diff --git a/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListController.java b/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListController.java
index 39fb584fd055d8237c040c4280b3f45598f20786..8f5b6021b7748b41ee9dbc6d6c2aa737a363fb9c 100644
--- a/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListController.java
+++ b/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListController.java
@@ -50,9 +50,11 @@ public class ShoppingListController {
*/
@GetMapping("/{id}")
public ResponseEntity<ShoppingList> getShoppingListById(@PathVariable("id") long id, Authentication auth) {
- if(!shoppingListService.isUserInShoppinglist(id, auth.getName()) &&
- auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals(Authority.ADMIN.name())))
- return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ if(auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals(Authority.ADMIN.name()))){
+ if(!shoppingListService.isUserInShoppinglist(id, auth.getName())){
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ }
+ }
Optional<ShoppingList> shoppingList = shoppingListService.getShoppingListById(id);
return shoppingList.map(list -> ResponseEntity.status(HttpStatus.OK).body(list))
@@ -67,9 +69,11 @@ public class ShoppingListController {
*/
@GetMapping("/group/{groupId}")
public ResponseEntity<ShoppingList> getAllShoppingListsByGroupId(@PathVariable("groupId") long id, Authentication auth) {
- if(!groupService.isUserAssociatedWithGroup(auth.getName(), id) &&
- auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals(Authority.ADMIN.name())))
- return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ if(auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals(Authority.ADMIN.name()))){
+ if(!groupService.isUserAssociatedWithGroup(auth.getName(), id)){
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ }
+ }
Optional<ShoppingList> shoppingList = shoppingListService.getShoppingListByGroupId(id);
return shoppingList.map(list -> ResponseEntity.status(HttpStatus.OK).body(list))
@@ -87,9 +91,19 @@ public class ShoppingListController {
public ResponseEntity<?> addItemToShoppingList(@PathVariable("shoppingListId") long shoppingListId,
@PathVariable("ean") String ean, Authentication auth){
- if(!shoppingListService.isUserInShoppinglist(shoppingListId, auth.getName()) &&
- auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals(Authority.ADMIN.name())))
- return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ if(auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals(Authority.ADMIN.name()))){
+ if(!shoppingListService.isUserInShoppinglist(shoppingListId, auth.getName())){
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ }
+ long groupId = shoppingListService.getGroupIdByShoppingListId(shoppingListId);
+
+ if(groupId == -1)
+ return ResponseEntity.status(HttpStatus.NOT_FOUND).build();
+
+ if (groupService.getUserGroupAssoAuthority(auth.getName(), groupId).equalsIgnoreCase("RESTRICTED"))
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+
+ }
Optional<ShoppingList> shoppingList = shoppingListService.getShoppingListById(shoppingListId);
@@ -142,9 +156,20 @@ public class ShoppingListController {
public ResponseEntity<ShoppingList> removeProductFromShoppingList(@PathVariable("shoppingListId") String shoppingListId,
@PathVariable("ean") String ean, Authentication auth) {
- if(!shoppingListService.isUserInShoppinglist(Long.parseLong(shoppingListId), auth.getName()) &&
- auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals(Authority.ADMIN.name())))
- return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ if(auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals(Authority.ADMIN.name()))){
+ if(!shoppingListService.isUserInShoppinglist(Long.parseLong(shoppingListId), auth.getName())){
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ }
+ long groupId = shoppingListService.getGroupIdByShoppingListId(Long.parseLong(shoppingListId));
+
+ if(groupId == -1)
+ return ResponseEntity.status(HttpStatus.NOT_FOUND).build();
+
+ if (groupService.getUserGroupAssoAuthority(auth.getName(), groupId).equalsIgnoreCase("RESTRICTED"))
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+
+ }
+
Optional<ShoppingList> shoppingList = shoppingListService.getShoppingListById(Long.parseLong(shoppingListId));
diff --git a/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/group/FridgeController.java b/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/group/FridgeController.java
index 39329cbdd288080ec783171370cb7e2e6e313ccd..2869134cce960b8fec71b015b5a38303cdbe2b75 100644
--- a/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/group/FridgeController.java
+++ b/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/group/FridgeController.java
@@ -7,6 +7,7 @@ import ntnu.idatt2016.v233.SmartMat.entity.fridgeProduct.FridgeProductAsso;
import ntnu.idatt2016.v233.SmartMat.entity.group.Fridge;
