Skip to content

feat(attachmentUsage): Store Ignore Licenses in Attachment usage #3495

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
GMishx merged 3 commits into from
Jan 19, 2026
Merged

feat(attachmentUsage): Store Ignore Licenses in Attachment usage #3495

GMishx merged 3 commits into from
Jan 19, 2026
+448 −14

Conversation

@bibhuti230185
Copy link
Contributor

@bibhuti230185 bibhuti230185 commented Nov 12, 2025
edited
Loading

Please provide a summary of your changes here.

  • Which issue is this pull request belonging to and how is it solving it? (Refer to issue here)
  • Did you add or update any new dependencies that are required for your change?

Closes: #3471

Suggest Reviewer

@GMishx

How To Test?

Test Data (Sample only for reference)

Entity ID
Parent Project 9ebb01de944badd68a3f8fe916000a01
Sub-Project f2aace18f866d01b85ec4c52880033b7
Parent Release 5c878b4ee80e1e73c9c60e1c7000bbc8
Sub-Project Release f2aace18f866d01b85ec4c52880055ea
Attachment 5c878b4ee80e1e73c9c60e1c7000d494

Endpoint

POST /api/projects/{projectId}/saveAttachmentUsages

✅ Valid Test Cases

Test 1: Parent Project with Parent Release

Description: Validates release belonging to parent project with explicit project path

curl -X POST "http://localhost:8080/api/projects/9ebb01de944badd68a3f8fe916000a01/saveAttachmentUsages" \
  -H "Content-Type: application/json" \
  -H "Authorization: Token <your-token>" \
  -d '{
    "selected": [],
    "deselected": [],
    "selectedConcludedUsages": [],
    "deselectedConcludedUsages": [],
    "ignoredLicenses": {
      "9ebb01de944badd68a3f8fe916000a01-5c878b4ee80e1e73c9c60e1c7000bbc8_5c878b4ee80e1e73c9c60e1c7000d494": [
        "MIT",
        "Apache-2.0"
      ]
    }
  }'

Expected Result: ✅ SUCCESS

  • Validates: Parent project ID 9ebb01de... matches path parameter
  • Validates: Release 5c878b4e...bbc8 belongs to parent project 9ebb01de...
  • Validates: Attachment 5c878b4e...d494 is associated with the release

Success Response:

{
  "message": "AttachmentUsages Saved Successfully"
}

Test 2: Parent:Sub Project Hierarchy with Sub-Project Release

Description: Validates release belonging to sub-project in a two-level hierarchy

curl -X POST "http://localhost:8080/api/projects/9ebb01de944badd68a3f8fe916000a01/saveAttachmentUsages" \
  -H "Content-Type: application/json" \
  -H "Authorization: Token <your-token>" \
  -d '{
    "selected": [],
    "deselected": [],
    "selectedConcludedUsages": [],
    "deselectedConcludedUsages": [],
    "ignoredLicenses": {
      "9ebb01de944badd68a3f8fe916000a01:f2aace18f866d01b85ec4c52880033b7-f2aace18f866d01b85ec4c52880055ea_5c878b4ee80e1e73c9c60e1c7000d494": [
        "GPL-3.0",
        "LGPL-2.1"
      ]
    }
  }'

Expected Result: ✅ SUCCESS

  • Validates: Root project ID 9ebb01de... matches path parameter
  • Validates: Sub-project f2aace18...33b7 belongs to parent 9ebb01de...
  • Validates: Release f2aace18...55ea belongs to sub-project or its descendants
  • Validates: Attachment 5c878b4e...d494 is associated

Success Response:

{
  "message": "AttachmentUsages Saved Successfully"
}

Test 3: Mixed Formats - Multiple Releases

Description: Tests both parent and sub-project releases in a single request

curl -X POST "http://localhost:8080/api/projects/9ebb01de944badd68a3f8fe916000a01/saveAttachmentUsages" \
  -H "Content-Type: application/json" \
  -H "Authorization: Token <your-token>" \
  -d '{
    "selected": [],
    "deselected": [],
    "selectedConcludedUsages": [],
    "deselectedConcludedUsages": [],
    "ignoredLicenses": {
      "9ebb01de944badd68a3f8fe916000a01-5c878b4ee80e1e73c9c60e1c7000bbc8_5c878b4ee80e1e73c9c60e1c7000d494": [
        "MIT",
        "Apache-2.0"
      ],
      "9ebb01de944badd68a3f8fe916000a01:f2aace18f866d01b85ec4c52880033b7-f2aace18f866d01b85ec4c52880055ea_5c878b4ee80e1e73c9c60e1c7000d494": [
        "GPL-3.0"
      ]
    }
  }'

