Allow admins to fetch misuse stats summaries for a given user

[chrisjpurdy]

And allow admins to reset misuse event counters even if the event isn't yet "misused"

---

Pull Request Check List

• Security - Access Control - Check authorisation on every new endpoint
• Peer-Reviewed

[codecov]

Codecov Report

Base: 25.75% // Head: 26.80% // Increases project coverage by +1.04% 🎉

Coverage data is based on head (f2a3c2e) compared to base (2960f6f).
Patch coverage: 0.00% of modified lines in pull request are covered.

❗ Current head f2a3c2e differs from pull request most recent head c5ebdc1. Consider uploading reports for the commit c5ebdc1 to get more accurate results

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #506      +/-   ##
==========================================
+ Coverage   25.75%   26.80%   +1.04%     
==========================================
  Files         481      482       +1     
  Lines       21932    21973      +41     
  Branches     2723     2722       -1     
==========================================
+ Hits         5649     5889     +240     
+ Misses      15791    15564     -227     
- Partials      492      520      +28     

Impacted Files	Coverage Δ
...uk/ac/cam/cl/dtg/isaac/dto/MisuseStatisticDTO.java	0.00% <0.00%> (ø)
...n/java/uk/ac/cam/cl/dtg/segue/api/AdminFacade.java	0.00% <0.00%> (ø)
.../dtg/segue/api/monitors/InMemoryMisuseMonitor.java	54.76% <0.00%> (-16.01%)	⬇️
...dtg/segue/api/managers/UserAssociationManager.java	50.00% <0.00%> (-4.55%)	⬇️
.../java/uk/ac/cam/cl/dtg/isaac/api/EventsFacade.java	12.32% <0.00%> (-0.02%)	⬇️
...n/java/uk/ac/cam/cl/dtg/segue/api/UsersFacade.java	0.00% <0.00%> (ø)
...ava/uk/ac/cam/cl/dtg/segue/api/QuestionFacade.java	13.13% <0.00%> (ø)
...va/uk/ac/cam/cl/dtg/isaac/api/IsaacController.java	0.00% <0.00%> (ø)
...cl/dtg/isaac/api/managers/EventBookingManager.java	46.38% <0.00%> (ø)
... and 29 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[jsharkey13]

Some of these agent identifiers are not URL-safe values and probably shouldn't be path parameters, since they could reasonably contain slashes. I suppose they could be query parameters, and URL-encoded.

This feels no less hacky than the previous plain-text-body-as-identifier. Really a Map<String, String> detailsObject as the body is the right way to do it, and then detailsObject.get("agentIdentifier"). Then it can @Consumes(MediaType.APPLICATION_JSON) like it ought to!

[chrisjpurdy]

I wasn't sure what the agent identifier was, so assumed user id - I've taken a look at everywhere that uses notifyEvent and can see that there is a fair spread of things now so yeah I'll fix that.

[jsharkey13]

Knowing whether it reset something is really very useful. Was this removed for any reason?

[chrisjpurdy]

This was removed because I removed the misuseMonitor.hasMisused(...) condition, since it makes sense for admins to be able to reset the misuse count at any point, not just after is becomes misused. Because of this, the only response would be "Reset successfully!" which IMO is just as good as a 200.

[jsharkey13]

But I need to know I have actually reset the thing I was intending to reset? If I can't find it in the new UI, I need to know that I have got the right (encoding of the) agent identifier and without this there's no way an admin can tell any longer!

[jsharkey13]

I see that it's nice to be able to reset it before it crosses the threshold, though. Maybe it's fine like this. I certainly don't want any more time spent on this.

[jsharkey13]

See my comment above, I am unsure this is that useful given how varied the agent identifiers are.

[jsharkey13]

What is this doing here? It's not at all related to the PR?

[chrisjpurdy]

On adding the misuse UI to admin tools, it kept crashing because this endpoint would always return 500. I decided to add this as it seems sensible and allowed me to actually use admin tools on a local dev build. I understand that it is a bit out of place, but I don't think it should be removed?

[jsharkey13]

I think this should really take an @Nullable final Long n and here is the place for the default value to live. But it's not worth changing now.