@ApiOperation(
value = "Resolve and explain this violation", notes = "Resolve and explain violation", response = Void.class
)
@ApiResponses(value = {@ApiResponse(code = 200, message = "Violation resolved successfully")})
@RequestMapping(value = "/{id}/resolution", method = POST)
public Violation resolveViolations(
@ApiParam(value = "", required = true)
@PathVariable("id")
final Long id,
@ApiParam(value = "", required = true)
@RequestBody final String comment,
@ApiIgnore @AuthenticationPrincipal(errorOnInvalidType = true) final String userId)
throws NotFoundException, ForbiddenException {
final ViolationEntity violation = violationService.findOne(id);
if (violation == null) {
throw new NotFoundException(format("Violation %s does not exist", id));
}
if (!hasAccessToAccount(userId, violation.getAccountId())) {
throw new ForbiddenException(
format(
"You must have access to AWS account '%s' to resolve violation '%s'",
violation.getAccountId(), id));
}
violation.setComment(comment);
final ViolationEntity dbViolationEntity = violationService.save(violation);
return entityToDto.convert(dbViolationEntity);
}