From f5a2a9a36016bb057a6210ed47027a3f1a4ee5da Mon Sep 17 00:00:00 2001
From: Mats Lading <mjlading@stud.ntnu.no>
Date: Fri, 28 Apr 2023 09:17:38 +0200
Subject: [PATCH 1/4] docs: create household cannot have 409 response, since
the id is auto generated
---
docs/swagger.yaml | 2 --
1 file changed, 2 deletions(-)
diff --git a/docs/swagger.yaml b/docs/swagger.yaml
index f920880..8c512b5 100644
--- a/docs/swagger.yaml
+++ b/docs/swagger.yaml
@@ -241,8 +241,6 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/Household'
- '409':
- description: Household already exists
/household/{id}/users:
get:
tags:
--
GitLab
From dd6760fbfe8d90428af501c0f59887eb742a853a Mon Sep 17 00:00:00 2001
From: Mats Lading <mjlading@stud.ntnu.no>
Date: Fri, 28 Apr 2023 09:23:01 +0200
Subject: [PATCH 2/4] fix: return NO_CONTENT code in deleteHousehold method
---
.../java/no/freshify/api/controller/HouseholdController.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/api/src/main/java/no/freshify/api/controller/HouseholdController.java b/api/src/main/java/no/freshify/api/controller/HouseholdController.java
index 0e36bc1..cf58907 100644
--- a/api/src/main/java/no/freshify/api/controller/HouseholdController.java
+++ b/api/src/main/java/no/freshify/api/controller/HouseholdController.java
@@ -72,7 +72,7 @@ public class HouseholdController {
long idToDelete = householdService.findHouseholdByHouseholdId(householdId).getId();
householdService.removeHousehold(idToDelete);
logger.info("Removed household");
- return ResponseEntity.ok("Operation successful");
+ return ResponseEntity.status(HttpStatus.NO_CONTENT).body("Operation successful");
}
/**
--
GitLab
From 275488c9db3b90778d8c21db3d2c223e5058d5ea Mon Sep 17 00:00:00 2001
From: Mats Lading <mjlading@stud.ntnu.no>
Date: Fri, 28 Apr 2023 09:57:47 +0200
Subject: [PATCH 3/4] feat: when getting users in a household, the requester
must be a member of the household
---
.../freshify/api/controller/HouseholdController.java | 8 ++++++--
.../freshify/api/service/HouseholdMemberService.java | 10 ++++++++++
.../api/controller/HouseholdControllerTest.java | 2 +-
3 files changed, 17 insertions(+), 3 deletions(-)
diff --git a/api/src/main/java/no/freshify/api/controller/HouseholdController.java b/api/src/main/java/no/freshify/api/controller/HouseholdController.java
index cf58907..e20b9de 100644
--- a/api/src/main/java/no/freshify/api/controller/HouseholdController.java
+++ b/api/src/main/java/no/freshify/api/controller/HouseholdController.java
@@ -9,6 +9,7 @@ import no.freshify.api.model.dto.HouseholdMemberDTO;
import no.freshify.api.model.mapper.HouseholdMapper;
import no.freshify.api.model.mapper.HouseholdMemberMapper;
import no.freshify.api.security.AuthenticationService;
+import no.freshify.api.service.HouseholdMemberService;
import no.freshify.api.service.HouseholdService;
import org.mapstruct.factory.Mappers;
@@ -19,6 +20,7 @@ import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
+import java.nio.file.AccessDeniedException;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
@@ -29,6 +31,7 @@ import java.util.Set;
public class HouseholdController {
private final HouseholdService householdService;
private final AuthenticationService authenticationService;
+ private final HouseholdMemberService householdMemberService;
private final HouseholdMapper householdMapper = Mappers.getMapper(HouseholdMapper.class);
private final HouseholdMemberMapper householdMemberMapper = Mappers.getMapper(HouseholdMemberMapper.class);
@@ -86,12 +89,13 @@ public class HouseholdController {
return ResponseEntity.ok(householdMapper.toHouseholdDTO(householdService.findHouseholdByHouseholdId(householdId)));
}
- //TODO Remember to add authentication logic and verify/enforce access privileges before processing request
/**
- * Gets the users in a given household
+ * Gets the users in a given household. Can only be done by a user in the household.
