eclipse-sw360 · nikkuma7 · Jan 16, 2025
@@ -112,6 +112,7 @@
 import org.eclipse.sw360.rest.resourceserver.vulnerability.Sw360VulnerabilityService;
 import org.eclipse.sw360.rest.resourceserver.vulnerability.VulnerabilityController;
 import org.jetbrains.annotations.NotNull;
+import org.jose4j.json.internal.json_simple.JSONObject;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.json.GsonJsonParser;
 import org.springframework.data.domain.Pageable;
@@ -130,6 +131,7 @@
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.util.FileCopyUtils;
 import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -199,6 +201,8 @@ public class ProjectController implements RepresentationModelProcessor<Repositor
     private static final List<String> enumMainlineStateValues = Stream.of(MainlineState.values())
             .map(MainlineState::name)
             .collect(Collectors.toList());
+    private static final ImmutableMap<String, String> RESPONSE_BODY_FOR_MODERATION_REQUEST_WITH_COMMIT = ImmutableMap.<String, String>builder()
+            .put("message", "Unauthorized user or empty commit message passed.").build();
 
     @NonNull
     private final Sw360ProjectService projectService;
@@ -3688,4 +3692,67 @@ public ResponseEntity<?> createDuplicateProjectWithDependencyNetwork(
             return true;
         };
     }
+
+    @Operation(
+            summary = "Add licenses to linked releases of a project.",
+            description = "This API adds license information to linked releases of a project by processing the approved CLI attachments for each release. It categorizes releases based on the number of CLI attachments (single, multiple, or none) and updates their main and other licenses accordingly.",
+            tags = {"Project"},
+                    parameters = {
+                            @Parameter(
+                                name = "projectId",
+                                description = "The ID of the project whose linked releases need license updates.",
+                                required = true,
+                                example = "12345",
+                                schema = @Schema(type = "string")
+                            )
+                        },
+            responses = {
+                    @ApiResponse(
+                            responseCode = "200",
+                            description = "License information successfully added to linked releases.",
+                            content = @Content(
+                            mediaType = "application/hal+json",
+                            schema = @Schema(type = "object", implementation = JSONObject.class),
+                            examples = @ExampleObject(
+                                     value = "{\"message\": \"License information successfully added to linked releases.\" }"
+                            )
+                        )
+                    ),
+                    @ApiResponse(
+                            responseCode = "500",
+                            description = "Error occurred while processing license information for linked releases.",
+                            content = @Content(
+                                mediaType = "application/json",
+                                examples = @ExampleObject(
+                                    value = "{\n  \"error\": \"Error adding license info to linked releases.\"\n}"
+                                )
+                            )
+                        )
+          }
+    )
+    @PostMapping(value = PROJECTS_URL + "/{id}/addLinkedRelesesLicenses")
+    public ResponseEntity<String> addLicenseToLinkedReleases(
+            @Parameter(description = "Project ID", example = "376576")
+            @PathVariable("id") String projectId) throws TException, TTransportException, ResourceClassNotFoundException {
+        try {
+            User sw360User = restControllerHelper.getSw360UserFromAuthentication();
+            Project project = projectService.getProjectForUserById(projectId, sw360User);
+
+            if (project == null) {
+                return ResponseEntity.status(HttpStatus.NOT_FOUND).body("Project not found.");
+            }
+
+            RequestStatus requestStatus = projectService.addLicenseToLinkedReleases(projectId, sw360User);
+
+            if (requestStatus == RequestStatus.SUCCESS) {
+                return ResponseEntity.ok("License information successfully added to linked releases.");
+            } else {
+                return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("Failed to add license information to linked releases.");
+            }
+        } catch (ResourceNotFoundException e) {
+            throw new ResourceClassNotFoundException(e.getMessage());
+        } catch (SW360Exception sw360Exp) {
+            throw new RuntimeException(sw360Exp.getWhy());
+        }
+    }
 }
@@ -24,6 +24,7 @@
