Feature/user group at entity v2 (#383)

* Make OData operations/entities user group restrictable

* Enable copy with user group restriction

* Enable copy of complex properties

* Switch to lazy loading cache

* Declared properties via cache

* Finalize entity type

* Description Property via cache and visibility @ EdmEntityType

* Update dependency

Author: wog48

additionalWords.directory

@@ -76,3 +76,4 @@ x
 y
 esc
 Clob
+Restrictable

jpa/odata-jpa-annotation/src/main/java/com/sap/olingo/jpa/metadata/core/edm/annotation/EdmAction.java

@@ -72,4 +72,9 @@
    * @return
    */
   String entitySetPath() default "";
+
+  /**
+   * Restrict the access to the action to the give user groups. Default is unrestricted access.
+   */
+  EdmVisibleFor visibleFor() default @EdmVisibleFor;
 }

jpa/odata-jpa-annotation/src/main/java/com/sap/olingo/jpa/metadata/core/edm/annotation/EdmEntityType.java

@@ -37,4 +37,5 @@
    */
   Class<? extends EdmQueryExtensionProvider> extensionProvider() default EdmQueryExtensionProvider.class;
 
+  EdmVisibleFor visibleFor() default @EdmVisibleFor;
 }

jpa/odata-jpa-annotation/src/main/java/com/sap/olingo/jpa/metadata/core/edm/annotation/EdmFunction.java

@@ -9,7 +9,8 @@
 /**
  * Metadata of a function, see <a href =
  * "http://docs.oasis-open.org/odata/odata/v4.0/errata02/os/complete/part3-csdl/odata-v4.0-errata02-os-part3-csdl-complete.html#_Toc406398010">
- * edm:Function.</a><p>
+ * edm:Function.</a>
+ * <p>
  * @author Oliver Grande
  *
  */
@@ -42,7 +43,8 @@
     EdmGeospatial srid() default @EdmGeospatial();
 
     /**
-     * Define the return type for the function import.<p>
+     * Define the return type for the function import.
+     * <p>
      *
      * @return Class of java parameter (row) type. This can be either a simple type like <code> Integer.class</code> or
      * the POJO defining an Entity. If the type is not set and the
@@ -68,13 +70,15 @@
   String functionName() default "";
 
   /**
-   * Indicates that the Function is bound. <p>
+   * Indicates that the Function is bound.
+   * <p>
    * If isBound is false a function is treated as <i>unbound</i>, so it can be accessed either via a Function Import or
    * be used in <i>filter</i> or <i>orderby</i> expression. Otherwise the function is treated as bound.
    * For details see:
    * <a href =
    * "http://docs.oasis-open.org/odata/odata/v4.0/errata02/os/complete/part3-csdl/odata-v4.0-errata02-os-part3-csdl-complete.html#_Toc406398013"
-   * />OData Version 4.0 Part 3 - 12.2.2 Attribute IsBound</a> <p>
+   * />OData Version 4.0 Part 3 - 12.2.2 Attribute IsBound</a>
+   * <p>
    * <b>If the function is java based isBound is ignored and always set to false</b>
    * @return
    */
@@ -84,8 +88,10 @@
    * Indicates that a Function Import shall be generated into the Container. For details see:
    * <a href =
    * "http://docs.oasis-open.org/odata/odata/v4.0/errata02/os/complete/part3-csdl/odata-v4.0-errata02-os-part3-csdl-complete.html#_Toc406398042"
-   * />OData Version 4.0 Part 3 - 13.6 Element edm:FunctionImport</a> <p>
-   * hasFunctionImport is handled as follows:<p>
+   * />OData Version 4.0 Part 3 - 13.6 Element edm:FunctionImport</a>
+   * <p>
+   * hasFunctionImport is handled as follows:
+   * <p>
    * <ol>
    * <li>For <b>bound</b> functions hasFunctionImport is always treated as <b>false</b></li>
    * <li>For <b>unbound</b> functions in case hasFunctionImport is <b>true</b> a function import is generated, which
@@ -107,7 +113,8 @@
    * <p>
    * <a href =
    * "http://docs.oasis-open.org/odata/odata/v4.0/errata02/os/complete/part3-csdl/odata-v4.0-errata02-os-part3-csdl-complete.html#_Toc406398015"
-   * />OData Version 4.0 Part 3 - 13.6 Element edm:FunctionImport</a> <p>
+   * />OData Version 4.0 Part 3 - 13.6 Element edm:FunctionImport</a>
+   * <p>
    *
    */
   String entitySetPath() default "";
@@ -118,4 +125,9 @@
    * @return return type of this function
    */
   ReturnType returnType();
+
+  /**
+   * Restrict the access to the function to the give user groups. Default is unrestricted access.
+   */
+  EdmVisibleFor visibleFor() default @EdmVisibleFor;
 }

