diff --git a/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListController.java b/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListController.java
index 4c4d085f99b2945c199416201739a3ecb7e3b978..39fb584fd055d8237c040c4280b3f45598f20786 100644
--- a/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListController.java
+++ b/src/main/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListController.java
@@ -2,8 +2,10 @@ package ntnu.idatt2016.v233.SmartMat.controller;
import java.util.Optional;
+import ntnu.idatt2016.v233.SmartMat.dto.enums.Authority;
import ntnu.idatt2016.v233.SmartMat.entity.product.Product;
import ntnu.idatt2016.v233.SmartMat.entity.user.User;
+import ntnu.idatt2016.v233.SmartMat.service.group.GroupService;
import ntnu.idatt2016.v233.SmartMat.service.product.ProductService;
import ntnu.idatt2016.v233.SmartMat.service.user.UserService;
import org.springframework.beans.factory.annotation.Autowired;
@@ -35,17 +37,22 @@ public class ShoppingListController {
UserService userService;
+ GroupService groupService;
+
/**
* Gets a shopping list by its ID
*
* @param id the shopping list ID
- * @return the shopping list, or an error if the ID is invalid
+ * @return the shopping list, or an error if the ID is invalid,
+ * or the user dose not have the rights to edit the shopping list
*/
@GetMapping("/{id}")
public ResponseEntity<ShoppingList> getShoppingListById(@PathVariable("id") long id, Authentication auth) {
- shoppingListService.isUserInShoppinglist(id, auth.getName());
+ if(!shoppingListService.isUserInShoppinglist(id, auth.getName()) &&
+ auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals(Authority.ADMIN.name())))
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
Optional<ShoppingList> shoppingList = shoppingListService.getShoppingListById(id);
return shoppingList.map(list -> ResponseEntity.status(HttpStatus.OK).body(list))
@@ -59,7 +66,11 @@ public class ShoppingListController {
* @return the shopping list, or an error if the ID is invalid
*/
@GetMapping("/group/{groupId}")
- public ResponseEntity<ShoppingList> getAllShoppingListsByGroupId(@PathVariable("groupId") long id) {
+ public ResponseEntity<ShoppingList> getAllShoppingListsByGroupId(@PathVariable("groupId") long id, Authentication auth) {
+ if(!groupService.isUserAssociatedWithGroup(auth.getName(), id) &&
+ auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals(Authority.ADMIN.name())))
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+
Optional<ShoppingList> shoppingList = shoppingListService.getShoppingListByGroupId(id);
return shoppingList.map(list -> ResponseEntity.status(HttpStatus.OK).body(list))
.orElseGet(() -> ResponseEntity.status(HttpStatus.NOT_FOUND).build());
@@ -76,6 +87,10 @@ public class ShoppingListController {
public ResponseEntity<?> addItemToShoppingList(@PathVariable("shoppingListId") long shoppingListId,
@PathVariable("ean") String ean, Authentication auth){
+ if(!shoppingListService.isUserInShoppinglist(shoppingListId, auth.getName()) &&
+ auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals(Authority.ADMIN.name())))
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+
Optional<ShoppingList> shoppingList = shoppingListService.getShoppingListById(shoppingListId);
if(shoppingList.isEmpty())
@@ -125,7 +140,13 @@ public class ShoppingListController {
*/
@DeleteMapping("/removeProduct/{shoppingListId}/{ean}")
public ResponseEntity<ShoppingList> removeProductFromShoppingList(@PathVariable("shoppingListId") String shoppingListId,