 import org.eclipse.sw360.datahandler.common.SW360Utils;
 import org.eclipse.sw360.datahandler.common.ThriftEnumUtils;
 import org.eclipse.sw360.datahandler.common.WrappedException.WrappedTException;
+import org.eclipse.sw360.datahandler.permissions.PermissionUtils;
 import org.eclipse.sw360.datahandler.thrift.AddDocumentRequestStatus;
 import org.eclipse.sw360.datahandler.thrift.AddDocumentRequestSummary;
 import org.eclipse.sw360.datahandler.thrift.licenses.Obligation;
@@ -60,6 +61,7 @@
 import org.eclipse.sw360.datahandler.thrift.projects.ProjectProjectRelationship;
 import org.eclipse.sw360.datahandler.thrift.projects.ProjectRelationship;
 import org.eclipse.sw360.datahandler.thrift.users.User;
+import org.eclipse.sw360.datahandler.thrift.users.UserGroup;
 import org.eclipse.sw360.rest.resourceserver.Sw360ResourceServer;
 import org.eclipse.sw360.rest.resourceserver.core.AwareOfRestServices;
 import org.eclipse.sw360.rest.resourceserver.core.HalResource;
@@ -74,6 +76,7 @@
 import org.springframework.data.domain.Pageable;
 import org.springframework.data.rest.webmvc.ResourceNotFoundException;
 import org.springframework.hateoas.Link;
+import org.springframework.http.HttpStatus;
 import org.springframework.http.converter.HttpMessageNotReadableException;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.stereotype.Service;
@@ -1591,4 +1594,116 @@ public List<ReleaseLink> serveLinkedReleasesInDependencyNetworkByIndexPath(Strin
         ProjectService.Iface sw360ProjectClient = getThriftProjectClient();
         return sw360ProjectClient.getReleaseLinksOfProjectNetWorkByIndexPath(projectId, indexPath, sw360User);
     }
+
+    public RequestStatus addLicenseToLinkedReleases(String projectId, User sw360User)
+            throws TTransportException, TException {
+        if (PermissionUtils.isNormalUser(sw360User)) {
+            throw new AccessDeniedException("Adding license info to releases is disabled for normal users.");
+        }
+
+        try {
+            ProjectService.Iface projectClient = getThriftProjectClient();
+            LicenseInfoService.Iface licenseInfoClient = new ThriftClients().makeLicenseInfoClient();
+            ComponentService.Iface componentClient = new ThriftClients().makeComponentClient();
+
+            Project project = projectClient.getProjectById(projectId, sw360User);
+            if (project == null) {
+                log.error("Requested Project Not Found: " + projectId);
+                throw new ResourceNotFoundException("Project not available");
+            }
+
+            Set<String> releaseIds = CommonUtils.getNullToEmptyKeyset(project.getReleaseIdToUsage());
+            List<Release> releasesToUpdate = new ArrayList<>();
+
+            for (String releaseId : releaseIds) {
+                Release release = componentClient.getReleaseById(releaseId, sw360User);
+                if (release == null) {
+                    log.error("Release with ID " + releaseId + " not found.");
+                    continue;
+                }
+
+                Set<String> originalMainLicenses = release.getMainLicenseIds() == null ? new HashSet<>() : new HashSet<>(release.getMainLicenseIds());
+                Set<String> originalOtherLicenses = release.getOtherLicenseIds() == null ? new HashSet<>() : new HashSet<>(release.getOtherLicenseIds());
+
+                List<Attachment> approvedCliAttachments = SW360Utils.getApprovedClxAttachmentForRelease(release);
+                if (approvedCliAttachments.isEmpty()) {
+                    approvedCliAttachments = SW360Utils.getClxAttachmentForRelease(release);
+                }
+
+                boolean updated = false;
+                if (!approvedCliAttachments.isEmpty()) {
+                    updated = processSingleAttachment(approvedCliAttachments.get(0), release, licenseInfoClient, sw360User);
+                }
+
+                if (!updated && (!originalMainLicenses.equals(release.getMainLicenseIds()) || !originalOtherLicenses.equals(release.getOtherLicenseIds()))) {
+                    updated = true;
+                }
+
+                if (updated) {
+                    releasesToUpdate.add(release);
+                }
+            }
+
+            for (Release release : releasesToUpdate) {
+                log.info("Updating release: {}", release.getId());
+                componentClient.updateRelease(release, sw360User);
+            }
+
+            return RequestStatus.SUCCESS;
+
+        } catch (SW360Exception sw360Exp) {
+            if (sw360Exp.getErrorCode() == 404) {
+                throw new ResourceNotFoundException("Requested Project Not Found");
+            } else if (sw360Exp.getErrorCode() == 403) {
+                throw new AccessDeniedException("Project or its linked releases are restricted and not accessible.");
+            }
+            throw new RuntimeException("SW360 API error: " + sw360Exp.getMessage(), sw360Exp);
