user should be able to delete own comment

rest-api/src/main/java/lcsb/mapviewer/api/projects/comments/CommentController.java

@@ -69,7 +69,7 @@ public class CommentController extends BaseController {
 
   @PreAuthorize("hasAuthority('IS_ADMIN')" +
       " or hasAuthority('IS_CURATOR') and hasAuthority('WRITE_PROJECT:' + #projectId)" +
-      " or @commentService.getCommentById(#commentId)?.user?.login == authentication.name")
+      " or @commentService.getOwnerByCommentId(#commentId)?.login == authentication.name")
   @DeleteMapping(value = "/{commentId}/")
   public Map<String, Object> removeComment(
       @RequestBody(required = false) String body,

service/src/main/java/lcsb/mapviewer/services/impl/CommentService.java

@@ -313,4 +313,15 @@ public class CommentService implements ICommentService {
         && !(Math.abs(y1 - y2) > COMMENT_POINT_DISTANCE_EPSILON);
   }
 
+  @Override
+  public User getOwnerByCommentId(String commentId) {
+    Comment comment = getCommentById(commentId);
+    if (comment == null || comment.getUser() == null) {
+      return null;
+    }
+    // fetch lazy data
+    comment.getUser().getLogin();
+    return comment.getUser();
+  }
+
 }

service/src/main/java/lcsb/mapviewer/services/interfaces/ICommentService.java

@@ -81,5 +81,7 @@ public interface ICommentService {
   void removeCommentsForModel(ModelData model);
 
   Comment getCommentById(String commentId);
+  
+  User getOwnerByCommentId(String commentId);
 
 }

web/src/test/java/lcsb/mapviewer/web/CommentControllerIntegrationTest.java

@@ -138,14 +138,14 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
   }
 
   private void createComments() {
-    Comment comment = createComment();
+    Comment comment = createComment(map);
     commentDao.add(comment);
 
-    comment = createComment();
+    comment = createComment(map);
     comment.setPinned(true);
     commentDao.add(comment);
 
-    comment = createComment();
+    comment = createComment(map);
     comment.setDeleted(true);
     commentDao.add(comment);
   }
@@ -179,7 +179,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
 
     MockHttpSession session = createSession(TEST_USER_LOGIN, TEST_USER_PASSWORD);
 
-    Comment comment = createComment();
+    Comment comment = createComment(map);
     comment.setName("author name");
     comment.setPinned(true);
     commentDao.add(comment);
@@ -204,7 +204,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
 
     MockHttpSession session = createSession(TEST_ADMIN_LOGIN, TEST_ADMIN_PASSWORD);
 
-    Comment comment = createComment();
+    Comment comment = createComment(map);
     comment.setName("author name");
     comment.setPinned(true);
     commentDao.add(comment);
@@ -229,7 +229,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
 
     MockHttpSession session = createSession(TEST_CURATOR_LOGIN, TEST_CURATOR_PASSWORD);
 
-    Comment comment = createComment();
+    Comment comment = createComment(map);
     comment.setName("author name");
     comment.setPinned(true);
     commentDao.add(comment);
@@ -270,7 +270,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
 
     MockHttpSession session = createSession(TEST_ADMIN_LOGIN, TEST_ADMIN_PASSWORD);
 
-    Comment comment = createComment();
+    Comment comment = createComment(map);
     commentDao.add(comment);
 
     RequestBuilder request = delete("/projects/" + TEST_PROJECT + "/comments/" + comment.getId() + "/")
@@ -289,7 +289,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
 
     MockHttpSession session = createSession(TEST_CURATOR_LOGIN, TEST_CURATOR_PASSWORD);
 
-    Comment comment = createComment();
+    Comment comment = createComment(map);
     commentDao.add(comment);
 
     RequestBuilder request = delete("/projects/" + TEST_PROJECT + "/comments/" + comment.getId() + "/")
@@ -308,7 +308,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
 
     MockHttpSession session = createSession(TEST_CURATOR_LOGIN, TEST_CURATOR_PASSWORD);
 
