diff --git a/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListController.java b/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListController.java
index 39fb584fd055d8237c040c4280b3f45598f20786..8f5b6021b7748b41ee9dbc6d6c2aa737a363fb9c 100644
--- a/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListController.java
+++ b/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListController.java
@@ -50,9 +50,11 @@ public class ShoppingListController {
*/
@GetMapping("/{id}")
public ResponseEntity<ShoppingList> getShoppingListById(@PathVariable("id") long id, Authentication auth) {
- if(!shoppingListService.isUserInShoppinglist(id, auth.getName()) &&
- auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals(Authority.ADMIN.name())))
- return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ if(auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals(Authority.ADMIN.name()))){
+ if(!shoppingListService.isUserInShoppinglist(id, auth.getName())){
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ }
+ }
Optional<ShoppingList> shoppingList = shoppingListService.getShoppingListById(id);
return shoppingList.map(list -> ResponseEntity.status(HttpStatus.OK).body(list))
@@ -67,9 +69,11 @@ public class ShoppingListController {
*/
@GetMapping("/group/{groupId}")
public ResponseEntity<ShoppingList> getAllShoppingListsByGroupId(@PathVariable("groupId") long id, Authentication auth) {
- if(!groupService.isUserAssociatedWithGroup(auth.getName(), id) &&
- auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals(Authority.ADMIN.name())))
- return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ if(auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals(Authority.ADMIN.name()))){
+ if(!groupService.isUserAssociatedWithGroup(auth.getName(), id)){
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ }
+ }
Optional<ShoppingList> shoppingList = shoppingListService.getShoppingListByGroupId(id);
return shoppingList.map(list -> ResponseEntity.status(HttpStatus.OK).body(list))
@@ -87,9 +91,19 @@ public class ShoppingListController {
public ResponseEntity<?> addItemToShoppingList(@PathVariable("shoppingListId") long shoppingListId,
@PathVariable("ean") String ean, Authentication auth){
- if(!shoppingListService.isUserInShoppinglist(shoppingListId, auth.getName()) &&
- auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals(Authority.ADMIN.name())))
- return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ if(auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals(Authority.ADMIN.name()))){
+ if(!shoppingListService.isUserInShoppinglist(shoppingListId, auth.getName())){
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ }
+ long groupId = shoppingListService.getGroupIdByShoppingListId(shoppingListId);
+
+ if(groupId == -1)
+ return ResponseEntity.status(HttpStatus.NOT_FOUND).build();
+
+ if (groupService.getUserGroupAssoAuthority(auth.getName(), groupId).equalsIgnoreCase("RESTRICTED"))
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+
+ }
Optional<ShoppingList> shoppingList = shoppingListService.getShoppingListById(shoppingListId);
@@ -142,9 +156,20 @@ public class ShoppingListController {
public ResponseEntity<ShoppingList> removeProductFromShoppingList(@PathVariable("shoppingListId") String shoppingListId,
@PathVariable("ean") String ean, Authentication auth) {
- if(!shoppingListService.isUserInShoppinglist(Long.parseLong(shoppingListId), auth.getName()) &&
- auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals(Authority.ADMIN.name())))
- return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ if(auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals(Authority.ADMIN.name()))){
+ if(!shoppingListService.isUserInShoppinglist(Long.parseLong(shoppingListId), auth.getName())){
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ }
+ long groupId = shoppingListService.getGroupIdByShoppingListId(Long.parseLong(shoppingListId));
+
+ if(groupId == -1)
+ return ResponseEntity.status(HttpStatus.NOT_FOUND).build();
+
+ if (groupService.getUserGroupAssoAuthority(auth.getName(), groupId).equalsIgnoreCase("RESTRICTED"))
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+
+ }
+
Optional<ShoppingList> shoppingList = shoppingListService.getShoppingListById(Long.parseLong(shoppingListId));
diff --git a/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/group/FridgeController.java b/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/group/FridgeController.java
index 39329cbdd288080ec783171370cb7e2e6e313ccd..2869134cce960b8fec71b015b5a38303cdbe2b75 100644
--- a/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/group/FridgeController.java
+++ b/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/group/FridgeController.java
@@ -7,6 +7,7 @@ import ntnu.idatt2016.v233.SmartMat.entity.fridgeProduct.FridgeProductAsso;
import ntnu.idatt2016.v233.SmartMat.entity.group.Fridge;
import ntnu.idatt2016.v233.SmartMat.entity.product.Product;
import ntnu.idatt2016.v233.SmartMat.service.group.FridgeService;
+import ntnu.idatt2016.v233.SmartMat.service.group.GroupService;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.Authentication;
@@ -21,7 +22,7 @@ import java.util.Optional;
*
* @author Anders Austlid & Birk
* @version 2.0
- * @since 3.05.2023
+ * @since 5.05.2023
*/
@AllArgsConstructor
@RestController
@@ -30,6 +31,8 @@ public class FridgeController {
private final FridgeService fridgeService;
+ private final GroupService groupService;
+
/**
* Gets the fridge of a group
@@ -87,10 +90,10 @@ public class FridgeController {
if (fridge.isEmpty()) {
return ResponseEntity.notFound().build();
}
-
- if (!fridgeService.isUserInFridge(authentication.getName(), fridge.get().getFridgeId()) &&
- !authentication.getAuthorities().contains(new SimpleGrantedAuthority(Authority.ADMIN.name()))) {
- return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ if(authentication.getAuthorities().stream().noneMatch(a -> a.getAuthority().equals(Authority.ADMIN.name()))){
+ if (!fridgeService.isUserInFridge(authentication.getName(), fridge.get().getFridgeId())) {
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ }
}
try {
@@ -116,11 +119,15 @@ public class FridgeController {
return ResponseEntity.notFound().build();
}
- if (!fridgeService.isUserInFridge(authentication.getName(), fridge.get().getFridgeId()) &&
- !authentication.getAuthorities().contains(new SimpleGrantedAuthority(Authority.ADMIN.name()))) {
- return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
- }
+ if(authentication.getAuthorities().stream().noneMatch(a -> a.getAuthority().equals(Authority.ADMIN.name()))){
+ if (!fridgeService.isUserInFridge(authentication.getName(), fridge.get().getFridgeId())) {
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ }
+ if(groupService.getUserGroupAssoAuthority(authentication.getName(), request.groupId())
+ .equalsIgnoreCase("RESTRICTED"))
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ }
return fridgeService.updateProductInFridge(request).map(ResponseEntity::ok).orElseGet(()-> ResponseEntity.notFound().build());
}
@@ -137,9 +144,16 @@ public class FridgeController {
@PathVariable("amount") String amountStr, Authentication authentication) {
- if (!fridgeService.isUserInGroupWithFridgeProduct( authentication.getName(), fridgeProductId)
- && !authentication.getAuthorities().contains(new SimpleGrantedAuthority(Authority.ADMIN.name()))){
- return ResponseEntity.status(403).body("You are not a member of this group");
+ if(authentication.getAuthorities().stream().noneMatch(a -> a.getAuthority().equals(Authority.ADMIN.name()))){
