commit e28cdd94545494f19d5620ed841cf76ac1e18ca4
author margaretha <margaretha@ids-mannheim.de> Tue Mar 29 09:42:08 2022 +0200
committer margaretha <margaretha@ids-mannheim.de> Tue Mar 29 09:42:08 2022 +0200
tree e6e0833328f68fcb949c91a88e8247613221bddf
parent 74110b732f35e83308e286f1708612322df93c5b

Updated and moved updateClientPrivilege API to OAuth2AdminController

Change-Id: I43dbf4dd2fd867cbdc91544d87333ab484bb48f7

full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2AdminController.java

diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2AdminController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2AdminController.java
index 1d1ce6a..7249312 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2AdminController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2AdminController.java
@@ -1,7 +1,11 @@
 package de.ids_mannheim.korap.web.controller;
 
+import javax.ws.rs.Consumes;
+import javax.ws.rs.FormParam;
+import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.SecurityContext;
 
@@ -48,4 +52,41 @@
         }
         return Response.ok().build();
     }
+
+    /**
+     * Facilitates editing client privileges for admin purposes, e.g.
+     * setting a specific client to be a super client.
+     * Only confidential clients are allowed to be super clients.
+     * 
+     * When upgrading clients to super clients, existing access tokens
+     * and authorization codes retain their scopes.
+     * 
+     * When degrading super clients, all existing tokens and
+     * authorization codes are invalidated.
+     * 
+     * @param securityContext
+     * @param clientId
+     *            OAuth2 client id
+     * @param super
+     *            true indicating super client, false otherwise
+     * @return Response status OK, if successful
+     */
+    @POST
+    @Path("client/privilege")
+    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+    public Response updateClientPrivilege (
+            @Context SecurityContext securityContext,
+            @FormParam("client_id") String clientId,
+            @FormParam("super") String isSuper) {
+        TokenContext context =
+                (TokenContext) securityContext.getUserPrincipal();
+        try {
+            scopeService.verifyScope(context, OAuth2Scope.ADMIN);
+            adminService.updatePrivilege(clientId, Boolean.valueOf(isSuper));
+            return Response.ok("SUCCESS").build();
+        }
+        catch (KustvaktException e) {
+            throw responseHandler.throwit(e);
+        }
+    }
 }