jpa/odata-jpa-annotation/src/main/java/com/sap/olingo/jpa/metadata/core/edm/annotation/EdmVisibleFor.java

@@ -7,24 +7,28 @@
 import java.lang.annotation.Target;
 
 /**
- * The annotation can be used to assign attributes or properties to field or visibility groups. In case such a group is
- * provided during a GET request all properties that are assigned to that group and all properties that are assigned to
- * no group, or in other words that are not annotated, get selected. For properties that belong to another group are
- * requested, a null value is returned.
+ * The annotation can be used to assign on the one hand attributes or properties and n the other hand entities to user
+ * or visibility groups.
+ * <ul>
+ * <li>In case an entity is annotated, the entity and navigation targeting the entity are only visible and accessible if
+ * one of the given groups are available.</li>
+ * <li>In case an attribute is annotated and such a group is provided during a GET request all properties that are
+ * assigned to that group and all properties that are assigned to no group, or in other words that are not annotated,
+ * get selected. For properties that belong to another group are requested, a null value is returned.
  * <p>
  *
- * <b>Note:</b> Keys, mandatory fields as well as association or navigation properties can not be annotated
- *
+ * <b>Note:</b> Keys, mandatory fields as well as association or navigation properties can not be annotated</li>
+ * </ul>
  * @author Oliver Grande
  *
  */
 @Retention(RUNTIME)
-@Target(FIELD)
+@Target({ FIELD })
 public @interface EdmVisibleFor {
   /**
-   * List of field groups an attribute or property belongs to.
+   * List of user groups an attribute or property or entity belongs to.
    * @return
    */
-  String[] value();
+  String[] value() default {};
 
 }

jpa/odata-jpa-metadata/src/main/java/com/sap/olingo/jpa/metadata/api/JPAEdmProvider.java

@@ -35,13 +35,14 @@
 import com.sap.olingo.jpa.metadata.core.edm.mapper.api.JPAEdmNameBuilder;
 import com.sap.olingo.jpa.metadata.core.edm.mapper.api.JPAServiceDocument;
 import com.sap.olingo.jpa.metadata.core.edm.mapper.exception.ODataJPAException;
+import com.sap.olingo.jpa.metadata.core.edm.mapper.exception.ODataJPAModelException;
 import com.sap.olingo.jpa.metadata.core.edm.mapper.impl.JPADefaultEdmNameBuilder;
 import com.sap.olingo.jpa.metadata.core.edm.mapper.impl.JPAServiceDocumentFactory;
 
 public class JPAEdmProvider extends CsdlAbstractEdmProvider {
-
   private final JPAEdmNameBuilder nameBuilder;
   private final JPAServiceDocument serviceDocument;
+  private final List<String> userGroups;
 
   // http://docs.oasis-open.org/odata/odata/v4.0/errata02/os/complete/part3-csdl/odata-v4.0-errata02-os-part3-csdl-complete.html#_Toc406397930
   public JPAEdmProvider(@Nonnull final String namespace, @Nonnull final EntityManagerFactory emf,
@@ -68,8 +69,27 @@ public JPAEdmProvider(final Metamodel jpaMetamodel, final JPAEdmMetadataPostProc
     super();
     this.nameBuilder = nameBuilder;
     // After this call either a schema exists or an exception has been thrown
-    this.serviceDocument = new JPAServiceDocumentFactory(nameBuilder, jpaMetamodel, postProcessor, packageName,
-        annotationProvider).getServiceDocument();
+    this.serviceDocument = new JPAServiceDocumentFactory().getServiceDocument(nameBuilder, jpaMetamodel, postProcessor,
+        packageName, annotationProvider);
+    this.userGroups = List.of();
+  }
+
+  private JPAEdmProvider(JPAEdmProvider source, List<String> userGroups) throws ODataJPAModelException {
+    this.nameBuilder = source.nameBuilder;
+    this.serviceDocument = new JPAServiceDocumentFactory().asUserGroupRestricted(source.serviceDocument, userGroups);
+    this.userGroups = userGroups;
+  }
+
+  public JPAEdmProvider asUserGroupRestricted(List<String> userGroups) {
+    try {
+      return new JPAEdmProvider(this, userGroups);
+    } catch (ODataJPAModelException e) {
+      throw new ODataJPAModelCopyException("Could not create restricted metadata", e);
+    }
+  }
+
+  List<String> getUserGroups() {
+    return userGroups;
   }
 