+ if (!fridgeService.isUserInGroupWithFridgeProduct(authentication.getName(), fridgeProductId)) {
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ }
+
+ if(groupService.getUserGroupAssoAuthority(authentication.getName(),
+ fridgeService.getGroupIdFromFridgeProuctId(fridgeProductId))
+ .equalsIgnoreCase("RESTRICTED")
+ )
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
}
try {
@@ -167,9 +181,16 @@ public class FridgeController {
public ResponseEntity<String> removeProductFromFridge(@PathVariable("fridgeProductId") long fridgeProductId,
Authentication authentication) {
- if (!fridgeService.isUserInGroupWithFridgeProduct( authentication.getName(), fridgeProductId)
- && !authentication.getAuthorities().contains(new SimpleGrantedAuthority(Authority.ADMIN.name()))){
- return ResponseEntity.status(403).body("You are not a member of this group");
+ if(authentication.getAuthorities().stream().noneMatch(a -> a.getAuthority().equals(Authority.ADMIN.name()))){
+ if (!fridgeService.isUserInGroupWithFridgeProduct(authentication.getName(), fridgeProductId)) {
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ }
+
+ if(groupService.getUserGroupAssoAuthority(authentication.getName(),
+ fridgeService.getGroupIdFromFridgeProuctId(fridgeProductId))
+ .equalsIgnoreCase("RESTRICTED")
+ )
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
}
try {
@@ -193,9 +214,16 @@ public class FridgeController {
@DeleteMapping("/waste/product/{fridgeProductId}")
public ResponseEntity<?> wasteProductFromFridge(@PathVariable("fridgeProductId") long fridgeProductId,
Authentication authentication){
- if (!fridgeService.isUserInGroupWithFridgeProduct( authentication.getName(), fridgeProductId)
- && !authentication.getAuthorities().contains(new SimpleGrantedAuthority(Authority.ADMIN.name()))){
- return ResponseEntity.status(403).body("You are not a member of this group");
+ if(authentication.getAuthorities().stream().noneMatch(a -> a.getAuthority().equals(Authority.ADMIN.name()))){
+ if (!fridgeService.isUserInGroupWithFridgeProduct(authentication.getName(), fridgeProductId)) {
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ }
+
+ if(groupService.getUserGroupAssoAuthority(authentication.getName(),
+ fridgeService.getGroupIdFromFridgeProuctId(fridgeProductId))
+ .equalsIgnoreCase("RESTRICTED")
+ )
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
}
return fridgeService.wasteProductFromFridge(fridgeProductId)
diff --git a/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/group/GroupController.java b/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/group/GroupController.java
index 7927a334a20b5c1751f52ea69e3eacf5291eebfc..7ed47a10025a1540748fd5ce957fbeef04d615be 100644
--- a/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/group/GroupController.java
+++ b/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/group/GroupController.java
@@ -303,8 +303,6 @@ public class GroupController {
Authentication auth) {
Optional<User> groupAdminOpt = userService.getUserFromUsername(auth.getName());
if (groupAdminOpt.isPresent()) {
- User groupAdmin = groupAdminOpt.get();
-
if (auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals("ADMIN"))){
if (!groupService.isUserAssociatedWithGroup(auth.getName(), authorityRequest.groupId())) {
return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
diff --git a/src/main/java/ntnu/idatt2016/v233/SmartMat/service/ShoppingListService.java b/src/main/java/ntnu/idatt2016/v233/SmartMat/service/ShoppingListService.java
index d77c53a8398e9d2689cad058678032d38595c7a0..c56b1c27c84caf834059a9eccb485e35b354354e 100644
--- a/src/main/java/ntnu/idatt2016/v233/SmartMat/service/ShoppingListService.java
+++ b/src/main/java/ntnu/idatt2016/v233/SmartMat/service/ShoppingListService.java
@@ -117,4 +117,14 @@ public class ShoppingListService {
.anyMatch(shoppingList -> shoppingList.getShoppingListID() == id);
