chore(annotations): Reviewed annotations in the REST layer

app/src/main/java/io/apicurio/registry/ccompat/rest/v7/impl/CompatibilityResourceImpl.java

@@ -63,7 +63,7 @@ public CompatibilityCheckResponse testCompatibilityBySubjectName(String subject,
     }
 
     @Override
-    @Authorized(style = AuthorizedStyle.ArtifactOnly, level = AuthorizedLevel.Write)
+    @Authorized(style = AuthorizedStyle.ArtifactOnly, level = AuthorizedLevel.Read)
     public CompatibilityCheckResponse testCompatibilityByVersion(String subject, String versionString,
             SchemaContent request, Boolean verbose, String groupId) throws Exception {
         final boolean fverbose = verbose == null ? Boolean.FALSE : verbose;

app/src/main/java/io/apicurio/registry/rest/v3/AdminResourceImpl.java

@@ -80,6 +80,7 @@
 import static io.apicurio.common.apps.logging.audit.AuditingConstants.KEY_FOR_BROWSER;
 import static io.apicurio.common.apps.logging.audit.AuditingConstants.KEY_NAME;
 import static io.apicurio.common.apps.logging.audit.AuditingConstants.KEY_PRINCIPAL_ID;
+import static io.apicurio.common.apps.logging.audit.AuditingConstants.KEY_PROPERTY_CONFIGURATION;
 import static io.apicurio.common.apps.logging.audit.AuditingConstants.KEY_ROLE_MAPPING;
 import static io.apicurio.common.apps.logging.audit.AuditingConstants.KEY_RULE;
 import static io.apicurio.common.apps.logging.audit.AuditingConstants.KEY_RULE_TYPE;
@@ -146,6 +147,7 @@ public List<ArtifactTypeInfo> listArtifactTypes() {
     }
 
     @Override
+    @Audited
     @Authorized(style = AuthorizedStyle.None, level = AuthorizedLevel.Admin)
     public SnapshotMetaData triggerSnapshot() {
         storage.triggerSnapshotCreation();
@@ -477,6 +479,7 @@ public ConfigurationProperty getConfigProperty(String propertyName) {
      *      io.apicurio.registry.rest.v3.beans.UpdateConfigurationProperty)
      */
     @Override
+    @Audited(extractParameters = { "0", KEY_NAME, "1", KEY_PROPERTY_CONFIGURATION })
     @Authorized(style = AuthorizedStyle.None, level = AuthorizedLevel.Admin)
     public void updateConfigProperty(String propertyName, UpdateConfigurationProperty data) {
         DynamicConfigPropertyDef propertyDef = resolveConfigProperty(propertyName);
@@ -501,10 +504,6 @@ public void resetConfigProperty(String propertyName) {
         storage.deleteConfigProperty(propertyName);
     }
 
-    private static boolean isNullOrTrue(Boolean value) {
-        return value == null || value;
-    }
-
     private String createDownloadHref(String downloadId) {
         return "/apis/registry/v3/downloads/" + downloadId;
     }

app/src/main/java/io/apicurio/registry/rest/v3/GroupsResourceImpl.java

@@ -156,6 +156,7 @@ public enum RegistryHashAlgorithm {
      *      java.lang.String, java.lang.String, io.apicurio.registry.types.ReferenceType)
      */
     @Override
+    @Authorized(style = AuthorizedStyle.GroupAndArtifact, level = AuthorizedLevel.Read)
     public List<ArtifactReference> getArtifactVersionReferences(String groupId, String artifactId,
             String versionExpression, ReferenceType refType) {
 
