Address review comments

 * rename contentType → mimeType
 * merge DocumentContext into DocumentRelatedEntityType
 * document two-phase deletion process
 * add EntityExistsException message
 * add pseudonimization
 * fix file deletion upon transaction rollback
 * rename getDeletedDocuments → getDocumentsMarkedForDeletion
 * create storage dir during server-setup.sh

Change-Id: Ic2fc9a0497aa372340b2dc6ebadfe5320aaf132c

Author: Thomas Broyer

sormas-api/src/main/java/de/symeda/sormas/api/document/DocumentContext.java

@@ -14,12 +14,12 @@
  */
 package de.symeda.sormas.api.document;
 
-import de.symeda.sormas.api.EntityDto;
 import de.symeda.sormas.api.user.UserReferenceDto;
 import de.symeda.sormas.api.utils.DataHelper;
 import de.symeda.sormas.api.utils.Required;
+import de.symeda.sormas.api.utils.pseudonymization.PseudonymizableDto;
 
-public class DocumentDto extends EntityDto {
+public class DocumentDto extends PseudonymizableDto {
 
 	public static final String UPLOADING_USER = "uploadingUser";
 	public static final String NAME = "name";
@@ -33,7 +33,7 @@ public class DocumentDto extends EntityDto {
 	@Required
 	private String name;
 	@Required
-	private String contentType;
+	private String mimeType;
 	@Required
 	private long size;
 	@Required
@@ -64,12 +64,12 @@ public void setName(String name) {
 		this.name = name;
 	}
 
-	public String getContentType() {
-		return contentType;
+	public String getMimeType() {
+		return mimeType;
 	}
 
-	public void setContentType(String contentType) {
-		this.contentType = contentType;
+	public void setMimeType(String mimeType) {
+		this.mimeType = mimeType;
 	}
 
 	public long getSize() {

sormas-api/src/main/java/de/symeda/sormas/api/document/DocumentDto.java

@@ -14,6 +14,13 @@
  */
 package de.symeda.sormas.api.document;
 
+import de.symeda.sormas.api.i18n.I18nProperties;
+
 public enum DocumentRelatedEntityType {
-	EVENT
+
+	EVENT;
+
+	public String toString() {
+		return I18nProperties.getEnumCaption(this);
+	}
 }

sormas-api/src/main/java/de/symeda/sormas/api/document/DocumentRelatedEntityType.java

@@ -371,8 +371,8 @@ Disease.Short.ENTEROVIRUS = Enterovirus
 Disease.Short.M_PNEUMONIAE = M.pneumoniae
 Disease.Short.C_PNEUMONIAE = C.pneumoniae
 
-# DocumentContext
-DocumentContext.EVENT = Event
+# DocumentRelatedEntityType
+DocumentRelatedEntityType.EVENT = Event
 
 EducationType.NONE = No education
 EducationType.NURSERY = Nursery

sormas-api/src/main/resources/enum.properties

@@ -371,8 +371,8 @@ Disease.Short.ENTEROVIRUS = Enterovirus
 Disease.Short.M_PNEUMONIAE = M.pneumoniae
 Disease.Short.C_PNEUMONIAE = C.pneumoniae
 
-# DocumentContext
-DocumentContext.EVENT = Événement
+# DocumentRelatedEntityType
+DocumentRelatedEntityType.EVENT = Événement
 
 EducationType.NONE = Pas d'éducation
 EducationType.NURSERY = Maternelle

sormas-api/src/main/resources/enum_fr-FR.properties

@@ -25,6 +25,7 @@
 
 import de.symeda.sormas.api.document.DocumentRelatedEntityType;
 import de.symeda.sormas.backend.common.AbstractDomainObject;
+import de.symeda.sormas.backend.common.CronService;
 import de.symeda.sormas.backend.user.User;
 
 @Entity(name = TABLE_NAME)
@@ -43,12 +44,32 @@ public class Document extends AbstractDomainObject {
 	private boolean deleted;
 	private User uploadingUser;
 	private String name;
-	private String contentType;
+	private String mimeType;
 	private long size;
 	private String storageReference;
 	private String relatedEntityUuid;
 	private DocumentRelatedEntityType relatedEntityType;
 
