How to set automatically assigned values and enforce that they do not change?

Petter Reinholdtsen pere at hungry.com
Thu Jun 15 10:20:04 CEST 2017


[Petter Reinholdtsen]
> So my question is simply - is this the correct approach to set the
> value automatically and ensure it never is modified by a API client?

Note, when I tested this approach, runtest complained what PUT no longer
worked.  Not quite sure how to hit the create path but not the update
path.  Guidence would be most welcome. :)

This is the patch I am using.

diff --git a/core-webapp/src/main/java/no/arkivlab/hioa/nikita/webapp/service/impl/DocumentDescriptionService.java b/core-webapp/src/main/java/no/arkivlab/hioa/nikita/webapp/service/impl/DocumentDescriptionService.java
index ac7abb1..992383c 100644
--- a/core-webapp/src/main/java/no/arkivlab/hioa/nikita/webapp/service/impl/DocumentDescriptionService.java
+++ b/core-webapp/src/main/java/no/arkivlab/hioa/nikita/webapp/service/impl/DocumentDescriptionService.java
@@ -4,6 +4,7 @@ import nikita.model.noark5.v4.DocumentDescription;
 import nikita.model.noark5.v4.DocumentObject;
 import nikita.repository.n5v4.IDocumentDescriptionRepository;
 import nikita.util.exceptions.NoarkEntityNotFoundException;
+import nikita.util.exceptions.NikitaMalformedInputDataException;
 import no.arkivlab.hioa.nikita.webapp.service.interfaces.IDocumentDescriptionService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -13,6 +14,7 @@ import org.springframework.data.domain.Sort;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
+import static nikita.config.N5ResourceMappings.DOCUMENT_DESCRIPTION_ASSOCIATION_DATE;
 
 import javax.persistence.EntityManager;
 import javax.persistence.Query;
@@ -69,11 +71,17 @@ public class DocumentDescriptionService implements IDocumentDescriptionService {
 
     public DocumentDescription save(DocumentDescription documentDescription){
         String username = SecurityContextHolder.getContext().getAuthentication().getName();
+        Date now = new Date();
+       if (null != documentDescription.getAssociationDate()) {
+           String msg = "Setting " + DOCUMENT_DESCRIPTION_ASSOCIATION_DATE + " is not permitted.";
+            throw new NikitaMalformedInputDataException(msg);
+       }
         documentDescription.setSystemId(UUID.randomUUID().toString());
-        documentDescription.setCreatedDate(new Date());
+        documentDescription.setCreatedDate(now);
         documentDescription.setOwnedBy(username);
         documentDescription.setCreatedBy(username);
         documentDescription.setDeleted(false);
+        documentDescription.setAssociationDate(now);
         return documentDescriptionRepository.save(documentDescription);
     }
 
@@ -378,6 +386,12 @@ public class DocumentDescriptionService implements IDocumentDescriptionService {
             existingDocumentDescription.setDocumentNumber(incomingDocumentDescription.getDocumentNumber());
         }
 
+       // Reject changes to values we are not allowed to modify
+       if (existingDocumentDescription.getAssociationDate() != incomingDocumentDescription.getAssociationDate()) {
+           String msg = "Modifying " + DOCUMENT_DESCRIPTION_ASSOCIATION_DATE + " is not permitted.";
+            throw new NikitaMalformedInputDataException(msg);
+       }
+
         existingDocumentDescription.setVersion(version);
         documentDescriptionRepository.save(existingDocumentDescription);
         return existingDocumentDescription;
-- 
Happy hacking
Petter Reinholdtsen


More information about the nikita-noark mailing list