import ntnu.idatt2016.v233.SmartMat.entity.product.Product;
import ntnu.idatt2016.v233.SmartMat.service.group.FridgeService;
+import ntnu.idatt2016.v233.SmartMat.service.group.GroupService;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.Authentication;
@@ -21,7 +22,7 @@ import java.util.Optional;
*
* @author Anders Austlid & Birk
* @version 2.0
- * @since 3.05.2023
+ * @since 5.05.2023
*/
@AllArgsConstructor
@RestController
@@ -30,6 +31,8 @@ public class FridgeController {
private final FridgeService fridgeService;
+ private final GroupService groupService;
+
/**
* Gets the fridge of a group
@@ -87,10 +90,10 @@ public class FridgeController {
if (fridge.isEmpty()) {
return ResponseEntity.notFound().build();
}
-
- if (!fridgeService.isUserInFridge(authentication.getName(), fridge.get().getFridgeId()) &&
- !authentication.getAuthorities().contains(new SimpleGrantedAuthority(Authority.ADMIN.name()))) {
- return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ if(authentication.getAuthorities().stream().noneMatch(a -> a.getAuthority().equals(Authority.ADMIN.name()))){
+ if (!fridgeService.isUserInFridge(authentication.getName(), fridge.get().getFridgeId())) {
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ }
}
try {
@@ -116,11 +119,15 @@ public class FridgeController {
return ResponseEntity.notFound().build();
}
- if (!fridgeService.isUserInFridge(authentication.getName(), fridge.get().getFridgeId()) &&
- !authentication.getAuthorities().contains(new SimpleGrantedAuthority(Authority.ADMIN.name()))) {
- return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
- }
+ if(authentication.getAuthorities().stream().noneMatch(a -> a.getAuthority().equals(Authority.ADMIN.name()))){
+ if (!fridgeService.isUserInFridge(authentication.getName(), fridge.get().getFridgeId())) {
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ }
+ if(groupService.getUserGroupAssoAuthority(authentication.getName(), request.groupId())
+ .equalsIgnoreCase("RESTRICTED"))
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ }
return fridgeService.updateProductInFridge(request).map(ResponseEntity::ok).orElseGet(()-> ResponseEntity.notFound().build());
}
@@ -137,9 +144,16 @@ public class FridgeController {
@PathVariable("amount") String amountStr, Authentication authentication) {
- if (!fridgeService.isUserInGroupWithFridgeProduct( authentication.getName(), fridgeProductId)
- && !authentication.getAuthorities().contains(new SimpleGrantedAuthority(Authority.ADMIN.name()))){
- return ResponseEntity.status(403).body("You are not a member of this group");
+ if(authentication.getAuthorities().stream().noneMatch(a -> a.getAuthority().equals(Authority.ADMIN.name()))){
+ if (!fridgeService.isUserInGroupWithFridgeProduct(authentication.getName(), fridgeProductId)) {
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ }
+
+ if(groupService.getUserGroupAssoAuthority(authentication.getName(),
+ fridgeService.getGroupIdFromFridgeProuctId(fridgeProductId))
+ .equalsIgnoreCase("RESTRICTED")
+ )
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
}
try {
@@ -167,9 +181,16 @@ public class FridgeController {
public ResponseEntity<String> removeProductFromFridge(@PathVariable("fridgeProductId") long fridgeProductId,
Authentication authentication) {
- if (!fridgeService.isUserInGroupWithFridgeProduct( authentication.getName(), fridgeProductId)
- && !authentication.getAuthorities().contains(new SimpleGrantedAuthority(Authority.ADMIN.name()))){
- return ResponseEntity.status(403).body("You are not a member of this group");
+ if(authentication.getAuthorities().stream().noneMatch(a -> a.getAuthority().equals(Authority.ADMIN.name()))){
+ if (!fridgeService.isUserInGroupWithFridgeProduct(authentication.getName(), fridgeProductId)) {
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ }
+
+ if(groupService.getUserGroupAssoAuthority(authentication.getName(),
+ fridgeService.getGroupIdFromFridgeProuctId(fridgeProductId))
+ .equalsIgnoreCase("RESTRICTED")
+ )
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
}
try {
@@ -193,9 +214,16 @@ public class FridgeController {
@DeleteMapping("/waste/product/{fridgeProductId}")
public ResponseEntity<?> wasteProductFromFridge(@PathVariable("fridgeProductId") long fridgeProductId,
Authentication authentication){
- if (!fridgeService.isUserInGroupWithFridgeProduct( authentication.getName(), fridgeProductId)
- && !authentication.getAuthorities().contains(new SimpleGrantedAuthority(Authority.ADMIN.name()))){
- return ResponseEntity.status(403).body("You are not a member of this group");
+ if(authentication.getAuthorities().stream().noneMatch(a -> a.getAuthority().equals(Authority.ADMIN.name()))){
+ if (!fridgeService.isUserInGroupWithFridgeProduct(authentication.getName(), fridgeProductId)) {
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ }
+
+ if(groupService.getUserGroupAssoAuthority(authentication.getName(),