+        } catch (Exception e) {
+            throw new RuntimeException("Error processing linked releases for project: " + projectId, e);
+        }
+    }
+
+    private boolean processSingleAttachment(Attachment attachment, Release release,
+            LicenseInfoService.Iface licenseInfoClient, User sw360User) throws TTransportException, TException {
+
+        String attachmentName = attachment.getFilename();
+        Set<String> mainLicenses = new HashSet<>();
+        Set<String> otherLicenses = new HashSet<>();
+
+        List<LicenseInfoParsingResult> licenseInfoResults = licenseInfoClient.getLicenseInfoForAttachment(release,
+                attachment.getAttachmentContentId(), true, sw360User);
+
+        if (attachmentName.endsWith(SW360Constants.RDF_FILE_EXTENSION)) {
+            licenseInfoResults.forEach(result -> {
+                if (result.getLicenseInfo() != null) {
+                    mainLicenses.addAll(result.getLicenseInfo().getConcludedLicenseIds());
+                    otherLicenses.addAll(result.getLicenseInfo().getLicenseNamesWithTexts().stream()
+                            .map(LicenseNameWithText::getLicenseName).collect(Collectors.toSet()));
+                }
+            });
+            otherLicenses.removeAll(mainLicenses);
+        } else if (attachmentName.endsWith(SW360Constants.XML_FILE_EXTENSION)) {
+            licenseInfoResults.forEach(result -> {
+                if (result.getLicenseInfo() != null) {
+                    result.getLicenseInfo().getLicenseNamesWithTexts().forEach(license -> {
+                        if (SW360Constants.LICENSE_TYPE_GLOBAL.equals(license.getType())) {
+                            mainLicenses.add(license.getLicenseName());
+                        } else {
+                            otherLicenses.add(license.getLicenseName());
+                        }
+                    });
+                }
+            });
+        }
+
+        boolean isUpdated = !mainLicenses.equals(release.getMainLicenseIds()) || !otherLicenses.equals(release.getOtherLicenseIds());
+        if (isUpdated) {
+            log.debug("Updating licenses for release: {}", release.getId());
+            release.setMainLicenseIds(mainLicenses);
+            release.setOtherLicenseIds(otherLicenses);
+        } else {
+            log.debug("No changes detected for release: {}", release.getId());
+        }
+        return isUpdated;
+    }
 }
@@ -73,6 +73,8 @@
 import org.eclipse.sw360.rest.resourceserver.user.Sw360UserService;
 import org.eclipse.sw360.rest.resourceserver.vulnerability.Sw360VulnerabilityService;
 import org.hamcrest.Matchers;
+import org.jose4j.json.internal.json_simple.JSONArray;
+import org.jose4j.json.internal.json_simple.JSONObject;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -1660,7 +1662,6 @@ public void should_document_update_project_vulnerabilities() throws Exception {
                         responseFields(
                                 subsectionWithPath("_embedded.sw360:vulnerabilityDTOes.[]projectRelevance").description("The relevance of project of the vulnerability, possible values are: " + Arrays.asList(VulnerabilityRatingForProject.values())),
                                 subsectionWithPath("_embedded.sw360:vulnerabilityDTOes.[]intReleaseId").description("The release id"),
-                               // subsectionWithPath("_embedded.sw360:vulnerabilityDTOes.[]packageIds").description("The list of package IDs linked to the vulnerability."),
                                 subsectionWithPath("_embedded.sw360:vulnerabilityDTOes.[]comment").description("Any message to add while updating project vulnerabilities"),
                                 subsectionWithPath("_embedded.sw360:vulnerabilityDTOes.[]projectAction").description("The action of vulnerability"),
                                 subsectionWithPath("_embedded.sw360:vulnerabilityDTOes").description("An array of <<resources-vulnerabilities, Vulnerability resources>>"),
@@ -3285,4 +3286,15 @@ public void should_document_get_package_by_project_id() throws Exception {
                 .header("Authorization", TestHelper.generateAuthHeader(testUserId, testUserPassword))
                 .accept(MediaTypes.HAL_JSON)).andExpect(status().isOk());
     }
+
+    @Test
+    public void should_add_license_to_linked_releases() throws Exception {
+        String projectId = "1234567";
+        when(projectServiceMock.addLicenseToLinkedReleases(eq(projectId), any(User.class))).thenReturn(RequestStatus.SUCCESS);
+
+        MockHttpServletRequestBuilder requestBuilder = post("/api/projects/" + projectId + "/addLinkedRelesesLicenses")
+                .contentType(MediaType.APPLICATION_JSON)
+                .header("Authorization", TestHelper.generateAuthHeader(testUserId, testUserPassword));
+        this.mockMvc.perform(requestBuilder).andExpect(status().isOk()).andDo(this.documentationHandler.document());
+    }
 }