Merge branch '269-fix-group-controller-tests' into 'main'

Resolve "fix group controller tests" Closes #269 See merge request idatt2106-v23-03/backend!216

Merge branch '269-fix-group-controller-tests' into 'main'
62ad830d · Birk Øvstetun Narvhus · d9857dfe · 647d39b3 · 62ad830d · 62ad830d
Commit 62ad830d authored 1 year ago by Birk Øvstetun Narvhus
--- a/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/group/GroupController.java
+++ b/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/group/GroupController.java
@@ -19,14 +19,12 @@ import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.*;

 import java.util.*;
-import java.util.stream.Collectors;

 /**
 * Controller for groups API, providing endpoints for group management
 *
- * @author Anders Austlid, Pedro Cardona
- * @version 1.1
- * @since 27.04.2023
+ * @author Anders Austlid, Pedro Cardona, Birk
+ * @version 2.0
 */
 @AllArgsConstructor
 @RestController
@@ -42,7 +40,13 @@ public class GroupController {
     * @return a ResponseEntity containing the group if it exists, or a 404 if it doesn't
     */
    @GetMapping("/{groupId}")
-    public ResponseEntity<?> getGroupById(@PathVariable("groupId") long groupId) {
+    public ResponseEntity<?> getGroupById(@PathVariable("groupId") long groupId, Authentication auth) {
+        if (auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals("ADMIN"))){
+            if (!groupService.isUserAssociatedWithGroup(auth.getName(), groupId)) {
+                return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+            }
+        }
+
        Optional<Group> group = groupService.getGroupById(groupId);
        if (group.isPresent()) {
            List<UserGroupAsso> users = group.get().getUser();
@@ -129,35 +133,34 @@ public class GroupController {
     * @return a ResponseEntity containing the level of the group if it exists, or a 404 if it doesn't
     */
    @GetMapping("/{groupId}/level")
-    public ResponseEntity<Long> getGroupLevel(@PathVariable("groupId") long groupId) {
+    public ResponseEntity<Long> getGroupLevel(@PathVariable("groupId") long groupId, Authentication auth) {
+        if (auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals("ADMIN"))){
+            if (!groupService.isUserAssociatedWithGroup(auth.getName(), groupId)) {
+                return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+            }
+        }
+
        return groupService.getGroupById(groupId)
                .map(group -> ResponseEntity.ok(group.getLevel()))
                .orElseGet(() -> ResponseEntity.notFound().build());
    }
-    /**
-     * Sets the level of the group identified by the given ID to the level corresponding to the given experience points.
-     * Returns a ResponseEntity containing the new level of the group, or a 404 Not Found response if no Group with the given ID was found.
-     *
-     * @param groupId the ID of the group to update
-     * @param exp     the new experience points of the group
-     * @return a ResponseEntity containing the new level of the group, or a 404 Not Found response if no Group with the given ID was found
-     */
-    @PutMapping("/{groupId}/newLevel/{exp}")
-    public ResponseEntity<Long> setNewLevel(@PathVariable("groupId") long groupId, @PathVariable("exp") long exp) {
-        return groupService.setLevelByGroupId(groupId, exp)
-                .map(group -> ResponseEntity.ok(group.getLevel()))
-                .orElseGet(() -> ResponseEntity.notFound().build());
-    }
+

    /**
     * Returns the progress of the level for the group identified by the given ID.
     * Returns a ResponseEntity containing the progress of the current level as a percentage, or a 404 Not Found response if no Group with the given ID was found.
     *
     * @param groupId the ID of the group to query
+     * @param auth    the Authentication object containing the user's credentials
     * @return a ResponseEntity containing the progress of the current level as a percentage, or a 404 Not Found response if no Group with the given ID was found
     */
    @GetMapping("/{groupId}/progress")
-    public ResponseEntity<Integer> getProgressOfLevel(@PathVariable("groupId") long groupId) {
+    public ResponseEntity<Integer> getProgressOfLevel(@PathVariable("groupId") long groupId, Authentication auth) {
+        if (!groupService.isUserAssociatedWithGroup(auth.getName(), groupId) ||
+                auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals("ADMIN"))) {
+            return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+        }
+
        return groupService.getProgressOfLevel(groupId)
                .map(ResponseEntity::ok)
                .orElseGet(() -> ResponseEntity.notFound().build());
@@ -170,28 +173,21 @@ public class GroupController {
     * @return a ResponseEntity with a Boolean value indicating whether the operation was successful
     */
    @PutMapping("/{groupId}/changeOpen")
-    public ResponseEntity<Boolean> changeOpenValue(@PathVariable("groupId") long groupId) {
+    public ResponseEntity<Boolean> changeOpenValue(@PathVariable("groupId") long groupId, Authentication auth) {
+        if (auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals("ADMIN"))){
+            if (!groupService.isUserAssociatedWithGroup(auth.getName(), groupId)) {
+                return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+            }
+            if (!(groupService.getUserGroupAssoAuthority(auth.getName(), groupId).equals("ADMIN")))
+                return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+        }
+
+
        return groupService.OpenOrCloseGroup(groupId)
                .map(ResponseEntity::ok)
                .orElseGet(() -> ResponseEntity.notFound().build());
    }

