MeasureAuthoringTool · RohitKandimalla · Mar 27, 2025 · Mar 21, 2025 · Mar 21, 2025 · Mar 24, 2025
@@ -222,17 +222,25 @@ public ResponseEntity<List<AclSpecification>> updateAccessControl(
 
   @GetMapping("/measures/shared")
   public ResponseEntity<Map<String, List<SharedUser>>> getSharedMeasures(
-      HttpServletRequest request, @RequestParam(name = "measureIds") List<String> measureIds) {
-    return ResponseEntity.ok().body(measureService.getSharedMeasures(measureIds));
+      HttpServletRequest request,
+      @RequestParam(name = "measureIds") List<String> measureIds,
+      Principal principal) {
+    return ResponseEntity.ok()
+        .body(measureService.getSharedMeasures(measureIds, principal.getName()));
   }
 
   @PutMapping("/measures/shared")
   public ResponseEntity<Map<String, List<AclSpecification>>> shareMeasures(
       @RequestBody Map<String, List<String>> measureUserIdMap, Principal principal) {
-
     return ResponseEntity.ok(measureService.shareMeasures(measureUserIdMap, principal.getName()));
   }
 
+  @PutMapping("/measures/unshared")
+  public ResponseEntity<Map<String, List<AclSpecification>>> unshareMeasures(
+      @RequestBody Map<String, List<String>> measureUserIdMap, Principal principal) {
+    return ResponseEntity.ok(measureService.unshareMeasures(measureUserIdMap, principal.getName()));
+  }
+
   @PutMapping("/measures/{id}/ownership")
   @PreAuthorize("#request.getHeader('api-key') == #apiKey")
   public ResponseEntity<String> changeOwnership(

@@ -85,6 +85,11 @@ public void verifyAuthorization(String username, Measure measure, List<RoleEnum>
             ? measureSetService.findByMeasureSetId(measure.getMeasureSetId())
             : measure.getMeasureSet();
     if (measureSet == null) {
+      log.error(
+          "User [{}] called verifyAuthorization but failed because no measure set exists for "
+              + "measure with measure ID [{}]",
+          username,
+          measure.getId());
       throw new InvalidMeasureStateException(
           "No measure set exists for measure with ID " + measure.getId());
     }
@@ -105,6 +110,7 @@ private void verifyMeasureSetAuthorization(
                     acl ->
                         acl.getUserId().equalsIgnoreCase(username)
                             && acl.getRoles().stream().anyMatch(allowedRoles::contains)))) {
+      log.error("User {} is not authorized for {} with target ID {}", username, target, targetId);
       throw new UnauthorizedException(target, targetId, username);
     }
   }
@@ -408,8 +414,18 @@ public void checkVersionIdChanged(String changedVersionId, String originalVersio
 
   public List<AclSpecification> updateAccessControlList(
       String measureId, AclOperation aclOperation, String userName) {
+    log.info(
+        "User [{}] has called updateAccessControlList with measure ID [{}] and AclOperation [{}]",
+        userName,
+        measureId,
+        aclOperation.toString());
     Optional<Measure> persistedMeasure = measureRepository.findById(measureId);
     if (persistedMeasure.isEmpty()) {
+      log.error(
+          "User [{}] called updateAccessControlList but failed because the measure with measure "
+              + "ID [{}] does not exist.",
+          userName,
+          measureId);
       throw new ResourceNotFoundException("Measure does not exist: " + measureId);
     }
 
@@ -418,20 +434,37 @@ public List<AclSpecification> updateAccessControlList(
         measureSetService.updateMeasureSetAcls(measure.getMeasureSetId(), aclOperation, userName);
     actionLogService.logAction(
         measureId, Measure.class, ActionType.UPDATED, userName, "ACL updated successfully");
+    log.info(
+        "User [{}] successfully called updateAccessControlList with measure ID [{}] and "
+            + "AclOperation [{}]. The AclSpecification is now [{}]",
+        userName,
+        measureId,
+        aclOperation,
+        measureSet.getAcls());
     return measureSet.getAcls();
   }
 
-  public Map<String, List<SharedUser>> getSharedMeasures(List<String> measureIds) {
+  public Map<String, List<SharedUser>> getSharedMeasures(List<String> measureIds, String username) {
     Map<String, List<SharedUser>> sharedMeasures = new HashMap<>();
 
     for (String measureId : measureIds) {
       Measure measure = findMeasureById(measureId);
 
       if (measure == null) {
+        log.error(
+            "User [{}] called getSharedMeasures but failed because the measure with measure ID "
+                + "[{}] does not exist.",
+            username,
+            measureId);
         throw new ResourceNotFoundException("Measure does not exist: " + measureId);
       }
 
       if (measure.getMeasureSet() == null) {
+        log.error(
+            "User [{}] called getSharedMeasures but failed because no measure set exists for "
+                + "measure with measure ID [{}]",
+            username,
+            measureId);
         throw new InvalidMeasureStateException(
             "No measure set exists for measure with ID: " + measure.getId());
       }
@@ -487,28 +520,91 @@ public Map<String, List<SharedUser>> getSharedMeasures(List<String> measureIds)
 
   public Map<String, List<AclSpecification>> shareMeasures(
       Map<String, List<String>> measureUserIdMap, String username) {
+    log.info(
+        "User [{}] has called shareMeasures with measureUserIdMap [{}]",
+        username,
+        measureUserIdMap);
+
     Map<String, List<AclSpecification>> measureIdToAclSpecification = new HashMap<>();
 