}
+
+ /**
+ * Get group id by shoppinglist id
+ * @param shoppinglistId id of shoppinglist
+ * @return id of group
+ */
+ public long getGroupIdByShoppingListId(long shoppinglistId){
+ return shoppingListRepository.findById(shoppinglistId).map(shoppingList -> shoppingList.getGroup().getGroupId())
+ .orElse(-1L);
+ }
}
diff --git a/src/main/java/ntnu/idatt2016/v233/SmartMat/service/group/FridgeService.java b/src/main/java/ntnu/idatt2016/v233/SmartMat/service/group/FridgeService.java
index fb05ddc2c9be2ab2cf9710e4745b0d5457f5a9e0..74295864fe25b35a3b7e1c2f5c32c0e17c7906a4 100644
--- a/src/main/java/ntnu/idatt2016/v233/SmartMat/service/group/FridgeService.java
+++ b/src/main/java/ntnu/idatt2016/v233/SmartMat/service/group/FridgeService.java
@@ -28,7 +28,7 @@ import java.util.Optional;
*
* @author Anders Austlid & Birk
* @version 2
- * @since 04.05.2023
+ * @since 05.05.2023
*/
@AllArgsConstructor
@Service
@@ -203,4 +203,16 @@ public class FridgeService {
return fridge.map(value -> value.getGroup().getUser().stream()
.anyMatch(user -> user.getUser().getUsername().equals(username))).orElse(false);
}
+
+
+ /**
+ * Get the group id of a fridge product
+ * @param fridgeProductId the id of the fridge product
+ * @return the id of the group of the fridge product
+ */
+ public long getGroupIdFromFridgeProuctId(long fridgeProductId){
+ return fridgeProductAssoRepo.findById(fridgeProductId)
+ .map(fridgeProductAsso -> fridgeProductAsso.getFridgeId().getGroup().getGroupId()).orElse(0L);
+
+ }
}
diff --git a/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListControllerTest.java b/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListControllerTest.java
index e9230a156d1094b5b02c282f6ac50062a433e175..4afee683e846a9830fc16a01fbe95880a1d4a210 100644
--- a/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListControllerTest.java
+++ b/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListControllerTest.java
@@ -265,6 +265,10 @@ public class ShoppingListControllerTest {
when(shoppingListService.addProductToShoppingList(ean, shoppingListId))
.thenReturn(Optional.of(shoppingList));
+ when(shoppingListService.getGroupIdByShoppingListId(shoppingListId)).thenReturn(groupId);
+
+ when(groupService.getUserGroupAssoAuthority(eq(regularUser.getName()), eq(groupId))).thenReturn("USER");
+
when(userService.getUserFromUsername(regularUser.getName())).thenReturn(Optional.of(user));
ResponseEntity<?> response = shoppingListController.addItemToShoppingList(shoppingListId, String.valueOf(ean), regularUser);
@@ -317,6 +321,12 @@ public class ShoppingListControllerTest {
when(shoppingListService.removeProductFromShoppingList(ean, shoppingListId))
.thenReturn(Optional.of(shoppingList));
+ when(shoppingListService.getGroupIdByShoppingListId(shoppingListId)).thenReturn(groupId);
+
+ when(groupService.getUserGroupAssoAuthority(eq(regularUser.getName()), eq(groupId))).thenReturn("USER");
+
+
+
ResponseEntity<?> response = shoppingListController.removeProductFromShoppingList(String.valueOf(shoppingListId),
String.valueOf(ean), regularUser);
diff --git a/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/group/FridgeControllerTest.java b/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/group/FridgeControllerTest.java
index c47d075b0c7d7f5227474891e9d181697cb95d87..cb449e2fb28229ad92e252504c1d88208c68094e 100644
--- a/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/group/FridgeControllerTest.java
+++ b/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/group/FridgeControllerTest.java
@@ -7,7 +7,9 @@ import ntnu.idatt2016.v233.SmartMat.entity.fridgeProduct.FridgeProductAsso;
import ntnu.idatt2016.v233.SmartMat.entity.group.Fridge;
import ntnu.idatt2016.v233.SmartMat.entity.product.Product;
import ntnu.idatt2016.v233.SmartMat.service.group.FridgeService;
