Commit 3af2f4e6 authored by Piotr Gawron's avatar Piotr Gawron

user should be able to delete own comment

parent 9adbe74c
Pipeline #13511 passed with stage
in 11 minutes and 29 seconds
......@@ -69,7 +69,7 @@ public class CommentController extends BaseController {
@PreAuthorize("hasAuthority('IS_ADMIN')" +
" or hasAuthority('IS_CURATOR') and hasAuthority('WRITE_PROJECT:' + #projectId)" +
" or @commentService.getCommentById(#commentId)?.user?.login == authentication.name")
" or @commentService.getOwnerByCommentId(#commentId)?.login == authentication.name")
@DeleteMapping(value = "/{commentId}/")
public Map<String, Object> removeComment(
@RequestBody(required = false) String body,
......
......@@ -313,4 +313,15 @@ public class CommentService implements ICommentService {
&& !(Math.abs(y1 - y2) > COMMENT_POINT_DISTANCE_EPSILON);
}
@Override
public User getOwnerByCommentId(String commentId) {
Comment comment = getCommentById(commentId);
if (comment == null || comment.getUser() == null) {
return null;
}
// fetch lazy data
comment.getUser().getLogin();
return comment.getUser();
}
}
......@@ -81,5 +81,7 @@ public interface ICommentService {
void removeCommentsForModel(ModelData model);
Comment getCommentById(String commentId);
User getOwnerByCommentId(String commentId);
}
......@@ -138,14 +138,14 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
}
private void createComments() {
Comment comment = createComment();
Comment comment = createComment(map);
commentDao.add(comment);
comment = createComment();
comment = createComment(map);
comment.setPinned(true);
commentDao.add(comment);
comment = createComment();
comment = createComment(map);
comment.setDeleted(true);
commentDao.add(comment);
}
......@@ -179,7 +179,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
MockHttpSession session = createSession(TEST_USER_LOGIN, TEST_USER_PASSWORD);
Comment comment = createComment();
Comment comment = createComment(map);
comment.setName("author name");
comment.setPinned(true);
commentDao.add(comment);
......@@ -204,7 +204,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
MockHttpSession session = createSession(TEST_ADMIN_LOGIN, TEST_ADMIN_PASSWORD);
Comment comment = createComment();
Comment comment = createComment(map);
comment.setName("author name");
comment.setPinned(true);
commentDao.add(comment);
......@@ -229,7 +229,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
MockHttpSession session = createSession(TEST_CURATOR_LOGIN, TEST_CURATOR_PASSWORD);
Comment comment = createComment();
Comment comment = createComment(map);
comment.setName("author name");
comment.setPinned(true);
commentDao.add(comment);
......@@ -270,7 +270,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
MockHttpSession session = createSession(TEST_ADMIN_LOGIN, TEST_ADMIN_PASSWORD);
Comment comment = createComment();
Comment comment = createComment(map);
commentDao.add(comment);
RequestBuilder request = delete("/projects/" + TEST_PROJECT + "/comments/" + comment.getId() + "/")
......@@ -289,7 +289,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
MockHttpSession session = createSession(TEST_CURATOR_LOGIN, TEST_CURATOR_PASSWORD);
Comment comment = createComment();
Comment comment = createComment(map);
commentDao.add(comment);
RequestBuilder request = delete("/projects/" + TEST_PROJECT + "/comments/" + comment.getId() + "/")
......@@ -308,7 +308,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
MockHttpSession session = createSession(TEST_CURATOR_LOGIN, TEST_CURATOR_PASSWORD);
Comment comment = createComment();
Comment comment = createComment(map);
commentDao.add(comment);
RequestBuilder request = delete("/projects/" + TEST_PROJECT + "/comments/" + comment.getId() + "/")
......@@ -325,8 +325,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
MockHttpSession session = createSession(TEST_USER_LOGIN, TEST_USER_PASSWORD);
Comment comment = createComment();
comment.setUser(user);
Comment comment = createComment(map, user);
commentDao.add(comment);
RequestBuilder request = delete("/projects/" + TEST_PROJECT + "/comments/" + comment.getId() + "/")
......@@ -341,7 +340,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
@Test
public void testRemoveAsGuestAccount() throws Exception {
Comment comment = createComment();
Comment comment = createComment(map);
commentDao.add(comment);
RequestBuilder request = delete("/projects/" + TEST_PROJECT + "/comments/" + comment.getId() + "/")
......@@ -523,7 +522,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
MockHttpSession session = createSession(TEST_ADMIN_LOGIN, TEST_ADMIN_PASSWORD);
Comment comment = createComment();
Comment comment = createComment(map);
commentDao.add(comment);
RequestBuilder request = get(
......@@ -546,7 +545,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
MockHttpSession session = createSession(TEST_ADMIN_LOGIN, TEST_ADMIN_PASSWORD);
Comment comment = createComment();
Comment comment = createComment(map);
commentDao.add(comment);
RequestBuilder request = get(
......@@ -565,7 +564,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
MockHttpSession session = createSession(TEST_CURATOR_LOGIN, TEST_CURATOR_PASSWORD);
Comment comment = createComment();
Comment comment = createComment(map);
commentDao.add(comment);
RequestBuilder request = get(
......@@ -588,7 +587,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
MockHttpSession session = createSession(TEST_USER_LOGIN, TEST_USER_PASSWORD);
Comment comment = createComment();
Comment comment = createComment(map);
commentDao.add(comment);
RequestBuilder request = get(
......@@ -875,22 +874,15 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
.andExpect(status().isNotFound());
}
private Comment createComment() {
Comment comment = new Comment();
comment.setModel(map);
comment.setCoordinates(new Point2D.Double(10, 20));
return comment;
}
private Comment createReactionComment() {
Comment comment = createComment();
Comment comment = createComment(map);
comment.setTableName(reaction.getClass());
comment.setTableId(reaction.getId());
return comment;
}
private Comment createElementComment() {
Comment comment = createComment();
Comment comment = createComment(map);
comment.setTableName(element.getClass());
comment.setTableId(element.getId());
return comment;
......