+    verifyShareAuthorization(measureUserIdMap, username);
+
+    measureUserIdMap.forEach(
+        (measureId, userIds) -> {
+          AclOperation aclOperation = buildShareAclOperation(userIds);
+          measureIdToAclSpecification.put(
+              measureId, updateAccessControlList(measureId, aclOperation, username));
+        });
+
+    log.info(
+        "User [{}] successfully called shareMeasures with measureUserIdMap [{}]. The "
+            + "AclSpecification is now [{}]",
+        username,
+        measureUserIdMap,
+        measureIdToAclSpecification);
+
+    return measureIdToAclSpecification;
+  }
+
+  public Map<String, List<AclSpecification>> unshareMeasures(
+      Map<String, List<String>> measureUserIdMap, String username) {
+    log.info(
+        "User [{}] has called unshareMeasures with measureUserIdMap [{}]",
+        username,
+        measureUserIdMap);
+
+    Map<String, List<AclSpecification>> measureIdToAclSpecification = new HashMap<>();
+
+    verifyShareAuthorization(measureUserIdMap, username);
+
+    measureUserIdMap.forEach(
+        (measureId, userIds) -> {
+          AclOperation aclOperation = buildUnshareAclOperation(userIds);
+          measureIdToAclSpecification.put(
+              measureId, updateAccessControlList(measureId, aclOperation, username));
+        });
+
+    log.info(
+        "User [{}] successfully called unshareMeasures with measureUserIdMap [{}]. The "
+            + "AclSpecification is now [{}]",
+        username,
+        measureUserIdMap,
+        measureIdToAclSpecification);
+
+    return measureIdToAclSpecification;
+  }
+
+  private void verifyShareAuthorization(
+      Map<String, List<String>> measureUserIdMap, String username) {
+    log.info(
+        "User [{}] has called verifyShareAuthorization to determine whether operation with [{}]"
+            + " is allowed to be performed",
+        username,
+        measureUserIdMap);
+
     measureUserIdMap
         .keySet()
         .forEach(
             measureId -> {
               Measure measure = findMeasureById(measureId);
 
               if (measure == null) {
+                log.error(
+                    "User [{}] called verifyShareAuthorization with measureUserIdMap [{}] but "
+                        + "failed because the measure with measure ID [{}] does not exist.",
+                    username,
+                    measureUserIdMap,
+                    measureId);
                 throw new ResourceNotFoundException("Measure does not exist: " + measureId);
               }
               verifyAuthorization(username, measure, null);
             });
 
-    measureUserIdMap.forEach(
-        (measureId, userIds) -> {
-          AclOperation aclOperation = buildShareAclOperation(userIds);
-          measureIdToAclSpecification.put(
-              measureId, updateAccessControlList(measureId, aclOperation, username));
-        });
-
-    return measureIdToAclSpecification;
+    log.info(
+        "User [{}] successfully called verifyShareAuthorization and determined that operation "
+            + "with [{}] is allowed to be performed",
+        username,
+        measureUserIdMap);
   }
 
   private AclOperation buildShareAclOperation(List<String> userIds) {
@@ -518,6 +614,13 @@ private AclOperation buildShareAclOperation(List<String> userIds) {
         .build();
   }
 
+  private AclOperation buildUnshareAclOperation(List<String> userIds) {
+    return AclOperation.builder()
+        .acls(buildShareAclSpecifications(userIds))
+        .action(AclOperation.AclAction.REVOKE)
+        .build();
+  }
+
   private List<AclSpecification> buildShareAclSpecifications(List<String> userIds) {
     return userIds.stream()
         .map(

@@ -140,12 +140,25 @@ public MeasureSet updateMeasureSetAcls(
             .getAcls()
             .forEach(
                 acl -> {
+                  String userId = acl.getUserId();
+
                   // check if acl already present for the user
                   AclSpecification aclSpecification =
                       findAclSpecificationByUserId(measureSet, acl.getUserId());
                   if (aclSpecification != null) {
                     // remove roles from ACL
-                    aclSpecification.getRoles().removeAll(acl.getRoles());
+                    acl.getRoles()
+                        .forEach(
+                            roleEnum -> {
+                              if (aclSpecification.getRoles().contains(roleEnum)) {
+                                aclSpecification.getRoles().remove(roleEnum);
+
+                                if (roleEnum == RoleEnum.SHARED_WITH) {
+                                  actionLogDetails.put(userId, ActionType.UNSHARED);
+                                }
+                              }
+                            });
+
                     // after removing the roles if there is no role left, remove acl
                     if (aclSpecification.getRoles().isEmpty()) {
                       measureSet.getAcls().remove(aclSpecification);
@@ -167,8 +180,9 @@ public MeasureSet updateMeasureSetAcls(
     } else {
       String error =
           String.format(
-              "Measure with set id `%s` can not be shared, measure set may not exists.",
-              measureSetId);
+              "User %s called updateMeasureSetAcls with AclOperation %s but failed because no "
+                  + "measure set exists with measure set ID %s",
+              userName, aclOperation.toString(), measureSetId);
       log.error(error);
       throw new ResourceNotFoundException(error);
     }