- @PathVariable("ean") String ean) {
+ @PathVariable("ean") String ean, Authentication auth) {
+
+ if(!shoppingListService.isUserInShoppinglist(Long.parseLong(shoppingListId), auth.getName()) &&
+ auth.getAuthorities().stream().noneMatch(role -> role.getAuthority().equals(Authority.ADMIN.name())))
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+
+
Optional<ShoppingList> shoppingList = shoppingListService.getShoppingListById(Long.parseLong(shoppingListId));
if(shoppingList.isEmpty())
return ResponseEntity.status(HttpStatus.NOT_FOUND).build();
diff --git a/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListControllerTest.java b/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListControllerTest.java
index cf325eb32a5f09e644ba684497e82bb5c36652d1..c0a48ec5aceaf581ec41fde5e55ac22bb7770cd0 100644
--- a/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListControllerTest.java
+++ b/src/test/java/ntnu/idatt2016/v233/SmartMat/controller/ShoppingListControllerTest.java
@@ -3,7 +3,12 @@ package ntnu.idatt2016.v233.SmartMat.controller;
import ntnu.idatt2016.v233.SmartMat.dto.enums.Authority;
import ntnu.idatt2016.v233.SmartMat.dto.request.ShoppingListRequest;
import ntnu.idatt2016.v233.SmartMat.entity.ShoppingList;
+import ntnu.idatt2016.v233.SmartMat.entity.group.Group;
+import ntnu.idatt2016.v233.SmartMat.entity.group.UserGroupAsso;
+import ntnu.idatt2016.v233.SmartMat.entity.group.UserGroupId;
+import ntnu.idatt2016.v233.SmartMat.entity.user.User;
import ntnu.idatt2016.v233.SmartMat.service.ShoppingListService;
+import ntnu.idatt2016.v233.SmartMat.service.group.GroupService;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
@@ -32,6 +37,9 @@ public class ShoppingListControllerTest {
@Mock
private ShoppingListService shoppingListService;
+ @Mock
+ private GroupService groupService;
+
private ShoppingList shoppingList;
private final Authentication regularUser = new Authentication() {
@@ -111,6 +119,28 @@ public class ShoppingListControllerTest {
@BeforeEach
public void setUp() {
shoppingList = new ShoppingList();
+ Group group = Group.builder()
+ .groupId(1)
+ .build();
+
+ User user = User.builder()
+ .username(regularUser.getName())
+ .build();
+
+ UserGroupAsso userGroupAsso = UserGroupAsso.builder()
+ .id(new UserGroupId(user.getUsername(), group.getGroupId()))
+ .user(user)
+ .group(group)
+ .groupAuthority("USER")
+ .build();
+
+
+ group.addUser(userGroupAsso);
+ user.addGroup(userGroupAsso);
+
+ shoppingList.setGroup(group);
+
+
}
@@ -140,7 +170,7 @@ public class ShoppingListControllerTest {
long groupId = 1;
when(shoppingListService.getShoppingListByGroupId(groupId)).thenReturn(Optional.of(shoppingList));
- ResponseEntity<ShoppingList> response = shoppingListController.getAllShoppingListsByGroupId(groupId);
+ ResponseEntity<ShoppingList> response = shoppingListController.getAllShoppingListsByGroupId(groupId, adminUser);
assertEquals(HttpStatus.OK, response.getStatusCode());
assertEquals(shoppingList, response.getBody());
@@ -151,8 +181,32 @@ public class ShoppingListControllerTest {
long groupId = 1;
when(shoppingListService.getShoppingListByGroupId(groupId)).thenReturn(Optional.empty());
- ResponseEntity<ShoppingList> response = shoppingListController.getAllShoppingListsByGroupId(groupId);
+ ResponseEntity<ShoppingList> response = shoppingListController.getAllShoppingListsByGroupId(groupId, adminUser);
assertEquals(HttpStatus.NOT_FOUND, response.getStatusCode());
