OO-3293: REST API for curriculum and curriculum element

1257e098 · srosse · ea0bdb97 · 1257e098 · 1257e098 · 1257e098
Commit 1257e098 authored 6 years ago by srosse
--- a/pom.xml
+++ b/pom.xml
@@ -1499,6 +1499,7 @@
 						<sources>
 							<source>src/main/java/org/olat/core/commons/services/notifications/restapi/vo/</source>
 							<source>src/main/java/org/olat/commons/calendar/restapi/</source>
+							<source>src/main/java/org/olat/modules/curriculum/restapi/</source>
 							<source>src/main/java/org/olat/modules/fo/restapi/</source>
 							<source>src/main/java/org/olat/modules/docpool/restapi/</source>
 							<source>src/main/java/org/olat/modules/gotomeeting/restapi/</source>
@@ -1555,6 +1556,7 @@
 							org.olat.course.nodes.en,
 							org.olat.course.certificate.restapi,
 							org.olat.course.db.restapi,
+							org.olat.modules.curriculum.restapi,
 							org.olat.modules.docpool.restapi,
 							org.olat.modules.fo.restapi,
 							org.olat.modules.gotomeeting.restapi,
@@ -1618,6 +1620,7 @@
 								org.olat.course.nodes.en;
 								org.olat.course.certificate.restapi;
 								org.olat.course.db.restapi;
+								org.olat.modules.curriculum.restapi;
 								org.olat.modules.fo.restapi;
 								org.olat.modules.docpool.restapi;
 								org.olat.modules.gotomeeting.restapi;

--- a/src/main/java/org/olat/modules/curriculum/Curriculum.java
+++ b/src/main/java/org/olat/modules/curriculum/Curriculum.java
@@ -43,12 +43,22 @@ public interface Curriculum extends CreateInfo, ModifiedInfo, CurriculumRef {
 	
 	public void setDescription(String description);
 	
+	public String getStatus();
+	
+	public void setStatus(String status);
+	
+	public String getDegree();
+	
+	public void setDegree(String degree);
+	
 	public String getExternalId();
 	
 	public void setExternalId(String externalId);
 	
 	public Organisation getOrganisation();
 	
+	public void setOrganisation(Organisation organisation);
+	
 	public CurriculumManagedFlag[] getManagedFlags();
 	
 	public void setManagedFlags(CurriculumManagedFlag[] flags);

--- a/src/main/java/org/olat/modules/curriculum/CurriculumElement.java
+++ b/src/main/java/org/olat/modules/curriculum/CurriculumElement.java
@@ -57,6 +57,10 @@ public interface CurriculumElement extends CurriculumElementRef, CreateInfo, Mod
 	
 	public void setEndDate(Date date);
 	
+	public String getStatus();
+	
+	public void setStatus(String status);
+	
 	public String getMaterializedPathKeys();
 	
 	public CurriculumElementManagedFlag[] getManagedFlags();

--- a/src/main/java/org/olat/modules/curriculum/manager/CurriculumDAO.java
+++ b/src/main/java/org/olat/modules/curriculum/manager/CurriculumDAO.java
@@ -29,6 +29,7 @@ import org.olat.basesecurity.manager.GroupDAO;
 import org.olat.core.commons.persistence.DB;
 import org.olat.core.commons.persistence.PersistenceHelper;
 import org.olat.core.id.Organisation;
+import org.olat.core.id.OrganisationRef;
 import org.olat.modules.curriculum.Curriculum;
 import org.olat.modules.curriculum.model.CurriculumImpl;
 import org.olat.modules.curriculum.model.CurriculumSearchParameters;
@@ -92,7 +93,7 @@ public class CurriculumDAO {
 				.createQuery(sb.toString(), Curriculum.class);
 		if(!params.getOrganisations().isEmpty()) {
 			List<Long> organisationKeys = params.getOrganisations()
-					.stream().map(Organisation::getKey).collect(Collectors.toList());
+					.stream().map(OrganisationRef::getKey).collect(Collectors.toList());
 			query.setParameter("organisationKeys", organisationKeys);
 		}
 		return query.getResultList();

--- a/src/main/java/org/olat/modules/curriculum/model/CurriculumElementRefImpl.java
+++ b/src/main/java/org/olat/modules/curriculum/model/CurriculumElementRefImpl.java
+package org.olat.modules.curriculum.model;
+
+import org.olat.modules.curriculum.CurriculumElementRef;
+
+/**
+ * 
+ * Initial date: 15 mai 2018<br>
+ * @author srosse, stephane.rosse@frentix.com, http://www.frentix.com
+ *
+ */
+public class CurriculumElementRefImpl implements CurriculumElementRef {
+	
+	private final Long key;
+	
+	public CurriculumElementRefImpl(Long key) {
+		this.key = key;
+	}
+
+	@Override
+	public Long getKey() {
+		return key;
+	}
+}
--- a/src/main/java/org/olat/modules/curriculum/model/CurriculumSearchParameters.java
+++ b/src/main/java/org/olat/modules/curriculum/model/CurriculumSearchParameters.java
@@ -22,7 +22,7 @@ package org.olat.modules.curriculum.model;
 import java.util.ArrayList;
 import java.util.List;

-import org.olat.core.id.Organisation;
+import org.olat.core.id.OrganisationRef;

 /**
 * 
@@ -32,16 +32,16 @@ import org.olat.core.id.Organisation;
 */
 public class CurriculumSearchParameters {
 	
-	private List<Organisation> organisations;
+	private List<OrganisationRef> organisations;

-	public List<Organisation> getOrganisations() {
+	public List<OrganisationRef> getOrganisations() {
 		if(organisations == null) {
 			organisations = new ArrayList<>();
 		}
 		return organisations;
 	}

-	public void setOrganisations(List<Organisation> organisations) {
+	public void setOrganisations(List<OrganisationRef> organisations) {
 		this.organisations = organisations;
 	}
 	