* @param householdId The household to get users from
* @return A list of users in the given household
+ * @throws HouseholdNotFoundException If the household was not found
*/
+ @PreAuthorize("hasPermission(#householdId, 'Household', '')")
@GetMapping("/{id}/users")
public ResponseEntity<List<HouseholdMemberDTO>> getUsers(@PathVariable("id") long householdId)
throws HouseholdNotFoundException {
diff --git a/api/src/main/java/no/freshify/api/service/HouseholdMemberService.java b/api/src/main/java/no/freshify/api/service/HouseholdMemberService.java
index 93bb079..4e275cf 100644
--- a/api/src/main/java/no/freshify/api/service/HouseholdMemberService.java
+++ b/api/src/main/java/no/freshify/api/service/HouseholdMemberService.java
@@ -3,14 +3,18 @@ package no.freshify.api.service;
import lombok.RequiredArgsConstructor;
import no.freshify.api.exception.HouseholdMemberAlreadyExistsException;
import no.freshify.api.exception.UserDoesNotBelongToHouseholdException;
+import no.freshify.api.model.Household;
import no.freshify.api.model.HouseholdMember;
import no.freshify.api.model.HouseholdMemberKey;
+import no.freshify.api.model.User;
import no.freshify.api.repository.HouseholdMemberRepository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
import java.util.List;
+import java.util.Objects;
+import java.util.Set;
@Service
@RequiredArgsConstructor
@@ -52,4 +56,10 @@ public class HouseholdMemberService {
public void removeHouseholdMember(HouseholdMember householdMember) {
householdMemberRepository.delete(householdMember);
}
+
+ public boolean userExistsInHousehold(User loggedInUser, Household household) {
+ Set<HouseholdMember> members = loggedInUser.getHouseholdMembers();
+ return members.stream()
+ .anyMatch(o -> o.getHousehold().getId().equals(household.getId()));
+ }
}
diff --git a/api/src/test/java/no/freshify/api/controller/HouseholdControllerTest.java b/api/src/test/java/no/freshify/api/controller/HouseholdControllerTest.java
index 0fc41ef..1e87db4 100644
--- a/api/src/test/java/no/freshify/api/controller/HouseholdControllerTest.java
+++ b/api/src/test/java/no/freshify/api/controller/HouseholdControllerTest.java
@@ -138,7 +138,7 @@ public class HouseholdControllerTest {
when(householdService.findHouseholdByHouseholdId(householdId)).thenReturn(household);
doNothing().when(householdService).removeHousehold(anyLong());
mockMvc.perform(delete("/household/{id}", householdId))
- .andExpect(status().isOk());
+ .andExpect(status().isNoContent());
verify(householdService, VerificationModeFactory.times(1)).removeHousehold(anyLong());
verify(householdService, VerificationModeFactory.times(1)).findHouseholdByHouseholdId(Mockito.any());
--
GitLab
From bd1aeab628f17b0d512bffcb76bea213b5d37016 Mon Sep 17 00:00:00 2001
From: Mats Lading <mjlading@stud.ntnu.no>
Date: Fri, 28 Apr 2023 10:04:34 +0200
Subject: [PATCH 4/4] refac: remove household id field from HouseholdDTO
---
api/src/main/java/no/freshify/api/model/dto/HouseholdDTO.java | 1 -
.../no/freshify/api/controller/HouseholdControllerTest.java | 3 ---
.../no/freshify/api/controller/ShoppingListControllerTest.java | 1 -
3 files changed, 5 deletions(-)
diff --git a/api/src/main/java/no/freshify/api/model/dto/HouseholdDTO.java b/api/src/main/java/no/freshify/api/model/dto/HouseholdDTO.java
index 9d7cf05..7b1ba35 100644
--- a/api/src/main/java/no/freshify/api/model/dto/HouseholdDTO.java
+++ b/api/src/main/java/no/freshify/api/model/dto/HouseholdDTO.java
@@ -6,6 +6,5 @@ import lombok.Setter;
@Getter
@Setter
public class HouseholdDTO {
- private Long id;
private String name;
}
diff --git a/api/src/test/java/no/freshify/api/controller/HouseholdControllerTest.java b/api/src/test/java/no/freshify/api/controller/HouseholdControllerTest.java
index 1e87db4..a8dcfaa 100644
--- a/api/src/test/java/no/freshify/api/controller/HouseholdControllerTest.java
+++ b/api/src/test/java/no/freshify/api/controller/HouseholdControllerTest.java
@@ -90,7 +90,6 @@ public class HouseholdControllerTest {
household.setName("Test Household");
householdDTO = new HouseholdDTO();
- householdDTO.setId(householdId);
householdDTO.setName("Test Household");
HouseholdMember householdMember = new HouseholdMember();
@@ -151,7 +150,6 @@ public class HouseholdControllerTest {
mockMvc.perform(get("/household/{id}", householdId))
.andExpect(status().isOk())
- .andExpect(jsonPath("$.id", is(householdId.intValue())))
.andExpect(jsonPath("$.name", is(household.getName())));
verify(householdService, VerificationModeFactory.times(1)).findHouseholdByHouseholdId(anyLong());
@@ -171,7 +169,6 @@ public class HouseholdControllerTest {
public void updateHouseholdTest() throws Exception {
HouseholdDTO household = new HouseholdDTO();
household.setName("New Household Name");
- household.setId(1L);
when(householdService.findHouseholdByHouseholdId(anyLong())).thenReturn(this.household);
when(householdService.updateHousehold(any(Household.class))).thenReturn(this.household);
diff --git a/api/src/test/java/no/freshify/api/controller/ShoppingListControllerTest.java b/api/src/test/java/no/freshify/api/controller/ShoppingListControllerTest.java
index aeaf603..9546cc2 100644
--- a/api/src/test/java/no/freshify/api/controller/ShoppingListControllerTest.java
+++ b/api/src/test/java/no/freshify/api/controller/ShoppingListControllerTest.java
@@ -108,7 +108,6 @@ public class ShoppingListControllerTest {
household.setName("Test Household");
householdDTO = new HouseholdDTO();
- householdDTO.setId(householdId);
householdDTO.setName("Test Household");
HouseholdMember householdMember = new HouseholdMember();
--
GitLab