+	/**
+	 * Indicates whether the document is marked for deletion.
+	 *
+	 * <p>
+	 * Documents aren't directly deleted. They're instead marked for deletion,
+	 * and a nightly process actually deletes both the files and the document
+	 * metadata (this entity).
+	 * <p>
+	 * This allows for non-atomic backups:
+	 * <ol>
+	 * <li>First backup the database, this will include "marked as deleted" documents;
+	 * <li>Then backup the file storage, it might include files for documents added
+	 * since the database backup, and files for documents marked as deleted might
+	 * be <i>missing</i> as they could have already been cleaned up.
+	 * </ol>
+	 * <p>
+	 * Once a document is marked for deletion, it will never be restored.
+	 *
+	 * @see CronService#cleanupDeletedDocuments()
+	 */
 	public boolean isDeleted() {
 		return deleted;
 	}
@@ -75,13 +96,13 @@ public void setName(String name) {
 		this.name = name;
 	}
 
-	@Column(name = "contenttype")
-	public String getContentType() {
-		return contentType;
+	@Column(name = "mimetype")
+	public String getMimeType() {
+		return mimeType;
 	}
 
-	public void setContentType(String contentType) {
-		this.contentType = contentType;
+	public void setMimeType(String mimeType) {
+		this.mimeType = mimeType;
 	}
 
 	public long getSize() {

sormas-backend/src/main/java/de/symeda/sormas/backend/document/Document.java

@@ -22,20 +22,35 @@
 import javax.ejb.EJB;
 import javax.ejb.LocalBean;
 import javax.ejb.Stateless;
-import javax.enterprise.event.Event;
-import javax.inject.Inject;
 import javax.persistence.EntityExistsException;
 import javax.persistence.EntityManager;
 import javax.persistence.PersistenceContext;
 
 import de.symeda.sormas.api.document.DocumentDto;
 import de.symeda.sormas.api.document.DocumentFacade;
 import de.symeda.sormas.api.document.DocumentRelatedEntityType;
+import de.symeda.sormas.backend.event.Event;
+import de.symeda.sormas.backend.event.EventJurisdictionChecker;
+import de.symeda.sormas.backend.event.EventService;
 import de.symeda.sormas.backend.user.UserFacadeEjb;
 import de.symeda.sormas.backend.user.UserService;
 import de.symeda.sormas.backend.util.DtoHelper;
 import de.symeda.sormas.backend.util.ModelConstants;
-
+import de.symeda.sormas.backend.util.Pseudonymizer;
+
+/**
+ * Manages documents and their storage.
+ *
+ * <p>
+ * Storage of the document content itself is delegated to {@link DocumentStorageService},
+ * which generates a <i>storage reference</i> that is stored alongside document metadata in the
+ * database ({@link Document} entity).
+ * <p>
+ * Deletion is a two-phase process (see {@link Document#isDeleted()} for details).
+ *
+ * @see DocumentStorageService
+ * @see Document#isDeleted()
+ */
 @Stateless(name = "DocumentFacade")
 public class DocumentFacadeEjb implements DocumentFacade {
 
@@ -49,32 +64,41 @@ public class DocumentFacadeEjb implements DocumentFacade {
 	@EJB
 	private DocumentStorageService documentStorageService;
 
-	@Inject
-	private Event<DocumentSaved> documentSavedEvent;
+	@EJB
+	private EventService eventService;
+	@EJB
+	private EventJurisdictionChecker eventJurisdictionChecker;
 
 	@Override
 	public DocumentDto getDocumentByUuid(String uuid) {
-		return toDto(documentService.getByUuid(uuid));
+		return convertToDto(documentService.getByUuid(uuid), Pseudonymizer.getDefault(userService::hasRight));
 	}
 
 	@Override
 	public DocumentDto saveDocument(DocumentDto dto, byte[] content) throws IOException {
 		Document existingDocument = dto.getUuid() == null ? null : documentService.getByUuid(dto.getUuid());
 		if (existingDocument != null) {
-			// TODO: add exception message
-			throw new EntityExistsException();
+			throw new EntityExistsException("Tried to save a document that already exists: " + dto.getUuid());
 		}
 
 		Document document = fromDto(dto);
 
-		document.setStorageReference(documentStorageService.save(document, content));
-
-		documentService.persist(document);
-		documentService.doFlush();
+		String storageReference = documentStorageService.save(document, content);
+		try {
+			document.setStorageReference(storageReference);
 
-		documentSavedEvent.fire(new DocumentSaved(document));
+			documentService.persist(document);
+			documentService.doFlush();
 