--- a/src/main/java/org/olat/modules/curriculum/restapi/CurriculumElementVO.java
+++ b/src/main/java/org/olat/modules/curriculum/restapi/CurriculumElementVO.java
+/**
+ * <a href="http://www.openolat.org">
+ * OpenOLAT - Online Learning and Training</a><br>
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License"); <br>
+ * you may not use this file except in compliance with the License.<br>
+ * You may obtain a copy of the License at the
+ * <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache homepage</a>
+ * <p>
+ * Unless required by applicable law or agreed to in writing,<br>
+ * software distributed under the License is distributed on an "AS IS" BASIS, <br>
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. <br>
+ * See the License for the specific language governing permissions and <br>
+ * limitations under the License.
+ * <p>
+ * Initial code contributed and copyrighted by<br>
+ * frentix GmbH, http://www.frentix.com
+ * <p>
+ */
+package org.olat.modules.curriculum.restapi;
+
+import java.util.Date;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.olat.modules.curriculum.CurriculumElement;
+import org.olat.modules.curriculum.CurriculumElementManagedFlag;
+
+/**
+ * 
+ * Initial date: 15 mai 2018<br>
+ * @author srosse, stephane.rosse@frentix.com, http://www.frentix.com
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlRootElement(name = "curriculumElementVO")
+public class CurriculumElementVO {
+	
+	private Long key;
+	private String identifier;
+	private String displayName;
+	private String description;
+	
+	private String status;
+	private Date beginDate;
+	private Date endDate;
+	
+	private String externalId;
+	private String managedFlagsString;
+
+	private Long parentElementKey;
+	private Long curriculumKey;
+	private Long curriculumElementTypeKey;
+	
+	
+	public CurriculumElementVO() {
+		//
+	}
+	
+	public static final CurriculumElementVO valueOf(CurriculumElement element) {
+		CurriculumElementVO vo = new CurriculumElementVO();
+		vo.setKey(element.getKey());
+		vo.setIdentifier(element.getIdentifier());
+		vo.setDisplayName(element.getDisplayName());
+		vo.setDescription(element.getDescription());
+		vo.setStatus(element.getStatus());
+		vo.setBeginDate(element.getBeginDate());
+		vo.setEndDate(element.getEndDate());
+		vo.setExternalId(element.getExternalId());
+		vo.setManagedFlagsString(CurriculumElementManagedFlag.toString(element.getManagedFlags()));
+		if(element.getParent() != null) {
+			vo.setParentElementKey(element.getParent().getKey());
+		}
+		vo.setCurriculumKey(element.getCurriculum().getKey());
+		if(element.getType() != null) {
+			vo.setCurriculumElementTypeKey(element.getType().getKey());
+		}
+		return vo;
+	}
+
+	public Long getKey() {
+		return key;
+	}
+
+	public void setKey(Long key) {
+		this.key = key;
+	}
+
+	public String getIdentifier() {
+		return identifier;
+	}
+
+	public void setIdentifier(String identifier) {
+		this.identifier = identifier;
+	}
+
+	public String getDisplayName() {
+		return displayName;
+	}
+
+	public void setDisplayName(String displayName) {
+		this.displayName = displayName;
+	}
+
+	public String getDescription() {
+		return description;
+	}
+
+	public void setDescription(String description) {
+		this.description = description;
+	}
+
+	public String getStatus() {
+		return status;
+	}
+
+	public void setStatus(String status) {
+		this.status = status;
+	}
+
+	public Date getBeginDate() {
+		return beginDate;
+	}
+
+	public void setBeginDate(Date beginDate) {
+		this.beginDate = beginDate;
+	}
+
+	public Date getEndDate() {
+		return endDate;
+	}
+
+	public void setEndDate(Date endDate) {
+		this.endDate = endDate;
+	}
+
+	public String getExternalId() {
+		return externalId;
+	}
+
+	public void setExternalId(String externalId) {
+		this.externalId = externalId;
+	}
+
+	public String getManagedFlagsString() {
+		return managedFlagsString;
+	}
+
+	public void setManagedFlagsString(String managedFlagsString) {
+		this.managedFlagsString = managedFlagsString;
+	}
+
+	public Long getParentElementKey() {
+		return parentElementKey;
+	}
+
+	public void setParentElementKey(Long parentElementKey) {
+		this.parentElementKey = parentElementKey;
+	}
+
+	public Long getCurriculumKey() {
+		return curriculumKey;
+	}
+
+	public void setCurriculumKey(Long curriculumKey) {
+		this.curriculumKey = curriculumKey;
+	}
+
+	public Long getCurriculumElementTypeKey() {
+		return curriculumElementTypeKey;
+	}
+
+	public void setCurriculumElementTypeKey(Long curriculumElementTypeKey) {
+		this.curriculumElementTypeKey = curriculumElementTypeKey;
+	}
+
+	
+}
--- a/src/main/java/org/olat/modules/curriculum/restapi/CurriculumElementsWebService.java
+++ b/src/main/java/org/olat/modules/curriculum/restapi/CurriculumElementsWebService.java
+/**
+ * <a href="http://www.openolat.org">
+ * OpenOLAT - Online Learning and Training</a><br>
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License"); <br>
+ * you may not use this file except in compliance with the License.<br>
+ * You may obtain a copy of the License at the
+ * <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache homepage</a>
+ * <p>
+ * Unless required by applicable law or agreed to in writing,<br>
+ * software distributed under the License is distributed on an "AS IS" BASIS, <br>
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. <br>
+ * See the License for the specific language governing permissions and <br>
+ * limitations under the License.
+ * <p>
+ * Initial code contributed and copyrighted by<br>
+ * frentix GmbH, http://www.frentix.com
+ * <p>
+ */
+package org.olat.modules.curriculum.restapi;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.Status;
+
+import org.olat.core.CoreSpringFactory;
+import org.olat.core.commons.persistence.DB;
+import org.olat.modules.curriculum.Curriculum;
+import org.olat.modules.curriculum.CurriculumElement;
+import org.olat.modules.curriculum.CurriculumElementManagedFlag;
+import org.olat.modules.curriculum.CurriculumElementType;
+import org.olat.modules.curriculum.CurriculumService;
+import org.olat.modules.curriculum.model.CurriculumElementRefImpl;
+import org.olat.modules.curriculum.model.CurriculumElementTypeRefImpl;
+
+/**
+ * The security checks are done by the CurriculumsWebService.
+ * 
+ * Initial date: 15 mai 2018<br>
+ * @author srosse, stephane.rosse@frentix.com, http://www.frentix.com
+ *
+ */
+public class CurriculumElementsWebService {
+	
+	private final Curriculum curriculum;
+	
+	public CurriculumElementsWebService(Curriculum curriculum) {
+		this.curriculum = curriculum;
+	}
+	
+	/**
+	 * Return the curriculum elements of a curriculum.
+	 * 
+	 * @response.representation.200.qname {http://www.example.com}curriculumElementVO
+	 * @response.representation.200.mediaType application/xml, application/json
+	 * @response.representation.200.doc A taxonomy
+	 * @response.representation.200.example {@link org.olat.modules.curriculum.restapi.Examples#SAMPLE_CURRICULUMELEMENTVO}
+	 * @response.representation.401.doc The roles of the authenticated user are not sufficient
+	 * @param taxonomyKey If true, the status of the block is done or the status of the roll call is closed or auto closed
+	 * @param httpRequest  The HTTP request
+	 * @return The taxonomy
+	 */
+	@GET
+	@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
+	public Response getCurriculumElements() {
+		CurriculumService curriculumService = CoreSpringFactory.getImpl(CurriculumService.class);
+		List<CurriculumElement> elements = curriculumService.getCurriculumElements(curriculum);
+		List<CurriculumElementVO> voes = new ArrayList<>(elements.size());
+		for(CurriculumElement element:elements) {
+			voes.add(CurriculumElementVO.valueOf(element));
+		}
+		return Response.ok(voes.toArray(new CurriculumElementVO[voes.size()])).build();
+	}
+	
+	/**
+	 * Get a specific curriculum element.
+	 * 
+	 * @response.representation.200.qname {http://www.example.com}curriculumElementVO
+	 * @response.representation.200.mediaType application/xml, application/json
+	 * @response.representation.200.doc The curriculum element
+	 * @response.representation.200.example {@link org.olat.modules.curriculum.restapi.Examples#SAMPLE_CURRICULUMELEMENTVO}
+	 * @response.representation.401.doc The roles of the authenticated user are not sufficient
+	 * @param curriculumElementKey The curriculum element primary key
+	 * @param httpRequest The HTTP request
+	 * @return The curriculum element
+	 */
+	@GET
+	@Path("{curriculumElementKey}")
+	@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
+	public Response getCurriculumElement(@PathParam("curriculumElementKey") Long curriculumElementKey, @Context HttpServletRequest httpRequest) {
+		CurriculumService curriculumService = CoreSpringFactory.getImpl(CurriculumService.class);
+		CurriculumElement curriculumElement = curriculumService.getCurriculumElement(new CurriculumElementRefImpl(curriculumElementKey));
+		if(!curriculumElement.getCurriculum().getKey().equals(curriculum.getKey())) {
+			return Response.serverError().status(Status.UNAUTHORIZED).build();
+		}
+		CurriculumElementVO curriculumElementVo = CurriculumElementVO.valueOf(curriculumElement);
+		return Response.ok(curriculumElementVo).build();
+	}
+	
+	/**
+	 * Creates and persists a new curriculum element entity.
+	 * 
+	 * @response.representation.qname {http://www.example.com}curriculumElementVO
+	 * @response.representation.mediaType application/xml, application/json
+	 * @response.representation.doc The curriculum element to persist
+	 * @response.representation.example {@link org.olat.modules.curriculum.restapi.Examples#SAMPLE_CURRICULUMELEMENTVO}
+	 * @response.representation.200.mediaType application/xml, application/json
+	 * @response.representation.200.doc The persisted curriculum element
+	 * @response.representation.200.example {@link org.olat.modules.curriculum.restapi.Examples#SAMPLE_CURRICULUMELEMENTVO}
+	 * @response.representation.401.doc The roles of the authenticated user are not sufficient
+	 * @response.representation.406.mediaType application/xml, application/json
+	 * @param curriculumElement The curriculum element to persist
+	 * @return The new persisted <code>curriculum element</code>
+	 */
+	@PUT
+	@Consumes({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
+	@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
+	public Response putCurriculumElement(CurriculumElementVO curriculumElement) {
+		CurriculumElement savedElement = saveCurriculumElement(curriculumElement);
+		return Response.ok(CurriculumElementVO.valueOf(savedElement)).build();
+	}
+	
+	/**
+	 * Updates a curriculum element entity.
+	 * 
+	 * @response.representation.qname {http://www.example.com}curriculumElementVO
+	 * @response.representation.mediaType application/xml, application/json
+	 * @response.representation.doc The curriculum element to update
+	 * @response.representation.example {@link org.olat.modules.curriculum.restapi.Examples#SAMPLE_CURRICULUMELEMENTVO}
+	 * @response.representation.200.mediaType application/xml, application/json
+	 * @response.representation.200.doc The merged curriculum element
+	 * @response.representation.200.example {@link org.olat.modules.curriculum.restapi.Examples#SAMPLE_CURRICULUMELEMENTVO}
+	 * @response.representation.401.doc The roles of the authenticated user are not sufficient
+	 * @response.representation.406.mediaType application/xml, application/json
+	 * @param curriculumElement The curriculum element to merge
+	 * @return The merged <code>curriculum element</code>
+	 */
+	@POST
+	@Consumes({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
+	@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
+	public Response postCurriculumElement(CurriculumElementVO curriculumElement) {
+		CurriculumElement savedElement = saveCurriculumElement(curriculumElement);
+		return Response.ok(CurriculumElementVO.valueOf(savedElement)).build();
+	}
+	
+	/**
