qbicsoftware
diff --git a/Diff for: ‎project-management/src/main/java/life/qbic/projectmanagement/application/api/AsyncProjectService.java
+15-27 b/Diff for: ‎project-management/src/main/java/life/qbic/projectmanagement/application/api/AsyncProjectService.java
+15-27
diff --git a/Diff for: ‎project-management/src/main/java/life/qbic/projectmanagement/application/api/AsyncProjectServiceImpl.java
+67-12 b/Diff for: ‎project-management/src/main/java/life/qbic/projectmanagement/application/api/AsyncProjectServiceImpl.java
+67-12
diff --git a/Diff for: ‎project-management/src/main/java/life/qbic/projectmanagement/application/authorization/ReactiveSecurityContextUtils.java
+32 b/Diff for: ‎project-management/src/main/java/life/qbic/projectmanagement/application/authorization/ReactiveSecurityContextUtils.java
+32
diff --git a/Diff for: ‎project-management/src/main/java/life/qbic/projectmanagement/application/sample/SampleInformationService.java
+71-2 b/Diff for: ‎project-management/src/main/java/life/qbic/projectmanagement/application/sample/SampleInformationService.java
+71-2
@@ -8,9 +8,9 @@
 import java.util.Optional;
 import java.util.Set;
 import java.util.UUID;
+import life.qbic.application.commons.SortOrder;
 import life.qbic.projectmanagement.application.batch.SampleUpdateRequest.SampleInformation;
 import life.qbic.projectmanagement.application.confounding.ConfoundingVariableService.ConfoundingVariableInformation;
-import life.qbic.projectmanagement.application.sample.SampleIdCodeEntry;
 import life.qbic.projectmanagement.application.sample.SamplePreview;
 import life.qbic.projectmanagement.domain.model.sample.Sample;
 import life.qbic.projectmanagement.domain.model.sample.SampleRegistrationRequest;
@@ -143,24 +143,6 @@ Mono<ProjectCreationResponse> create(ProjectCreationRequest request)
   Flux<ByteBuffer> roCrateSummary(String projectId)
       throws RequestFailedException, AccessDeniedException;
 
-  /**
-   * Requests {@link SamplePreview} for a given experiment.
-   * <p>
-   * <b>Exceptions</b>
-   * <p>
-   * Exceptions are wrapped as {@link Mono#error(Throwable)} and are one of the types described in
-   * the throw section below.
-   *
-   * @param projectId    the project ID for the project to get the samples for
-   * @param experimentId the experiment ID for which the sample preview shall be retrieved
-   * @return a reactive stream of {@link SamplePreview} objects of the experiment. Exceptions are
-   * provided as {@link Mono#error(Throwable)}.
-   * @throws RequestFailedException if the request could not be executed
-   * @since 1.10.0
-   */
-  Flux<SamplePreview> getSamplePreviews(String projectId, String experimentId)
-      throws RequestFailedException;
-
   /**
    * Requests {@link SamplePreview} for a given experiment with pagination support.
    * <p>
@@ -174,12 +156,15 @@ Flux<SamplePreview> getSamplePreviews(String projectId, String experimentId)
    * @param offset       the offset from 0 of all available previews the returned previews should
    *                     start
    * @param limit        the maximum number of previews that should be returned
+   * @param sortOrders   the sort orders to apply
+   * @param filter       the filter to apply
    * @return a reactive stream of {@link SamplePreview} objects in the experiment. Exceptions are
    * provided as {@link Mono#error(Throwable)}.
+   * @throws RequestFailedException if the request could not be executed
    * @since 1.10.0
    */
   Flux<SamplePreview> getSamplePreviews(String projectId, String experimentId, int offset,
-      int limit);
+      int limit, List<SortOrder> sortOrders, String filter);
 
   /**
    * Requests all {@link Sample} for a given experiment.
@@ -217,22 +202,25 @@ Flux<SamplePreview> getSamplePreviews(String projectId, String experimentId, int
   Flux<Sample> getSamplesForBatch(String projectId, String batchId) throws RequestFailedException;
 
