uhawaii-system-its-ti-iam
diff --git a/‎src/main/java/edu/hawaii/its/api/controller/GroupingsRestController.java
+38-25 b/‎src/main/java/edu/hawaii/its/api/controller/GroupingsRestController.java
+38-25
diff --git a/‎src/main/java/edu/hawaii/its/api/service/HttpRequestService.java
+3 b/‎src/main/java/edu/hawaii/its/api/service/HttpRequestService.java
+3
diff --git a/‎src/main/java/edu/hawaii/its/api/service/HttpRequestServiceImpl.java
+14 b/‎src/main/java/edu/hawaii/its/api/service/HttpRequestServiceImpl.java
+14
diff --git a/‎src/main/java/edu/hawaii/its/groupings/util/JsonUtil.java
+56 b/‎src/main/java/edu/hawaii/its/groupings/util/JsonUtil.java
+56
diff --git a/‎src/main/resources/static/javascript/mainApp/app.service.js
+21 b/‎src/main/resources/static/javascript/mainApp/app.service.js
+21
diff --git a/‎src/main/resources/static/javascript/mainApp/general.controller.js
+18-25 b/‎src/main/resources/static/javascript/mainApp/general.controller.js
+18-25
@@ -1,7 +1,9 @@
 package edu.hawaii.its.api.controller;
 
 import java.security.Principal;
+import java.util.ArrayList;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
 import javax.annotation.PostConstruct;
@@ -89,7 +91,7 @@ public class GroupingsRestController {
 
     // Constructor.
     public GroupingsRestController() {
-        policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
+        policy = Sanitizers.FORMATTING;
     }
 
     /*
@@ -274,63 +276,59 @@ public ResponseEntity<String> optOut(Principal principal, @PathVariable String g
     /**
      * Add a list of usersToAdd to include group of grouping at path.
      */
-    @PostMapping(value = "/{groupingPath}/{usersToAdd}/addMembersToIncludeGroup")
+    @PutMapping(value = "/{groupingPath}/addMembersToIncludeGroup")
     public ResponseEntity<String> addMembersToIncludeGroup(Principal principal,
             @PathVariable String groupingPath,
-            @PathVariable String usersToAdd) {
+            @RequestBody List<String> usersToAdd) {
         logger.info("Entered REST addMembersToIncludeGroup...");
         String safeGroupingPath = policy.sanitize(groupingPath);
-        String safeUsersToAdd = policy.sanitize(usersToAdd);
-        String uri = String.format(API_2_1_BASE + "/groupings/%s/include-members/%s", safeGroupingPath,
-                safeUsersToAdd);
-        return httpRequestService.makeApiRequest(principal.getName(), uri, HttpMethod.PUT);
+        List<String> safeUsersToAdd = sanitizeList(usersToAdd);
+        String uri = String.format(API_2_1_BASE + "/groupings/%s/include-members", safeGroupingPath);
+        return httpRequestService.makeApiRequestWithBody(principal.getName(), uri, safeUsersToAdd, HttpMethod.PUT);
     }
 
     /**
      * Add a list of usersToAdd to exclude group of grouping at path.
      */
-    @PostMapping(value = "/{groupingPath}/{usersToAdd}/addMembersToExcludeGroup")
+    @PutMapping(value = "/{groupingPath}/addMembersToExcludeGroup")
     public ResponseEntity<String> addMembersToExcludeGroup(Principal principal,
             @PathVariable String groupingPath,
-            @PathVariable String usersToAdd) {
+            @RequestBody List<String> usersToAdd) {
         logger.info("Entered REST addMembersToExcludeGroup...");
         String safeGroupingPath = policy.sanitize(groupingPath);
-        String safeUsersToAdd = policy.sanitize(usersToAdd);
-        String uri = String.format(API_2_1_BASE + "/groupings/%s/exclude-members/%s", safeGroupingPath,
-                safeUsersToAdd);
-        return httpRequestService.makeApiRequest(principal.getName(), uri, HttpMethod.PUT);
+        List<String> safeUsersToAdd = sanitizeList(usersToAdd);
+        String uri = String.format(API_2_1_BASE + "/groupings/%s/exclude-members", safeGroupingPath);
+        return httpRequestService.makeApiRequestWithBody(principal.getName(), uri, safeUsersToAdd, HttpMethod.PUT);
     }
 
