Deletion security

src/participation-hub/business-logic-microservice/app/configs/routes.yml

@@ -5,7 +5,7 @@ paths:
   /use-cases:
     post:
       security:
-        - JwtRegular: []
+        - JwtAdmin: []
       operationId: "routes.use_case.add"
       tags: 
         - "Use-Cases"
@@ -46,9 +46,18 @@ paths:
         - "Use-Cases"
       summary: "Delete all Use-Cases"
       description: "Delete all Use-Cases"
+      parameters:
+        - name: "confirmation"
+          desciption: "'yes' to confirm deletion"
+          in: "query"
+          required: true
+          schema:
+            type: "string"
       responses:
         '200':
           description: "Successful Request"
+        '403':
+          description: "Confirmation required"
   #####
   # TABLES
   #####
@@ -66,15 +75,24 @@ paths:
           description: "Successful Request"
     delete:
       security:
-        - JwtRegular: []
+        - JwtAdmin: []
       operationId: "routes.tables.delete_all"
       tags:
         - "Tables"
       summary: "Delete all Tables"
       description: "Delete all Tables"
+      parameters:
+        - name: "confirmation"
+          desciption: "'yes' to confirm deletion"
+          in: "query"
+          required: true
+          schema:
+            type: "string"
       responses:
         '200':
           description: "Successful Request"
+        '403':
+          description: "Confirmation required"
   /use-cases/{use_case}/tables:
     get:
       security:
@@ -95,7 +113,7 @@ paths:
           description: "Successful Request"
     post:
       security:
-        - JwtRegular: []
+        - JwtAdmin: []
       operationId: "routes.tables.add_complete"
       tags:
         - "Tables"
@@ -131,15 +149,23 @@ paths:
           description: "Name of the Use-Case the Table belongs to"
           required: true
           type: "string"
+        - name: "confirmation"
+          desciption: "'yes' to confirm deletion"
+          in: "query"
+          required: true
+          schema:
+            type: "string"
       responses:
         '200':
           description: "Successful Request"
         '400':
           description: "Table with the name already exists or missing fields in the request."
+        '403':
+          description: "Confirmation required"
   /use-cases/{use_case}/tables/{name}/mapping:
     put:
       security:
-        - JwtRegular: []
+        - JwtAdmin: []
       operationId: "routes.tables.put_mapping"
       tags:
         - "Tables"
@@ -193,12 +219,21 @@ paths:
         - "Layers"
       summary: "Delete all Layers from the DB"
       description: "Delete all Layers from the DB"
+      parameters:
+        - name: "confirmation"
+          desciption: "'yes' to confirm deletion"
+          in: "query"
+          required: true
+          schema:
+            type: "string"
       responses:
         '200':
           description: "Successful Request"
+        '403':
+          description: "confirmation required"
     post:
       security:
-        - JwtRegular: []
+        - JwtAdmin: []
       operationId: "routes.layer.add_complete"
       tags:
         - "Layers"
@@ -243,7 +278,7 @@ paths:
   /use-cases/{use_case}/tables/{table}/layers/{name}/cluster-mapping:
     put:
       security:
-        - JwtRegular: []
+        - JwtAdmin: []
       operationId: "routes.layer.add_cluster_mapping"
       tags:
         - "Layers"
@@ -284,7 +319,7 @@ paths:
           description: "Field in request is missing or attribute does not exist in the Layer"
     delete:
       security:
-        - JwtRegular: []
+        - JwtAdmin: []
       operationId: "routes.layer.delete_cluster_mapping"
       tags:
         - "Layers"
@@ -316,6 +351,12 @@ paths:
                 type: string
                 example: "end_time"
                 description: "Internal name of the attribute"
+        - name: "confirmation"
+          desciption: "'yes' to confirm deletion"
+          in: "query"
+          required: true
+          schema:
+            type: "string"
       responses:
         '200':
           description: "Successful Request"
@@ -323,6 +364,8 @@ paths:
           description: "Layer does not exist"
         '400':
           description: "Field in request is missing or attribute does not exist in the Layer"
+        '403':
+          description: "Confirmation required"
   /use-cases/{use_case}/layers:
     get:
       security:
@@ -375,7 +418,7 @@ paths:
           description: "Layer does not exist"
     delete:
       security:
-        - JwtRegular: []
+        - JwtAdmin: []
       operationId: "routes.layer.delete_one"
       tags:
         - "Layers"
@@ -397,15 +440,23 @@ paths:
           description: "Name of the Layer"
           required: true
           type: "string"
+        - name: "confirmation"
+          desciption: "'yes' to confirm deletion"
+          in: "query"
+          required: true
+          schema:
+            type: "string"
       responses:
         '200':
           description: "Successful Request"
         '404':
           description: "Layer does not exist"
+        '403':
+          description: "Confirmation required"
   /use-cases/{use_case}/layers/{name}/mapping:
     put:
       security:
-        - JwtRegular: []
+        - JwtAdmin: []
       operationId: "routes.layer.add_mapping"
       tags:
         - "Layers"
@@ -458,6 +509,12 @@ paths:
           required: true
           schema:
             $ref: '#/definitions/LayerMapping'
+        - name: "confirmation"
+          desciption: "'yes' to confirm deletion"
+          in: "query"
+          required: true
+          schema:
+            type: "string"
       responses:
         '200':
           description: "Successful Request"
@@ -465,6 +522,8 @@ paths:
           description: "Layer does not exist"
         '400':
           description: "Field in request is missing"
+        '403':
+          description: "Confirmation required"
 
