#374 - Extend API to save and load cohort and dataselection

- WIP
- move api to v5
- add Dataquery
- remove query template
- add database migration script
- implement CRUD functions for dataquery
- tests must be adapted

.github/scripts/post-elastic-test-queries.sh

@@ -47,7 +47,7 @@ access_token="$(curl -s --request POST \
   --data password=testpassword \
   --data scope=openid | jq '.access_token' | tr -d '"')"
 
-response=$(curl -s -w "%{http_code}" --header "Authorization: Bearer $access_token" -o response_body "http://localhost:8091/api/v4/terminology/entry/search?searchterm=Blutdruck")
+response=$(curl -s -w "%{http_code}" --header "Authorization: Bearer $access_token" -o response_body "http://localhost:8091/api/v5/terminology/entry/search?searchterm=Blutdruck")
 http_code="${response: -3}"
 json_body=$(cat response_body)
 
@@ -63,7 +63,7 @@ else
     exit 1
 fi
 
-response=$(curl -s -w "%{http_code}" --header "Authorization: Bearer $access_token" -o response_body "http://localhost:8091/api/v4/terminology/entry/$onto_example_id")
+response=$(curl -s -w "%{http_code}" --header "Authorization: Bearer $access_token" -o response_body "http://localhost:8091/api/v5/terminology/entry/$onto_example_id")
 http_code="${response: -3}"
 json_body=$(cat response_body)
 
@@ -79,7 +79,7 @@ else
     exit 1
 fi
 
-response=$(curl -s -w "%{http_code}" --header "Authorization: Bearer $access_token" -o response_body "http://localhost:8091/api/v4/codeable-concept/entry/search?searchterm=Vectorcardiogram")
+response=$(curl -s -w "%{http_code}" --header "Authorization: Bearer $access_token" -o response_body "http://localhost:8091/api/v5/codeable-concept/entry/search?searchterm=Vectorcardiogram")
 http_code="${response: -3}"
 json_body=$(cat response_body)
 
@@ -95,7 +95,7 @@ else
     exit 1
 fi
 
-response=$(curl -s -w "%{http_code}" --header "Authorization: Bearer $access_token" -o response_body "http://localhost:8091/api/v4/codeable-concept/entry?ids=$cc_example_id")
+response=$(curl -s -w "%{http_code}" --header "Authorization: Bearer $access_token" -o response_body "http://localhost:8091/api/v5/codeable-concept/entry?ids=$cc_example_id")
 http_code="${response: -3}"
 json_body=$(cat response_body)
 

.github/scripts/post-test-query.sh

@@ -10,7 +10,7 @@ access_token="$(curl -s --request POST \
   --data scope=openid | jq '.access_token' | tr -d '"')"
 
 response=$(curl -s -i \
-  --url http://localhost:8091/api/v4/query \
+  --url http://localhost:8091/api/v5/query \
   --header "Authorization: Bearer $access_token" \
   --header 'Content-Type: application/json' \
   --data '{

CHANGELOG.md

@@ -4,6 +4,13 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
+## [UNRELEASED] - 2025-mm-dd
+
+### Changed
+- REST API changed to v5
+### Removed
+- Query Templates have been removed
+
 ## [6.1.0] - 2025-02-14
 
 - Based on ontology **[v3.1.0](https://github.com/medizininformatik-initiative/fhir-ontology-generator/releases/tag/v3.1.0)**

src/main/java/de/numcodex/feasibility_gui_backend/config/RateLimitingConfig.java

@@ -1,18 +1,14 @@
 package de.numcodex.feasibility_gui_backend.config;
 
-import static de.numcodex.feasibility_gui_backend.config.WebSecurityConfig.PATH_API;
-import static de.numcodex.feasibility_gui_backend.config.WebSecurityConfig.PATH_DETAILED_OBFUSCATED_RESULT;
-import static de.numcodex.feasibility_gui_backend.config.WebSecurityConfig.PATH_QUERY;
-import static de.numcodex.feasibility_gui_backend.config.WebSecurityConfig.PATH_ID_MATCHER;
-import static de.numcodex.feasibility_gui_backend.config.WebSecurityConfig.PATH_SUMMARY_RESULT;
-
 import de.numcodex.feasibility_gui_backend.query.ratelimiting.RateLimitingInterceptor;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
+import static de.numcodex.feasibility_gui_backend.config.WebSecurityConfig.*;
+
 @Component
 public class RateLimitingConfig implements WebMvcConfigurer {
 
@@ -23,7 +19,7 @@ public class RateLimitingConfig implements WebMvcConfigurer {
   @Override
   public void addInterceptors(InterceptorRegistry registry) {
     registry.addInterceptor(interceptor)
-        .addPathPatterns(PATH_API + PATH_QUERY + PATH_ID_MATCHER + PATH_SUMMARY_RESULT)
-        .addPathPatterns(PATH_API + PATH_QUERY + PATH_ID_MATCHER + PATH_DETAILED_OBFUSCATED_RESULT);
+        .addPathPatterns(PATH_API + PATH_QUERY + PATH_FEASIBILITY + PATH_ID_MATCHER + PATH_SUMMARY_RESULT)
+        .addPathPatterns(PATH_API + PATH_QUERY + PATH_FEASIBILITY + PATH_ID_MATCHER + PATH_DETAILED_OBFUSCATED_RESULT);
   }
 }