+	 * Updates a curriculum element entity. The primary key is taken from
+	 * the URL. The curriculum element object can be "primary key free".
+	 * 
+	 * @response.representation.qname {http://www.example.com}curriculumElementVO
+	 * @response.representation.mediaType application/xml, application/json
+	 * @response.representation.doc The curriculum element to update
+	 * @response.representation.example {@link org.olat.modules.curriculum.restapi.Examples#SAMPLE_CURRICULUMELEMENTVO}
+	 * @response.representation.200.mediaType application/xml, application/json
+	 * @response.representation.200.doc The merged curriculum element
+	 * @response.representation.200.example {@link org.olat.modules.curriculum.restapi.Examples#SAMPLE_CURRICULUMELEMENTVO}
+	 * @response.representation.401.doc The roles of the authenticated user are not sufficient
+	 * @response.representation.406.mediaType application/xml, application/json
+	 * @param curriculumElementKey The curriculum element primary key
+	 * @param curriculumElement The curriculum element to merge
+	 * @return The merged <code>curriculum element</code>
+	 */
+	@POST
+	@Path("{curriculumElementKey}")
+	@Consumes({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
+	@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
+	public Response postCurriculumElement(@PathParam("curriculumElementKey") Long curriculumElementKey, CurriculumElementVO curriculumElement) {
+		if(curriculumElement.getKey() == null) {
+			curriculumElement.setKey(curriculumElementKey);
+		} else if(!curriculumElementKey.equals(curriculumElement.getKey())) {
+			return Response.serverError().status(Status.CONFLICT).build();
+		}
+
+		CurriculumElement savedElement = saveCurriculumElement(curriculumElement);
+		return Response.ok(CurriculumElementVO.valueOf(savedElement)).build();
+	}
+	
+	
+	private CurriculumElement saveCurriculumElement(CurriculumElementVO curriculumElement) {
+		CurriculumService curriculumService = CoreSpringFactory.getImpl(CurriculumService.class);
+		
+		CurriculumElement elementToSave = null;
+		CurriculumElementType type = null;
+		if(curriculumElement.getCurriculumElementTypeKey() != null) {
+			type = curriculumService.getCurriculumElementType(new CurriculumElementTypeRefImpl(curriculumElement.getCurriculumElementTypeKey()));
+		}
+		CurriculumElement parentElement = null;
+		if(curriculumElement.getParentElementKey() != null) {
+			parentElement = curriculumService.getCurriculumElement(new CurriculumElementRefImpl(curriculumElement.getParentElementKey()));
+			checkCurriculum(parentElement);
+		}
+		
+		boolean move = false;
+		if(curriculumElement.getKey() == null) {
+			elementToSave = curriculumService.createCurriculumElement(curriculumElement.getIdentifier(), curriculumElement.getDisplayName(),
+					curriculumElement.getBeginDate(), curriculumElement.getEndDate(), parentElement, type, curriculum);
+		} else {
+			elementToSave = curriculumService.getCurriculumElement(new CurriculumElementRefImpl(curriculumElement.getKey()));
+			checkCurriculum(elementToSave);
+			elementToSave.setDisplayName(curriculumElement.getDisplayName());
+			elementToSave.setIdentifier(curriculumElement.getIdentifier());
+			elementToSave.setBeginDate(curriculumElement.getBeginDate());
+			elementToSave.setEndDate(curriculumElement.getEndDate());
+			elementToSave.setType(type);
+			if(parentElement != null && elementToSave.getParent() != null
+					&& !elementToSave.getParent().getKey().equals(parentElement.getKey())) {
+				move = true;
+			}
+		}
+		
+		elementToSave.setDescription(curriculumElement.getDescription());
+		elementToSave.setExternalId(curriculumElement.getExternalId());
+		elementToSave.setManagedFlags(CurriculumElementManagedFlag.toEnum(curriculumElement.getManagedFlagsString()));
+		elementToSave.setStatus(curriculumElement.getStatus());
+		
+		CurriculumElement savedElement = curriculumService.updateCurriculumElement(elementToSave);
+		if(move) {
+			curriculumService.moveCurriculumElement(savedElement, parentElement);
+			CoreSpringFactory.getImpl(DB.class).commit();
+			savedElement = curriculumService.getCurriculumElement(savedElement);
+		}
+		return savedElement;
+	}
+	
+	public void checkCurriculum(CurriculumElement element) {
+		if(element.getCurriculum() != null && !element.getCurriculum().getKey().equals(curriculum.getKey())) {
+			throw new WebApplicationException(Response.serverError().status(Status.CONFLICT).build());
+		}
+	}
+}
--- a/src/main/java/org/olat/modules/curriculum/restapi/CurriculumVO.java
+++ b/src/main/java/org/olat/modules/curriculum/restapi/CurriculumVO.java
+/**
+ * <a href="http://www.openolat.org">
+ * OpenOLAT - Online Learning and Training</a><br>
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License"); <br>
+ * you may not use this file except in compliance with the License.<br>
+ * You may obtain a copy of the License at the
+ * <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache homepage</a>
+ * <p>
+ * Unless required by applicable law or agreed to in writing,<br>
+ * software distributed under the License is distributed on an "AS IS" BASIS, <br>
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. <br>
+ * See the License for the specific language governing permissions and <br>
+ * limitations under the License.
+ * <p>
+ * Initial code contributed and copyrighted by<br>
+ * frentix GmbH, http://www.frentix.com
+ * <p>
+ */
+package org.olat.modules.curriculum.restapi;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.olat.modules.curriculum.Curriculum;
+import org.olat.modules.curriculum.CurriculumManagedFlag;
+
+/**
+ * 
+ * Initial date: 15 mai 2018<br>
+ * @author srosse, stephane.rosse@frentix.com, http://www.frentix.com
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlRootElement(name = "curriculumVO")
+public class CurriculumVO {
+	
+	private Long key;
+
+	private String identifier;
+	private String displayName;
+	private String description;
+	private String status;
+	private String degree;
+	
+	private String externalId;
+	private String managedFlagsString;
+	
+	private Long organisationKey;
+	
+	public CurriculumVO() {
+		//
+	}
+	
+	public static final CurriculumVO valueOf(Curriculum curriculum) {
+		CurriculumVO vo = new CurriculumVO();
+		vo.setKey(curriculum.getKey());
+		vo.setIdentifier(curriculum.getIdentifier());
+		vo.setDisplayName(curriculum.getDisplayName());
+		vo.setDescription(curriculum.getDescription());
+		vo.setStatus(curriculum.getStatus());
+		vo.setDegree(curriculum.getDegree());
+		vo.setExternalId(curriculum.getExternalId());
+		vo.setManagedFlagsString(CurriculumManagedFlag.toString(curriculum.getManagedFlags()));
+		if(curriculum.getOrganisation() != null) {
+			vo.setOrganisationKey(curriculum.getOrganisation().getKey());
+		}
+		return vo;
+	}
+
+	public Long getKey() {
+		return key;
+	}
+
+	public void setKey(Long key) {
+		this.key = key;
+	}
+
+	public String getIdentifier() {
+		return identifier;
+	}
+
+	public void setIdentifier(String identifier) {
+		this.identifier = identifier;
+	}
+
+	public String getDisplayName() {
+		return displayName;
+	}
+
+	public void setDisplayName(String displayName) {
+		this.displayName = displayName;
+	}
+
+	public String getDescription() {
+		return description;
+	}
+
+	public void setDescription(String description) {
+		this.description = description;
+	}
+
+	public String getStatus() {
+		return status;
+	}
+
+	public void setStatus(String status) {
+		this.status = status;
+	}
+
+	public String getDegree() {
+		return degree;
+	}
+
+	public void setDegree(String degree) {
+		this.degree = degree;
+	}
+
+	public String getExternalId() {
+		return externalId;
+	}
+
+	public void setExternalId(String externalId) {
+		this.externalId = externalId;
+	}
+
+	public String getManagedFlagsString() {
+		return managedFlagsString;
+	}
+
+	public void setManagedFlagsString(String managedFlagsString) {
+		this.managedFlagsString = managedFlagsString;
+	}
+
+	public Long getOrganisationKey() {
+		return organisationKey;
+	}
+
+	public void setOrganisationKey(Long organisationKey) {
+		this.organisationKey = organisationKey;
+	}
+
+}
--- a/src/main/java/org/olat/modules/curriculum/restapi/CurriculumsWebService.java
+++ b/src/main/java/org/olat/modules/curriculum/restapi/CurriculumsWebService.java
+/**
+ * <a href="http://www.openolat.org">
+ * OpenOLAT - Online Learning and Training</a><br>
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License"); <br>
+ * you may not use this file except in compliance with the License.<br>
+ * You may obtain a copy of the License at the
+ * <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache homepage</a>
+ * <p>
+ * Unless required by applicable law or agreed to in writing,<br>
+ * software distributed under the License is distributed on an "AS IS" BASIS, <br>
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. <br>
+ * See the License for the specific language governing permissions and <br>
+ * limitations under the License.
+ * <p>
+ * Initial code contributed and copyrighted by<br>
+ * frentix GmbH, http://www.frentix.com
+ * <p>
+ */
+package org.olat.modules.curriculum.restapi;
+
+
+import static org.olat.restapi.security.RestSecurityHelper.getRoles;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.Status;
+
+import org.olat.basesecurity.OrganisationRoles;
+import org.olat.basesecurity.OrganisationService;
+import org.olat.basesecurity.model.OrganisationRefImpl;
+import org.olat.core.CoreSpringFactory;
+import org.olat.core.id.Organisation;
+import org.olat.core.id.OrganisationRef;
+import org.olat.core.id.Roles;
+import org.olat.modules.curriculum.Curriculum;
+import org.olat.modules.curriculum.CurriculumManagedFlag;
+import org.olat.modules.curriculum.CurriculumService;
+import org.olat.modules.curriculum.model.CurriculumRefImpl;
+import org.olat.modules.curriculum.model.CurriculumSearchParameters;
+
+/**
+ * 
+ * Initial date: 15 mai 2018<br>
+ * @author srosse, stephane.rosse@frentix.com, http://www.frentix.com
+ *
+ */
+@Path("curriculum")
+public class CurriculumsWebService {
+	
+	
+	/**
+	 * Return the curriculums an administrative user is allowed to see.
+	 * 
+	 * @response.representation.200.qname {http://www.example.com}curriculumVO
+	 * @response.representation.200.mediaType application/xml, application/json
+	 * @response.representation.200.doc An array of curriculums
+	 * @response.representation.200.example {@link org.olat.modules.curriculum.restapi.Examples#SAMPLE_CURRICULUMVO}
+	 * @response.representation.401.doc The roles of the authenticated user are not sufficient
+	 * @param httpRequest  The HTTP request
+	 * @return An array of curriculums
+	 */
+	@GET
+	@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
+	public Response getCurriculums(@Context HttpServletRequest httpRequest) {
+		Roles roles = getRoles(httpRequest);
+		if(!roles.isOLATAdmin() && !roles.isCurriculumManager()) {
+			return Response.serverError().status(Status.UNAUTHORIZED).build();
+		}
+
+		CurriculumService curriculumService = CoreSpringFactory.getImpl(CurriculumService.class);
+		CurriculumSearchParameters params = new CurriculumSearchParameters();
+		if(!roles.isOLATAdmin()) {
+			List<OrganisationRef> organisations = roles.getOrganisationsWithRole(OrganisationRoles.curriculummanager);
+			if(organisations.isEmpty()) {
+				return Response.serverError().status(Status.UNAUTHORIZED).build();
+			}
+			params.setOrganisations(organisations);
+		}
+
+		List<Curriculum> curriculums = curriculumService.getCurriculums(params);
+		List<CurriculumVO> voes = new ArrayList<>(curriculums.size());
+		for(Curriculum curriculum:curriculums) {
+			voes.add(CurriculumVO.valueOf(curriculum));
+		}
+		return Response.ok(voes.toArray(new CurriculumVO[voes.size()])).build();
+	}
+
+	/**
+	 * Creates and persists a new curriculum.
+	 * 
+	 * @response.representation.qname {http://www.example.com}curriculumVO