@@ -2035,7 +2035,7 @@ public void testGetSharedMeasures() throws Exception {
     sharedMeasures.put(measureId1, List.of(sharedUser1));
     sharedMeasures.put(measureId2, List.of(sharedUser1, sharedUser2));
 
-    doReturn(sharedMeasures).when(measureService).getSharedMeasures(eq(measureIds));
+    doReturn(sharedMeasures).when(measureService).getSharedMeasures(eq(measureIds), anyString());
 
     mockMvc
         .perform(
@@ -2049,11 +2049,11 @@ public void testGetSharedMeasures() throws Exception {
                 .string(
                     "{\"measureId1\":[{\"userId\":\"userId1\",\"performedAt\":\"2025-03-17T10:00:00Z\"}],\"measureId2\":[{\"userId\":\"userId1\",\"performedAt\":\"2025-03-17T10:00:00Z\"},{\"userId\":\"userId2\",\"performedAt\":\"2025-03-17T10:00:00Z\"}]}"));
 
-    verify(measureService, times(1)).getSharedMeasures(eq(measureIds));
+    verify(measureService, times(1)).getSharedMeasures(eq(measureIds), anyString());
   }
 
   @Test
-  public void testUpdateSharedMeasures() throws Exception {
+  public void testShareMeasures() throws Exception {
     AclSpecification aclSpecification1 = new AclSpecification();
     aclSpecification1.setUserId("userId1");
     aclSpecification1.setRoles(Set.of(RoleEnum.SHARED_WITH));
@@ -2062,11 +2062,11 @@ public void testUpdateSharedMeasures() throws Exception {
     aclSpecification2.setUserId("userId2");
     aclSpecification2.setRoles(Set.of(RoleEnum.SHARED_WITH));
 
-    Map<String, List<AclSpecification>> updatedSharedMeasures = new HashMap<>();
-    updatedSharedMeasures.put("measureId1", List.of(aclSpecification1));
-    updatedSharedMeasures.put("measureId2", List.of(aclSpecification1, aclSpecification2));
+    Map<String, List<AclSpecification>> measureIdToAclSpecification = new HashMap<>();
+    measureIdToAclSpecification.put("measureId1", List.of(aclSpecification1));
+    measureIdToAclSpecification.put("measureId2", List.of(aclSpecification1, aclSpecification2));
 
-    doReturn(updatedSharedMeasures).when(measureService).shareMeasures(any(), anyString());
+    doReturn(measureIdToAclSpecification).when(measureService).shareMeasures(any(), anyString());
 
     MvcResult result =
         mockMvc
@@ -2085,6 +2085,34 @@ public void testUpdateSharedMeasures() throws Exception {
         "{\"measureId1\":[{\"userId\":\"userId1\",\"roles\":[\"SHARED_WITH\"]}],\"measureId2\":[{\"userId\":\"userId1\",\"roles\":[\"SHARED_WITH\"]},{\"userId\":\"userId2\",\"roles\":[\"SHARED_WITH\"]}]}");
   }
 
+  @Test
+  public void testUnshareMeasures() throws Exception {
+    AclSpecification aclSpecification2 = new AclSpecification();
+    aclSpecification2.setUserId("userId2");
+    aclSpecification2.setRoles(Set.of(RoleEnum.SHARED_WITH));
+
+    Map<String, List<AclSpecification>> measureIdToAclSpecification = new HashMap<>();
+    measureIdToAclSpecification.put("measureId2", List.of(aclSpecification2));
+
+    doReturn(measureIdToAclSpecification).when(measureService).unshareMeasures(any(), anyString());
+
+    MvcResult result =
+        mockMvc
+            .perform(
+                put("/measures/unshared")
+                    .with(user(TEST_USER_ID))
+                    .with(csrf())
+                    .content("{\"measureId1\": [\"userId1\"],\"measureId2\": [\"userId1\"]}")
+                    .header(TEST_API_KEY_HEADER, TEST_API_KEY_HEADER_VALUE)
+                    .contentType(MediaType.APPLICATION_JSON_VALUE))
+            .andExpect(status().isOk())
+            .andReturn();
+    verify(measureService, times(1)).unshareMeasures(any(), anyString());
+    assertEquals(
+        result.getResponse().getContentAsString(),
+        "{\"measureId2\":[{\"userId\":\"userId2\",\"roles\":[\"SHARED_WITH\"]}]}");
+  }
+
   @Test
   public void testGetRecentMeasuresByMeasureSetId() throws Exception {
     // Create sample measures