added deletion functionality to UI

openid-connect-server-webapp/src/main/webapp/resources/js/locale/en/messages.json

@@ -344,6 +344,8 @@
     	"edit-policy": "Edit Policy",
     	"required-claims": "Required Claims",
     	"policy-table": {
+    		"confirm": "Are you sure you want to delete this resource set?",
+    		"delete": "Delete",
     		"edit": "Edit Policies",
     		"email-address": "email address",
     		"required-claims": "Users that you share this resource will with need to be able to present the following claims in order to access the resource.",

openid-connect-server-webapp/src/main/webapp/resources/js/policy.js

@@ -160,6 +160,7 @@ var ResourceSetView = Backbone.View.extend({
 
 	events:{
 		'click .btn-edit': 'editPolicies',
+		'click .btn-delete': 'deleteResourceSet',
 		'click .toggleMoreInformation': 'toggleMoreInformation'
 	},
 	
@@ -168,6 +169,46 @@ var ResourceSetView = Backbone.View.extend({
 		app.navigate('user/policy/' + this.model.get('id'), {trigger: true});
 	},
 	
+	deleteResourceSet:function(e) {
+    	e.preventDefault();
+
+        if (confirm($.t('policy.policy-table.confirm'))) {
+            var _self = this;
+
+            this.model.destroy({
+                success:function () {
+                    _self.$el.fadeTo("fast", 0.00, function () { //fade
+                        $(this).slideUp("fast", function () { //slide up
+                            $(this).remove(); //then remove from the DOM
+                            _self.parentView.togglePlaceholder();
+                        });
+                    });
+                },
+                error:function (error, response) {
+            		console.log("An error occurred when deleting a resource set");
+    
+					//Pull out the response text.
+					var responseJson = JSON.parse(response.responseText);
+            		
+            		//Display an alert with an error message
+					$('#modalAlert div.modal-header').html(responseJson.error);
+	        		$('#modalAlert div.modal-body').html(responseJson.error_description);
+            		
+        			 $("#modalAlert").modal({ // wire up the actual modal functionality and show the dialog
+        				 "backdrop" : "static",
+        				 "keyboard" : true,
+        				 "show" : true // ensure the modal is shown immediately
+        			 });
+            	}
+            });
+
+            _self.parentView.delegateEvents();
+        }
+
+        return false;
+		
+	},
+	
 	toggleMoreInformation:function(e) {
 		e.preventDefault();
 		if ($('.moreInformation', this.el).is(':visible')) {

openid-connect-server-webapp/src/main/webapp/resources/template/policy.html

@@ -63,6 +63,7 @@
     <td>
 		<div class="btn-group pull-right">
 	        <button class="btn btn-edit"><i class="icon-edit"></i> <span data-i18n="policy.policy-table.edit">Edit Policies</span></button> &nbsp; 
+	        <button class="btn btn-danger btn-delete"><i class="icon-trash icon-white"></i> <span data-i18n="policy.policy-table.delete">Delete</span></button> &nbsp; 
 		</div>
     </td>
 

openid-connect-server/src/main/java/org/mitre/uma/web/ClaimsAPI.java

@@ -20,8 +20,10 @@ package org.mitre.uma.web;
 import java.util.Collection;
 import java.util.Set;
 
+import org.mitre.oauth2.service.SystemScopeService;
 import org.mitre.openid.connect.view.HttpCodeView;
 import org.mitre.openid.connect.view.JsonEntityView;
+import org.mitre.openid.connect.view.JsonErrorView;
 import org.mitre.openid.connect.web.RootController;
 import org.mitre.uma.model.Claim;
 import org.mitre.uma.model.ResourceSet;
@@ -32,6 +34,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.util.MimeTypeUtils;
@@ -43,6 +46,8 @@ import org.springframework.web.bind.annotation.RequestMethod;
 import com.google.common.reflect.TypeToken;
 import com.google.gson.Gson;
 
+import static org.mitre.oauth2.web.AuthenticationUtilities.ensureOAuthScope;
+
 /**
  * @author jricher
  *
@@ -118,4 +123,32 @@ public class ClaimsAPI {
 		return JsonEntityView.VIEWNAME;
 	}
 	
+	@RequestMapping(value = "/{rsid}", method = RequestMethod.DELETE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
+	public String deleteResourceSet(@PathVariable ("rsid") Long id, Model m, Authentication auth) {
+
+		ResourceSet rs = resourceSetService.getById(id);
+		
+		if (rs == null) {
+			m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
+			m.addAttribute(JsonErrorView.ERROR, "not_found");
+			return JsonErrorView.VIEWNAME;
+		} else {
+			if (!auth.getName().equals(rs.getOwner())) {
+				
+				logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());
+				
+				// it wasn't issued to this user
+				m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
+				return JsonErrorView.VIEWNAME;
+			} else {
+				
+				resourceSetService.remove(rs);
+				
+				m.addAttribute(HttpCodeView.CODE, HttpStatus.NO_CONTENT);
+				return HttpCodeView.VIEWNAME;
+			}
+			
+		}
+	}
+	
 }

openid-connect-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java

@@ -234,7 +234,7 @@ public class ResourceSetRegistrationEndpoint {
 				
 				logger.warn("Unauthorized resource set request from bad client; expected " + rs.getClientId() + " got " + ((OAuth2Authentication)auth).getOAuth2Request().getClientId());
 				
-				// it wasn't issued to this user
+				// it wasn't issued to this client
 				m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
 				return JsonErrorView.VIEWNAME;
 			} else {