+	 * @response.representation.mediaType application/xml, application/json
+	 * @response.representation.doc The curriculum to persist
+	 * @response.representation.example {@link org.olat.modules.curriculum.restapi.Examples#SAMPLE_CURRICULUMVO}
+	 * @response.representation.200.mediaType application/xml, application/json
+	 * @response.representation.200.doc The persisted curriculum
+	 * @response.representation.200.example {@link org.olat.modules.curriculum.restapi.Examples#SAMPLE_CURRICULUMVO}
+	 * @response.representation.401.doc The roles of the authenticated user are not sufficient
+	 * @response.representation.406.mediaType application/xml, application/json
+	 * @param curriculum The curriculum to persist
+	 * @param request The HTTP request
+	 * @return The new persisted <code>curriculum</code>
+	 */
+	@PUT
+	@Consumes({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
+	@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
+	public Response putCurriculum(CurriculumVO curriculum, @Context HttpServletRequest httpRequest) {
+		Roles roles = getRoles(httpRequest);
+		if(!roles.isOLATAdmin() && !roles.isCurriculumManager()) {
+			return Response.serverError().status(Status.UNAUTHORIZED).build();
+		}
+		
+		Curriculum savedCurriculum = saveCurriculum(curriculum, roles);
+		return Response.ok(CurriculumVO.valueOf(savedCurriculum)).build();
+	}
+	
+	/**
+	 * Updates a curriculum entity.
+	 * 
+	 * @response.representation.qname {http://www.example.com}curriculumVO
+	 * @response.representation.mediaType application/xml, application/json
+	 * @response.representation.doc The curriculum to update
+	 * @response.representation.example {@link org.olat.modules.curriculum.restapi.Examples#SAMPLE_CURRICULUMVO}
+	 * @response.representation.200.mediaType application/xml, application/json
+	 * @response.representation.200.doc The merged curriculum
+	 * @response.representation.200.example {@link org.olat.modules.curriculum.restapi.Examples#SAMPLE_CURRICULUMVO}
+	 * @response.representation.401.doc The roles of the authenticated user are not sufficient
+	 * @response.representation.406.mediaType application/xml, application/json
+	 * @param curriculum The curriculum to merge
+	 * @param request The HTTP request
+	 * @return The merged <code>curriculum</code>
+	 */
+	@POST
+	@Consumes({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
+	@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
+	public Response postCurriculum(CurriculumVO curriculum, @Context HttpServletRequest httpRequest) {
+		Roles roles = getRoles(httpRequest);
+		if(!roles.isOLATAdmin() && !roles.isCurriculumManager()) {
+			return Response.serverError().status(Status.UNAUTHORIZED).build();
+		}
+		
+		Curriculum savedCurriculum = saveCurriculum(curriculum, roles);
+		return Response.ok(CurriculumVO.valueOf(savedCurriculum)).build();
+	}
+	
+	/**
+	 * Get a specific curriculum.
+	 * 
+	 * @response.representation.200.qname {http://www.example.com}curriculumVO
+	 * @response.representation.200.mediaType application/xml, application/json
+	 * @response.representation.200.doc The curriculum
+	 * @response.representation.200.example {@link org.olat.modules.curriculum.restapi.Examples#SAMPLE_CURRICULUMVO}
+	 * @response.representation.401.doc The roles of the authenticated user are not sufficient
+	 * @param curriculumKey The curriculum primary key
+	 * @param httpRequest The HTTP request
+	 * @return The curriculum
+	 */
+	@GET
+	@Path("{curriculumKey}")
+	@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
+	public Response getCurriculum(@PathParam("curriculumKey") Long curriculumKey, @Context HttpServletRequest httpRequest) {
+		Roles roles = getRoles(httpRequest);
+		if(!roles.isOLATAdmin() && !roles.isCurriculumManager()) {
+			return Response.serverError().status(Status.UNAUTHORIZED).build();
+		}
+		
+		CurriculumService curriculumService = CoreSpringFactory.getImpl(CurriculumService.class);
+		Curriculum curriculum = curriculumService.getCurriculum(new CurriculumRefImpl(curriculumKey));
+		allowedOrganisation(curriculum.getOrganisation(), roles);
+		CurriculumVO curriculumVo = CurriculumVO.valueOf(curriculum);
+		return Response.ok(curriculumVo).build();
+	}
+
+	@Path("{curriculumKey}/elements")
+	public CurriculumElementsWebService getCurriculumElementWebService(@PathParam("curriculumKey") Long curriculumKey,
+			@Context HttpServletRequest httpRequest) {
+		CurriculumService curriculumService = CoreSpringFactory.getImpl(CurriculumService.class);
+		Curriculum curriculum = curriculumService.getCurriculum(new CurriculumRefImpl(curriculumKey));
+		allowedOrganisation(curriculum.getOrganisation(), getRoles(httpRequest));
+		return new CurriculumElementsWebService(curriculum);
+	}
+	
+	/**
+	 * Updates a curriculum entity. The primary key is taken from
+	 * the URL. The curriculum object can be "primary key free".
+	 * 
+	 * @response.representation.qname {http://www.example.com}curriculumVO
+	 * @response.representation.mediaType application/xml, application/json
+	 * @response.representation.doc The curriculum to update
+	 * @response.representation.example {@link org.olat.modules.curriculum.restapi.Examples#SAMPLE_CURRICULUMVO}
+	 * @response.representation.200.mediaType application/xml, application/json
+	 * @response.representation.200.doc The merged curriculum
+	 * @response.representation.200.example {@link org.olat.modules.curriculum.restapi.Examples#SAMPLE_CURRICULUMVO}
+	 * @response.representation.401.doc The roles of the authenticated user are not sufficient
+	 * @response.representation.406.mediaType application/xml, application/json
+	 * @param curriculumKey The curriculum primary key
+	 * @param curriculum The curriculum to merge
+	 * @param request The HTTP request
+	 * @return The merged <code>curriculum</code>
+	 */
+	@POST
+	@Path("{curriculumKey}")
+	@Consumes({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
+	@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
+	public Response postCurriculum(@PathParam("curriculumKey") Long curriculumKey, CurriculumVO curriculum, @Context HttpServletRequest httpRequest) {
+		Roles roles = getRoles(httpRequest);
+		if(!roles.isOLATAdmin() && !roles.isCurriculumManager()) {
+			return Response.serverError().status(Status.UNAUTHORIZED).build();
+		}
+		
+		if(curriculum.getKey() == null) {
+			curriculum.setKey(curriculumKey);
+		} else if(!curriculumKey.equals(curriculum.getKey())) {
+			return Response.serverError().status(Status.CONFLICT).build();
+		}
+
+		Curriculum savedCurriculum = saveCurriculum(curriculum, roles);
+		return Response.ok(CurriculumVO.valueOf(savedCurriculum)).build();
+	}
+	
+	
+	private Curriculum saveCurriculum(CurriculumVO curriculum, Roles roles) {
+		CurriculumService curriculumService = CoreSpringFactory.getImpl(CurriculumService.class);
+		
+		Curriculum curriculumToSave = null;
+		Organisation organisation = null;
+		if(curriculum.getOrganisationKey() != null) {
+			OrganisationService organisationService = CoreSpringFactory.getImpl(OrganisationService.class);
+			organisation = organisationService.getOrganisation(new OrganisationRefImpl(curriculum.getOrganisationKey()));
+			allowedOrganisation(organisation, roles);//check if the user can manage this organisation's curriculum
+		}
+
+		if(curriculum.getKey() == null) {
+			curriculumToSave = curriculumService.createCurriculum(curriculum.getIdentifier(), curriculum.getDisplayName(),
+					curriculum.getDescription(), organisation);
+		} else {
+			curriculumToSave = curriculumService.getCurriculum(new CurriculumRefImpl(curriculum.getKey()));
+			allowedOrganisation(curriculumToSave.getOrganisation(), roles);//check if the user can manipulate this curriculum
+			
+			curriculumToSave.setDisplayName(curriculum.getDisplayName());
+			curriculumToSave.setIdentifier(curriculum.getIdentifier());
+			curriculumToSave.setDescription(curriculum.getDescription());
+			curriculumToSave.setOrganisation(organisation);
+		}
+		
+		curriculumToSave.setExternalId(curriculum.getExternalId());
+		curriculumToSave.setManagedFlags(CurriculumManagedFlag.toEnum(curriculum.getManagedFlagsString()));
+		curriculumToSave.setStatus(curriculum.getStatus());
+		curriculumToSave.setDegree(curriculum.getDegree());
+		return curriculumService.updateCurriculum(curriculumToSave);
+	}
+	
+	private void allowedOrganisation(Organisation organisation, Roles roles) {
+		if(roles.isOLATAdmin() || organisation == null) return;
+
+		List<OrganisationRef> managedOrganisations = roles.getOrganisationsWithRole(OrganisationRoles.curriculummanager);
+		for(OrganisationRef managedOrganisation:managedOrganisations) {
+			if(managedOrganisation.getKey().equals(organisation.getKey())) {
+				return;
+			}
+		}
+
+		throw new WebApplicationException(Response.serverError().status(Status.UNAUTHORIZED).build());
+	}
+}
--- a/src/main/java/org/olat/modules/curriculum/restapi/Examples.java
+++ b/src/main/java/org/olat/modules/curriculum/restapi/Examples.java
+/**
+ * <a href="http://www.openolat.org">
+ * OpenOLAT - Online Learning and Training</a><br>
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License"); <br>
+ * you may not use this file except in compliance with the License.<br>
+ * You may obtain a copy of the License at the
+ * <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache homepage</a>
+ * <p>
+ * Unless required by applicable law or agreed to in writing,<br>
+ * software distributed under the License is distributed on an "AS IS" BASIS, <br>
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. <br>
+ * See the License for the specific language governing permissions and <br>
+ * limitations under the License.
+ * <p>
+ * Initial code contributed and copyrighted by<br>
+ * frentix GmbH, http://www.frentix.com
+ * <p>
+ */
+package org.olat.modules.curriculum.restapi;
+
+import java.util.Date;
+
+/**
+ * 
+ * Initial date: 15 mai 2018<br>
+ * @author srosse, stephane.rosse@frentix.com, http://www.frentix.com
+ *
+ */
+public class Examples {
+	
+	public static final CurriculumVO SAMPLE_CURRICULUMVO = new CurriculumVO();
+	
+	public static final CurriculumElementVO SAMPLE_CURRICULUMELEMENTVO = new CurriculumElementVO();
+	
+	static {
+		SAMPLE_CURRICULUMVO.setKey(2l);
+		SAMPLE_CURRICULUMVO.setDisplayName("Dipl. engineer");
+		SAMPLE_CURRICULUMVO.setIdentifier("DIP-ENG-CH");
+		SAMPLE_CURRICULUMVO.setDescription("A diploma as engineer");
+		SAMPLE_CURRICULUMVO.setDegree("License");
+		SAMPLE_CURRICULUMVO.setExternalId("DIP-12387");
+		SAMPLE_CURRICULUMVO.setManagedFlagsString("delete");
+		SAMPLE_CURRICULUMVO.setOrganisationKey(1l);
+		
+		SAMPLE_CURRICULUMELEMENTVO.setKey(3l);
+		SAMPLE_CURRICULUMELEMENTVO.setIdentifier("CURR-EL-1");
+		SAMPLE_CURRICULUMELEMENTVO.setDisplayName("A curriculum element");
+		SAMPLE_CURRICULUMELEMENTVO.setDescription("This is a description");
+		SAMPLE_CURRICULUMELEMENTVO.setCurriculumKey(2l);
+		SAMPLE_CURRICULUMELEMENTVO.setExternalId("EXT-19");
+		SAMPLE_CURRICULUMELEMENTVO.setBeginDate(new Date());
+		SAMPLE_CURRICULUMELEMENTVO.setEndDate(new Date());
+		SAMPLE_CURRICULUMELEMENTVO.setCurriculumElementTypeKey(25l);
+		SAMPLE_CURRICULUMELEMENTVO.setParentElementKey(1l);
+		SAMPLE_CURRICULUMELEMENTVO.setManagedFlagsString("delete");
+	}
+}
\ No newline at end of file
--- a/src/main/java/org/olat/restapi/_spring/restApiContext.xml
+++ b/src/main/java/org/olat/restapi/_spring/restApiContext.xml
@@ -36,6 +36,7 @@
 				<value>org.olat.course.nodes.bc.BCWebService</value>
 				<value>org.olat.course.assessment.restapi.EfficiencyStatementWebService</value>
 				<value>org.olat.course.certificate.restapi.CertificationWebService</value>
+				<value>org.olat.modules.curriculum.restapi.CurriculumsWebService</value>
 				<value>org.olat.modules.docpool.restapi.DocumentPoolModuleWebService</value>
 				<value>org.olat.modules.qpool.restapi.QuestionPoolWebService</value>
 				<value>org.olat.modules.wiki.restapi.WikisWebService</value>