+import ntnu.idatt2016.v233.SmartMat.service.group.GroupService;
import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
@@ -27,8 +29,7 @@ import java.util.Optional;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
+import static org.mockito.Mockito.*;
@ExtendWith(MockitoExtension.class)
@@ -43,6 +44,9 @@ public class FridgeControllerTest {
@Mock
private FridgeService fridgeService;
+ @Mock
+ private GroupService groupService;
+
private Fridge fridge;
private Product product;
@@ -220,86 +224,250 @@ public class FridgeControllerTest {
}
- @Test
- public void addProductToFridgeAsUser() throws Exception {
- when(fridgeService.getFridgeByGroupId(1L)).thenReturn(Optional.of(fridge));
+ @Nested
+ class addProduct{
+ @Test
+ public void addProductToFridgeAsUserNotAutorized() throws Exception {
+ when(fridgeService.getFridgeByGroupId(1L)).thenReturn(Optional.of(fridge));
+ when(fridgeService.isUserInFridge("test", 0L)).thenReturn(false);
- ResponseEntity<Product> responseEntity = fridgeController.addProductToFridge(fridgeProductRequest, regularUser);
- verify(fridgeService).isUserInFridge("test", 0L);
+ ResponseEntity<Product> responseEntity = fridgeController.addProductToFridge(fridgeProductRequest, regularUser);
- assertEquals(responseEntity.getStatusCode(), HttpStatus.FORBIDDEN);
+ verify(fridgeService).isUserInFridge("test", 0L);
- }
+ assertEquals(responseEntity.getStatusCode(), HttpStatus.FORBIDDEN);
- @Test
- public void addProductToFridge_notFound() throws Exception {
- when(fridgeService.addProductToFridge(any(FridgeProductRequest.class))).thenReturn(Optional.empty( ));
+ }
- when(fridgeService.getFridgeByGroupId(1L)).thenReturn(Optional.of(fridge));
+ @Test
+ public void addProductToFridge_notFound() throws Exception {
+ when(fridgeService.addProductToFridge(any(FridgeProductRequest.class))).thenReturn(Optional.empty( ));
+ when(fridgeService.getFridgeByGroupId(1L)).thenReturn(Optional.of(fridge));
+ when(fridgeService.isUserInFridge("test", 0L)).thenReturn(true);
- ResponseEntity<Product> responseEntity = fridgeController.addProductToFridge(fridgeProductRequest, adminUser);
- verify(fridgeService).isUserInFridge("test", 0L);
+ ResponseEntity<Product> responseEntity = fridgeController.addProductToFridge(fridgeProductRequest, regularUser);
- assertEquals(responseEntity.getStatusCode(), HttpStatus.NOT_FOUND);
- }
+ verify(fridgeService).isUserInFridge("test", 0L);
- @Test
- public void updateProductInFridge() throws Exception {
- when(fridgeService.updateProductInFridge(any(FridgeProductRequest.class))).thenReturn(Optional.of(fridgeProductAsso));
+ assertEquals(responseEntity.getStatusCode(), HttpStatus.NOT_FOUND);
+ }
- when(fridgeService.getFridgeByGroupId(1L)).thenReturn(Optional.of(fridge));
- ResponseEntity<FridgeProductAsso> responseEntity =
- fridgeController.updateProductInFridge(fridgeProductRequest, adminUser);
+ @Test
+ public void addProductTOFridgeAsAdmin(){
+ when(fridgeService.getFridgeByGroupId(1L)).thenReturn(Optional.of(fridge));
+ when(fridgeService.addProductToFridge(any(FridgeProductRequest.class))).thenReturn(Optional.of(product));
- verify(fridgeService).updateProductInFridge(any(FridgeProductRequest.class));
+ ResponseEntity<Product> responseEntity = fridgeController.addProductToFridge(fridgeProductRequest, adminUser);
- assertEquals(responseEntity.getStatusCode(), HttpStatus.OK);
- }
- @Test
- public void updateProductInFridge_notFound() throws Exception {
- when(fridgeService.updateProductInFridge(any(FridgeProductRequest.class))).thenReturn(Optional.empty());
+ assertEquals(responseEntity.getStatusCode(), HttpStatus.OK);
- when(fridgeService.getFridgeByGroupId(1L)).thenReturn(Optional.of(fridge));
- ResponseEntity<FridgeProductAsso> responseEntity =
- fridgeController.updateProductInFridge(fridgeProductRequest, adminUser);