-    Comment comment = createComment();
+    Comment comment = createComment(map);
     commentDao.add(comment);
 
     RequestBuilder request = delete("/projects/" + TEST_PROJECT + "/comments/" + comment.getId() + "/")
@@ -325,8 +325,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
 
     MockHttpSession session = createSession(TEST_USER_LOGIN, TEST_USER_PASSWORD);
 
-    Comment comment = createComment();
-    comment.setUser(user);
+    Comment comment = createComment(map, user);
     commentDao.add(comment);
 
     RequestBuilder request = delete("/projects/" + TEST_PROJECT + "/comments/" + comment.getId() + "/")
@@ -341,7 +340,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
 
   @Test
   public void testRemoveAsGuestAccount() throws Exception {
-    Comment comment = createComment();
+    Comment comment = createComment(map);
     commentDao.add(comment);
 
     RequestBuilder request = delete("/projects/" + TEST_PROJECT + "/comments/" + comment.getId() + "/")
@@ -523,7 +522,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
 
     MockHttpSession session = createSession(TEST_ADMIN_LOGIN, TEST_ADMIN_PASSWORD);
 
-    Comment comment = createComment();
+    Comment comment = createComment(map);
     commentDao.add(comment);
 
     RequestBuilder request = get(
@@ -546,7 +545,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
 
     MockHttpSession session = createSession(TEST_ADMIN_LOGIN, TEST_ADMIN_PASSWORD);
 
-    Comment comment = createComment();
+    Comment comment = createComment(map);
     commentDao.add(comment);
 
     RequestBuilder request = get(
@@ -565,7 +564,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
 
     MockHttpSession session = createSession(TEST_CURATOR_LOGIN, TEST_CURATOR_PASSWORD);
 
-    Comment comment = createComment();
+    Comment comment = createComment(map);
     commentDao.add(comment);
 
     RequestBuilder request = get(
@@ -588,7 +587,7 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
 
     MockHttpSession session = createSession(TEST_USER_LOGIN, TEST_USER_PASSWORD);
 
-    Comment comment = createComment();
+    Comment comment = createComment(map);
     commentDao.add(comment);
 
     RequestBuilder request = get(
@@ -875,22 +874,15 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
         .andExpect(status().isNotFound());
   }
 
-  private Comment createComment() {
-    Comment comment = new Comment();
-    comment.setModel(map);
-    comment.setCoordinates(new Point2D.Double(10, 20));
-    return comment;
-  }
-
   private Comment createReactionComment() {
-    Comment comment = createComment();
+    Comment comment = createComment(map);
     comment.setTableName(reaction.getClass());
     comment.setTableId(reaction.getId());
     return comment;
   }
 
   private Comment createElementComment() {
-    Comment comment = createComment();
+    Comment comment = createComment(map);
     comment.setTableName(element.getClass());
     comment.setTableId(element.getId());
     return comment;

web/src/test/java/lcsb/mapviewer/web/CommentControllerIntegrationTestWithoutTransaction.java

 package lcsb.mapviewer.web;
 
+import static org.junit.Assert.assertEquals;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
+import java.util.Arrays;
+
+import org.apache.http.client.entity.UrlEncodedFormEntity;
+import org.apache.http.message.BasicNameValuePair;
+import org.apache.http.util.EntityUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.junit.*;
 import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
+import org.springframework.mock.web.MockHttpSession;
 import org.springframework.test.annotation.Rollback;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.test.web.servlet.RequestBuilder;
 
+import lcsb.mapviewer.common.Configuration;
+import lcsb.mapviewer.model.map.Comment;
+import lcsb.mapviewer.model.map.model.Model;
+import lcsb.mapviewer.model.user.User;
+import lcsb.mapviewer.services.interfaces.IUserService;
+
 @RunWith(SpringJUnit4ClassRunner.class)
-@Rollback
 public class CommentControllerIntegrationTestWithoutTransaction extends ControllerIntegrationTest {
 
   Logger logger = LogManager.getLogger();
 