}
+
+ @Test
+ public void getAllShoppingListsByGroupId_foundReg() {
+ long groupId = 1;
+ when(shoppingListService.getShoppingListByGroupId(groupId)).thenReturn(Optional.of(shoppingList));
+ when(groupService.isUserAssociatedWithGroup(regularUser.getName(), groupId)).thenReturn(true);
+
+ ResponseEntity<ShoppingList> response = shoppingListController.getAllShoppingListsByGroupId(groupId, regularUser);
+
+ assertEquals(HttpStatus.OK, response.getStatusCode());
+ assertEquals(shoppingList, response.getBody());
+ }
+
+ @Test
+ public void getAllShoppingListsByGroupId_notFoundReg() {
+ long groupId = 1;
+ when(shoppingListService.getShoppingListByGroupId(groupId)).thenReturn(Optional.empty());
+ when(groupService.isUserAssociatedWithGroup(regularUser.getName(), groupId)).thenReturn(true);
+
+ ResponseEntity<ShoppingList> response = shoppingListController.getAllShoppingListsByGroupId(groupId, regularUser);
+
+ assertEquals(HttpStatus.NOT_FOUND, response.getStatusCode());
+ }
+
}
diff --git a/src/test/java/ntnu/idatt2016/v233/SmartMat/service/group/GroupServiceTest.java b/src/test/java/ntnu/idatt2016/v233/SmartMat/service/group/GroupServiceTest.java
index 468e49e66e85a7d80f2d5efc2727a79e76ea410d..d6ab5af0029f352ecb7dee9055380513eb98251b 100644
--- a/src/test/java/ntnu/idatt2016/v233/SmartMat/service/group/GroupServiceTest.java
+++ b/src/test/java/ntnu/idatt2016/v233/SmartMat/service/group/GroupServiceTest.java
@@ -2,9 +2,13 @@ package ntnu.idatt2016.v233.SmartMat.service.group;
import ntnu.idatt2016.v233.SmartMat.entity.group.Fridge;
import ntnu.idatt2016.v233.SmartMat.entity.group.Group;
+import ntnu.idatt2016.v233.SmartMat.entity.group.UserGroupAsso;
+import ntnu.idatt2016.v233.SmartMat.entity.group.UserGroupId;
+import ntnu.idatt2016.v233.SmartMat.entity.user.User;
import ntnu.idatt2016.v233.SmartMat.repository.ShoppingListRepository;
import ntnu.idatt2016.v233.SmartMat.repository.group.FridgeRepository;
import ntnu.idatt2016.v233.SmartMat.repository.group.GroupRepository;
+import ntnu.idatt2016.v233.SmartMat.repository.group.UserGroupAssoRepository;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.InjectMocks;
@@ -15,6 +19,7 @@ import java.util.List;
import java.util.Optional;
import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.mockito.Mockito.*;
public class GroupServiceTest {
@@ -25,6 +30,9 @@ public class GroupServiceTest {
@Mock
private FridgeRepository fridgeRepository;
+ @Mock
+ private UserGroupAssoRepository userGroupAssoRepository;
+
@Mock
private ShoppingListRepository shoppingListRepository;
@@ -97,4 +105,37 @@ public class GroupServiceTest {
verify(groupRepository).save(group);
verify(fridgeRepository).save(fridge);
}
+
+ @Test
+ void isUserAssosiatedWithGroup(){
+ // Arrange
+ long userId = 1L;
+ long groupId = 2L;
+ Group group = new Group();
+ group.setGroupId(groupId);
+ User user = User.builder()
+ .username("test")
+ .build();
+
+ UserGroupAsso userGroupAsso = UserGroupAsso.builder()
+ .id(UserGroupId.builder()
+ .groupId(groupId)
+ .username("test")
+ .build())
+ .user(user)
+ .group(group)
+ .build();
+
+ group.addUser(userGroupAsso);
+ user.addGroup(userGroupAsso);
+
+ when(userGroupAssoRepository.findById(userGroupAsso.getId())).thenReturn(Optional.of(userGroupAsso));
+
+ // Act
+ boolean result = groupService.isUserAssociatedWithGroup(user.getUsername(), groupId);
+
+ // Assert
+ assertTrue(result);
+ verify(userGroupAssoRepository).findById(userGroupAsso.getId());
+ }
}