--- a/src/main/java/org/olat/restapi/api/_content/application.html
+++ b/src/main/java/org/olat/restapi/api/_content/application.html
--- a/src/test/java/org/olat/restapi/CurriculumElementsWebServiceTest.java
+++ b/src/test/java/org/olat/restapi/CurriculumElementsWebServiceTest.java
+/**
+ * <a href="http://www.openolat.org">
+ * OpenOLAT - Online Learning and Training</a><br>
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License"); <br>
+ * you may not use this file except in compliance with the License.<br>
+ * You may obtain a copy of the License at the
+ * <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache homepage</a>
+ * <p>
+ * Unless required by applicable law or agreed to in writing,<br>
+ * software distributed under the License is distributed on an "AS IS" BASIS, <br>
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. <br>
+ * See the License for the specific language governing permissions and <br>
+ * limitations under the License.
+ * <p>
+ * Initial code contributed and copyrighted by<br>
+ * frentix GmbH, http://www.frentix.com
+ * <p>
+ */
+package org.olat.restapi;
+
+import static org.junit.Assert.assertTrue;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.List;
+
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.UriBuilder;
+
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.client.methods.HttpPut;
+import org.apache.http.util.EntityUtils;
+import org.codehaus.jackson.map.ObjectMapper;
+import org.codehaus.jackson.type.TypeReference;
+import org.hamcrest.Matchers;
+import org.junit.Assert;
+import org.junit.Test;
+import org.olat.basesecurity.OrganisationService;
+import org.olat.core.commons.persistence.DB;
+import org.olat.core.id.Organisation;
+import org.olat.modules.curriculum.Curriculum;
+import org.olat.modules.curriculum.CurriculumElement;
+import org.olat.modules.curriculum.CurriculumElementManagedFlag;
+import org.olat.modules.curriculum.CurriculumElementType;
+import org.olat.modules.curriculum.CurriculumService;
+import org.olat.modules.curriculum.model.CurriculumElementRefImpl;
+import org.olat.modules.curriculum.restapi.CurriculumElementVO;
+import org.olat.test.OlatJerseyTestCase;
+import org.springframework.beans.factory.annotation.Autowired;
+
+/**
+ * 
+ * Initial date: 15 mai 2018<br>
+ * @author srosse, stephane.rosse@frentix.com, http://www.frentix.com
+ *
+ */
+public class CurriculumElementsWebServiceTest extends OlatJerseyTestCase {
+	
+	@Autowired
+	private DB dbInstance;
+	@Autowired
+	private CurriculumService curriculumService;
+	@Autowired
+	private OrganisationService organisationService;
+	
+	@Test
+	public void getCurriculumElements()
+	throws IOException, URISyntaxException {
+		Organisation organisation = organisationService.createOrganisation("Curriculum org.", "curr-org", "", null, null);
+		Curriculum curriculum = curriculumService.createCurriculum("REST-Curriculum-elements", "REST Curriculum", "A curriculum accessible by REST API for elemets", organisation);
+		CurriculumElement element1 = curriculumService.createCurriculumElement("Element-1", "Element 1", null, null, null, null, curriculum);
+		CurriculumElement element1_1 = curriculumService.createCurriculumElement("Element-1.1", "Element 1.1", null, null, null, null, curriculum);
+		dbInstance.commitAndCloseSession();
+		
+		RestConnection conn = new RestConnection();
+		assertTrue(conn.login("administrator", "openolat"));
+		
+		URI request = UriBuilder.fromUri(getContextURI()).path("curriculum").path(curriculum.getKey().toString()).path("elements").build();
+		HttpGet method = conn.createGet(request, MediaType.APPLICATION_JSON, true);
+		HttpResponse response = conn.execute(method);
+		Assert.assertEquals(200, response.getStatusLine().getStatusCode());
+		InputStream body = response.getEntity().getContent();
+		List<CurriculumElementVO> elementVoes = parseCurriculumElementArray(body);
+		Assert.assertNotNull(elementVoes);
+		Assert.assertEquals(2, elementVoes.size());
+		
+		boolean found1 = false;
+		boolean found1_1 = false;
+		for(CurriculumElementVO elementVo:elementVoes) {
+			if(element1.getKey().equals(elementVo.getKey())) {
+				found1 = true;
+			} else if(element1_1.getKey().equals(elementVo.getKey())) {
+				found1_1 = true;
+			}
+		}
+		Assert.assertTrue(found1);
+		Assert.assertTrue(found1_1);
+	}
+	
+	@Test
+	public void getCurriculumElement()
+	throws IOException, URISyntaxException {
+		Organisation organisation = organisationService.createOrganisation("Curriculum org.", "curr-org", "", null, null);
+		Curriculum curriculum = curriculumService.createCurriculum("REST-Curriculum-elements", "REST Curriculum", "A curriculum accessible by REST API for elemets", organisation);
+		CurriculumElement element = curriculumService.createCurriculumElement("Element-1", "Element 1", null, null, null, null, curriculum);
+		dbInstance.commitAndCloseSession();
+		
+		RestConnection conn = new RestConnection();
+		assertTrue(conn.login("administrator", "openolat"));
+		
+		URI request = UriBuilder.fromUri(getContextURI()).path("curriculum").path(curriculum.getKey().toString())
+				.path("elements").path(element.getKey().toString()).build();
+		HttpGet method = conn.createGet(request, MediaType.APPLICATION_JSON, true);
+		HttpResponse response = conn.execute(method);
+		Assert.assertEquals(200, response.getStatusLine().getStatusCode());
+		CurriculumElementVO elementVo = conn.parse(response, CurriculumElementVO.class);
+		Assert.assertNotNull(elementVo);
+		Assert.assertEquals(element.getKey(), elementVo.getKey());
+	}
+
+	@Test
+	public void createCurriculumElement()
+	throws IOException, URISyntaxException {
+		RestConnection conn = new RestConnection();
+		assertTrue(conn.login("administrator", "openolat"));
+		
+		Organisation organisation = organisationService.createOrganisation("Curriculum org.", "curr-org", "", null, null);
+		Curriculum curriculum = curriculumService.createCurriculum("REST-Curriculum-elements", "REST Curriculum", "A curriculum accessible by REST API for elemets", organisation);
+		CurriculumElement element1 = curriculumService.createCurriculumElement("Element-3", "Element 3", null, null, null, null, curriculum);
+		dbInstance.commitAndCloseSession();
+		
+		CurriculumElementVO vo = new CurriculumElementVO();
+		vo.setDescription("REST created element");
+		vo.setDisplayName("REST Curriculum element");
+		vo.setExternalId("REST-CEL-1");
+		vo.setIdentifier("REST-ID-CEL-1");
+		vo.setManagedFlagsString("delete");
+		vo.setCurriculumKey(curriculum.getKey());
+		vo.setParentElementKey(element1.getKey());
+
+		URI request = UriBuilder.fromUri(getContextURI()).path("curriculum").path(curriculum.getKey().toString())
+				.path("elements").build();
+		HttpPut method = conn.createPut(request, MediaType.APPLICATION_JSON, true);
+		conn.addJsonEntity(method, vo);
+		
+		HttpResponse response = conn.execute(method);
+		Assert.assertThat(response.getStatusLine().getStatusCode(), Matchers.either(Matchers.is(200)).or(Matchers.is(201)));
+		
+		// checked VO
+		CurriculumElementVO savedVo = conn.parse(response, CurriculumElementVO.class);
+		Assert.assertNotNull(savedVo);
+		Assert.assertNotNull(savedVo.getKey());
+		Assert.assertEquals("REST created element", savedVo.getDescription());
+		Assert.assertEquals("REST Curriculum element", savedVo.getDisplayName());
+		Assert.assertEquals("REST-CEL-1", savedVo.getExternalId());
+		Assert.assertEquals("REST-ID-CEL-1", savedVo.getIdentifier());
+		Assert.assertEquals("delete", savedVo.getManagedFlagsString());
+		Assert.assertEquals(element1.getKey(), savedVo.getParentElementKey());
+		Assert.assertEquals(curriculum.getKey(), savedVo.getCurriculumKey());
+		
+		// checked database
+		CurriculumElement savedElement = curriculumService.getCurriculumElement(new CurriculumElementRefImpl(savedVo.getKey()));
+		Assert.assertNotNull(savedElement);
+		Assert.assertEquals(savedVo.getKey(), savedElement.getKey());
+		Assert.assertEquals("REST created element", savedElement.getDescription());
+		Assert.assertEquals("REST Curriculum element", savedElement.getDisplayName());
+		Assert.assertEquals("REST-CEL-1", savedElement.getExternalId());
+		Assert.assertEquals("REST-ID-CEL-1", savedElement.getIdentifier());
+		Assert.assertNotNull(savedElement.getManagedFlags());
+		Assert.assertEquals(1, savedElement.getManagedFlags().length);
+		Assert.assertEquals(CurriculumElementManagedFlag.delete, savedElement.getManagedFlags()[0]);
+		Assert.assertEquals(element1, savedElement.getParent());
+		Assert.assertEquals(curriculum, savedElement.getCurriculum());
+	}
+	
+	@Test
+	public void updateCurriculumElement()
+	throws IOException, URISyntaxException {
+		RestConnection conn = new RestConnection();
+		assertTrue(conn.login("administrator", "openolat"));
+		
+		Organisation organisation = organisationService.createOrganisation("REST Parent Organisation 2 ", "REST-p-2-organisation", "", null, null);
+		Curriculum curriculum = curriculumService.createCurriculum("REST-Curriculum-elements", "REST Curriculum", "A curriculum accessible by REST API for elemets", organisation);
+		CurriculumElement element = curriculumService.createCurriculumElement("Element-5", "Element 5", null, null, null, null, curriculum);
+		CurriculumElementType type = curriculumService.createCurriculumElementType("TYPE-2", "Type 2", "", "");
+		dbInstance.commitAndCloseSession();
+		
+		CurriculumElementVO vo = new CurriculumElementVO();
+		vo.setKey(element.getKey());
+		vo.setDescription("Via REST updated element");
+		vo.setDisplayName("REST updated element");
+		vo.setExternalId("REST-CEL-2");
+		vo.setIdentifier("REST-ID-CEL-2");
+		vo.setManagedFlagsString("delete,all");
+		vo.setCurriculumKey(curriculum.getKey());
+		vo.setCurriculumElementTypeKey(type.getKey());
+
+		URI request = UriBuilder.fromUri(getContextURI()).path("curriculum").path(curriculum.getKey().toString())
+				.path("elements").build();
+		HttpPut method = conn.createPut(request, MediaType.APPLICATION_JSON, true);
+		conn.addJsonEntity(method, vo);
+		
+		HttpResponse response = conn.execute(method);
+		Assert.assertEquals(200, response.getStatusLine().getStatusCode());
+		
+		// checked VO
+		CurriculumElementVO savedVo = conn.parse(response, CurriculumElementVO.class);
+		Assert.assertNotNull(savedVo);
+		Assert.assertNotNull(savedVo.getKey());
+		Assert.assertEquals("Via REST updated element", savedVo.getDescription());
+		Assert.assertEquals("REST updated element", savedVo.getDisplayName());
+		Assert.assertEquals("REST-CEL-2", savedVo.getExternalId());
+		Assert.assertEquals("REST-ID-CEL-2", savedVo.getIdentifier());
+		Assert.assertEquals("delete,all", savedVo.getManagedFlagsString());
+		Assert.assertEquals(curriculum.getKey(), savedVo.getCurriculumKey());
+		Assert.assertNull(savedVo.getParentElementKey());