-    /**
-     * Returns a response entity containing a list of UserGroupAsso objects related to the given groupId.
-     * If no user-group associations are found for the given groupId, a not-found response entity is returned.
-     *
-     *  TODO: Remove? Seems pointless
-     *
-     * @param groupId the ID of the group to retrieve user-group associations for
-     * @return a response entity containing a list of UserGroupAsso objects related to the given groupId, or a not-found response entity if no associations are found
-     */
-    @GetMapping("/information/{groupId}")
-    public ResponseEntity<List<UserGroupAsso>> getInformationByGroupId(@PathVariable("groupId") long groupId){
-        return groupService.getGroupById(groupId)
-                .map(group -> ResponseEntity.ok(group.getUser()))
-                .orElseGet(() -> ResponseEntity.notFound().build());
-    }
-
    /**
     * Handles the HTTP PUT request to change the primary group of a user.
     *
@@ -201,6 +197,10 @@ public class GroupController {
     */
    @PutMapping("/markNewPrimary/{newPrimaryGroupId}")
    public ResponseEntity<?> markNewPrimaryGroup(@PathVariable("newPrimaryGroupId") long newPrimaryGroupId, Authentication auth) {
+        if (!groupService.isUserAssociatedWithGroup(auth.getName(), newPrimaryGroupId)) {
+            return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+        }
+
        Optional<User> optionalUser = userService.getUserFromUsername(auth.getName());

        if (optionalUser.isEmpty()) {
@@ -300,31 +300,40 @@ public class GroupController {
        Optional<User> groupAdminOpt = userService.getUserFromUsername(auth.getName());
        if (groupAdminOpt.isPresent()) {
            User groupAdmin = groupAdminOpt.get();
-            if (!(groupService.isUserAssociatedWithGroup(groupAdmin.getUsername(), authorityRequest.groupId())
-                    && (groupService.getUserGroupAssoAuthority(groupAdmin.getUsername(), authorityRequest.groupId()).equals("ADMIN"))))
-                return ResponseEntity.status(HttpStatus.FORBIDDEN).body("You are not authorized to change the authority of this user.");
-        }

-        Optional<Group> groupOpt = groupService.getGroupById(authorityRequest.groupId());
-        Optional<User> userOpt = userService.getUserFromUsername(authorityRequest.username());
+            if (auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals("ADMIN"))){
+                if (!groupService.isUserAssociatedWithGroup(auth.getName(), authorityRequest.groupId())) {
+                    return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+                }
+                boolean isUserAdmin = groupService.getUserGroupAssoAuthority(auth.getName(), authorityRequest.groupId()).equals("ADMIN");
+                System.out.println(auth.getName() + ((isUserAdmin)  ? " is admin" : " is not admin"));
+                if (!isUserAdmin)
+                    return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+            }

-        if (groupOpt.isEmpty() || userOpt.isEmpty()) {
-            return ResponseEntity.notFound().build();
-        }
+            Optional<Group> groupOpt = groupService.getGroupById(authorityRequest.groupId());
+            Optional<User> userOpt = userService.getUserFromUsername(authorityRequest.username());