Expected Result: ✅ SUCCESS

  • Validates both entries independently
  • Parent release and sub-project release both validated

Success Response:

{
  "message": "AttachmentUsages Saved Successfully"
}

Test 4: Complete Request with All Fields

Description: Full request including selected, deselected, and concluded usages

curl -X POST "http://localhost:8080/api/projects/9ebb01de944badd68a3f8fe916000a01/saveAttachmentUsages" \
  -H "Content-Type: application/json" \
  -H "Authorization: Token <your-token>" \
  -d '{
    "selected": [
      "5c878b4ee80e1e73c9c60e1c7000bbc8_sourcePackage_5c878b4ee80e1e73c9c60e1c7000d494"
    ],
    "deselected": [],
    "selectedConcludedUsages": [
      "9ebb01de944badd68a3f8fe916000a01-5c878b4ee80e1e73c9c60e1c7000bbc8_licenseInfo_5c878b4ee80e1e73c9c60e1c7000d494"
    ],
    "deselectedConcludedUsages": [],
    "ignoredLicenses": {
      "9ebb01de944badd68a3f8fe916000a01-5c878b4ee80e1e73c9c60e1c7000bbc8_5c878b4ee80e1e73c9c60e1c7000d494": [
        "MIT",
        "Apache-2.0",
        "BSD-3-Clause"
      ],
      "9ebb01de944badd68a3f8fe916000a01:f2aace18f866d01b85ec4c52880033b7-f2aace18f866d01b85ec4c52880055ea_5c878b4ee80e1e73c9c60e1c7000d494": [
        "GPL-3.0"
      ]
    }
  }'

Expected Result: ✅ SUCCESS

  • Processes all usage types
  • Validates ignoredLicenses as per previous tests

❌ Error Test Cases

Test 5: Wrong Parent Project ID in Key

Description: Project ID in key doesn't match path parameter

curl -X POST "http://localhost:8080/api/projects/9ebb01de944badd68a3f8fe916000a01/saveAttachmentUsages" \
  -H "Content-Type: application/json" \
  -H "Authorization: Token <your-token>" \
  -d '{
    "selected": [],
    "deselected": [],
    "selectedConcludedUsages": [],
    "deselectedConcludedUsages": [],
    "ignoredLicenses": {
      "wrongProjectId123456789abcdef-5c878b4ee80e1e73c9c60e1c7000bbc8_5c878b4ee80e1e73c9c60e1c7000d494": [
        "MIT"
      ]
    }
  }'

Expected Result: ❌ 400 Bad Request

Error Response:

{
  "message": "Project ID mismatch in ignoredLicenses key 'wrongProjectId123456789abcdef-5c878b4ee80e1e73c9c60e1c7000bbc8_5c878b4ee80e1e73c9c60e1c7000d494': Root project ID 'wrongProjectId123456789abcdef' does not match path parameter project ID '9ebb01de944badd68a3f8fe916000a01'"
}

Test 6: Invalid Sub-Project in Hierarchy

Description: Sub-project doesn't belong to parent project

curl -X POST "http://localhost:8080/api/projects/9ebb01de944badd68a3f8fe916000a01/saveAttachmentUsages" \
  -H "Content-Type: application/json" \
  -H "Authorization: Token <your-token>" \
  -d '{
    "selected": [],
    "deselected": [],
    "selectedConcludedUsages": [],
    "deselectedConcludedUsages": [],
    "ignoredLicenses": {
      "9ebb01de944badd68a3f8fe916000a01:invalidSubProject123456789-f2aace18f866d01b85ec4c52880055ea_5c878b4ee80e1e73c9c60e1c7000d494": [
        "GPL-3.0"
      ]
    }
  }'

Expected Result: ❌ 400 Bad Request

Error Response:

{
  "message": "Invalid project hierarchy in ignoredLicenses key '9ebb01de944badd68a3f8fe916000a01:invalidSubProject123456789-f2aace18f866d01b85ec4c52880055ea_5c878b4ee80e1e73c9c60e1c7000d494': Sub-project 'invalidSubProject123456789' does not belong to parent project '9ebb01de944badd68a3f8fe916000a01'"
}

Test 7: Release Doesn't Belong to Specified Project

Description: Release ID is valid but doesn't belong to the specified project

curl -X POST "http://localhost:8080/api/projects/9ebb01de944badd68a3f8fe916000a01/saveAttachmentUsages" \
  -H "Content-Type: application/json" \
  -H "Authorization: Token <your-token>" \
  -d '{
    "selected": [],
    "deselected": [],
    "selectedConcludedUsages": [],
    "deselectedConcludedUsages": [],
    "ignoredLicenses": {
      "9ebb01de944badd68a3f8fe916000a01-wrongReleaseId123456789abc_5c878b4ee80e1e73c9c60e1c7000d494": [
        "MIT"
      ]
    }
  }'

Expected Result: ❌ 400 Bad Request

Error Response:

{
  "message": "Invalid release ownership in ignoredLicenses key '9ebb01de944badd68a3f8fe916000a01-wrongReleaseId123456789abc_5c878b4ee80e1e73c9c60e1c7000d494': Release 'wrongReleaseId123456789abc' does not belong to project '9ebb01de944badd68a3f8fe916000a01' or any of its sub-projects"
}

Test 8: Parent Release in Sub-Project Context (Cross-Assignment)

Description: Trying to assign a parent project's release to a sub-project

curl -X POST "http://localhost:8080/api/projects/9ebb01de944badd68a3f8fe916000a01/saveAttachmentUsages" \
  -H "Content-Type: application/json" \
  -H "Authorization: Token <your-token>" \
  -d '{
    "selected": [],
    "deselected": [],
    "selectedConcludedUsages": [],
    "deselectedConcludedUsages": [],
    "ignoredLicenses": {
      "9ebb01de944badd68a3f8fe916000a01:f2aace18f866d01b85ec4c52880033b7-5c878b4ee80e1e73c9c60e1c7000bbc8_5c878b4ee80e1e73c9c60e1c7000d494": [
        "MIT"
      ]
    }
  }'

Expected Result: Depends on project structure

  • 400 Bad Request - If release 5c878b4e...bbc8 only belongs to parent, not sub-project
  • SUCCESS - If the parent's releases are transitively available to sub-project

Possible Error Response:

{
  "message": "Invalid release ownership in ignoredLicenses key '9ebb01de944badd68a3f8fe916000a01:f2aace18f866d01b85ec4c52880033b7-5c878b4ee80e1e73c9c60e1c7000bbc8_5c878b4ee80e1e73c9c60e1c7000d494': Release '5c878b4ee80e1e73c9c60e1c7000bbc8' does not belong to project 'f2aace18f866d01b85ec4c52880033b7' or any of its sub-projects"
}

Test 9: Invalid Key Format - Missing Underscore

Description: Key format validation - missing required underscore separator

curl -X POST "http://localhost:8080/api/projects/9ebb01de944badd68a3f8fe916000a01/saveAttachmentUsages" \
  -H "Content-Type: application/json" \
  -H "Authorization: Token <your-token>" \
  -d '{
    "selected": [],
    "deselected": [],
    "selectedConcludedUsages": [],
    "deselectedConcludedUsages": [],
    "ignoredLicenses": {
      "9ebb01de944badd68a3f8fe916000a01-5c878b4ee80e1e73c9c60e1c7000bbc85c878b4ee80e1e73c9c60e1c7000d494": [
        "MIT"
      ]
    }
  }'

Expected Result: ❌ 400 Bad Request

Error Response:

{
  "message": "Invalid key format in ignoredLicenses. Expected format: 'projectPath-releaseId_attachmentContentId' or 'releaseId_attachmentContentId'"
}

@GMishx GMishx added needs code review needs general test This is general testing, meaning that there is no org specific issue to check for labels Nov 12, 2025
GMishx
GMishx requested changes Nov 14, 2025
View reviewed changes
Copy link
Member

@GMishx GMishx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some suggestions to use stronger typing and simpler data structure.

@bibhuti230185 bibhuti230185 force-pushed the feat/Store_Ignore_Licenses_for_Generating_License_Info_in_Attachment_Usage branch from e0d41a9 to 68983ec Compare November 20, 2025 10:46
GMishx
GMishx previously approved these changes Dec 30, 2025
View reviewed changes
Copy link
Member

@GMishx GMishx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes looks good.

@GMishx
Copy link
Member

GMishx commented Dec 30, 2025

@deo002 @amritkv please help test the PR.

@bibhuti230185 bibhuti230185 force-pushed the feat/Store_Ignore_Licenses_for_Generating_License_Info_in_Attachment_Usage branch from 68983ec to 628a16e Compare January 15, 2026 09:00
GMishx
GMishx requested changes Jan 16, 2026
View reviewed changes
Copy link
Member

@GMishx GMishx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor refactor required.

@deo002
Copy link
Contributor

deo002 commented Jan 16, 2026

Tested, working as expected

Request:

curl 'http://localhost:8080/resource/api/projects/1308e0f092bc1ff58b96af832c003e3e/saveAttachmentUsages' \
  -H 'Accept: application/*' \
  -H 'Authorization: XXX' \
  -H 'Content-Type: application/json' \
  --data-raw '{"selected":["1308e0f092bc1ff58b96af832c003e3e-1308e0f092bc1ff58b96af832c11a8b0_licenseInfo_4faf504829c204f709279fdba6000e00","1308e0f092bc1ff58b96af832c003e3e:d0e4acf32c2afc4f368a5d39fd000e0c-d0e4acf32c2afc4f368a5d39fd001e0d_licenseInfo_d0e4acf32c2afc4f368a5d39fd0101e1","1308e0f092bc1ff58b96af832c003e3e-d0e4acf32c2afc4f368a5d39fd001e0d_licenseInfo_d0e4acf32c2afc4f368a5d39fd0101e1","1308e0f092bc1ff58b96af832c003e3e:d0e4acf32c2afc4f368a5d39fd000e0c-d0e4acf32c2afc4f368a5d39fd001e0d_licenseInfo_cce9272d29915a467357ba182300b762"],"deselected":["1308e0f092bc1ff58b96af832c003e3e-1308e0f092bc1ff58b96af832c11a8b0_licenseInfo_d0e4acf32c2afc4f368a5d39fd01400d"],"selectedConcludedUsages":[],"deselectedConcludedUsages":[],"ignoredLicenses":{"1308e0f092bc1ff58b96af832c11a8b0_d0e4acf32c2afc4f368a5d39fd01400d":["BSD-3-Clause"],"1308e0f092bc1ff58b96af832c11a8b0_4faf504829c204f709279fdba6000e00":["X11","GPL-3.0-or-later-with-Autoconf-Macro-exception","GPL-2.0 -with-libtool-exception","GPL-2.0+ with-autoconf-exception-program","BSD-3-Clause_University"],"d0e4acf32c2afc4f368a5d39fd001e0d_d0e4acf32c2afc4f368a5d39fd0101e1":[],"d0e4acf32c2afc4f368a5d39fd001e0d_cce9272d29915a467357ba182300b762":["ACAA","Apache-2.0","DPTC","Zlib"]}}'

Result:

201, "AttachmentUsages Saved Successfully"

GMishx
GMishx approved these changes Jan 17, 2026
View reviewed changes
Copy link
Member

@GMishx GMishx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes looks good.

@GMishx GMishx added ready ready to merge and removed needs general test This is general testing, meaning that there is no org specific issue to check for labels Jan 17, 2026
@GMishx GMishx merged commit f935901 into eclipse-sw360:main Jan 19, 2026
3 checks passed
@GMishx GMishx deleted the feat/Store_Ignore_Licenses_for_Generating_License_Info_in_Attachment_Usage branch January 19, 2026 08:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@GMishx GMishx GMishx approved these changes

@heliocastro heliocastro Awaiting requested review from heliocastro heliocastro is a code owner

@KoukiHama KoukiHama Awaiting requested review from KoukiHama KoukiHama is a code owner

@arunazhakesan arunazhakesan Awaiting requested review from arunazhakesan arunazhakesan is a code owner

@ag4ums ag4ums Awaiting requested review from ag4ums ag4ums is a code owner

Assignees

No one assigned

Labels

ready ready to merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Store Ignore Licenses for Generating License Info in Attachment Usage

3 participants

@bibhuti230185 @GMishx @deo002