+		Assert.assertEquals(type.getKey(), savedVo.getCurriculumElementTypeKey());
+		
+		// checked database
+		CurriculumElement savedElement = curriculumService.getCurriculumElement(new CurriculumElementRefImpl(savedVo.getKey()));
+		Assert.assertNotNull(savedElement);
+		Assert.assertEquals(savedVo.getKey(), savedElement.getKey());
+		Assert.assertEquals("Via REST updated element", savedElement.getDescription());
+		Assert.assertEquals("REST updated element", savedElement.getDisplayName());
+		Assert.assertEquals("REST-CEL-2", savedElement.getExternalId());
+		Assert.assertEquals("REST-ID-CEL-2", savedElement.getIdentifier());
+		Assert.assertNotNull(savedElement.getManagedFlags());
+		Assert.assertEquals(2, savedElement.getManagedFlags().length);
+		Assert.assertEquals(curriculum, savedElement.getCurriculum());
+		Assert.assertEquals(type, savedElement.getType());
+	}
+	
+	@Test
+	public void updateCurriculumElementWithKey()
+	throws IOException, URISyntaxException {
+		RestConnection conn = new RestConnection();
+		assertTrue(conn.login("administrator", "openolat"));
+		
+		Organisation organisation = organisationService.createOrganisation("REST Parent Organisation 2 ", "REST-p-2-organisation", "", null, null);
+		Curriculum curriculum = curriculumService.createCurriculum("REST-Curriculum-elements", "REST Curriculum", "A curriculum accessible by REST API for elemets", organisation);
+		CurriculumElement element = curriculumService.createCurriculumElement("Element-6", "Element 6", null, null, null, null, curriculum);
+		dbInstance.commitAndCloseSession();
+		
+		CurriculumElementVO vo = CurriculumElementVO.valueOf(element);
+		vo.setExternalId("REST-CEL-7");
+		vo.setIdentifier("REST-ID-CEL-7");
+		vo.setManagedFlagsString("displayName");
+
+		URI request = UriBuilder.fromUri(getContextURI()).path("curriculum").path(curriculum.getKey().toString())
+				.path("elements").path(element.getKey().toString()).build();
+		HttpPost method = conn.createPost(request, MediaType.APPLICATION_JSON);
+		conn.addJsonEntity(method, vo);
+		
+		HttpResponse response = conn.execute(method);
+		Assert.assertEquals(200, response.getStatusLine().getStatusCode());
+		
+		// checked VO
+		CurriculumElementVO savedVo = conn.parse(response, CurriculumElementVO.class);
+		Assert.assertNotNull(savedVo);
+		Assert.assertNotNull(savedVo.getKey());
+		Assert.assertEquals("REST-CEL-7", savedVo.getExternalId());
+		Assert.assertEquals("REST-ID-CEL-7", savedVo.getIdentifier());
+		Assert.assertEquals("displayName", savedVo.getManagedFlagsString());
+		
+		// checked database
+		CurriculumElement savedElement = curriculumService.getCurriculumElement(new CurriculumElementRefImpl(savedVo.getKey()));
+		Assert.assertNotNull(savedElement);
+		Assert.assertEquals(savedVo.getKey(), savedElement.getKey());
+		Assert.assertEquals("REST-CEL-7", savedElement.getExternalId());
+		Assert.assertEquals("REST-ID-CEL-7", savedElement.getIdentifier());
+		Assert.assertNotNull(savedElement.getManagedFlags());
+		Assert.assertEquals(1, savedElement.getManagedFlags().length);
+		Assert.assertEquals(CurriculumElementManagedFlag.displayName, savedElement.getManagedFlags()[0]);
+	}
+	
+	@Test
+	public void updateAndMoveOrganisation()
+	throws IOException, URISyntaxException {
+		RestConnection conn = new RestConnection();
+		assertTrue(conn.login("administrator", "openolat"));
+		
+		Organisation organisation = organisationService.createOrganisation("REST Parent Organisation 2 ", "REST-p-2-organisation", "", null, null);
+		Curriculum curriculum = curriculumService.createCurriculum("REST-Curriculum-elements", "REST Curriculum", "A curriculum accessible by REST API for elemets", organisation);
+		CurriculumElement element1 = curriculumService.createCurriculumElement("Element-8", "Element 8", null, null, null, null, curriculum);
+		CurriculumElement element1_1 = curriculumService.createCurriculumElement("Element-8.1", "Element 8.1", null, null, element1, null, curriculum);
+		CurriculumElement element2 = curriculumService.createCurriculumElement("Element-9", "Element 9", null, null, null, null, curriculum);
+		dbInstance.commitAndCloseSession();
+		
+		
+		CurriculumElementVO vo = CurriculumElementVO.valueOf(element1_1);
+		vo.setParentElementKey(element2.getKey());
+
+		URI request = UriBuilder.fromUri(getContextURI()).path("curriculum").path(curriculum.getKey().toString())
+				.path("elements").build();
+		HttpPost method = conn.createPost(request, MediaType.APPLICATION_JSON);
+		conn.addJsonEntity(method, vo);
+		
+		HttpResponse response = conn.execute(method);
+		Assert.assertEquals(200, response.getStatusLine().getStatusCode());
+		
+		// checked VO
+		CurriculumElementVO savedVo = conn.parse(response, CurriculumElementVO.class);
+		Assert.assertNotNull(savedVo);
+		Assert.assertNotNull(savedVo.getKey());
+		Assert.assertEquals(element2.getKey(), savedVo.getParentElementKey());
+		Assert.assertEquals(curriculum.getKey(), savedVo.getCurriculumKey());
+		
+		// checked database
+		CurriculumElement savedElement = curriculumService.getCurriculumElement(new CurriculumElementRefImpl(savedVo.getKey()));
+		Assert.assertNotNull(savedElement);
+		Assert.assertEquals(savedVo.getKey(), savedElement.getKey());
+		Assert.assertEquals(element2, savedElement.getParent());
+		Assert.assertEquals(curriculum, savedElement.getCurriculum());
+	}
+	
+	@Test
+	public void updateCurriculumElement_notAuthorized()
+	throws IOException, URISyntaxException {
+		RestConnection conn = new RestConnection();
+		assertTrue(conn.login("administrator", "openolat"));
+		
+		Organisation organisation = organisationService.createOrganisation("REST Parent Organisation 2 ", "REST-p-2-organisation", "", null, null);
+		Curriculum curriculum = curriculumService.createCurriculum("REST-Curriculum-elements", "REST Curriculum", "A curriculum accessible by REST API for elemets", organisation);
+		CurriculumElement element = curriculumService.createCurriculumElement("Element-10", "Element 10", null, null, null, null, curriculum);
+		Curriculum otherCurriculum = curriculumService.createCurriculum("REST-Curriculum-elements", "REST Curriculum", "A curriculum accessible by REST API for elemets", organisation);
+		dbInstance.commitAndCloseSession();
+		
+		CurriculumElementVO vo = CurriculumElementVO.valueOf(element);
+		vo.setExternalId("REST-CEL-10");
+
+		//try to update an element under the false curriculum
+		URI request = UriBuilder.fromUri(getContextURI()).path("curriculum").path(otherCurriculum.getKey().toString())
+				.path("elements").build();
+		HttpPost method = conn.createPost(request, MediaType.APPLICATION_JSON);
+		conn.addJsonEntity(method, vo);
+		
+		HttpResponse response = conn.execute(method);
+		Assert.assertEquals(409, response.getStatusLine().getStatusCode());
+		EntityUtils.consume(response.getEntity());
+	}
+	
+	
+	protected List<CurriculumElementVO> parseCurriculumElementArray(InputStream body) {
+		try {
+			ObjectMapper mapper = new ObjectMapper(jsonFactory); 
+			return mapper.readValue(body, new TypeReference<List<CurriculumElementVO>>(){/* */});
+		} catch (Exception e) {
+			e.printStackTrace();
+			return null;
+		}
+	}
+
+}
--- a/src/test/java/org/olat/restapi/CurriculumsWebServiceTest.java
+++ b/src/test/java/org/olat/restapi/CurriculumsWebServiceTest.java
+/**
+ * <a href="http://www.openolat.org">
+ * OpenOLAT - Online Learning and Training</a><br>
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License"); <br>
+ * you may not use this file except in compliance with the License.<br>
+ * You may obtain a copy of the License at the
+ * <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache homepage</a>
+ * <p>
+ * Unless required by applicable law or agreed to in writing,<br>
+ * software distributed under the License is distributed on an "AS IS" BASIS, <br>
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. <br>
+ * See the License for the specific language governing permissions and <br>
+ * limitations under the License.
+ * <p>
+ * Initial code contributed and copyrighted by<br>
+ * frentix GmbH, http://www.frentix.com
+ * <p>
+ */
+package org.olat.restapi;
+
+import static org.junit.Assert.assertTrue;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.List;
+
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.UriBuilder;
+
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.client.methods.HttpPut;
+import org.apache.http.util.EntityUtils;
+import org.codehaus.jackson.map.ObjectMapper;
+import org.codehaus.jackson.type.TypeReference;
+import org.hamcrest.Matchers;
+import org.junit.Assert;
+import org.junit.Test;
+import org.olat.basesecurity.OrganisationRoles;
+import org.olat.basesecurity.OrganisationService;
+import org.olat.core.commons.persistence.DB;
+import org.olat.core.id.Identity;
+import org.olat.core.id.Organisation;
+import org.olat.modules.curriculum.Curriculum;
+import org.olat.modules.curriculum.CurriculumManagedFlag;
+import org.olat.modules.curriculum.CurriculumService;
+import org.olat.modules.curriculum.model.CurriculumRefImpl;
+import org.olat.modules.curriculum.restapi.CurriculumVO;
+import org.olat.test.JunitTestHelper;
+import org.olat.test.OlatJerseyTestCase;
+import org.springframework.beans.factory.annotation.Autowired;
+
+/**
+ * 
+ * Initial date: 15 mai 2018<br>
+ * @author srosse, stephane.rosse@frentix.com, http://www.frentix.com
+ *
+ */
+public class CurriculumsWebServiceTest extends OlatJerseyTestCase {
+	
+	@Autowired
+	private DB dbInstance;
+	@Autowired
+	private CurriculumService curriculumService;
+	@Autowired
+	private OrganisationService organisationService;
+	
+	@Test
+	public void getCurriculums()
+	throws IOException, URISyntaxException {
+		Organisation organisation = organisationService.createOrganisation("Curriculum org.", "curr-org", "", null, null);
+		Curriculum curriculum = curriculumService.createCurriculum("REST-Curriculum", "REST Curriculum", "A curriculum accessible by REST API", organisation);
+		dbInstance.commitAndCloseSession();
+		
+		RestConnection conn = new RestConnection();
+		assertTrue(conn.login("administrator", "openolat"));
+		
+		URI request = UriBuilder.fromUri(getContextURI()).path("curriculum").build();
+		HttpGet method = conn.createGet(request, MediaType.APPLICATION_JSON, true);
+		HttpResponse response = conn.execute(method);
+		Assert.assertEquals(200, response.getStatusLine().getStatusCode());
+		InputStream body = response.getEntity().getContent();
+		List<CurriculumVO> curriculumVoes = parseCurriculumArray(body);
+		
+		CurriculumVO foundVo = null;
+		for(CurriculumVO curriculumVo:curriculumVoes) {
+			if(curriculumVo.getKey().equals(curriculum.getKey())) {
+				foundVo = curriculumVo;
+			}
+		}
+		Assert.assertNotNull(foundVo);
+	}
+	
+	@Test
+	public void getCurriculum()
+	throws IOException, URISyntaxException {