@@ -244,6 +245,7 @@ public GroupMetaData getGroupById(String groupId) {
     }
 
     @Override
+    @Audited(extractParameters = { "0", KEY_GROUP_ID })
     @Authorized(style = AuthorizedStyle.GroupOnly, level = AuthorizedLevel.Write)
     public void deleteGroupById(String groupId) {
         if (!restConfig.isGroupDeletionEnabled()) {
@@ -259,6 +261,7 @@ public void deleteGroupById(String groupId) {
      *      io.apicurio.registry.rest.v3.beans.EditableGroupMetaData)
      */
     @Override
+    @Audited(extractParameters = { "0", KEY_GROUP_ID })
     @Authorized(style = AuthorizedStyle.GroupOnly, level = AuthorizedLevel.Write)
     public void updateGroupById(String groupId, EditableGroupMetaData data) {
         requireParameter("groupId", groupId);
@@ -295,6 +298,7 @@ public GroupSearchResults listGroups(BigInteger limit, BigInteger offset, SortOr
     }
 
     @Override
+    @Audited
     @Authorized(style = AuthorizedStyle.None, level = AuthorizedLevel.Write)
     public GroupMetaData createGroup(CreateGroup data) {
         GroupMetaDataDto.GroupMetaDataDtoBuilder group = GroupMetaDataDto.builder().groupId(data.getGroupId())
@@ -309,13 +313,16 @@ public GroupMetaData createGroup(CreateGroup data) {
     }
 
     @Override
+    @Authorized(style = AuthorizedStyle.GroupOnly, level = AuthorizedLevel.Read)
     public List<RuleType> listGroupRules(String groupId) {
         requireParameter("groupId", groupId);
 
         return storage.getGroupRules(new GroupId(groupId).getRawGroupIdWithNull());
     }
 
     @Override
+    @Audited(extractParameters = { "0", KEY_GROUP_ID, "1", KEY_RULE })
+    @Authorized(style = AuthorizedStyle.GroupOnly, level = AuthorizedLevel.Write)
     public void createGroupRule(String groupId, CreateRule data) {
         requireParameter("groupId", groupId);
         requireParameter("ruleType", data.getRuleType());
@@ -340,6 +347,8 @@ public void createGroupRule(String groupId, CreateRule data) {
     }
 
     @Override
+    @Audited(extractParameters = { "0", KEY_GROUP_ID, "1", KEY_RULE_TYPE, "2", KEY_RULE })
+    @Authorized(style = AuthorizedStyle.GroupOnly, level = AuthorizedLevel.Write)
     public Rule updateGroupRuleConfig(String groupId, RuleType ruleType, Rule data) {
         requireParameter("groupId", groupId);
         requireParameter("ruleType", ruleType);
@@ -354,13 +363,16 @@ public Rule updateGroupRuleConfig(String groupId, RuleType ruleType, Rule data)
     }
 
     @Override
+    @Audited(extractParameters = { "0", KEY_GROUP_ID })
+    @Authorized(style = AuthorizedStyle.GroupOnly, level = AuthorizedLevel.Write)
     public void deleteGroupRules(String groupId) {
         requireParameter("groupId", groupId);
 
         storage.deleteGroupRules(new GroupId(groupId).getRawGroupIdWithNull());
     }
 
     @Override
+    @Authorized(style = AuthorizedStyle.GroupOnly, level = AuthorizedLevel.Read)
     public Rule getGroupRuleConfig(String groupId, RuleType ruleType) {
         requireParameter("groupId", groupId);
         requireParameter("ruleType", ruleType);
@@ -374,6 +386,8 @@ public Rule getGroupRuleConfig(String groupId, RuleType ruleType) {
     }
 
     @Override
+    @Audited(extractParameters = { "0", KEY_GROUP_ID, "1", KEY_RULE_TYPE })
+    @Authorized(style = AuthorizedStyle.GroupOnly, level = AuthorizedLevel.Write)
     public void deleteGroupRule(String groupId, RuleType rule) {
         requireParameter("groupId", groupId);
         requireParameter("rule", rule);
@@ -528,6 +542,7 @@ public Response getArtifactVersionContent(String groupId, String artifactId, Str
     }
 