   /**
-   * Find the sample ID for a given sample code
+   * Finds the sample for a given sample ID.
+   * <p>
+   * In case no matching sample is found, a {@link Mono#empty()} is returned.
+   *
    * <p>
    * <b>Exceptions</b>
    * <p>
    * Exceptions are wrapped as {@link Mono#error(Throwable)} and are one of the types described in
    * the throw section below.
    *
-   * @param projectId  the project ID for the project to get the samples for
-   * @param sampleCode the sample code (e.g. Q2TEST001AE) for the project
-   * @return a reactive container of {@link SampleIdCodeEntry} for the sample code. Exceptions are
-   * provided as {@link Mono#error(Throwable)}.
+   * @param projectId the project id to which the sample belongs to
+   * @param sampleId  the sample id of the sample to find
+   * @return a reactive container of {@link Sample} for the sample matching the sample id. For no
+   * matches a {@link Mono#empty()} is returned. Exceptions are * provided as
+   * {@link Mono#error(Throwable)}.
    * @throws RequestFailedException in case the request cannot be executed
    * @since 1.10.0
    */
-  Mono<SampleIdCodeEntry> findSampleId(String projectId, String sampleCode)
-      throws RequestFailedException;
+  Mono<Sample> findSample(String projectId, String sampleId);
 
   /**
    * Container of an update request for a service call and part of the
 
@@ -2,16 +2,23 @@
 
 import static life.qbic.projectmanagement.application.authorization.ReactiveSecurityContextUtils.applySecurityContext;
 import static life.qbic.projectmanagement.application.authorization.ReactiveSecurityContextUtils.writeSecurityContext;
+import static life.qbic.projectmanagement.application.authorization.ReactiveSecurityContextUtils.applySecurityContextMany;
+import static life.qbic.projectmanagement.application.authorization.ReactiveSecurityContextUtils.writeSecurityContextMany;
 
 import java.nio.ByteBuffer;
+import java.util.List;
 import java.util.Objects;
+import life.qbic.application.commons.SortOrder;
 import life.qbic.logging.api.Logger;
 import life.qbic.logging.service.LoggerFactory;
 import life.qbic.projectmanagement.application.ProjectInformationService;
 import life.qbic.projectmanagement.application.sample.SampleIdCodeEntry;
+import life.qbic.projectmanagement.application.sample.SampleInformationService;
 import life.qbic.projectmanagement.application.sample.SamplePreview;
+import life.qbic.projectmanagement.domain.model.experiment.ExperimentId;
 import life.qbic.projectmanagement.domain.model.project.ProjectId;
 import life.qbic.projectmanagement.domain.model.sample.Sample;
+import life.qbic.projectmanagement.domain.model.sample.SampleId;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.lang.NonNull;
 import org.springframework.security.core.context.SecurityContext;
@@ -33,13 +40,17 @@
 @Service
 public class AsyncProjectServiceImpl implements AsyncProjectService {
 
+  public static final String ACCESS_DENIED = "Access denied";
   private static final Logger log = LoggerFactory.logger(AsyncProjectServiceImpl.class);
   private final ProjectInformationService projectService;
   private final Scheduler scheduler;
+  private final SampleInformationService sampleInfoService;
 
   public AsyncProjectServiceImpl(@Autowired ProjectInformationService projectService,
+      @Autowired SampleInformationService sampleInfoService,
       @Autowired Scheduler scheduler) {
     this.projectService = Objects.requireNonNull(projectService);
+    this.sampleInfoService = Objects.requireNonNull(sampleInfoService);
     this.scheduler = Objects.requireNonNull(scheduler);
   }
 
@@ -76,22 +87,55 @@ public Flux<ByteBuffer> roCrateSummary(String projectId) {
     throw new RuntimeException("not implemented");
   }
 
-  @Override
-  public Flux<SamplePreview> getSamplePreviews(String projectId, String experimentId)
-      throws RequestFailedException {
-    throw new RuntimeException("not implemented");
-  }
 