+ verify(fridgeService).addProductToFridge(any(FridgeProductRequest.class));
+
+
+ }
+
+ @Test
+ public void addProductTOFridgeAsRegUserAllowed(){
+ when(fridgeService.getFridgeByGroupId(1L)).thenReturn(Optional.of(fridge));
+ when(fridgeService.isUserInFridge("test", 0L)).thenReturn(true);
+ when(fridgeService.addProductToFridge(any(FridgeProductRequest.class))).thenReturn(Optional.of(product));
+
+ ResponseEntity<Product> responseEntity = fridgeController.addProductToFridge(fridgeProductRequest, regularUser);
+
+
+ assertEquals(responseEntity.getStatusCode(), HttpStatus.OK);
+
+ verify(fridgeService).addProductToFridge(any(FridgeProductRequest.class));
+
+ }
- verify(fridgeService).updateProductInFridge(any(FridgeProductRequest.class));
- assertEquals(responseEntity.getStatusCode(), HttpStatus.NOT_FOUND);
}
- @Test
- public void removeProductFromFridge_success() throws Exception {
- when(fridgeService.removeProductFromFridge(1L)).thenReturn(true);
+ @Nested
+ class updateProduct{
+ @Test
+ public void updateProductInFridge() throws Exception {
+ when(fridgeService.updateProductInFridge(any(FridgeProductRequest.class))).thenReturn(Optional.of(fridgeProductAsso));
- ResponseEntity<String> responseEntity =
- fridgeController.removeProductFromFridge(1L, adminUser);
+ when(fridgeService.getFridgeByGroupId(1L)).thenReturn(Optional.of(fridge));
+ ResponseEntity<FridgeProductAsso> responseEntity =
+ fridgeController.updateProductInFridge(fridgeProductRequest, adminUser);
- verify(fridgeService).removeProductFromFridge(1L);
- assertEquals(responseEntity.getStatusCode(), HttpStatus.OK);
+ verify(fridgeService).updateProductInFridge(any(FridgeProductRequest.class));
+
+ assertEquals(responseEntity.getStatusCode(), HttpStatus.OK);
+ }
+
+ @Test
+ public void updateProductInFridge_notFound() throws Exception {
+ when(fridgeService.updateProductInFridge(any(FridgeProductRequest.class))).thenReturn(Optional.empty());
+
+ when(fridgeService.getFridgeByGroupId(1L)).thenReturn(Optional.of(fridge));
+ ResponseEntity<FridgeProductAsso> responseEntity =
+ fridgeController.updateProductInFridge(fridgeProductRequest, adminUser);
+
+
+ verify(fridgeService).updateProductInFridge(any(FridgeProductRequest.class));
+
+ assertEquals(responseEntity.getStatusCode(), HttpStatus.NOT_FOUND);
+ }
+
+ @Test
+ public void updateNotAuthorized() throws Exception {
+ when(fridgeService.isUserInFridge("test", 0L)).thenReturn(false);
+ when(fridgeService.getFridgeByGroupId(1L)).thenReturn(Optional.of(fridge));
+ ResponseEntity<FridgeProductAsso> responseEntity =
+ fridgeController.updateProductInFridge(fridgeProductRequest, regularUser);
+
+ verify(fridgeService, times(0)).updateProductInFridge(any(FridgeProductRequest.class));
+
+ assertEquals(responseEntity.getStatusCode(), HttpStatus.FORBIDDEN);
+
+ }
+ @Test
+ public void updateNotAuthorizedRestricted() throws Exception {
+ when(fridgeService.isUserInFridge("test", 0L)).thenReturn(true);
+ when(groupService.getUserGroupAssoAuthority("test", 1L))
+ .thenReturn("restricted");
+
+ when(fridgeService.getFridgeByGroupId(1L)).thenReturn(Optional.of(fridge));
+ ResponseEntity<FridgeProductAsso> responseEntity =
+ fridgeController.updateProductInFridge(fridgeProductRequest, regularUser);
+
+ verify(fridgeService, times(0)).updateProductInFridge(any(FridgeProductRequest.class));
+
+ assertEquals(responseEntity.getStatusCode(), HttpStatus.FORBIDDEN);
+
+ }
+ @Test
+ public void updateAuthorizedWhenNotRestricted(){
+ when(fridgeService.isUserInFridge("test", 0L)).thenReturn(true);
+ when(groupService.getUserGroupAssoAuthority("test", 1L))
+ .thenReturn("USER");
+ when(fridgeService.updateProductInFridge(any(FridgeProductRequest.class)))
+ .thenReturn(Optional.of(fridgeProductAsso));
+