+		Organisation organisation = organisationService.createOrganisation("Curriculum org.", "curr-org", "", null, null);
+		Curriculum curriculum = curriculumService.createCurriculum("REST-2-Curriculum", "REST 2 Curriculum", "A curriculum accessible by REST API", organisation);
+		dbInstance.commitAndCloseSession();
+		
+		RestConnection conn = new RestConnection();
+		assertTrue(conn.login("administrator", "openolat"));
+		
+		URI request = UriBuilder.fromUri(getContextURI()).path("curriculum").path(curriculum.getKey().toString()).build();
+		HttpGet method = conn.createGet(request, MediaType.APPLICATION_JSON, true);
+		HttpResponse response = conn.execute(method);
+		Assert.assertEquals(200, response.getStatusLine().getStatusCode());
+		
+		CurriculumVO curriculumVo = conn.parse(response, CurriculumVO.class);
+		Assert.assertNotNull(curriculumVo);
+		Assert.assertEquals(curriculum.getKey(), curriculumVo.getKey());
+		Assert.assertEquals("REST-2-Curriculum", curriculumVo.getIdentifier());
+		Assert.assertEquals(organisation.getKey(), curriculumVo.getOrganisationKey());
+	}
+	
+	@Test
+	public void createCurriculum()
+	throws IOException, URISyntaxException {
+		RestConnection conn = new RestConnection();
+		assertTrue(conn.login("administrator", "openolat"));
+		
+		Organisation organisation = organisationService.createOrganisation("REST Parent Organisation", "REST-p-organisation", "", null, null);
+		dbInstance.commitAndCloseSession();
+		
+		CurriculumVO vo = new CurriculumVO();
+		vo.setDescription("REST created curriculum");
+		vo.setDisplayName("REST Curriculum");
+		vo.setExternalId("REST-CUR-1");
+		vo.setIdentifier("REST-CUR-ID-1");
+		vo.setManagedFlagsString("delete");
+		vo.setDegree("High degree");
+		vo.setOrganisationKey(organisation.getKey());
+
+		URI request = UriBuilder.fromUri(getContextURI()).path("curriculum").build();
+		HttpPut method = conn.createPut(request, MediaType.APPLICATION_JSON, true);
+		conn.addJsonEntity(method, vo);
+		
+		HttpResponse response = conn.execute(method);
+		Assert.assertThat(response.getStatusLine().getStatusCode(), Matchers.either(Matchers.is(200)).or(Matchers.is(201)));
+		
+		// checked VO
+		CurriculumVO savedVo = conn.parse(response, CurriculumVO.class);
+		Assert.assertNotNull(savedVo);
+		Assert.assertNotNull(savedVo.getKey());
+		Assert.assertEquals("REST created curriculum", savedVo.getDescription());
+		Assert.assertEquals("REST Curriculum", savedVo.getDisplayName());
+		Assert.assertEquals("REST-CUR-1", savedVo.getExternalId());
+		Assert.assertEquals("REST-CUR-ID-1", savedVo.getIdentifier());
+		Assert.assertEquals("delete", savedVo.getManagedFlagsString());
+		Assert.assertEquals("High degree", savedVo.getDegree());
+		Assert.assertEquals(organisation.getKey(), savedVo.getOrganisationKey());
+		
+		// checked database
+		Curriculum savedCurriculum = curriculumService.getCurriculum(new CurriculumRefImpl(savedVo.getKey()));
+		Assert.assertNotNull(savedCurriculum);
+		Assert.assertEquals(savedVo.getKey(), savedCurriculum.getKey());
+		Assert.assertEquals("REST created curriculum", savedCurriculum.getDescription());
+		Assert.assertEquals("REST Curriculum", savedCurriculum.getDisplayName());
+		Assert.assertEquals("REST-CUR-1", savedCurriculum.getExternalId());
+		Assert.assertEquals("REST-CUR-ID-1", savedCurriculum.getIdentifier());
+		Assert.assertEquals("High degree", savedCurriculum.getDegree());
+		Assert.assertNotNull(savedCurriculum.getManagedFlags());
+		Assert.assertEquals(1, savedCurriculum.getManagedFlags().length);
+		Assert.assertEquals(CurriculumManagedFlag.delete, savedCurriculum.getManagedFlags()[0]);
+		Assert.assertEquals(organisation, savedCurriculum.getOrganisation());
+	}
+	
+	@Test
+	public void updateCurriculum()
+	throws IOException, URISyntaxException {
+		RestConnection conn = new RestConnection();
+		assertTrue(conn.login("administrator", "openolat"));
+		
+		Organisation organisation = organisationService.createOrganisation("REST Parent Organisation 3", "REST-p-3-organisation", "", null, null);
+		Curriculum curriculum = curriculumService.createCurriculum("REST-4-Curriculum", "REST 4 Curriculum", "A curriculum accessible by REST API", organisation);
+		dbInstance.commitAndCloseSession();
+		
+		CurriculumVO vo = new CurriculumVO();
+		vo.setKey(curriculum.getKey());
+		vo.setDescription("Via REST updated curriculum");
+		vo.setDisplayName("REST updated curriculum");
+		vo.setDegree("Diploma");
+		vo.setExternalId("REST4b");
+		vo.setIdentifier("REST-ID-4b");
+		vo.setManagedFlagsString("delete,all");
+		vo.setOrganisationKey(organisation.getKey());
+
+		URI request = UriBuilder.fromUri(getContextURI()).path("curriculum").build();
+		HttpPut method = conn.createPut(request, MediaType.APPLICATION_JSON, true);
+		conn.addJsonEntity(method, vo);
+		
+		HttpResponse response = conn.execute(method);
+		Assert.assertEquals(200, response.getStatusLine().getStatusCode());
+		
+		// checked VO
+		CurriculumVO savedVo = conn.parse(response, CurriculumVO.class);
+		Assert.assertNotNull(savedVo);
+		Assert.assertEquals(curriculum.getKey(), savedVo.getKey());
+		Assert.assertEquals("Via REST updated curriculum", savedVo.getDescription());
+		Assert.assertEquals("REST updated curriculum", savedVo.getDisplayName());
+		Assert.assertEquals("REST4b", savedVo.getExternalId());
+		Assert.assertEquals("REST-ID-4b", savedVo.getIdentifier());
+		Assert.assertEquals("delete,all", savedVo.getManagedFlagsString());
+		Assert.assertEquals(organisation.getKey(), savedVo.getOrganisationKey());
+		
+		// checked database
+		Curriculum savedCurriculum = curriculumService.getCurriculum(new CurriculumRefImpl(savedVo.getKey()));
+		Assert.assertNotNull(savedCurriculum);
+		Assert.assertEquals(savedVo.getKey(), savedCurriculum.getKey());
+		Assert.assertEquals("Via REST updated curriculum", savedCurriculum.getDescription());
+		Assert.assertEquals("REST updated curriculum", savedCurriculum.getDisplayName());
+		Assert.assertEquals("REST4b", savedCurriculum.getExternalId());
+		Assert.assertEquals("REST-ID-4b", savedCurriculum.getIdentifier());
+		Assert.assertEquals("Diploma", savedCurriculum.getDegree());
+		Assert.assertNotNull(savedCurriculum.getManagedFlags());
+		Assert.assertEquals(2, savedCurriculum.getManagedFlags().length);
+		Assert.assertEquals(organisation, savedCurriculum.getOrganisation());
+	}
+	
+	@Test
+	public void createCurriculum_notAuthorized()
+	throws IOException, URISyntaxException {
+		Identity author = JunitTestHelper.createAndPersistIdentityAsRndAuthor("rest-curriculum");
+		
+		RestConnection conn = new RestConnection();
+		assertTrue(conn.login(author.getName(), JunitTestHelper.PWD));
+		
+		Organisation organisation = organisationService.createOrganisation("REST Parent Organisation", "REST-p-organisation", "", null, null);
+		dbInstance.commitAndCloseSession();
+		
+		CurriculumVO vo = new CurriculumVO();
+		vo.setDescription("Try to create curriculum");
+		vo.setDisplayName("Authored Curriculum");
+		vo.setIdentifier("AUTH-CUR-ID-1");
+		vo.setOrganisationKey(organisation.getKey());
+
+		URI request = UriBuilder.fromUri(getContextURI()).path("curriculum").build();
+		HttpPut method = conn.createPut(request, MediaType.APPLICATION_JSON, true);
+		conn.addJsonEntity(method, vo);
+		
+		HttpResponse response = conn.execute(method);
+		Assert.assertEquals(401, response.getStatusLine().getStatusCode());
+		EntityUtils.consume(response.getEntity());
+	}
+	
+	@Test
+	public void updateCurriculum_authorizedOrNot()
+	throws IOException, URISyntaxException {
+		Identity curriculumManager = JunitTestHelper.createAndPersistIdentityAsRndUser("rest-curriculum");
+		Organisation parentOrganisation = organisationService.createOrganisation("Root curriculum organisation", "REST-curl-organisation", "", null, null);
+		Organisation organisationA = organisationService.createOrganisation("Organisation A", "REST-A-organisation", "", parentOrganisation, null);
+		Organisation organisationB = organisationService.createOrganisation("Organisation B", "REST-B-organisation", "", parentOrganisation, null);
+		organisationService.addMember(organisationB, curriculumManager, OrganisationRoles.curriculummanager);
+		dbInstance.commitAndCloseSession();
+		
+		//create 2 curriculums
+		Curriculum curriculumA = curriculumService.createCurriculum("REST-A-Curriculum", "REST A Curriculum", "A curriculum accessible by REST API", organisationA);
+		Curriculum curriculumB = curriculumService.createCurriculum("REST-B-Curriculum", "REST B Curriculum", "A curriculum accessible by REST API", organisationB);
+		dbInstance.commitAndCloseSession();
+		
+		
+		RestConnection conn = new RestConnection();
+		assertTrue(conn.login(curriculumManager.getName(), JunitTestHelper.PWD));
+
+		CurriculumVO voA = CurriculumVO.valueOf(curriculumA);
+		voA.setIdentifier("Take control A");
+		// it cannot change something in organization A
+		URI requestA = UriBuilder.fromUri(getContextURI()).path("curriculum").build();
+		HttpPost methodA = conn.createPost(requestA, MediaType.APPLICATION_JSON);
+		conn.addJsonEntity(methodA, voA);
+		HttpResponse responsea = conn.execute(methodA);
+		Assert.assertEquals(401, responsea.getStatusLine().getStatusCode());
+		EntityUtils.consume(responsea.getEntity());
+		
+		// but it can update a curriculum in organization B
+		CurriculumVO voB = CurriculumVO.valueOf(curriculumB);
+		voB.setIdentifier("Update B");
+		// it cannot change something in organization A
+		URI requestB = UriBuilder.fromUri(getContextURI()).path("curriculum").build();
+		HttpPost methodB = conn.createPost(requestB, MediaType.APPLICATION_JSON);
+		conn.addJsonEntity(methodB, voB);
+		HttpResponse responseB = conn.execute(methodB);
+		Assert.assertEquals(200, responseB.getStatusLine().getStatusCode());
+		// check the updated curriculum
+		CurriculumVO updatedVoB = conn.parse(responseB, CurriculumVO.class);
+		Assert.assertNotNull(updatedVoB);
+		Assert.assertEquals(curriculumB.getKey(), updatedVoB.getKey());
+		Assert.assertEquals("Update B", updatedVoB.getIdentifier());
+	}
+	
+	protected List<CurriculumVO> parseCurriculumArray(InputStream body) {
+		try {
+			ObjectMapper mapper = new ObjectMapper(jsonFactory); 
+			return mapper.readValue(body, new TypeReference<List<CurriculumVO>>(){/* */});
+		} catch (Exception e) {
+			e.printStackTrace();
+			return null;
+		}
+	}
+
+}
--- a/src/test/java/org/olat/test/AllTestsJunit4.java
+++ b/src/test/java/org/olat/test/AllTestsJunit4.java
@@ -322,6 +322,8 @@ import org.junit.runners.Suite;
 	org.olat.restapi.CoursePublishTest.class,
 	org.olat.restapi.CoursesInfosTest.class,
 	org.olat.restapi.CourseTest.class,
+	org.olat.restapi.CurriculumsWebServiceTest.class,
+	org.olat.restapi.CurriculumElementsWebServiceTest.class,
 	org.olat.restapi.EfficiencyStatementTest.class,
 	org.olat.restapi.FolderTest.class,
 	org.olat.restapi.ForumTest.class,

--- a/src/test/java/org/olat/test/JunitTestHelper.java
+++ b/src/test/java/org/olat/test/JunitTestHelper.java
@@ -115,6 +115,11 @@ public class JunitTestHelper {
 	}
 	
 	public static final Identity createAndPersistIdentityAsRndUser(String prefixLogin) {
+		String login = getRandomizedLoginName(prefixLogin);
+		return createAndPersistIdentityAsUser(login);
+	}
+	
+	private static final String getRandomizedLoginName(String prefixLogin) {
 		if(StringHelper.containsNonWhitespace(prefixLogin)) {
 			if(!prefixLogin.endsWith("-")) {
 				prefixLogin += "-";
@@ -122,8 +127,7 @@ public class JunitTestHelper {
 		} else {
 			prefixLogin = "junit-";
 		}
-		String login = prefixLogin + UUID.randomUUID().toString();
-		return createAndPersistIdentityAsUser(login);
+		return prefixLogin + UUID.randomUUID();
 	}

 	/**
@@ -143,6 +147,17 @@ public class JunitTestHelper {
 		addToDefaultOrganisation(identity, OrganisationRoles.user);
 		return identity;
 	}
+	
+	/**
+	 * Create a new identity with author permission.
+	 * 
+	 * @param prefixLogin The prefix of the user name.
+	 * @return The new unique identity
+	 */
+	public static final Identity createAndPersistIdentityAsRndAuthor(String prefixLogin) {
+		String login = getRandomizedLoginName(prefixLogin);
+		return createAndPersistIdentityAsAuthor(login);
+	}

 	/**
 	 * Create an identity with author permissions