   /**
@@ -330,4 +350,5 @@ public JPAEdmNameBuilder getEdmNameBuilder() {
   protected final FullQualifiedName buildFQN(final String name) {
     return new FullQualifiedName(nameBuilder.getNamespace(), name);
   }
+
 }

jpa/odata-jpa-metadata/src/main/java/com/sap/olingo/jpa/metadata/api/ODataJPAModelCopyException.java

@@ -0,0 +1,12 @@
+package com.sap.olingo.jpa.metadata.api;
+
+import com.sap.olingo.jpa.metadata.core.edm.mapper.exception.ODataJPAModelException;
+
+public class ODataJPAModelCopyException extends RuntimeException {
+
+  private static final long serialVersionUID = -1695284009828517502L;
+
+  public ODataJPAModelCopyException(final String message, final ODataJPAModelException exception) {
+    super(message, exception);
+  }
+}

jpa/odata-jpa-metadata/src/main/java/com/sap/olingo/jpa/metadata/core/edm/mapper/api/JPAEntityType.java

@@ -8,7 +8,7 @@
 import com.sap.olingo.jpa.metadata.core.edm.annotation.EdmQueryExtensionProvider;
 import com.sap.olingo.jpa.metadata.core.edm.mapper.exception.ODataJPAModelException;
 
-public interface JPAEntityType extends JPAStructuredType, JPAAnnotatable {
+public interface JPAEntityType extends JPAStructuredType, JPAAnnotatable, JPAUserGroupRestrictable {
   /**
    * Searches for a Collection Property defined by the name used in the OData metadata in all the collection properties
    * that are available for this type via the OData service. That is:
@@ -25,7 +25,7 @@ public interface JPAEntityType extends JPAStructuredType, JPAAnnotatable {
 
   /**
    *
-   * @return Mime type of streaming content
+   * @return Mime type of streaming content. Empty if no stream property exists
    * @throws ODataJPAModelException
    */
   public String getContentType() throws ODataJPAModelException;
@@ -78,6 +78,7 @@ public interface JPAEntityType extends JPAStructuredType, JPAAnnotatable {
   /**
    *
    * @return Name of the database table. The table name is composed from schema name and table name
+   * @throws ODataJPAModelException
    */
   public String getTableName();
 

jpa/odata-jpa-metadata/src/main/java/com/sap/olingo/jpa/metadata/core/edm/mapper/api/JPAOperation.java

@@ -2,7 +2,7 @@
 
 import org.apache.olingo.commons.api.edm.provider.CsdlReturnType;
 
-public interface JPAOperation extends JPAElement {
+public interface JPAOperation extends JPAElement, JPAUserGroupRestrictable {
   /**
    *
    * @return The return or result parameter of the function

jpa/odata-jpa-metadata/src/main/java/com/sap/olingo/jpa/metadata/core/edm/mapper/api/JPAStructuredType.java

@@ -152,9 +152,10 @@ public Optional<JPAAttribute> getAttribute(@Nonnull final UriResourceProperty ur
    * Determines if the structured type has a super type, that will be part of OData metadata. That is, the method will
    * return null in case the entity has a MappedSuperclass.
    * @return Determined super type or null
+   * @throws ODataJPAModelException
    */
   @CheckForNull
-  public JPAStructuredType getBaseType();
+  public JPAStructuredType getBaseType() throws ODataJPAModelException;
 
-  public List<JPAPath> searchChildPath(final JPAPath selectItemPath);
+  public List<JPAPath> searchChildPath(final JPAPath selectItemPath) throws ODataJPAModelException;
 }