLE_PO_VIEW", "ROLE_QUOTE_CREATE")) - ) - put("/{id}", PurchaseOrderCtrl::update, Roles(Role.Explicit("ROLE_PO_CREATE"))) - put("/approve/{id}", PurchaseOrderCtrl::approve, Roles(Role.Explicit())) - put("/reject/{id}", PurchaseOrderCtrl::reject, Roles(Role.Explicit())) - get("/refQuote/{id}", PurchaseOrderCtrl::quoteReference, Roles(Role.Explicit("ROLE_PO_CREATE"))) - } - path("/quote") { - get("/next", QuotationCtrl::getNextNum, Roles(Role.Explicit("ROLE_QUOTE_CREATE"))) - post("", QuotationCtrl::create, Roles(Role.Explicit("ROLE_QUOTE_CREATE"))) - post("/batch", QuotationCtrl::createBatch, Roles(Role.Explicit("ROLE_QUOTE_CREATE"))) - post( - "/getAll", QuotationCtrl::getAll, Roles(Role.Explicit("ROLE_QUOTE_CREATE", "ROLE_QUOTE_VIEW")) - ) - get("/{id}", QuotationCtrl::get, Roles(Role.Explicit("ROLE_QUOTE_VIEW", "ROLE_QUOTE_CREATE"))) - put("/{id}", QuotationCtrl::update, Roles(Role.Explicit("ROLE_QUOTE_CREATE"))) - delete("/{id}", QuotationCtrl::delete, Roles(Role.Explicit("ROLE_QUOTE_CREATE"))) - } - path("/product") { - post("", ProductCtrl::create, Roles(Role.Explicit("ROLE_PRODUCT_CREATE"))) - put("/{id}", ProductCtrl::update, Roles(Role.Explicit("ROLE_PRODUCT_CREATE"))) - delete("/{id}", ProductCtrl::delete, Roles(Role.Explicit("ROLE_PRODUCT_CREATE"))) - patch("/{id}", ProductCtrl::patch, Roles(Role.Explicit("ROLE_PRODUCT_CREATE"))) - post("/getAll", ProductCtrl::getAll, Roles(Role.Explicit("ROLE_PRODUCT_VIEW"))) - get("/{id}", ProductCtrl::get, Roles(Role.Explicit("ROLE_PRODUCT_VIEW"))) - } - path("/doc") { - post("", DocumentCtrl::create, Roles(Role.Explicit("ROLE_DOC_CREATE"))) - //why type and refid are clubbed ?? - get( - "/{type}/{refId}", DocumentCtrl::getWithRefId, Roles(Role.Explicit("ROLE_DOC_VIEW", "ROLE_PRODUCT_CREATE")) - ) - get("/{id}", DocumentCtrl::get, Roles(Role.Explicit("ROLE_DOC_VIEW", "ROLE_PRODUCT_CREATE"))) - get( - "/print/{id}", DocumentCtrl::print, Roles(Role.Explicit("ROLE_DOC_CREATE", "ROLE_DOC_VIEW")) - ) - delete("/{id}", DocumentCtrl::delete, Roles(Role.Explicit("ROLE_DOC_CREATE"))) - } - path("/reqForQuote") { - post( - "", RequestForQuote::create, Roles(Role.Explicit("ROLE_QUOTE_CREATE", "ROLE_PO_CREATE", "ROLE_RFQ_CREATE")) - ) - get( - "/{id}", RequestForQuote::get, Roles(Role.Explicit("ROLE_RFQ_CREATE", "ROLE_RFQ_VIEW", "ROLE_QUOTE_VIEW", "ROLE_PO_VIEW")) - ) - put( - "/{id}", RequestForQuote::update, Roles(Role.Explicit("ROLE_QUOTE_CREATE", "ROLE_PO_CREATE", "ROLE_RFQ_CREATE")) - ) - } - } - post("/script/database/{name}", Entities::executeStoredProcedure, Roles(adminRole, Role.DbOps)) - post("/script/{file}/{name}", Entities::executeScript, Roles(adminRole, Role.DbOps)) - - get("/{entity}/{id}", Entities::view, Roles(adminRole, viewRole)) - post("/{entity}/query/{id}", Entities::sqlQueryById, Roles(adminRole, viewRole)) - post("/{entity}/query", Entities::sqlQueryRaw, Roles(adminRole, viewRole)) - post("/{entity}", Entities::create, Roles(adminRole, createRole)) - - put("/{entity}/approve/{id}", Entities::approve, Roles(adminRole, approveOrRejectRole)) - put("/{entity}/reject/{id}", Entities::reject, Roles(adminRole, approveOrRejectRole)) - put("/{entity}/{action}/{id}", Entities::action, Roles(adminRole, Role.Entity)) - - put("/{entity}/{id}", Entities::update, Roles(adminRole, updateRole)) - patch("/{entity}/{id}", Entities::patch, Roles(adminRole, updateRole)) - delete("/{entity}/{id}", Entities::delete, Roles(adminRole, Role.Standard(Action.DELETE))) - } - }.exception(DuplicateKeyException::class.java, Exceptions.dupKeyExceptionHandler).exception(DataIntegrityException::class.java, Exceptions.dataIntegrityException) - .exception(DataNotFoundException::class.java, Exceptions.dataNotFoundException).exception(IllegalArgumentException::class.java, Exceptions.illegalArgumentException) - .exception(JsonMappingException::class.java, Exceptions.jsonMappingException).exception(InvalidJwtException::class.java, Exceptions.invalidJwtException) - .start(appConfig.portNumber()) + put("/{entity}/{id}", Entities::update, Roles(adminRole, updateRole)) + patch("/{entity}/{id}", Entities::patch, Roles(adminRole, updateRole)) + delete("/{entity}/{id}", Entities::delete, Roles(adminRole, Role.Standard(Action.DELETE))) + } + }.exception(DuplicateKeyException::class.java, Exceptions.dupKeyExceptionHandler) + .exception(DataIntegrityException::class.java, Exceptions.dataIntegrityException) + .exception(DataNotFoundException::class.java, Exceptions.dataNotFoundException) + .exception(IllegalArgumentException::class.java, Exceptions.illegalArgumentException) + .exception(JsonMappingException::class.java, Exceptions.jsonMappingException) + .exception(InvalidJwtException::class.java, Exceptions.invalidJwtException).start(appConfig.portNumber()) } private fun Context.getAuthHeader() = header("Authorization")?.replace("Bearer ", "")?.replace("Bearer: ", "")?.trim()