+ fridgeService.getGroupIdFromFridgeProuctId(fridgeProductId))
+ .equalsIgnoreCase("RESTRICTED")
+ )
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
}
return fridgeService.wasteProductFromFridge(fridgeProductId)
diff --git a/src/main/java/ntnu/idatt2016/v233/SmartMat/service/ShoppingListService.java b/src/main/java/ntnu/idatt2016/v233/SmartMat/service/ShoppingListService.java
index d77c53a8398e9d2689cad058678032d38595c7a0..c56b1c27c84caf834059a9eccb485e35b354354e 100644
--- a/src/main/java/ntnu/idatt2016/v233/SmartMat/service/ShoppingListService.java
+++ b/src/main/java/ntnu/idatt2016/v233/SmartMat/service/ShoppingListService.java
@@ -117,4 +117,14 @@ public class ShoppingListService {
.anyMatch(shoppingList -> shoppingList.getShoppingListID() == id);
}
+
+ /**
+ * Get group id by shoppinglist id
+ * @param shoppinglistId id of shoppinglist
+ * @return id of group
+ */
+ public long getGroupIdByShoppingListId(long shoppinglistId){
+ return shoppingListRepository.findById(shoppinglistId).map(shoppingList -> shoppingList.getGroup().getGroupId())
+ .orElse(-1L);
+ }
}
diff --git a/src/main/java/ntnu/idatt2016/v233/SmartMat/service/group/FridgeService.java b/src/main/java/ntnu/idatt2016/v233/SmartMat/service/group/FridgeService.java
index b774d9c2840ab36f66618db825453a4fd7a628b7..3af29c38182845dafd6832291a4fc3a3000f1f71 100644
--- a/src/main/java/ntnu/idatt2016/v233/SmartMat/service/group/FridgeService.java
+++ b/src/main/java/ntnu/idatt2016/v233/SmartMat/service/group/FridgeService.java
@@ -28,7 +28,7 @@ import java.util.Optional;
*
* @author Anders Austlid & Birk
* @version 2
- * @since 04.05.2023
+ * @since 05.05.2023
*/
@AllArgsConstructor
@Service
@@ -207,4 +207,16 @@ public class FridgeService {
return fridge.map(value -> value.getGroup().getUser().stream()
.anyMatch(user -> user.getUser().getUsername().equals(username))).orElse(false);
}
+
+
+ /**
+ * Get the group id of a fridge product
+ * @param fridgeProductId the id of the fridge product
+ * @return the id of the group of the fridge product
+ */
+ public long getGroupIdFromFridgeProuctId(long fridgeProductId){
+ return fridgeProductAssoRepo.findById(fridgeProductId)
+ .map(fridgeProductAsso -> fridgeProductAsso.getFridgeId().getGroup().getGroupId()).orElse(0L);
+
+ }
}
diff --git a/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListControllerTest.java b/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListControllerTest.java
index e9230a156d1094b5b02c282f6ac50062a433e175..4afee683e846a9830fc16a01fbe95880a1d4a210 100644
--- a/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListControllerTest.java
+++ b/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListControllerTest.java
@@ -265,6 +265,10 @@ public class ShoppingListControllerTest {
when(shoppingListService.addProductToShoppingList(ean, shoppingListId))
.thenReturn(Optional.of(shoppingList));
+ when(shoppingListService.getGroupIdByShoppingListId(shoppingListId)).thenReturn(groupId);
+
+ when(groupService.getUserGroupAssoAuthority(eq(regularUser.getName()), eq(groupId))).thenReturn("USER");
+
when(userService.getUserFromUsername(regularUser.getName())).thenReturn(Optional.of(user));
ResponseEntity<?> response = shoppingListController.addItemToShoppingList(shoppingListId, String.valueOf(ean), regularUser);
@@ -317,6 +321,12 @@ public class ShoppingListControllerTest {
when(shoppingListService.removeProductFromShoppingList(ean, shoppingListId))
.thenReturn(Optional.of(shoppingList));
+ when(shoppingListService.getGroupIdByShoppingListId(shoppingListId)).thenReturn(groupId);
+
+ when(groupService.getUserGroupAssoAuthority(eq(regularUser.getName()), eq(groupId))).thenReturn("USER");
+
+
+
ResponseEntity<?> response = shoppingListController.removeProductFromShoppingList(String.valueOf(shoppingListId),
String.valueOf(ean), regularUser);
diff --git a/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/group/FridgeControllerTest.java b/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/group/FridgeControllerTest.java
index c47d075b0c7d7f5227474891e9d181697cb95d87..240354d70184ff12fc80dc36a4e6b214e8537704 100644
--- a/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/group/FridgeControllerTest.java
+++ b/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/group/FridgeControllerTest.java
@@ -239,9 +239,10 @@ public class FridgeControllerTest {
when(fridgeService.addProductToFridge(any(FridgeProductRequest.class))).thenReturn(Optional.empty( ));
when(fridgeService.getFridgeByGroupId(1L)).thenReturn(Optional.of(fridge));
+ when(fridgeService.isUserInFridge("test", 0L)).thenReturn(true);
- ResponseEntity<Product> responseEntity = fridgeController.addProductToFridge(fridgeProductRequest, adminUser);
+ ResponseEntity<Product> responseEntity = fridgeController.addProductToFridge(fridgeProductRequest, regularUser);
verify(fridgeService).isUserInFridge("test", 0L);