   @Override
   public Flux<SamplePreview> getSamplePreviews(String projectId, String experimentId, int offset,
-      int limit) {
-    throw new RuntimeException("not implemented");
+      int limit, List<SortOrder> sortOrders, String filter) {
+    SecurityContext securityContext = SecurityContextHolder.getContext();
+    return applySecurityContextMany(Flux.defer(() ->
+        fetchSamplePreviews(projectId, experimentId, offset, limit, sortOrders, filter)))
+        .subscribeOn(scheduler)
+        .transform(original -> writeSecurityContextMany(original, securityContext))
+        .retryWhen(defaultRetryStrategy());
+  }
+
+  private Flux<SamplePreview> fetchSamplePreviews(String projectId, String experimentId, int offset,
+      int limit, List<SortOrder> sortOrders, String filter) {
+    try {
+      return Flux.fromIterable(
+          sampleInfoService.queryPreview(ProjectId.parse(projectId),
+              ExperimentId.parse(experimentId), offset, limit,
+              sortOrders, filter));
+    } catch (Exception e) {
+      log.error("Error getting sample previews", e);
+      return Flux.error(new RequestFailedException("Error getting sample previews"));
+    }
   }
 
   @Override
   public Flux<Sample> getSamples(String projectId, String experimentId)
       throws RequestFailedException {
-    throw new RuntimeException("not implemented");
+    SecurityContext securityContext = SecurityContextHolder.getContext();
+    return applySecurityContextMany(Flux.defer(() -> fetchSamples(projectId, experimentId)))
+        .subscribeOn(scheduler)
+        .transform(original -> writeSecurityContextMany(original, securityContext))
+        .retryWhen(defaultRetryStrategy());
+  }
+
+  // disclaimer: no security context, no scheduler applied
+  private Flux<Sample> fetchSamples(String projectId, String experimentId) {
+    try {
+      return Flux.fromIterable(
+          sampleInfoService.retrieveSamplesForExperiment(ProjectId.parse(projectId),
+              experimentId));
+    } catch (org.springframework.security.access.AccessDeniedException e) {
+      log.error("Error getting samples", e);
+      return Flux.error(new AccessDeniedException(ACCESS_DENIED));
+    } catch (Exception e) {
+      log.error("Unexpected exception getting samples", e);
+      return Flux.error(
+          new RequestFailedException("Error getting samples for experiment " + experimentId));
+    }
   }
 
   @Override
@@ -101,9 +145,20 @@ public Flux<Sample> getSamplesForBatch(String projectId, String batchId)
   }
 
   @Override
-  public Mono<SampleIdCodeEntry> findSampleId(String projectId, String sampleCode)
-      throws RequestFailedException {
-    throw new RuntimeException("not implemented");
+  public Mono<Sample> findSample(String projectId, String sampleId) {
+    return Mono.defer(() -> {
+      try {
+        return Mono.justOrEmpty(
+            sampleInfoService.findSample(ProjectId.parse(projectId), SampleId.parse(sampleId)));
+      } catch (org.springframework.security.access.AccessDeniedException e) {
+        log.error(ACCESS_DENIED, e);
+        return Mono.error(new AccessDeniedException(ACCESS_DENIED));
+      } catch (Exception e) {
+        log.error("Error getting sample for sample " + sampleId, e);
+        return Mono.error(
+            new RequestFailedException("Error getting sample for sample " + sampleId));
+      }
+    }).subscribeOn(scheduler);
   }
 
   @Override
@@ -153,7 +208,7 @@ private Mono<ProjectUpdateResponse> updateProjectDesign(String projectId, Projec
           } catch (IllegalArgumentException e) {
             sink.error(new RequestFailedException("Invalid project id: " + projectId));
           } catch (org.springframework.security.access.AccessDeniedException e) {
-            sink.error(new AccessDeniedException("Access denied"));
+            sink.error(new AccessDeniedException(ACCESS_DENIED));
           } catch (RuntimeException e) {
             sink.error(new RequestFailedException("Update project design failed", e));
           }
 