 definitions:
   LayerMapping:

src/participation-hub/business-logic-microservice/app/routes/layer.py

@@ -16,10 +16,16 @@ def all():
     return [layer.to_serializable_dict() for layer in layer_repository.all()]
 
 
-def delete_all_layers():
+def delete_all_layers(confirmation: str):
     '''
     delete all layers from the DB
+
+    @params:
+        confirmation    - Required : "yes" to confirm deletion
     '''
+    if confirmation != "yes"
+        return Response(status=403)
+
     layer_repository.delete_all()
     return Response(status=200)
 
@@ -142,7 +148,7 @@ def one(use_case: str, table: str, name: str):
 
     return Response(status=200, response=json.dumps(layer.to_serializable_dict()))
 
-def delete_mapping(use_case: str, table: str, name: str):
+def delete_mapping(use_case: str, table: str, name: str, confirmation: str):
     '''
     delete a mapping from the layer identified by the internal representation
 
@@ -150,6 +156,7 @@ def delete_mapping(use_case: str, table: str, name: str):
         use_case    - Required : String-identifier for the Use-Case the Layer belongs to
         table       - Required : unique identifier of the Table the Layer belongs to
         name        - Required : unique identifier for the Layer
+        confirmation- Required : "yes" to confirm deletion
     '''
     use_case_repository.put(use_case)
 
@@ -206,7 +213,7 @@ def add_mapping(name: str, table: str, use_case: str):
 
     return Response(status=200)
 
-def delete_one(use_case: str, table: str, name: str):
+def delete_one(use_case: str, table: str, name: str, confirmation: str):
     '''
     delete a layer and all its mappings from the Db
 
@@ -214,8 +221,11 @@ def delete_one(use_case: str, table: str, name: str):
         use_case    - Required : String-identifier for the Use-Case the Layer belongs to
         table       - Required : unique identifier of the Table the Layer belongs to
         name        - Required : unique identifier for the Layer
+        confirmation- Required : "yes" to confirm deletion
     '''
-    
+    if confirmation != "yes"
+        return Response(status=403)
+
     layer = layer_repository.one(name, use_case, table)
 
     if layer == None:

src/participation-hub/business-logic-microservice/app/routes/tables.py

@@ -51,10 +51,18 @@ def add_complete(use_case: str):
 
     return Response(status=200)
 
-def delete_all_for_use_case(use_case: str):
+def delete_all_for_use_case(use_case: str, confirmation: str):
+
+    if confirmation != "yes"
+        return Response(status=403)
+
     table_repository.delete_for_use_case(use_case)
     return Response(status=200)
 
 def delete_all():
+
+    if confirmation != "yes"
+        return Response(status=403)
+
     table_repository.delete_all()
     return Response(status=200)
\ No newline at end of file

src/participation-hub/business-logic-microservice/app/routes/use_case.py

@@ -15,7 +15,11 @@ repository = Repository()
 def all():
     return [use_case.to_serializable_dict() for use_case in use_case_repository.all()]
 
-def delete_all():
+def delete_all(confirmation: str):
+
+    if confirmation != "yes"
+        return Response(status=403)
+        
     use_case_repository.delete_all()
     repository.delete_all()
     table_repository.delete_all()

src/rest-gateway/app/routes/blockchain_trace.py

@@ -17,4 +17,4 @@ def receive():
 
 def isBlockchainTraceValid(trace) -> bool:
     # different for every use case, no global schema
-    return 'ApplicationType' in trace 
+    return 'ApplicationType' in trace and 'docType' in trace

src/rest-gateway/app/routes/user.py

@@ -52,7 +52,7 @@ def delete(username):
 
         return Response(status = 204)
     except ValueError as e:
-        # return 400 if the user already exists
+        # return 400 if the user does not exist
         return Response(status = 400, response=str(e))
 
 def add():