package lcsb.mapviewer.web;
import static org.junit.Assert.assertEquals;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import java.util.Arrays;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.junit.*;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.mock.web.MockHttpSession;
import org.springframework.test.annotation.Rollback;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.RequestBuilder;
import lcsb.mapviewer.common.Configuration;
import lcsb.mapviewer.model.map.Comment;
import lcsb.mapviewer.model.map.model.Model;
import lcsb.mapviewer.model.user.User;
import lcsb.mapviewer.services.interfaces.IUserService;
@RunWith(SpringJUnit4ClassRunner.class)
@Rollback
public class CommentControllerIntegrationTestWithoutTransaction extends ControllerIntegrationTest {
Logger logger = LogManager.getLogger();
@Autowired
private IUserService userService;
@Before
public void setup() {
}
......@@ -34,4 +51,17 @@ public class CommentControllerIntegrationTestWithoutTransaction extends Controll
mockMvc.perform(request)
.andExpect(status().is4xxClientError());
}
@Test
public void testRemoveCommentAsUserWithAccess() throws Exception {
User user = userService.getUserByLogin(Configuration.ANONYMOUS_LOGIN);
Comment comment = createCommentInSeparateThread(getBuildInModel(), user);
RequestBuilder request = delete("/projects/" + BUILT_IN_PROJECT + "/comments/" + comment.getId() + "/");
mockMvc.perform(request)
.andExpect(status().is2xxSuccessful());
}
}
......@@ -31,6 +31,7 @@ import lcsb.mapviewer.model.Project;
import lcsb.mapviewer.model.ProjectStatus;
import lcsb.mapviewer.model.cache.UploadedFileEntry;
import lcsb.mapviewer.model.graphics.PolylineData;
import lcsb.mapviewer.model.map.Comment;
import lcsb.mapviewer.model.map.layout.ColorSchemaType;
import lcsb.mapviewer.model.map.layout.Layout;
import lcsb.mapviewer.model.map.model.ModelData;
......@@ -43,7 +44,7 @@ import lcsb.mapviewer.model.user.User;
import lcsb.mapviewer.persist.DbUtils;
import lcsb.mapviewer.persist.dao.ProjectDao;
import lcsb.mapviewer.persist.dao.cache.UploadedFileEntryDao;
import lcsb.mapviewer.persist.dao.map.LayoutDao;
import lcsb.mapviewer.persist.dao.map.*;
import lcsb.mapviewer.persist.dao.user.UserDao;
import lcsb.mapviewer.services.interfaces.IUserService;
import lcsb.mapviewer.web.config.SpringWebConfig;
......@@ -55,6 +56,8 @@ abstract public class ControllerIntegrationTest {
protected static final String BUILT_IN_TEST_ADMIN_PASSWORD = "admin";
protected static final String BUILT_IN_TEST_ADMIN_LOGIN = "admin";
protected static final String BUILT_IN_PROJECT = "empty";
@Rule
public UnitTestFailedWatcher unitTestFailedWatcher = new UnitTestFailedWatcher();
protected MockMvc mockMvc;
......@@ -66,10 +69,19 @@ abstract public class ControllerIntegrationTest {
private IUserService userService;
@Autowired
private ProjectDao projectDao;
@Autowired
private ModelDao modelDao;
@Autowired
private CommentDao commentDao;
@Autowired
private UserDao userDao;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private UploadedFileEntryDao fileDao;
......@@ -325,4 +337,30 @@ abstract public class ControllerIntegrationTest {
});
}
protected Comment createCommentInSeparateThread(ModelData model, User owner) throws Exception {
return callInSeparateThread(() -> {
Comment comment = createComment(model, owner);
commentDao.add(comment);
return comment;
});
}
protected ModelData getBuildInModel() throws Exception {
return callInSeparateThread(() -> {
return modelDao.getLastModelForProjectIdentifier(BUILT_IN_PROJECT, true);
});
}
protected Comment createComment(ModelData map) {
return createComment(map, null);
}
protected Comment createComment(ModelData map, User owner) {
Comment comment = new Comment();
comment.setModel(map);
comment.setUser(owner);
comment.setCoordinates(new Point2D.Double(10, 20));
return comment;
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment