[NAE-2213] Delete global role

[renczesstefan]

Description

Added new controller method and service methods to remove global roles.

Implements NAE-2213

Dependencies

No new dependencies were introduced.

Third party dependencies

No new dependencies were introduced.

Blocking Pull requests

There are no dependencies on other PR.

How Has Been This Tested?

This was tested manually and with unit tests.

Test Configuration

Name	Tested on
OS	macOS Tahoe 26.0
Runtime	Java 21
Dependency Manager	Maven 3.9.9n
Framework version	Spring Boot 3.4.4
Run parameters
Other configuration

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• My changes have been checked, personally or remotely, with @Retoocs
• I have commented my code, particularly in hard-to-understand areas
• I have resolved all conflicts with the target branch of the PR
• I have updated and synced my code with the target branch
• I have added tests that prove my fix is effective or that my feature works
• New and existing tests pass locally with my changes:
  • Lint test
  • Unit tests
  • Integration tests
• I have checked my contribution with code analysis tools:
  • SonarCloud
  • Snyk
• I have made corresponding changes to the documentation:
  • Developer documentation
  • User Guides
  • Migration Guides

Summary by CodeRabbit

• New Features

  • DELETE /api/roles/{id} endpoint to remove global roles.
  • Paginated listing of processes filtered by role.
  • Service API method to delete global roles.

• Bug Fixes / Improvements

  • Role deletion now cascades across realms, users, processes, cases, and tasks.
  • More specific role-related error responses and validation.

• Chores

  • Service wiring updated to support role-based operations.
  • Search/filter model extended to include roles.

• Other

  • External XML schema reference updated.

[coderabbitai]

Walkthrough

Adds cascade deletion for global roles with a new DELETE /api/roles/{id} endpoint; adds PetriNet role-based query/service method; wires workflow/task services into ProcessRoleService; introduces role exceptions; alters Importer.initRole to skip explicit _id initialization for global roles; updates XSD include URL.

Changes

Cohort / File(s)	Summary of changes
Global role deletion controller application-engine/src/main/java/com/netgrif/application/engine/petrinet/web/ProcessRoleController.java	New REST controller exposing DELETE /api/roles/{id} that retrieves the logged user and delegates to service; maps exceptions to HTTP responses.
ProcessRoleService (engine) — behavior & wiring application-engine/src/main/java/com/netgrif/application/engine/petrinet/service/ProcessRoleService.java	Constructor now injects @Lazy IWorkflowService and @Lazy ITaskService; adds deleteGlobalRole(String, LoggedUser) and helper methods to cascade-remove a global role from realms, users, PetriNets, cases, and tasks; exposes getters for repo and services; context-refresh comparison changed to use loggedUser.getStringId().
ProcessRoleService (adapter API) nae-spring-core-adapter/src/main/java/com/netgrif/application/engine/adapter/spring/petrinet/service/ProcessRoleService.java	Adapter/service API added void deleteGlobalRole(String roleId, LoggedUser loggedUser).
Role-related exceptions nae-spring-core-adapter/src/main/java/com/netgrif/application/engine/adapter/spring/petrinet/domain/roles/RoleNotFoundException.java, nae-spring-core-adapter/src/main/java/com/netgrif/application/engine/adapter/spring/petrinet/domain/roles/RoleNotGlobalException.java, nae-spring-core-adapter/src/main/java/com/netgrif/application/engine/adapter/spring/petrinet/domain/roles/RoleReferencedException.java	Added RoleNotFoundException, RoleNotGlobalException, and RoleReferencedException runtime exceptions with single-string-message constructors.
PetriNet role-based query & service API application-engine/src/main/java/com/netgrif/application/engine/petrinet/domain/repositories/PetriNetRepository.java, application-engine/src/main/java/com/netgrif/application/engine/petrinet/service/PetriNetService.java, application-engine/src/main/java/com/netgrif/application/engine/petrinet/service/interfaces/IPetriNetService.java, nae-object-library/src/main/java/com/netgrif/application/engine/objects/petrinet/domain/PetriNetSearch.java	Repository: added @Query("{ 'roles.?0' : { $exists: true } }") Page<PetriNet> findAllByRoleId(String roleId, Pageable pageable). Service & interface: added findAllByRoleId(String roleId, Pageable pageable) delegating to repo and initializing arcs. Added roles field to PetriNetSearch.
Bean configuration wiring application-engine/src/main/java/com/netgrif/application/engine/petrinet/config/ProcessBeansConfiguration.java	processRoleService bean signature updated to accept @Lazy IWorkflowService workflowService and @Lazy ITaskService taskService and passes them into the ProcessRoleService constructor.
Importer role initialization change application-engine/src/main/java/com/netgrif/application/engine/importer/service/Importer.java	In initRole, when a role is global the code no longer initializes the role's _id with a new ProcessResourceId(ObjectId); the non-global branch still sets _id using ObjectId based on net stringId.
Schema include update nae-object-library/src/main/resources/petriflow_schema.xsd	Updated xs:include schemaLocation URL to https://petriflow.org/petriflow.schema.xsd and added trailing newline.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Client
  participant Controller as ProcessRoleController
  participant PRS as ProcessRoleService
  participant PRRepo as ProcessRoleRepository
  participant Realm as RealmService
  participant UserSvc as UserService
  participant PNService as PetriNetService
  participant PNRepo as PetriNetRepository
  participant WF as IWorkflowService
  participant TS as ITaskService

  Client->>Controller: DELETE /api/roles/{id}
  Controller->>PRS: deleteGlobalRole(id, loggedUser)
  PRS->>PRRepo: findById(id)
  alt role not found
    PRS-->>Controller: throw RoleNotFoundException
    Controller-->>Client: 404
  else role exists but not global
    PRS-->>Controller: throw RoleNotGlobalException
    Controller-->>Client: 409
  else global role
    PRS->>Realm: iterate realms
    loop per realm
      PRS->>UserSvc: list users with role
      loop per user
        PRS->>UserSvc: remove role, save user
      end
    end
    PRS->>PNService: findAllByRoleId(id, pageable)
    PNService->>PNRepo: query roles.?0 exists
    PNRepo-->>PNService: Page<PetriNet>
    loop per PetriNet
      PRS->>PNService: remove role from net & transitions, save net
      PRS->>WF: find cases by petriNet
      loop per case
        PRS->>WF: remove role from case collections, save case
        PRS->>TS: remove role from tasks, save tasks
      end
    end
    PRS->>PRRepo: delete(role)
    PRS-->>Controller: success
    Controller-->>Client: 200
  end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• [NAE-2194] Global role creation fix #355 — Overlaps changes to Importer.initRole and role ID assignment.
• [NAE-2126] Admin - Assign & Manage Roles #325 — Also modifies Importer.initRole behavior for global vs non-global roles.
• [NAE-2122] Implement Structured and Efficient Pagination in gRPC #323 — Related wiring/constructor changes for ProcessRoleService and service integration.

Pre-merge checks

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title “NAE-2213 Delete global role” clearly references the associated ticket and concisely summarizes the primary change—adding support for deleting global roles—without extraneous details or ambiguity.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 12

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

application-engine/src/main/java/com/netgrif/application/engine/petrinet/service/ProcessRoleService.java (2)

49-63: Limit surface area: avoid exposing repositories/services via getters unless required.

@Getter on internal deps widens API unnecessarily; reduce to package-private or remove if only used internally/tests.

---

160-166: Replace LoggedUser#getId() equality checks with getStringId()

ProcessRoleService change is correct — ripgrep shows remaining LoggedUser#getId() comparisons that must be updated to avoid internal/external ID mismatches:

• application-engine/src/main/java/com/netgrif/application/engine/security/service/SecurityContextService.java:112 — ((LoggedUser) ...).getId().equals(loggedUser.getId()) → use getStringId() on both sides.
• application-engine/src/main/java/com/netgrif/application/engine/auth/web/UserController.java:161 — Objects.equals(loggedUser.getId(), userId) → use loggedUser.getStringId().

Optional: consider updating logging/message uses for consistency:

• application-engine/src/main/java/com/netgrif/application/engine/auth/web/AuthenticationController.java:136
• application-engine/src/main/java/com/netgrif/application/engine/elastic/service/ElasticCaseService.java:138
• application-engine/src/main/java/com/netgrif/application/engine/elastic/service/ElasticPetriNetService.java:114

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1364bc7 and daad4ce.

📒 Files selected for processing (10)

• application-engine/src/main/java/com/netgrif/application/engine/importer/service/Importer.java (0 hunks)
• application-engine/src/main/java/com/netgrif/application/engine/petrinet/config/ProcessBeansConfiguration.java (3 hunks)
• application-engine/src/main/java/com/netgrif/application/engine/petrinet/domain/repositories/PetriNetRepository.java (2 hunks)
• application-engine/src/main/java/com/netgrif/application/engine/petrinet/service/PetriNetService.java (1 hunks)
• application-engine/src/main/java/com/netgrif/application/engine/petrinet/service/ProcessRoleService.java (9 hunks)
• application-engine/src/main/java/com/netgrif/application/engine/petrinet/service/interfaces/IPetriNetService.java (1 hunks)
• application-engine/src/main/java/com/netgrif/application/engine/petrinet/web/ProcessRoleController.java (1 hunks)
• nae-spring-core-adapter/src/main/java/com/netgrif/application/engine/adapter/spring/petrinet/domain/roles/RoleNotFoundException.java (1 hunks)
• nae-spring-core-adapter/src/main/java/com/netgrif/application/engine/adapter/spring/petrinet/domain/roles/RoleNotGlobalException.java (1 hunks)
• nae-spring-core-adapter/src/main/java/com/netgrif/application/engine/adapter/spring/petrinet/service/ProcessRoleService.java (1 hunks)

💤 Files with no reviewable changes (1)

• application-engine/src/main/java/com/netgrif/application/engine/importer/service/Importer.java

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-07-29T17:19:18.300Z

Learnt from: tuplle
PR: netgrif/application-engine#331
File: application-engine/src/main/java/com/netgrif/application/engine/elastic/service/ElasticPetriNetService.java:45-46
Timestamp: 2025-07-29T17:19:18.300Z
Learning: In ElasticPetriNetService class, petriNetService is properly initialized using Lazy setter injection rather than constructor injection. This pattern with Lazy Autowired setter methods is commonly used in Spring to resolve circular dependencies and is a valid alternative to constructor injection.

Applied to files:

• application-engine/src/main/java/com/netgrif/application/engine/petrinet/config/ProcessBeansConfiguration.java

🧬 Code graph analysis (2)

application-engine/src/main/java/com/netgrif/application/engine/petrinet/web/ProcessRoleController.java (3)

nae-spring-core-adapter/src/main/java/com/netgrif/application/engine/adapter/spring/petrinet/domain/roles/RoleNotFoundException.java (1)

• RoleNotFoundException (3-7)

nae-spring-core-adapter/src/main/java/com/netgrif/application/engine/adapter/spring/petrinet/domain/roles/RoleNotGlobalException.java (1)

• RoleNotGlobalException (3-7)

application-engine/src/main/java/com/netgrif/application/engine/petrinet/service/ProcessRoleService.java (1)

• ProcessRoleService (44-558)

application-engine/src/main/java/com/netgrif/application/engine/petrinet/service/ProcessRoleService.java (1)

nae-spring-core-adapter/src/main/java/com/netgrif/application/engine/adapter/spring/petrinet/domain/roles/RoleNotGlobalException.java (1)

• RoleNotGlobalException (3-7)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: Build

🔇 Additional comments (6)

application-engine/src/main/java/com/netgrif/application/engine/petrinet/service/interfaces/IPetriNetService.java (1)

349-356: API addition LGTM; ensure consistent behavior with other getters

Method is fine. Align behavior with other list fetchers (e.g., initializeArcs per item) in the concrete service to avoid surprises.

nae-spring-core-adapter/src/main/java/com/netgrif/application/engine/adapter/spring/petrinet/service/ProcessRoleService.java (1)

40-40: Deletion should be authorized, idempotent, and transactionally bounded

Ensure the implementation:

• checks caller privileges (admin/global-role manager),
• is idempotent (no error on repeated deletes),
• uses @transactional where applicable for repository ops, with safe pagination for long runs.

Would you like a quick scan script to verify the implementation throws RoleNotGlobalException/RoleNotFoundException and is annotated with @transactional?

application-engine/src/main/java/com/netgrif/application/engine/petrinet/config/ProcessBeansConfiguration.java (1)

36-53: Constructor matches bean wiring; @lazy present — verify runtime circulars

• application-engine/src/main/java/com/netgrif/application/engine/petrinet/service/ProcessRoleService.java: constructor (lines ~68–76) matches the bean parameters and includes @lazy on the relevant dependencies.
• deleteGlobalRole(String, LoggedUser) is implemented (starts ~line 463).
• Verify no circular runtime dependency by searching for reciprocal references to ProcessRoleService (e.g. run rg -n 'ProcessRoleService') and ensure none of the injected beans (UserService, IPetriNetService, GroupService, RealmService, PaginationProperties, IWorkflowService, ITaskService) inject ProcessRoleService; if any do, keep @lazy or refactor.

application-engine/src/main/java/com/netgrif/application/engine/petrinet/service/ProcessRoleService.java (3)

528-536: Avoid unpaged task traversal — use paging or batched updates.

findAllByCase(caseId) may load all Task entities for a case and cause OOM/slow writes.

• If possible, add Page findAllByCase(String caseId, Pageable p) and iterate page-by-page, updating/saving per page.
• Otherwise, stream only task IDs and perform batched read/update/save (e.g., batches of 100–1000) to reduce memory and write amplification.

Location: application-engine/src/main/java/com/netgrif/application/engine/petrinet/service/ProcessRoleService.java:528-536. Automated repo search produced no matches for TaskService paging methods (script returned no output); verify whether TaskService exposes a paged API or implement batching.

---

495-511: Process cascade looks correct; verify all net-level role holders are covered.

You remove role IDs from transitions and the net.roles map. Automated repo search produced no results (couldn't locate source files), so I couldn't confirm other net-scoped collections — manually verify PetriNet, Transition, and any View/NegativeView/Permission/ACL/UI role-holder collections for roleId references and update/remove them as needed.

---

72-85: Constructor wiring: OK; confirm @lazy is necessary and doesn’t mask circular deps.

If cycles persist, prefer breaking them with clearer boundaries over @Lazy.

[coderabbitai]

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

application-engine/src/main/java/com/netgrif/application/engine/petrinet/service/ProcessRoleService.java (1)

31-65: Avoid exposing internal service dependencies via public getters.

@getterS on repositories/services widen surface area and couple tests/callers to internals. Prefer package-private fields or targeted accessor methods only where truly needed.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between daad4ce and 56a0b3a.

📒 Files selected for processing (4)

• application-engine/src/main/java/com/netgrif/application/engine/petrinet/service/PetriNetService.java (1 hunks)
• application-engine/src/main/java/com/netgrif/application/engine/petrinet/service/ProcessRoleService.java (9 hunks)
• application-engine/src/main/java/com/netgrif/application/engine/petrinet/web/ProcessRoleController.java (1 hunks)
• nae-object-library/src/main/resources/petriflow_schema.xsd (1 hunks)

🧰 Additional context used

🧠 Learnings (2)

📚 Learning: 2025-09-29T10:31:57.307Z

Learnt from: renczesstefan
PR: netgrif/application-engine#362
File: application-engine/src/main/java/com/netgrif/application/engine/petrinet/service/ProcessRoleService.java:513-529
Timestamp: 2025-09-29T10:31:57.307Z
Learning: PetriNet.getStringId() returns a simple ObjectId string representation (_id.toString()), not a composite Netgrif ID format, so new ObjectId(petriNetId) works correctly when petriNetId comes from PetriNet.getStringId().

Applied to files:

• application-engine/src/main/java/com/netgrif/application/engine/petrinet/service/ProcessRoleService.java

📚 Learning: 2025-09-29T10:31:31.458Z

Learnt from: renczesstefan
PR: netgrif/application-engine#362
File: application-engine/src/main/java/com/netgrif/application/engine/petrinet/web/ProcessRoleController.java:43-45
Timestamp: 2025-09-29T10:31:31.458Z
Learning: In the Netgrif application engine, when Authentication objects reach controller endpoints, auth.getPrincipal() always returns a LoggedUser instance and is never null, so defensive casting checks are not necessary in controller methods.

Applied to files:

• application-engine/src/main/java/com/netgrif/application/engine/petrinet/web/ProcessRoleController.java

🧬 Code graph analysis (2)

application-engine/src/main/java/com/netgrif/application/engine/petrinet/service/ProcessRoleService.java (3)

nae-spring-core-adapter/src/main/java/com/netgrif/application/engine/adapter/spring/petrinet/domain/roles/RoleNotFoundException.java (1)

• RoleNotFoundException (3-7)

nae-spring-core-adapter/src/main/java/com/netgrif/application/engine/adapter/spring/petrinet/domain/roles/RoleNotGlobalException.java (1)

• RoleNotGlobalException (3-7)

nae-object-library/src/main/java/com/netgrif/application/engine/objects/auth/domain/AbstractActor.java (1)

• Getter (21-311)

application-engine/src/main/java/com/netgrif/application/engine/petrinet/web/ProcessRoleController.java (3)

nae-spring-core-adapter/src/main/java/com/netgrif/application/engine/adapter/spring/petrinet/domain/roles/RoleNotFoundException.java (1)

• RoleNotFoundException (3-7)

nae-spring-core-adapter/src/main/java/com/netgrif/application/engine/adapter/spring/petrinet/domain/roles/RoleNotGlobalException.java (1)

• RoleNotGlobalException (3-7)

application-engine/src/main/java/com/netgrif/application/engine/petrinet/service/ProcessRoleService.java (1)

• ProcessRoleService (45-560)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build

🔇 Additional comments (8)

application-engine/src/main/java/com/netgrif/application/engine/petrinet/service/PetriNetService.java (1)

333-336: Arc initialization stays consistent

Thanks for keeping the new role-based finder aligned with the service invariant—initializing arcs before returning the page matches the other accessors and avoids surprises downstream.

application-engine/src/main/java/com/netgrif/application/engine/petrinet/web/ProcessRoleController.java (2)

32-34: Verify security expression aligns with your authority model.

Confirm @authorizationService.hasAuthority('ADMIN') matches your standard (e.g., role prefixing, case), and that authorizationService is exposed as a SpEL bean.

---

41-52: Fix content-type and map exceptions to proper HTTP statuses (JSON response).

Currently returns a plain String with produces=application/json and collapses errors to 400. Return JSON and map:

• RoleNotFoundException → 404
• RoleNotGlobalException → 409
• IllegalArgumentException → 400
  Also log client errors at WARN.

Apply within this method:

-    @DeleteMapping(value = "/{id}",produces = MediaType.APPLICATION_JSON_VALUE)
-    public ResponseEntity<String> deleteGlobalRole(@PathVariable("id") String id, Authentication auth) {
+    @DeleteMapping(value = "/{id}", produces = MediaType.APPLICATION_JSON_VALUE)
+    public ResponseEntity<java.util.Map<String, String>> deleteGlobalRole(@PathVariable("id") String id, Authentication auth) {
         try {
             LoggedUser user = (LoggedUser) auth.getPrincipal();
             processRoleService.deleteGlobalRole(id, user);
-        } catch (RoleNotGlobalException | RoleNotFoundException | IllegalArgumentException e) {
-            String message = "Error when deleting global role [%s]".formatted(id);
-            log.error(message, e);
-            return ResponseEntity.badRequest().body(e.getMessage());
+        } catch (RoleNotFoundException e) {
+            log.warn("Global role [{}] not found", id, e);
+            return ResponseEntity.status(404).body(java.util.Map.of("message", e.getMessage()));
+        } catch (RoleNotGlobalException e) {
+            log.warn("Role [{}] is not global", id, e);
+            return ResponseEntity.status(409).body(java.util.Map.of("message", e.getMessage()));
+        } catch (IllegalArgumentException e) {
+            log.warn("Invalid role id [{}]", id, e);
+            return ResponseEntity.badRequest().body(java.util.Map.of("message", e.getMessage()));
         }
-        return ResponseEntity.ok("Global role was deleted successfully");
+        return ResponseEntity.ok(java.util.Map.of("message", "Global role was deleted successfully"));
     }

Add/update OpenAPI responses to reflect 404/409 and JSON bodies:

-    @ApiResponses(value = {
-            @ApiResponse(responseCode = "200", description = "Global role was deleted successfully"),
-            @ApiResponse(responseCode = "400", description = "Invalid role id"),
-            @ApiResponse(responseCode = "403", description = "Caller doesn't fulfill the authorisation requirements"),
-            @ApiResponse(responseCode = "500", description = "Internal server error")
-    })
+    @ApiResponses(value = {
+            @ApiResponse(responseCode = "200", description = "Global role was deleted successfully"),
+            @ApiResponse(responseCode = "400", description = "Invalid role id"),
+            @ApiResponse(responseCode = "403", description = "Caller doesn't fulfill the authorisation requirements"),
+            @ApiResponse(responseCode = "404", description = "Role not found"),
+            @ApiResponse(responseCode = "409", description = "Role exists but is not global"),
+            @ApiResponse(responseCode = "500", description = "Internal server error")
+    })

And ensure imports (outside this hunk):

import org.springframework.http.HttpStatus; // if you choose to use status constants
import java.util.Map;

application-engine/src/main/java/com/netgrif/application/engine/petrinet/service/ProcessRoleService.java (4)

163-168: LGTM: correct context refresh check.

Comparing userId to loggedUser.getStringId() prevents unnecessary context reloads.

---

498-511: Net updates OK; verify map key type.

Removing from petriNet.getRoles() by role string ID assumes the map is keyed by role string IDs. If keyed differently (e.g., importId), adjust the removal.

---

513-529: LGTM: paging advanced; ObjectId conversion is valid for PetriNet IDs.

Loop advances pageable and uses new ObjectId(petriNetId), which matches PetriNet.getStringId() format. Based on learnings.

---

539-549: LGTM: preserves unrelated roles while removing only the target.

The filter now excludes just the deleted role and reassigns the remainder correctly.

nae-object-library/src/main/resources/petriflow_schema.xsd (1)

6-6: Include is correct—no changes needed
Verified that the remote schema’s <xs:schema> root has no targetNamespace, so xs:include is appropriate.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 56a0b3a and 375590e.

📒 Files selected for processing (1)

• application-engine/src/main/java/com/netgrif/application/engine/petrinet/web/ProcessRoleController.java (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-09-29T10:31:31.458Z

Learnt from: renczesstefan
PR: netgrif/application-engine#362
File: application-engine/src/main/java/com/netgrif/application/engine/petrinet/web/ProcessRoleController.java:43-45
Timestamp: 2025-09-29T10:31:31.458Z
Learning: In the Netgrif application engine, when Authentication objects reach controller endpoints, auth.getPrincipal() always returns a LoggedUser instance and is never null, so defensive casting checks are not necessary in controller methods.

Applied to files:

• application-engine/src/main/java/com/netgrif/application/engine/petrinet/web/ProcessRoleController.java

🧬 Code graph analysis (1)

application-engine/src/main/java/com/netgrif/application/engine/petrinet/web/ProcessRoleController.java (3)

nae-spring-core-adapter/src/main/java/com/netgrif/application/engine/adapter/spring/petrinet/domain/roles/RoleNotFoundException.java (1)

• RoleNotFoundException (3-7)

nae-spring-core-adapter/src/main/java/com/netgrif/application/engine/adapter/spring/petrinet/domain/roles/RoleNotGlobalException.java (1)

• RoleNotGlobalException (3-7)

application-engine/src/main/java/com/netgrif/application/engine/petrinet/service/ProcessRoleService.java (1)

• ProcessRoleService (45-560)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)

• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 375590e and 279c662.

📒 Files selected for processing (1)

• application-engine/src/main/java/com/netgrif/application/engine/petrinet/web/ProcessRoleController.java (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-09-29T10:31:31.469Z

Learnt from: renczesstefan
PR: netgrif/application-engine#362
File: application-engine/src/main/java/com/netgrif/application/engine/petrinet/web/ProcessRoleController.java:43-45
Timestamp: 2025-09-29T10:31:31.469Z
Learning: In the Netgrif application engine, when Authentication objects reach controller endpoints, auth.getPrincipal() always returns a LoggedUser instance and is never null, so defensive casting checks are not necessary in controller methods.

Applied to files:

• application-engine/src/main/java/com/netgrif/application/engine/petrinet/web/ProcessRoleController.java

🧬 Code graph analysis (1)

application-engine/src/main/java/com/netgrif/application/engine/petrinet/web/ProcessRoleController.java (4)

nae-spring-core-adapter/src/main/java/com/netgrif/application/engine/adapter/spring/common/web/responsebodies/ResponseMessage.java (1)

• ResponseMessage (4-60)

nae-spring-core-adapter/src/main/java/com/netgrif/application/engine/adapter/spring/petrinet/domain/roles/RoleNotFoundException.java (1)

• RoleNotFoundException (3-7)

nae-spring-core-adapter/src/main/java/com/netgrif/application/engine/adapter/spring/petrinet/domain/roles/RoleNotGlobalException.java (1)

• RoleNotGlobalException (3-7)

application-engine/src/main/java/com/netgrif/application/engine/petrinet/service/ProcessRoleService.java (1)

• ProcessRoleService (45-560)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (14)

• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed

🔇 Additional comments (3)

application-engine/src/main/java/com/netgrif/application/engine/petrinet/web/ProcessRoleController.java (3)

1-34: LGTM! Controller structure and dependencies are well-organized.

The imports, class annotations, and dependency injection are correctly configured. The use of Lombok annotations reduces boilerplate, and the REST controller is properly mapped to /api/roles.

---

36-47: LGTM! Authorization and API documentation are comprehensive.

The endpoint is properly secured with @PreAuthorize restricting access to ADMIN authority, and the OpenAPI annotations thoroughly document all possible response codes (200, 400, 403, 404, 409, 500) with clear descriptions and parameter documentation.

---

48-65: LGTM! Exception handling correctly maps to HTTP status codes.

The try-catch structure properly handles all exceptions thrown by the service layer:

• RoleNotFoundException → 404 Not Found
• RoleNotGlobalException → 409 Conflict
• IllegalArgumentException → 400 Bad Request

All error paths use ResponseMessage.createErrorMessage() correctly and log appropriately.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 279c662 and e771098.

📒 Files selected for processing (1)

• nae-object-library/src/main/java/com/netgrif/application/engine/objects/petrinet/domain/PetriNetSearch.java (1 hunks)

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e846526 and 894f208.

📒 Files selected for processing (2)

• application-engine/src/main/java/com/netgrif/application/engine/petrinet/web/ProcessRoleController.java (1 hunks)
• nae-object-library/src/main/resources/petriflow_schema.xsd (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-09-29T10:31:31.469Z

Learnt from: renczesstefan
PR: netgrif/application-engine#362
File: application-engine/src/main/java/com/netgrif/application/engine/petrinet/web/ProcessRoleController.java:43-45
Timestamp: 2025-09-29T10:31:31.469Z
Learning: In the Netgrif application engine, when Authentication objects reach controller endpoints, auth.getPrincipal() always returns a LoggedUser instance and is never null, so defensive casting checks are not necessary in controller methods.

Applied to files:

• application-engine/src/main/java/com/netgrif/application/engine/petrinet/web/ProcessRoleController.java

🧬 Code graph analysis (1)

application-engine/src/main/java/com/netgrif/application/engine/petrinet/web/ProcessRoleController.java (5)

nae-spring-core-adapter/src/main/java/com/netgrif/application/engine/adapter/spring/common/web/responsebodies/ResponseMessage.java (1)

• ResponseMessage (4-60)

nae-spring-core-adapter/src/main/java/com/netgrif/application/engine/adapter/spring/petrinet/domain/roles/RoleNotFoundException.java (1)

• RoleNotFoundException (3-7)

nae-spring-core-adapter/src/main/java/com/netgrif/application/engine/adapter/spring/petrinet/domain/roles/RoleNotGlobalException.java (1)

• RoleNotGlobalException (3-7)

nae-spring-core-adapter/src/main/java/com/netgrif/application/engine/adapter/spring/petrinet/domain/roles/RoleReferencedException.java (1)

• RoleReferencedException (3-7)

application-engine/src/main/java/com/netgrif/application/engine/petrinet/service/ProcessRoleService.java (1)

• ProcessRoleService (46-528)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed
• GitHub Check: Build
• GitHub Check: task-list-completed
• GitHub Check: task-list-completed

🔇 Additional comments (3)

application-engine/src/main/java/com/netgrif/application/engine/petrinet/web/ProcessRoleController.java (3)

28-35: LGTM!

Class structure, annotations, and dependency injection setup are correct and follow Spring best practices.

---

37-48: LGTM!

Authorization guard, OpenAPI documentation, and API response codes are comprehensive and correctly specified. All previous review feedback has been addressed.

---

49-72: LGTM!

Exception handling correctly maps to appropriate HTTP status codes (404 for not found, 409 for conflict, 400 for invalid requests), and the success response properly uses createSuccessMessage(). All responses return JSON via ResponseMessage, maintaining content-type consistency.