+ when(fridgeService.getFridgeByGroupId(1L)).thenReturn(Optional.of(fridge));
+ ResponseEntity<FridgeProductAsso> responseEntity =
+ fridgeController.updateProductInFridge(fridgeProductRequest, regularUser);
+
+ verify(fridgeService, times(1)).updateProductInFridge(any(FridgeProductRequest.class));
+
+ assertEquals(HttpStatus.OK, responseEntity.getStatusCode());
+ }
+ @Test
+ public void updateAuthorizedWhenAdmin(){
+ when(fridgeService.isUserInFridge("test", 0L)).thenReturn(true);
+ when(groupService.getUserGroupAssoAuthority("test", 1L))
+ .thenReturn("ADMIN");
+ when(fridgeService.updateProductInFridge(any(FridgeProductRequest.class)))
+ .thenReturn(Optional.of(fridgeProductAsso));
+
+ when(fridgeService.getFridgeByGroupId(1L)).thenReturn(Optional.of(fridge));
+ ResponseEntity<FridgeProductAsso> responseEntity =
+ fridgeController.updateProductInFridge(fridgeProductRequest, regularUser);
+
+ verify(fridgeService, times(1)).updateProductInFridge(any(FridgeProductRequest.class));
+
+ assertEquals(HttpStatus.OK, responseEntity.getStatusCode());
+ }
}
- @Test
- public void removeProductFromFridge_notFound() throws Exception {
- when(fridgeService.removeProductFromFridge(1L)).thenReturn(false);
- ResponseEntity<String> responseEntity =
- fridgeController.removeProductFromFridge(1L, adminUser);
+ @Nested
+ class removeProductFromFridge {
+ @Test
+ public void removeProductFromFridge_success() throws Exception {
+ when(fridgeService.removeProductFromFridge(1L)).thenReturn(true);
- verify(fridgeService).removeProductFromFridge(1L);
- assertEquals(responseEntity.getStatusCode(), HttpStatus.NOT_FOUND);
+ ResponseEntity<String> responseEntity =
+ fridgeController.removeProductFromFridge(1L, adminUser);
+
+ verify(fridgeService).removeProductFromFridge(1L);
+
+ assertEquals(responseEntity.getStatusCode(), HttpStatus.OK);
+
+
+ }
+
+ @Test
+ public void removeProductFromFridge_notFound() throws Exception {
+ when(fridgeService.removeProductFromFridge(1L)).thenReturn(false);
+
+ ResponseEntity<String> responseEntity =
+ fridgeController.removeProductFromFridge(1L, adminUser);
+
+ verify(fridgeService).removeProductFromFridge(1L);
+
+ assertEquals(responseEntity.getStatusCode(), HttpStatus.NOT_FOUND);
+ }
+
+ @Test
+ public void removeProductNotAuthorizedWhenRestricted(){
+
+ when(fridgeService.isUserInGroupWithFridgeProduct("test", 1L))
+ .thenReturn(true);
+ when(groupService.getUserGroupAssoAuthority(eq("test"), eq(1L)))
+ .thenReturn("restricted");
+
+ when(fridgeService.getGroupIdFromFridgeProuctId(1L)).thenReturn(1L);
+
+ ResponseEntity<String> responseEntity =
+ fridgeController.removeProductFromFridge(1L, regularUser);
+
+ verify(fridgeService, times(0)).removeProductFromFridge(1L);
+
+ assertEquals(responseEntity.getStatusCode(), HttpStatus.FORBIDDEN);
+ }
+
+ @Test
+ public void removeProductAuthorizedWhenNotRestricted(){
+
+ when(fridgeService.removeProductFromFridge(1L)).thenReturn(true );
+
+ when(fridgeService.isUserInGroupWithFridgeProduct("test", 1L))
+ .thenReturn(true);
+ when(groupService.getUserGroupAssoAuthority(eq("test"), eq(1L)))
+ .thenReturn("USER");
+
+ when(fridgeService.getGroupIdFromFridgeProuctId(1L)).thenReturn(1L);
+
+ ResponseEntity<String> responseEntity =
+ fridgeController.removeProductFromFridge(1L, regularUser);
+
+ verify(fridgeService, times(1)).removeProductFromFridge(1L);
+
+ assertEquals(responseEntity.getStatusCode(), HttpStatus.OK);
+ }
+
+ @Test
+ public void notRemoveProductWhenNotInGroup(){
+
+ when(fridgeService.isUserInGroupWithFridgeProduct("test", 1L))
+ .thenReturn(false);
+
+ ResponseEntity<String> responseEntity =
+ fridgeController.removeProductFromFridge(1L, regularUser);
+
+ verify(fridgeService, times(0)).removeProductFromFridge(1L);
+
+ assertEquals(responseEntity.getStatusCode(), HttpStatus.FORBIDDEN);
+ }
}
+
+
}