     @Override
+    @Audited(extractParameters = { "0", KEY_GROUP_ID, "1", KEY_ARTIFACT_ID, "2", KEY_VERSION })
     @Authorized(style = AuthorizedStyle.GroupAndArtifact, level = AuthorizedLevel.Write)
     public void updateArtifactVersionContent(String groupId, String artifactId, String versionExpression,
             VersionContent data) {
@@ -574,6 +589,7 @@ public void updateArtifactVersionContent(String groupId, String artifactId, Stri
      *      java.lang.String, java.lang.String)
      */
     @Override
+    @Audited(extractParameters = { "0", KEY_GROUP_ID, "1", KEY_ARTIFACT_ID, "2", KEY_VERSION })
     @Authorized(style = AuthorizedStyle.GroupAndArtifact, level = AuthorizedLevel.Write)
     public void deleteArtifactVersion(String groupId, String artifactId, String version) {
         if (!restConfig.isArtifactVersionDeletionEnabled()) {
@@ -654,7 +670,7 @@ public WrappedVersionState getArtifactVersionState(String groupId, String artifa
 
     @Override
     @Audited(extractParameters = { "0", KEY_GROUP_ID, "1", KEY_ARTIFACT_ID, "2", KEY_VERSION, "3", "dryRun" })
-    @Authorized(style = AuthorizedStyle.GroupAndArtifact, level = AuthorizedLevel.Write)
+    @Authorized(style = AuthorizedStyle.GroupAndArtifact, level = AuthorizedLevel.Write, dryRunParam = 3)
     public void updateArtifactVersionState(String groupId, String artifactId, String versionExpression,
             Boolean dryRun, WrappedVersionState data) {
         requireParameter("groupId", groupId);

app/src/main/java/io/apicurio/registry/rest/v3/IdsResourceImpl.java

@@ -58,8 +58,7 @@ public Response getContentById(long contentId) {
     }
 
     /**
-     * @see io.apicurio.registry.rest.v3.IdsResource#getContentByGlobalId(long,
-     *      io.apicurio.registry.rest.v3.beans.HandleReferencesType)
+     * @see io.apicurio.registry.rest.v3.IdsResource#getContentByGlobalId(long, HandleReferencesType, Boolean)
      */
     @Override
     @Authorized(style = AuthorizedStyle.GlobalId, level = AuthorizedLevel.Read)
@@ -105,6 +104,7 @@ public Response getContentByHash(String contentHash) {
      * @see io.apicurio.registry.rest.v3.IdsResource#referencesByContentHash(java.lang.String)
      */
     @Override
+    @Authorized(style = AuthorizedStyle.None, level = AuthorizedLevel.Read)
     public List<ArtifactReference> referencesByContentHash(String contentHash) {
         return common.getReferencesByContentHash(contentHash);
     }
@@ -113,6 +113,7 @@ public List<ArtifactReference> referencesByContentHash(String contentHash) {
      * @see io.apicurio.registry.rest.v3.IdsResource#referencesByContentId(long)
      */
     @Override
+    @Authorized(style = AuthorizedStyle.None, level = AuthorizedLevel.Read)
     public List<ArtifactReference> referencesByContentId(long contentId) {
         ContentWrapperDto artifact = storage.getContentById(contentId);
         return artifact.getReferences().stream().map(V3ApiUtil::referenceDtoToReference)
@@ -124,6 +125,7 @@ public List<ArtifactReference> referencesByContentId(long contentId) {
      *      io.apicurio.registry.types.ReferenceType)
      */
     @Override
+    @Authorized(style = AuthorizedStyle.GlobalId, level = AuthorizedLevel.Read)
     public List<ArtifactReference> referencesByGlobalId(long globalId, ReferenceType refType) {
         if (refType == ReferenceType.OUTBOUND || refType == null) {
             StoredArtifactVersionDto artifact = storage.getArtifactVersionContent(globalId);