rest api for modifying/removing plugins + privilege type for that

model/src/main/java/lcsb/mapviewer/model/user/PrivilegeType.java

@@ -54,12 +54,17 @@ public enum PrivilegeType {
   /**
    * User can manage layouts of all users in the project.
    */
-  LAYOUT_MANAGEMENT(ObjectPrivilege.class, Project.class, "Manage overlays"), //
+  LAYOUT_MANAGEMENT(ObjectPrivilege.class, Project.class, "Manage overlays"),
 
   /**
    * User can manage reference genomes.
    */
-  MANAGE_GENOMES(BasicPrivilege.class, null, "Manage genomes");
+  MANAGE_GENOMES(BasicPrivilege.class, null, "Manage genomes"),
+
+  /**
+   * User can manage preferences
+   */
+  MANAGE_PLUGINS(BasicPrivilege.class, null, "Manage plugins");
 
   /**
    * Type of privilege (basic or privilege to the object).

rest-api/src/main/java/lcsb/mapviewer/api/plugins/PluginController.java

@@ -58,6 +58,15 @@ public class PluginController extends BaseController {
     return pluginRest.getPlugin(token, hash);
   }
 
+  @RequestMapping(value = "/plugins/{hash}", method = { RequestMethod.DELETE }, produces = {
+      MediaType.APPLICATION_JSON_VALUE })
+  public Map<String, Object> removePlugin(//
+      @CookieValue(value = Configuration.AUTH_TOKEN) String token, //
+      @PathVariable(value = "hash") String hash //
+  ) throws SecurityException, ObjectNotFoundException {
+    return pluginRest.removePlugin(token, hash);
+  }
+
   @RequestMapping(value = "/plugins/{hash}/data/users/{login}/{key}", method = { RequestMethod.POST }, produces = {
       MediaType.APPLICATION_JSON_VALUE })
   public Map<String, Object> createPluginDataEntry(//

rest-api/src/main/java/lcsb/mapviewer/api/plugins/PluginRestImpl.java

@@ -13,6 +13,7 @@ import lcsb.mapviewer.api.BaseRestImpl;
 import lcsb.mapviewer.api.ObjectNotFoundException;
 import lcsb.mapviewer.model.plugin.Plugin;
 import lcsb.mapviewer.model.plugin.PluginDataEntry;
+import lcsb.mapviewer.model.user.PrivilegeType;
 import lcsb.mapviewer.model.user.User;
 import lcsb.mapviewer.persist.dao.plugin.PluginDao;
 import lcsb.mapviewer.persist.dao.plugin.PluginDataEntryDao;
@@ -28,10 +29,17 @@ public class PluginRestImpl extends BaseRestImpl {
   private PluginDataEntryDao pluginDataEntryDao;
 
   public Map<String, Object> createPlugin(String token, String hash, String name, String version, String url,
-      String isPublic) {
+      String isPublic) throws SecurityException {
+    if (isPublic.equalsIgnoreCase("true")) {
+      if (!getUserService().userHasPrivilege(token, PrivilegeType.MANAGE_PLUGINS)) {
+        throw new SecurityException("You have no privileges to manage plugins");
+      }
+    }
+
     Plugin plugin = pluginDao.getByHash(hash);
     if (plugin != null) {
       plugin.getUrls().add(url);
+      plugin.setPublic(plugin.isPublic() || isPublic.equalsIgnoreCase("true"));
       pluginDao.update(plugin);
     } else {
       plugin = new Plugin();
@@ -141,4 +149,18 @@ public class PluginRestImpl extends BaseRestImpl {
     return result;
   }
 
+  public Map<String, Object> removePlugin(String token, String hash) throws ObjectNotFoundException, SecurityException {
+    Plugin plugin = pluginDao.getByHash(hash);
+    if (!getUserService().userHasPrivilege(token, PrivilegeType.MANAGE_PLUGINS)) {
+      throw new SecurityException("You have no privileges to manage plugins");
+    }
+
+    if (plugin != null) {
+      plugin.setPublic(false);
+      pluginDao.update(plugin);
+    } else {
+      throw new ObjectNotFoundException("Plugin doesn't exist");
+    }
+    return getPlugin(token, hash);
+  }
 }

rest-api/src/test/java/lcsb/mapviewer/api/AllRestTests.java

@@ -9,15 +9,17 @@ import lcsb.mapviewer.api.convert.AllConvertTests;
 import lcsb.mapviewer.api.files.AllFileTests;
 import lcsb.mapviewer.api.genomics.AllGenomicsTests;
 import lcsb.mapviewer.api.mesh.AllMeshTests;
+import lcsb.mapviewer.api.plugins.AllPluginsTests;
 import lcsb.mapviewer.api.projects.AllProjectTests;
 import lcsb.mapviewer.api.users.AllUserTests;
 
 @RunWith(Suite.class)
 @SuiteClasses({ AllConfigurationTests.class, //
-	AllConvertTests.class, //
-	AllFileTests.class, //
+    AllConvertTests.class, //
+    AllFileTests.class, //
     AllGenomicsTests.class, //
     AllMeshTests.class, //
+    AllPluginsTests.class, //
     AllProjectTests.class, //
     AllUserTests.class,//
 })

rest-api/src/test/java/lcsb/mapviewer/api/plugins/AllPluginsTests.java

+package lcsb.mapviewer.api.plugins;
+
+import org.junit.runner.RunWith;
+import org.junit.runners.Suite;
+import org.junit.runners.Suite.SuiteClasses;
+
+@RunWith(Suite.class)
+@SuiteClasses({ PluginRestImplTest.class })
+public class AllPluginsTests {
+
+}

rest-api/src/test/java/lcsb/mapviewer/api/plugins/PluginRestImplTest.java

+package lcsb.mapviewer.api.plugins;
+
+import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import lcsb.mapviewer.api.RestTestFunctions;
+import lcsb.mapviewer.model.user.BasicPrivilege;
+import lcsb.mapviewer.model.user.PrivilegeType;
+import lcsb.mapviewer.model.user.User;
+
+public class PluginRestImplTest extends RestTestFunctions {
+
+  @Autowired
+  PluginRestImpl pluginRestImpl;
+
+  @Test(expected = lcsb.mapviewer.services.SecurityException.class)
+  public void testCreatePluginWithoutAccess() throws Exception {
+    pluginRestImpl.createPlugin(token, "x", "x", "x", "x", "true");
+  }
+
+  @Test
+  public void testCreatePlugin() throws Exception {
+    try {
+      User admin = userService.getUserByToken(adminToken);
+      userService.setUserPrivilege(admin, new BasicPrivilege(1, PrivilegeType.MANAGE_PLUGINS, admin));
+      pluginRestImpl.createPlugin(adminToken, "x", "x", "x", "x", "true");
+    } catch (Exception e) {
+      e.printStackTrace();
+      throw e;
+    }
+  }
+
+  @Test
+  public void testRemovePlugin() throws Exception {
+    try {
+      User admin = userService.getUserByToken(adminToken);
+      userService.setUserPrivilege(admin, new BasicPrivilege(1, PrivilegeType.MANAGE_PLUGINS, admin));
+      pluginRestImpl.createPlugin(adminToken, "x", "x", "x", "x", "true");
+      pluginRestImpl.removePlugin(adminToken, "x");
+    } catch (Exception e) {
+      e.printStackTrace();
+      throw e;
+    }
+  }
+
+}