     /**
      * Remove a list of users from include group of grouping at path.
      */
-    @PostMapping(value = "/{groupingPath}/{usersToDelete}/removeMembersFromIncludeGroup")
+    @PutMapping(value = "/{groupingPath}/removeMembersFromIncludeGroup")
     public ResponseEntity<String> removeMembersFromIncludeGroup(Principal principal,
             @PathVariable String groupingPath,
-            @PathVariable String usersToDelete) {
+            @RequestBody List<String> usersToDelete) {
         logger.info("Entered REST deleteMembersFromIncludeGroup...");
         String safeGroupingPath = policy.sanitize(groupingPath);
-        String safeUserToDelete = policy.sanitize(usersToDelete);
+        List<String> safeUsersToDelete = sanitizeList(usersToDelete);
         String uri =
-                String.format(API_2_1_BASE + "/groupings/%s/include-members/%s", safeGroupingPath,
-                        safeUserToDelete);
-        return httpRequestService.makeApiRequest(principal.getName(), uri, HttpMethod.DELETE);
+                String.format(API_2_1_BASE + "/groupings/%s/include-members", safeGroupingPath);
+        return httpRequestService.makeApiRequestWithBody(principal.getName(), uri, safeUsersToDelete, HttpMethod.DELETE);
     }
 
     /**
      * Remove a list of users from exclude group of grouping at path.
      */
-    @PostMapping(value = "/{groupingPath}/{usersToDelete}/removeMembersFromExcludeGroup")
+    @PutMapping(value = "/{groupingPath}/removeMembersFromExcludeGroup")
     public ResponseEntity<String> removeMembersFromExcludeGroup(Principal principal,
             @PathVariable String groupingPath,
-            @PathVariable String usersToDelete) {
+            @RequestBody List<String> usersToDelete) {
         logger.info("Entered REST deleteMembersFromExcludeGroup...");
         String safeGroupingPath = policy.sanitize(groupingPath);
-        String safeUserToDelete = policy.sanitize(usersToDelete);
+        List<String> safeUsersToDelete = sanitizeList(usersToDelete);
         String uri =
-                String.format(API_2_1_BASE + "/groupings/%s/exclude-members/%s", safeGroupingPath,
-                        safeUserToDelete);
-        return httpRequestService.makeApiRequest(principal.getName(), uri, HttpMethod.DELETE);
+                String.format(API_2_1_BASE + "/groupings/%s/exclude-members", safeGroupingPath);
+        return httpRequestService.makeApiRequestWithBody(principal.getName(), uri, safeUsersToDelete, HttpMethod.DELETE);
     }
 
     /**
@@ -513,6 +511,21 @@ public ResponseEntity<String> allSyncDestinations(Principal principal, @PathVari
     // Helper Methods
     //////////////////////////////////////////////////////////////////////
 
+    public List<String> sanitizeList(List<String> data) {
+        List<String> sanitizedList = new ArrayList<>();
+        String sanitizedString;
+
+        for (int i = 0; i < data.size(); i++) {
+            sanitizedString = policy.sanitize(data.get(i));
+
+            if (!(sanitizedString.isEmpty())) {
+                sanitizedList.add(sanitizedString);
+            }
+        }
+
+        return sanitizedList;
+    }
+
     public Map<String, String> mapGroupingParameters(Integer page, Integer size, String sortString,
             Boolean isAscending) {
         Map<String, String> params = new HashMap<>();
 
@@ -3,6 +3,7 @@
 import org.springframework.http.HttpMethod;
 import org.springframework.http.ResponseEntity;
 
+import java.util.List;
 import java.util.Map;
 
 public interface HttpRequestService {
@@ -11,6 +12,8 @@ public interface HttpRequestService {
 
     ResponseEntity<String> makeApiRequestWithBody(String currentUser, String uri, String data, HttpMethod method);
 
+    ResponseEntity<String> makeApiRequestWithBody(String currentUser, String uri, List<String> data, HttpMethod method);
+
     ResponseEntity<String> makeApiRequestWithParameters(String currentUser, String urlTemplate, Map<String, String> params, HttpMethod method);
 