src/main/java/de/numcodex/feasibility_gui_backend/config/WebSecurityConfig.java

@@ -37,8 +37,10 @@ public class WebSecurityConfig {
   public static final String KEY_SPRING_ADDONS_CONFIDENTIAL = "spring-addons-confidential";
   public static final String KEY_SPRING_ADDONS_PUBLIC = "spring-addons-public";
   public static final String PATH_ACTUATOR_HEALTH = "/actuator/health";
-  public static final String PATH_API = "/api/v4";
+  public static final String PATH_API = "/api/v5";
   public static final String PATH_QUERY = "/query";
+  public static final String PATH_DATA = "/data";
+  public static final String PATH_FEASIBILITY = "/feasibility";
   public static final String PATH_ID_MATCHER = "/{id:\\d+}";
   public static final String PATH_USER_ID_MATCHER = "/by-user/{id:[\\w-]+}";
   public static final String PATH_SAVED = "/saved";
@@ -101,16 +103,16 @@ public SecurityFilterChain apiFilterChain(
       Converter<Jwt, ? extends AbstractAuthenticationToken> authenticationConverter) throws Exception {
 
     http.authorizeHttpRequests(authorize -> authorize
-                    .requestMatchers(new MvcRequestMatcher(introspector, PATH_API + PATH_TERMINOLOGY + "/**")).hasAuthority(keycloakAllowedRole)
-                    .requestMatchers(new MvcRequestMatcher(introspector, PATH_API + PATH_QUERY)).hasAuthority(keycloakAllowedRole)
-                    .requestMatchers(new MvcRequestMatcher(introspector, PATH_API + PATH_QUERY + PATH_USER_ID_MATCHER)).hasAuthority(keycloakAdminRole)
-                    .requestMatchers(new MvcRequestMatcher(introspector, PATH_API + PATH_QUERY + PATH_ID_MATCHER + PATH_SAVED)).hasAuthority(keycloakAllowedRole)
-                    .requestMatchers(new MvcRequestMatcher(introspector, PATH_API + PATH_QUERY + PATH_ID_MATCHER + PATH_DETAILED_RESULT)).hasAuthority(keycloakAdminRole)
-                    .requestMatchers(new MvcRequestMatcher(introspector, PATH_API + PATH_QUERY + PATH_TEMPLATE)).hasAuthority(keycloakAllowedRole)
-                    .requestMatchers(new MvcRequestMatcher(introspector, PATH_API + PATH_QUERY + PATH_TEMPLATE + "/*")).hasAuthority(keycloakAllowedRole)
-                    .requestMatchers(new MvcRequestMatcher(introspector, PATH_API + "/**")).hasAnyAuthority(keycloakAdminRole, keycloakAllowedRole)
-                    .requestMatchers(new MvcRequestMatcher(introspector, PATH_API + PATH_DSE + "/**")).hasAnyAuthority(keycloakAdminRole, keycloakAllowedRole)
-                    .requestMatchers(new MvcRequestMatcher(introspector, PATH_API + PATH_CODEABLE_CONCEPT + "/**")).hasAnyAuthority(keycloakAdminRole, keycloakAllowedRole)
+//                    .requestMatchers(new MvcRequestMatcher(introspector, PATH_API + PATH_TERMINOLOGY + "/**")).hasAuthority(keycloakAllowedRole)
+                    .requestMatchers(new MvcRequestMatcher(introspector, PATH_API + PATH_QUERY + PATH_DATA)).hasAuthority(keycloakAllowedRole)
+                    .requestMatchers(new MvcRequestMatcher(introspector, PATH_API + PATH_QUERY + PATH_DATA + PATH_USER_ID_MATCHER)).hasAuthority(keycloakAdminRole)
+//                    .requestMatchers(new MvcRequestMatcher(introspector, PATH_API + PATH_QUERY + PATH_DATA)).hasAuthority(keycloakAllowedRole)
+//                    .requestMatchers(new MvcRequestMatcher(introspector, PATH_API + PATH_QUERY + PATH_DATA + "/*")).hasAuthority(keycloakAllowedRole)
+//                    .requestMatchers(new MvcRequestMatcher(introspector, PATH_API + PATH_QUERY + PATH_FEASIBILITY)).hasAuthority(keycloakAllowedRole)
+//                    .requestMatchers(new MvcRequestMatcher(introspector, PATH_API + PATH_QUERY + PATH_FEASIBILITY + PATH_ID_MATCHER + PATH_DETAILED_RESULT)).hasAuthority(keycloakAdminRole)
+//                    .requestMatchers(new MvcRequestMatcher(introspector, PATH_API + "/**")).hasAnyAuthority(keycloakAdminRole, keycloakAllowedRole)
+//                    .requestMatchers(new MvcRequestMatcher(introspector, PATH_API + PATH_DSE + "/**")).hasAnyAuthority(keycloakAdminRole, keycloakAllowedRole)
+//                    .requestMatchers(new MvcRequestMatcher(introspector, PATH_API + PATH_CODEABLE_CONCEPT + "/**")).hasAnyAuthority(keycloakAdminRole, keycloakAllowedRole)
                     .requestMatchers(new MvcRequestMatcher(introspector, PATH_ACTUATOR_HEALTH)).anonymous()
                     .requestMatchers(new MvcRequestMatcher(introspector, PATH_SWAGGER_UI)).anonymous()
                     .requestMatchers(new MvcRequestMatcher(introspector, PATH_SWAGGER_CONFIG)).anonymous()

src/main/java/de/numcodex/feasibility_gui_backend/dse/v4/DseRestController.java → src/main/java/de/numcodex/feasibility_gui_backend/dse/v5/DseRestController.java

@@ -1,4 +1,4 @@
-package de.numcodex.feasibility_gui_backend.dse.v4;
+package de.numcodex.feasibility_gui_backend.dse.v5;
 
 import de.numcodex.feasibility_gui_backend.dse.DseService;
 import de.numcodex.feasibility_gui_backend.dse.api.DseProfile;