-		return toDto(document);
+			return convertToDto(document, Pseudonymizer.getDefault(userService::hasRight));
+		} catch (Throwable t) {
+			try {
+				documentStorageService.delete(storageReference);
+			} catch (Throwable t2) {
+				t.addSuppressed(t2);
+			}
+			throw t;
+		}
 	}
 
 	@Override
@@ -85,7 +109,8 @@ public void deleteDocument(String uuid) {
 
 	@Override
 	public List<DocumentDto> getDocumentsRelatedToEntity(DocumentRelatedEntityType type, String uuid) {
-		return documentService.getRelatedToEntity(type, uuid).stream().map(DocumentFacadeEjb::toDto).collect(Collectors.toList());
+		Pseudonymizer pseudonymizer = Pseudonymizer.getDefault(userService::hasRight);
+		return documentService.getRelatedToEntity(type, uuid).stream().map(d -> convertToDto(d, pseudonymizer)).collect(Collectors.toList());
 	}
 
 	@Override
@@ -101,7 +126,7 @@ public byte[] read(String uuid) throws IOException {
 
 	@Override
 	public void cleanupDeletedDocuments() {
-		List<Document> deleted = documentService.getDeletedDocuments();
+		List<Document> deleted = documentService.getDocumentsMarkedForDeletion();
 		for (Document document : deleted) {
 			documentStorageService.delete(document.getStorageReference());
 			documentService.delete(document);
@@ -121,15 +146,43 @@ public Document fromDto(DocumentDto source) {
 
 		target.setUploadingUser(userService.getByReferenceDto(source.getUploadingUser()));
 		target.setName(source.getName());
-		target.setContentType(source.getContentType());
+		target.setMimeType(source.getMimeType());
 		target.setSize(source.getSize());
 		target.setRelatedEntityUuid(source.getRelatedEntityUuid());
 		target.setRelatedEntityType(source.getRelatedEntityType());
 
 		return target;
 	}
 
-	// XXX: pseudonimize uploadingUser? Under which conditions?
+	public DocumentDto convertToDto(Document source, Pseudonymizer pseudonymizer) {
+		DocumentDto documentDto = toDto(source);
+
+		pseudonymizeDto(source, documentDto, pseudonymizer);
+
+		return documentDto;
+	}
+
+	private void pseudonymizeDto(Document document, DocumentDto dto, Pseudonymizer pseudonymizer) {
+		if (dto != null) {
+			switch (dto.getRelatedEntityType()) {
+			case EVENT:
+				pseudonimizeEventRelatedDto(document, dto, pseudonymizer);
+				break;
+			}
+		}
+	}
+
+	private void pseudonimizeEventRelatedDto(Document document, DocumentDto dto, Pseudonymizer pseudonymizer) {
+		assert dto.getRelatedEntityType() == DocumentRelatedEntityType.EVENT;
+
+		Event event = eventService.getByUuid(dto.getRelatedEntityUuid());
+		boolean inJurisdiction = eventJurisdictionChecker.isInJurisdictionOrOwned(event);
+
+		pseudonymizer.pseudonymizeDto(DocumentDto.class, dto, inJurisdiction, (e) -> {
+			pseudonymizer.pseudonymizeUser(document.getUploadingUser(), userService.getCurrentUser(), dto::setUploadingUser);
+		});
+	}
+
 	public static DocumentDto toDto(Document source) {
 		if (source == null) {
 			return null;
@@ -139,7 +192,7 @@ public static DocumentDto toDto(Document source) {
 
 		target.setUploadingUser(UserFacadeEjb.toReferenceDto(source.getUploadingUser()));
 		target.setName(source.getName());
-		target.setContentType(source.getContentType());
+		target.setMimeType(source.getMimeType());
 		target.setSize(source.getSize());
 		target.setRelatedEntityUuid(source.getRelatedEntityUuid());
 		target.setRelatedEntityType(source.getRelatedEntityType());

sormas-backend/src/main/java/de/symeda/sormas/backend/document/DocumentFacadeEjb.java

@@ -88,7 +88,7 @@ public String isExisting(DocumentRelatedEntityType type, String uuid, String nam
 		}
 	}
 
-	public List<Document> getDeletedDocuments() {
+	public List<Document> getDocumentsMarkedForDeletion() {
 		CriteriaBuilder cb = em.getCriteriaBuilder();
 		CriteriaQuery<Document> cq = cb.createQuery(getElementClass());
 		Root<Document> from = cq.from(getElementClass());