This lists the API for convenience.
Manipulating employee data.
GET /employees/?id=${employeeId}
Response:
{
"id" : 1,
"name" : "Baron Mac Aughley",
"birthday" : "1890-11-22",
"department" : "Board",
"workplace" : {
"id":1,
"country":"Ireland",
"region":"Connacht",
"postalAddress":"Eyre House, Galway",
"minimumSecurityLevel":"LOW"
},
"clearanceLevel":"HIGH",
"salary":1200.0
}
Required roles: ROLE_FULL_ADMIN
POST /employees/
Request Body:
{
"name" : "Mr Bean",
"departmentId" : 1,
"birthday" : "1900-12-15"
"siteId" : 1,
"securityLevel" : 2,
"salary" : 200.00
}
Response: true|false
Required roles: ROLE_FULL_ADMIN
DELETE /employees/?id=${employeeId}
Response: true|false
Required roles: ROLE_FULL_ADMIN,ROLE_FULL_READONLY
GET /employees/all
Response Body:
{
[
{
"id" : 1,
"name" : "Baron Mac Aughley",
"birthday" : "1890-11-22",
"department" : "Board",
"workplace" : {
"id":1,
"country":"Ireland",
"region":"Connacht",
"postalAddress":"Eyre House, Galway",
"minimumSecurityLevel":"LOW"
},
"clearanceLevel":"HIGH",
"salary":1200.0
},
{
"id" : 2,
"name" : "Captain Kelvinator",
"birthday" : "1923-12-22",
"department" : "Marketing",
"workplace" : {
"id":1,
"country":"Null Island",
"region":"Middle of Nowhere",
"postalAddress":"Word of Turscar Marketing LLC",
"minimumSecurityLevel":"HIGH"
},
"clearanceLevel":"HIGH",
"salary":600.00
},
]
}
Required roles: Any. ROLE_FULL_ADMIN,ROLE_FULL_READONLY required to view full details.
GET /employees/projects?id=${employeeId}
Response Body:
{
[
{
"id":0,
"securityLevel":"MEDIUM",
"title":"Spionenkrabben",
"summary":"Attemping to train crabs as spies",
"budget":null,
"sites":null,
"employees":null
}
]
}
Manipulating project data
Required roles: Any. ROLE_FULL_ADMIN, ROLE_FULL_READONLY required to view all details of any project. ROLE_PROJECT_ADMIN may view full details of a project they control
GET /projects?id=1
Response Body:
{
"id": 0,
"securityLevel": "MEDIUM",
"title": "Spionenkrabben",
"summary": "Attemping to train crabs as spies",
"budget": 100000,
"status": "IN_PROGRESS",
"sites": [
{
"id": 1,
"country": "Ireland",
"region": "Connacht",
"postalAddress": "Connacht Trading Company, Delphi, Mweelrea",
"minimumSecurityLevel": "MEDIUM"
}
],
"employees": [
{
"id": 1,
"name": "Baron Mac Aughley",
"birthday": "1890-11-22",
"department": "Board",
"workplace": {
"id": 1,
"country": null,
"region": null,
"postalAddress": null,
"minimumSecurityLevel": null
},
"clearanceLevel": "HIGH",
"salary": 1200,
"currentlyEmployed": true
}
]
}
Required roles: ROLE_FULL_ADMIN,ROLE_FULL_READONLY
GET /projects/all
Response Body:
[
{
"id": 0,
"securityLevel": "MEDIUM",
"title": "Spionenkrabben",
"summary": "Attemping to train crabs as spies",
"budget": 100000,
"status": "IN_PROGRESS",
"sites": null,
"employees": null
},
{
"id": 0,
"securityLevel": "MINIMUM",
"title": "Testing",
"summary": "Test insertion",
"budget": 10,
"status": "REJECTED",
"sites": null,
"employees": null
}
]
Required roles: ROLE_FULL_ADMIN
POST /projects
Request Body:
{
"title": "Testing",
"summary": "Test insertion",
"budget": 10,
"securityLevel" : [1-7]
}
ResponseBody:
{
"success" : false|true,
"newResourceId" : 4,
"responseText" : "New resource added"
}
Required roles: ROLE_FULL_ADMIN,ROLE_PROJECT_ADMIN. Project Admins may only change their own project
POST /projects/status
RequestBody:
{
"projectId" : 2,
"newProjectStatus" : IN_PROGRESS|CANCELLED|REJECTED|COMPLETED
}
ResponseBody:
{
"success" : false
}
Manipulating site details
Required roles: ROLE_FULL_ADMIN, ROLE_FULL_READONLY and ROLE_VIEW_ALL_ADDRESSES required for all details.
GET /sites?id=1
Response Body:
{
"id": 1,
"country": "Ireland",
"region": "Connacht",
"postalAddress": "Connacht Trading Company, Delphi, Mweelrea",
"minimumSecurityLevel": "MEDIUM"
}
Required roles: ROLE_FULL_ADMIN,ROLE_FULL_READONLY
GET /sites/all
Response Body:
[
{
"id": 1,
"country": "Ireland",
"region": "Connacht",
"postalAddress": "Connacht Trading Company, Delphi, Mweelrea",
"minimumSecurityLevel": "MEDIUM"
},
{
"id": 2,
"country": "Middle of Nowhere",
"region": "Null Island",
"postalAddress": "The Buoy",
"minimumSecurityLevel": "MINIMUM"
}
]
Required roles: ROLE_FULL_ADMIN,ROLE_FULL_READONLY
GET /site/count
Response: 2
Required role: ROLE_FULL_ADMIN
POST /projects
Request Body:
{
"country": "Ireland",
"region": "Connacht",
"postalAddress": "Connacht Trading Company, Delphi, Mweelrea",
"minimumSecurityLevel": [0-7]
}
Response on success: 200 OK Response on failure: 500 Internal Server Error
Required role: ROLE_FULL_ADMIN
DELETE /projects?id=1
Response on success: 200 OK
Response on failure: 500 Internal Server Error
Required role: none. Anybody can access this. This exists primarily so I can teach myself how to scan for vulnerabilities. I still have not figured out how to get OWASP ZAP to recognise this.
GET /projects/get/with/weak/query?id=1
Happy path response:
{
"id": 1,
"country": "Ireland",
"region": "Connacht",
"postalAddress": "Connacht Trading Company, Delphi, Mweelrea",
"minimumSecurityLevel": "MEDIUM"
}
Used to add or disable users Required role: ROLE_FULL_ADMIN (all URLs)
POST /users
Request Body:
{
"username" : "mbison",
"password" : "ButForMeItWasTuesday",
"employeeId" : 1,
"role" : "ROLE_VIEW_OWN_DETAILS"
}
Response on success: true (200 OK)
Response on failure: false (200 OK)
DELETE /users/{username}
Response on success: true (200 OK)
Response on failure: false (200 OK)
Used to place or view orders, or add/view items
GET /items/all
Response:
[
{
"id" : 1
"name": "First Aid Kit",
"buyingPrice": 10.5,
"sellingPrice": 12.2,
"weightPerUnit": 1.0,
"consumable": false,
"type": "MEDICAL_EQUIPMENT"
},
{
"id" : 2
"name": "First Aid Kit",
"buyingPrice": 10.5,
"sellingPrice": 12.2,
"weightPerUnit": 1.0,
"consumable": false,
"type": "MEDICAL_EQUIPMENT"
}
]
GET /item?id=1
Response:
{
"id" : 1
"name": "First Aid Kit",
"buyingPrice": 10.5,
"sellingPrice": 12.2,
"weightPerUnit": 1.0,
"consumable": false,
"type": "MEDICAL_EQUIPMENT"
}
GET /item/search?name=First
Response:
[
{
"id" : 1
"name": "First Aid Kit (Large)",
"buyingPrice": 10.5,
"sellingPrice": 12.2,
"weightPerUnit": 1.0,
"consumable": false,
"type": "MEDICAL_EQUIPMENT"
},
{
"id" : 2
"name": "First Aid Kit (Small)",
"buyingPrice": 10.5,
"sellingPrice": 12.2,
"weightPerUnit": 1.0,
"consumable": false,
"type": "MEDICAL_EQUIPMENT"
}
]
POST /item
{
"name" : "Spycrab Steaks",
"buyingPrice" : 1,
"sellingprice" : 2
"weightPerUnit" : 2000,
"consumable" : true,
"type" : FOOD
}
Response on success: 200 OK
The items are a Map of item IDs to quanity
POST /order
{
"siteId" : 1,
"orderDate" : 1235421653,
"orderItems": {
"1" : 2,
"11" : 5
}
}
Response on success: 200 OK
GET /order?id=1
Response on success:
{
"id": 12,
"items": {
"Item{name=First Aid Kit, buyingPrice=10.5, sellingPrice=12.2, weightPerUnit=1.0, consumable=false, type=MEDICAL_EQUIPMENT}": 2
},
"address": {
"id": 0,
"country": "Null Island",
"region": "Middle of Nowhere",
"postalAddress": "Somewhere",
"minimumSecurityLevel": null
},
"orderDate": "2018-04-19",
"orderStatus": "SUBMITTED",
"username": "ajensen451"
}
POST /order/status
{
"newStatus" : "APPROVED"
}
GET /order/user?username=mbison
[{
"id": 11,
"items": null,
"address": {
"id": 1,
"country": "Null Island",
"region": "Middle of Nowhere",
"postalAddress": "Somewhere",
"minimumSecurityLevel": null
},
"orderDate": "2018-04-19",
"orderStatus": "APPROVED",
"username": "mbison"
}, {
"id": 200,
"items": null,
"address": {
"id": 999,
"country": "",
"region": "Ankh-Morpork",
"postalAddress": "The Bucket",
"minimumSecurityLevel": null
},
"orderDate": "2018-04-19",
"orderStatus": "CANCELLED",
"username": "mbison"
}]
GET /order/user/mine
Response on success:
[{
"id": 11,
"items": null,
"address": {
"id": 55,
"country": "United States of North America",
"region": "Detroit, MI",
"postalAddress": "Sarif Industries",
"minimumSecurityLevel": null
},
"orderDate": "2018-04-19",
"orderStatus": "APPROVED",
"username": "ajensen451"
}, {
"id": 201,
"items": null,
"address": {
"id": 999,
"country": "United States of North America",
"region": "New York",
"postalAddress": "Liberty Island",
"minimumSecurityLevel": null
},
"orderDate": "2018-04-19",
"orderStatus": "SUBMITTED",
"username": "ajensen451"
}]
GET /site?siteId=1
Response on success:
{
"Item{name=First Aid Kit, buyingPrice=0.0, sellingPrice=12.2, weightPerUnit=1.0, consumable=false, type=MEDICAL_EQUIPMENT}": 5,
"Item{name=Sewer Beer, buyingPrice=0.0, sellingPrice=54.0, weightPerUnit=10.0, consumable=true, type=ALCOHOL}": 20
}
Used to view audit records. Require ROLE_FULL_ADMIN to access
GET /audit/user/mbison
Response on success:
{
[{
"timestamp": 1526139243353,
"username": "ajensen451",
"previousState": true
}, {
"timestamp": 1526139267150,
"username": "sfisher",
"previousState": false
}]
}
GET /audit/site/1
Response on success:
{
[{
"timestamp": 1527327277675,
"username": "philiprowlands",
"previousCountry": "Ireland",
"previousRegion": "Connacht",
"previousAddress": "Mutton Island, Galway",
"previousSecurityRating": "MINIMUM",
"auditingReason": "creating"
}]
}
GET /audit/project/1
Response on success:
{
[{
"timestamp": 1526203198945,
"username": "philiprowlands",
"previousState": "IN_PROGRESS",
"previousSummary": "Yet another test",
"previousTitle": "Testing",
"previousBudget": 200.0,
"previousSecurityLevel": "MINIMUM"
}, {
"timestamp": 1527102247747,
"username": "philiprowlands",
"previousState": "IN_PROGRESS",
"previousSummary": "Yet another test",
"previousTitle": "Testing",
"previousBudget": 200.0,
"previousSecurityLevel": "MINIMUM"
}]
}
GET /audit/employee/1
Response on success:
{
[{
"timestamp": 1527106649967,
"username": "philiprowlands",
"previousName": null,
"previousBirthday": null,
"previousWorkplace": 0,
"previousSalary": 0.0,
"previousSecurityLevel": "MINIMUM",
"previousState": true
}]
}