@@ -3,6 +3,7 @@
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
+import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 import reactor.util.context.Context;
 
@@ -45,4 +46,35 @@ public static <T> Mono<T> applySecurityContext(Mono<T> original) {
     });
   }
 
+  /**
+   * Same as {@link #applySecurityContext(Mono)} but applies to {@link Flux}.
+   *
+   * @param original the original reactive stream
+   * @param <T>      the type of the flux
+   * @return the reactive stream for which the security context has been set explicitly
+   * @since 1.10.0
+   */
+  public static <T> Flux<T> applySecurityContextMany(Flux<T> original) {
+    return ReactiveSecurityContextHolder.getContext().flatMapMany(securityContext -> {
+      SecurityContextHolder.setContext(securityContext);
+      return original;
+    });
+  }
+
+  /**
+   * Same as {@link #writeSecurityContext(Mono, SecurityContext)} but applies to {@link Flux}.
+   *
+   * @param original        the original reactive stream
+   * @param securityContext the security context to write into the context of the flux
+   * @param <T>             the type of the flux
+   * @return the reactive stream for which the {@link ReactiveSecurityContextHolder} has been
+   * configured with the provided {@link SecurityContext}.
+   * @since 1.10.0
+   */
+  public static <T> Flux<T> writeSecurityContextMany(Flux<T> original,
+      SecurityContext securityContext) {
+    return original.contextWrite(
+        ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)));
+  }
+
 }
@@ -11,11 +11,13 @@
 import life.qbic.logging.service.LoggerFactory;
 import life.qbic.projectmanagement.domain.model.batch.BatchId;
 import life.qbic.projectmanagement.domain.model.experiment.ExperimentId;
+import life.qbic.projectmanagement.domain.model.project.ProjectId;
 import life.qbic.projectmanagement.domain.model.sample.Sample;
 import life.qbic.projectmanagement.domain.model.sample.SampleCode;
 import life.qbic.projectmanagement.domain.model.sample.SampleId;
 import life.qbic.projectmanagement.domain.repository.SampleRepository;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Service;
 
 /**
@@ -44,12 +46,23 @@ public SampleInformationService(@Autowired SamplePreviewLookup samplePreviewLook
    * @param experimentId {@link ExperimentId}s of the experiment for which it should be determined
    *                     if it has samples registered
    * @return true if experiments has samples, false if not
+   * @deprecated Use {@link SampleInformationService#hasSamples(ProjectId, String)} instead.
    */
   public boolean hasSamples(ExperimentId experimentId) {
     Objects.requireNonNull(experimentId, "experiment id must not be null");
     return sampleRepository.countSamplesWithExperimentId(experimentId) != 0;
   }
 
+  @PreAuthorize("hasPermission(#projectId, 'life.qbic.projectmanagement.domain.model.project.Project', 'READ')")
+  public boolean hasSamples(ProjectId projectId, String experimentId) {
+    return sampleRepository.countSamplesWithExperimentId(ExperimentId.parse(experimentId)) != 0;
+  }
+
+  /**
+   * @deprecated Use
+   * {@link SampleInformationService#retrieveSamplesForExperiment(ProjectId, String)} instead.
+   */
+  @Deprecated(since = "1.10.0", forRemoval = true)
   public Result<Collection<Sample>, ResponseCode> retrieveSamplesForExperiment(
       ExperimentId experimentId) {
     Objects.requireNonNull(experimentId, "experiment id must not be null");
@@ -61,14 +74,34 @@ public Result<Collection<Sample>, ResponseCode> retrieveSamplesForExperiment(
     }
   }
 
-  public List<SamplePreview> retrieveSamplePreviewsForExperiment(ExperimentId experimentId) {
-    return samplePreviewLookup.queryByExperimentId(experimentId);
+  @PreAuthorize("hasPermission(#projectId, 'life.qbic.projectmanagement.domain.model.project.Project', 'READ')")
+  public Collection<Sample> retrieveSamplesForExperiment(ProjectId projectId, String experimentId) {
+    return sampleRepository.findSamplesByExperimentId(ExperimentId.parse(experimentId));
   }
 