 }
@@ -11,6 +11,7 @@
 import org.springframework.stereotype.Service;
 import org.springframework.web.client.RestTemplate;
 
+import java.util.List;
 import java.util.Map;
 
 @Service("httpRequestService")
@@ -52,6 +53,19 @@ public ResponseEntity<String> makeApiRequestWithBody(String currentUser, String
         return restTemplate.exchange(uri, method, httpEntity, String.class);
     }
 
+    @Override
+    public ResponseEntity<String> makeApiRequestWithBody(String currentUser, String uri, List<String> data,
+                                                         HttpMethod method) {
+
+        HttpHeaders httpHeaders = new HttpHeaders();
+        httpHeaders.set(CURRENT_USER, currentUser);
+        HttpEntity<List<String>> httpEntity = new HttpEntity<>(data, httpHeaders);
+
+        RestTemplate restTemplate =
+                new RestTemplateBuilder().errorHandler(new RestTemplateResponseErrorHandler()).build();
+        return restTemplate.exchange(uri, method, httpEntity, String.class);
+    }
+
     @Override
     public ResponseEntity<String> makeApiRequestWithParameters(String currentUser, String urlTemplate, Map<String, String> params,
             HttpMethod method) {
 
@@ -0,0 +1,56 @@
+package edu.hawaii.its.groupings.util;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+public class JsonUtil {
+    private static final Log logger = LogFactory.getLog(JsonUtil.class);
+
+    // Private constructor to prevent instantiation.
+    private JsonUtil() {
+        // Empty.
+    }
+
+    public static String asJson(final Object obj) {
+        String result = null;
+        try {
+            result = new ObjectMapper().writeValueAsString(obj);
+        } catch (Exception e) {
+            logger.error("Error: " + e);
+            // Maybe we should throw something?
+        }
+        return result;
+    }
+
+    public static <T> T asObject(final String json, Class<T> type) {
+        T result = null;
+        try {
+            result = new ObjectMapper().readValue(json, type);
+        } catch (Exception e) {
+            logger.error("Error: " + e);
+            // Maybe we should throw something?
+        }
+        return result;
+    }
+
+    public static void printJson(Object obj) {
+        ObjectMapper objectMapper = new ObjectMapper();
+        try {
+            String json = objectMapper.writeValueAsString(obj);
+            System.err.println(json);
+        } catch (Exception e) {
+            logger.error("Error: " + e);
+        }
+    }
+    public static void prettyPrint(Object object) {
+        try {
+            String json = new ObjectMapper()
+                    .writerWithDefaultPrettyPrinter()
+                    .writeValueAsString(object);
+            System.out.println(json);
+        } catch (Exception e) {
+            logger.error("Error: " + e);
+        }
+    }
+}
@@ -97,6 +97,27 @@
                     });
             },
 
+            /**
+             * PUT data to the server, if the response is OK then call the callBack function, if the response is an
+             * error then call the callError function. If the response is not received in n seconds, launch a modal.
+             * @param {string} url - Path to which data is being posted too.
+             * @param {string} data - data to be updated
+             * @param {function} modal - Launch a modal using a call back function.
+             * @param {function} callback - Execute if response returns OK
+             * @param {function} callError - Execute if response returns as an error.
+             */
+            updateDataWithBodyAndTimeoutModal(url, data, callback, callError, modal) {
+                let timeoutID = setTimeout(modal, timeLimit);
+                $http.put(encodeURI(url), data)
+                    .then(function (response) {
+                        clearTimeout(timeoutID);
+                        callback(response.data);
+                    }, function (response) {
+                        clearTimeout(timeoutID);
+                        callError(response);
+                    });
+            },
+
             /**
              * Handle Java exceptions by performing a POST request.
              * @param {object} exceptionData - an object containing the exception (stored as a string)
 
@@ -619,7 +619,7 @@
             } else {
                 let numMembers = ($scope.manageMembers.split(" ").length - 1);
                 if (numMembers > 0) {
-                    let users = $scope.manageMembers.split(/[ ,]+/).join(",");
+                    let users = $scope.parseAddRemoveInputStr($scope.manageMembers);
                     $scope.manageMembers = [];
                     if (numMembers > $scope.maxImport) {
                         $scope.launchDynamicModal(
@@ -699,25 +699,20 @@
 