-        User user = userOpt.get();
-        UserGroupAsso userGroupAsso = user.getGroup().stream()
-                .filter(asso -> asso.getGroup().getGroupId() == authorityRequest.groupId())
-                .findFirst()
-                .orElse(null);
-
-        if (userGroupAsso != null) {
-            userGroupAsso.setGroupAuthority(authorityRequest.authority());
-            userService.updateUser(user);
-            return ResponseEntity.ok("Authority changed successfully.");
-        } else {
-            return ResponseEntity.notFound().build();
+            if (groupOpt.isEmpty() || userOpt.isEmpty()) {
+                return ResponseEntity.notFound().build();
+            }
+
+            User user = userOpt.get();
+            UserGroupAsso userGroupAsso = user.getGroup().stream()
+                    .filter(asso -> asso.getGroup().getGroupId() == authorityRequest.groupId())
+                    .findFirst()
+                    .orElse(null);
+
+            if (userGroupAsso != null) {
+                userGroupAsso.setGroupAuthority(authorityRequest.authority());
+                userService.updateUser(user);
+                return ResponseEntity.ok("Authority changed successfully.");
+            } else {
+                return ResponseEntity.notFound().build();
+            }
        }
+        return ResponseEntity.status(HttpStatus.FORBIDDEN)
+                .body("Cant find user");
    }

    /**
@@ -353,33 +362,42 @@ public class GroupController {
        Optional<User> groupAdminOpt = userService.getUserFromUsername(auth.getName());
        if (groupAdminOpt.isPresent()) {
            User groupAdmin = groupAdminOpt.get();
-            if (!(groupService.isUserAssociatedWithGroup(groupAdmin.getUsername(), groupId)
-                    && (groupService.getUserGroupAssoAuthority(groupAdmin.getUsername(), groupId).equals("ADMIN"))
-            || groupAdmin.getUsername().equals(username)))
-                return ResponseEntity.status(HttpStatus.FORBIDDEN).body("You are not authorized to remove this user.");
-        }
-
-        Optional<Group> groupOpt = groupService.getGroupById(groupId);
-        Optional<User> userOpt = userService.getUserFromUsername(username);
+            if (auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals("ADMIN"))){
+                if (!groupService.isUserAssociatedWithGroup(groupAdmin.getUsername(), groupId)) {
+                    return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+                }
+                try {
+                    if (!username.equals(auth.getName()))
+                        if (!(groupService.getUserGroupAssoAuthority(groupAdmin.getUsername(), groupId).equals("ADMIN")))
+                            return ResponseEntity.status(HttpStatus.FORBIDDEN).build();

-        if (groupOpt.isEmpty() || userOpt.isEmpty()) {
-            return ResponseEntity.notFound().build();
-        }
+                } catch (IllegalArgumentException e) {
+                    return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+                }
+            }

-        User user = userOpt.get();
-        UserGroupAsso userGroupAsso = user.getGroup().stream()
-                .filter(asso -> asso.getGroup().getGroupId() == groupId)
-                .findFirst()
-                .orElse(null);
-
-        if (userGroupAsso != null) {
-            groupService.removeUserFromGroup(userGroupAsso);
-            return ResponseEntity.ok("User removed successfully.");
-        } else {
-            return ResponseEntity.notFound().build();
-        }
-    }
+            Optional<Group> groupOpt = groupService.getGroupById(groupId);
+            Optional<User> userOpt = userService.getUserFromUsername(username);

+            if (groupOpt.isEmpty() || userOpt.isEmpty()) {
+                return ResponseEntity.notFound().build();
+            }

+            User user = userOpt.get();
+            UserGroupAsso userGroupAsso = user.getGroup().stream()
+                    .filter(asso -> asso.getGroup().getGroupId() == groupId)
+                    .findFirst()
+                    .orElse(null);
+
+            if (userGroupAsso != null) {
+                groupService.removeUserFromGroup(userGroupAsso);
+                return ResponseEntity.ok("User removed successfully.");
+            } else {
+                return ResponseEntity.notFound().build();
+            }
+        }

+        return ResponseEntity.status(HttpStatus.FORBIDDEN)
+                .body("Cant find user");
+    }
 }
--- a/src/main/java/ntnu/idatt2016/v233/SmartMat/service/group/GroupService.java
+++ b/src/main/java/ntnu/idatt2016/v233/SmartMat/service/group/GroupService.java
@@ -131,6 +131,9 @@ public class GroupService {
        Optional<Group> answer = groupRepository.findByGroupId(id);
        if (answer.isPresent()) {
            Group realGroup = answer.get();
+            if (realGroup.getOpen() == null)
+                realGroup.setOpen(true);
+
            realGroup.setOpen(!realGroup.getOpen());
            System.out.println(realGroup.getOpen());
            return Optional.of(groupRepository.save(realGroup).getOpen());

--- a/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListControllerTest.java
+++ b/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListControllerTest.java
@@ -326,7 +326,7 @@ public class ShoppingListControllerTest {

        verify(shoppingListService, times(1)).removeProductFromShoppingList(ean, shoppingListId);

-        
+

    }