+  @Autowired
+  private IUserService userService;
+  
   @Before
   public void setup() {
   }
@@ -34,4 +51,17 @@ public class CommentControllerIntegrationTestWithoutTransaction extends Controll
     mockMvc.perform(request)
         .andExpect(status().is4xxClientError());
   }
+  
+  @Test
+  public void testRemoveCommentAsUserWithAccess() throws Exception {
+    User user = userService.getUserByLogin(Configuration.ANONYMOUS_LOGIN);
+
+    Comment comment = createCommentInSeparateThread(getBuildInModel(), user);
+
+    RequestBuilder request = delete("/projects/" + BUILT_IN_PROJECT + "/comments/" + comment.getId() + "/");
+
+    mockMvc.perform(request)
+        .andExpect(status().is2xxSuccessful());
+  }
+
 }

web/src/test/java/lcsb/mapviewer/web/ControllerIntegrationTest.java

@@ -31,6 +31,7 @@ import lcsb.mapviewer.model.Project;
 import lcsb.mapviewer.model.ProjectStatus;
 import lcsb.mapviewer.model.cache.UploadedFileEntry;
 import lcsb.mapviewer.model.graphics.PolylineData;
+import lcsb.mapviewer.model.map.Comment;
 import lcsb.mapviewer.model.map.layout.ColorSchemaType;
 import lcsb.mapviewer.model.map.layout.Layout;
 import lcsb.mapviewer.model.map.model.ModelData;
@@ -43,7 +44,7 @@ import lcsb.mapviewer.model.user.User;
 import lcsb.mapviewer.persist.DbUtils;
 import lcsb.mapviewer.persist.dao.ProjectDao;
 import lcsb.mapviewer.persist.dao.cache.UploadedFileEntryDao;
-import lcsb.mapviewer.persist.dao.map.LayoutDao;
+import lcsb.mapviewer.persist.dao.map.*;
 import lcsb.mapviewer.persist.dao.user.UserDao;
 import lcsb.mapviewer.services.interfaces.IUserService;
 import lcsb.mapviewer.web.config.SpringWebConfig;
@@ -55,6 +56,8 @@ abstract public class ControllerIntegrationTest {
   protected static final String BUILT_IN_TEST_ADMIN_PASSWORD = "admin";
   protected static final String BUILT_IN_TEST_ADMIN_LOGIN = "admin";
 
+  protected static final String BUILT_IN_PROJECT = "empty";
+
   @Rule
   public UnitTestFailedWatcher unitTestFailedWatcher = new UnitTestFailedWatcher();
   protected MockMvc mockMvc;
@@ -66,10 +69,19 @@ abstract public class ControllerIntegrationTest {
   private IUserService userService;
   @Autowired
   private ProjectDao projectDao;
+
+  @Autowired
+  private ModelDao modelDao;
+
+  @Autowired
+  private CommentDao commentDao;
+
   @Autowired
   private UserDao userDao;
+
   @Autowired
   private PasswordEncoder passwordEncoder;
+
   @Autowired
   private UploadedFileEntryDao fileDao;
 
@@ -325,4 +337,30 @@ abstract public class ControllerIntegrationTest {
     });
   }
 
+  protected Comment createCommentInSeparateThread(ModelData model, User owner) throws Exception {
+    return callInSeparateThread(() -> {
+      Comment comment = createComment(model, owner);
+      commentDao.add(comment);
+      return comment;
+    });
+  }
+
+  protected ModelData getBuildInModel() throws Exception {
+    return callInSeparateThread(() -> {
+      return modelDao.getLastModelForProjectIdentifier(BUILT_IN_PROJECT, true);
+    });
+  }
+
+  protected Comment createComment(ModelData map) {
+    return createComment(map, null);
+  }
+
+  protected Comment createComment(ModelData map, User owner) {
+    Comment comment = new Comment();
+    comment.setModel(map);
+    comment.setUser(owner);
+    comment.setCoordinates(new Point2D.Double(10, 20));
+    return comment;
+  }
+
 }