         $scope.successfulAddHandler = function (res, list, listName) {
             let membersNotInList = [];
-            let arrayOfMembers = list.split(",");
             $scope.waitingForImportResponse = false; /* Small spinner off. */
 
-            let data = res;
-            for (let i = 0; i < res.length; i++) {
-                data[parseInt(i, 10)] = res[parseInt(i, 10)];
-            }
-            for (let i = 0; i < data.length; i++) {
-                let result = data[parseInt(i, 10)].result;
-                let userWasAdded = data[parseInt(i, 10)].userWasAdded;
+            for (let data of res) {
+                let result = data.result;
+                let userWasAdded = data.userWasAdded;
 
-                if ("FAILURE" === result || !userWasAdded) {
-                    membersNotInList.push(arrayOfMembers[i]);
+                if (result === "FAILURE" || !userWasAdded) {
+                    membersNotInList.push(data.name);
                     $scope.membersNotInList = membersNotInList.join(", ");
                 } else {
                     let person = {
-                        "uid": data[parseInt(i, 10)].uid,
-                        "uhUuid": data[parseInt(i, 10)].uhUuid,
-                        "name": data[parseInt(i, 10)].name
+                        "uid": data.uid,
+                        "uhUuid": data.uhUuid,
+                        "name": data.name
                     };
                     $scope.multiAddResults.push(person);
                     $scope.multiAddResultsGeneric.push(person);
@@ -946,7 +941,8 @@
         $scope.updateAddMember = function (userToAdd, list) {
             // only initialize groupingPath if listName is not "admins"
             let groupingPath;
-            const sanitizedUser = $scope.sanitizer([userToAdd]);
+            const sanitizedUser = $scope.sanitizer([userToAdd]).split();
+
             if ($scope.listName !== "admins") {
                 groupingPath = $scope.selectedGrouping.path;
             }
@@ -1314,13 +1310,13 @@
         };
 
         /**
-         *  Replace commas and spaces in str with commas.
+         *  Divides a string into an array where commas and spaces are present.
          */
         $scope.parseAddRemoveInputStr = function (str) {
             if (!_.isString(str)) {
                 return "";
             }
-            return str.split(/[ ,]+/).join(",");
+            return str.split(/[ ,]+/);
         };
 
         /**
@@ -1361,9 +1357,8 @@
                 default:
                     break;
             }
-            let arrayOfMembers = members.split(",");
             let membersNotInList = [];
-            for (let member of arrayOfMembers) {
+            for (let member of members) {
                 let currentMember = returnMemberObjectFromUserIdentifier(member, listToSearch);
                 if (_.isUndefined(currentMember)) {
                     membersNotInList.push(member);
@@ -1451,14 +1446,12 @@
                 $scope.listName = listName;
                 $scope.currentPage = currentPage;
                 let membersToRemove = $scope.parseAddRemoveInputStr($scope.membersToModify);
-                let numMembersToRemove = membersToRemove.split(",").length;
                 $scope.membersToModify = [];
-                if (numMembersToRemove > 1) {
-                    membersToRemove = $scope.parseAddRemoveInputStr(membersToRemove);
+                if (membersToRemove.length > 1) {
                     removeMembers(membersToRemove, listName);
                 } else {
-                    $scope.userInput = membersToRemove;
-                    $scope.memberToRemove = returnMemberObjectFromUserIdentifier(membersToRemove, currentPage);
+                    $scope.userInput = membersToRemove[0];
+                    $scope.memberToRemove = returnMemberObjectFromUserIdentifier(membersToRemove[0], currentPage);
                     if (listName === "owners" && $scope.groupingOwners.length === 1) {
                         const userType = "owner";
                         $scope.createRemoveErrorModal(userType);
@@ -1626,7 +1619,7 @@
                 $scope.removeInputError = true;
             } else {
                 const userToRemove = options.user.uhUuid;
-                const sanitizedUserToRemove = $scope.sanitizer([userToRemove]);
+                const sanitizedUserToRemove = $scope.sanitizer([userToRemove]).split();
                 $scope.userToRemove = options.user;
                 $scope.listName = options.listName;