+  /**
+   * @deprecated Use {@link #retrieveSamplesByIds(ProjectId, Collection)} instead.
+   */
+  @Deprecated(since = "1.10.0", forRemoval = true)
   public List<Sample> retrieveSamplesByIds(Collection<SampleId> sampleIds) {
     return sampleRepository.findSamplesBySampleId(sampleIds.stream().toList());
   }
 
+  @PreAuthorize("hasPermission(#projectId, 'life.qbic.projectmanagement.domain.model.project.Project', 'READ')")
+  public List<Sample> retrieveSamplesByIds(ProjectId projectId, Collection<SampleId> sampleIds) {
+    return sampleRepository.findSamplesBySampleId(sampleIds.stream().toList());
+  }
+
+  @PreAuthorize("hasPermission(#projectId, 'life.qbic.projectmanagement.domain.model.project.Project', 'READ')")
+  public List<Sample> retrieveSampleForBatch(ProjectId projectId, String batchId) {
+    return sampleRepository.findSamplesByBatchId(BatchId.parse(batchId));
+  }
+
+  /**
+   * @deprecated Use {@link SampleInformationService#retrieveSampleForBatch(ProjectId, String)}
+   * instead.
+   */
+  @Deprecated(since = "1.10.0", forRemoval = true)
   public List<Sample> retrieveSamplesForBatch(BatchId batchId) {
     Objects.requireNonNull(batchId, "batch id must not be null");
     return sampleRepository.findSamplesByBatchId(batchId);
@@ -82,7 +115,9 @@ public List<Sample> retrieveSamplesForBatch(BatchId batchId) {
    * @param sortOrders the sort orders to apply
    * @return the results in the provided range
    * @since 1.0.0
+   * @deprecated Use {@link #queryPreview(ProjectId, ExperimentId, int, int, List, String)} instead.
    */
+  @Deprecated(since = "1.10.0", forRemoval = true)
   public List<SamplePreview> queryPreview(ExperimentId experimentId, int offset, int limit,
       List<SortOrder> sortOrders, String filter) {
     // returned by JPA -> UnmodifiableRandomAccessList
@@ -94,6 +129,40 @@ public List<SamplePreview> queryPreview(ExperimentId experimentId, int offset, i
     return new ArrayList<>(previewList);
   }
 
+  /**
+   * Queries {@link SamplePreview}s with a provided offset and limit that supports pagination.
+   * Applies the Spring Security context as well.
+   *
+   * @param projectId  the project ID that contains the information (required to apply the security
+   *                   context)
+   * @param offset     the offset for the search result to start
+   * @param limit      the maximum number of results that should be returned
+   * @param sortOrders the sort orders to apply
+   * @return the results in the provided range
+   * @since 1.10.0
+   */
+  @PreAuthorize("hasPermission(#projectId, 'life.qbic.projectmanagement.domain.model.project.Project', 'READ')")
+  public List<SamplePreview> queryPreview(ProjectId projectId, ExperimentId experimentId,
+      int offset, int limit,
+      List<SortOrder> sortOrders, String filter) {
+    // returned by JPA -> UnmodifiableRandomAccessList
+    List<SamplePreview> previewList = samplePreviewLookup.queryByExperimentId(experimentId,
+        offset,
+        limit,
+        sortOrders, filter);
+    // the list must be modifiable for spring security to filter it
+    return new ArrayList<>(previewList);
+  }
+
+  @PreAuthorize("hasPermission(#projectId, 'life.qbic.projectmanagement.domain.model.project.Project', 'READ')")
+  public Optional<Sample> findSample(ProjectId projectId, SampleId sampleId) {
+    return sampleRepository.findSample(sampleId);
+  }
+
+  /**
+   * @deprecated Use {@link #findSample(ProjectId, SampleId)} instead.
+   */
+  @Deprecated(since = "1.10.0", forRemoval = true)
   public Optional<Sample> findSample(SampleId sampleId) {
     return sampleRepository.findSample(sampleId);
   }