Commit 9adbe74c authored by Piotr Gawron's avatar Piotr Gawron
Browse files

anonymous user shouldn't be owner of the comment

parent 0995fe1a
......@@ -16,6 +16,7 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.web.bind.annotation.*;
import lcsb.mapviewer.api.*;
import lcsb.mapviewer.common.Configuration;
import lcsb.mapviewer.model.security.PrivilegeType;
import lcsb.mapviewer.model.user.User;
import lcsb.mapviewer.services.interfaces.IUserService;
......@@ -136,8 +137,11 @@ public class CommentController extends BaseController {
@RequestParam(value = "coordinates") String coordinates,
@PathVariable(value = "modelId") String modelId, Authentication authentication) throws QueryException {
Point2D pointCoordinates = parseCoordinates(coordinates);
User user = userService.getUserByLogin(authentication.getName());
if (user.getLogin().equals(Configuration.ANONYMOUS_LOGIN)) {
user = null;
}
return commentController.addComment(projectId, ElementIdentifierType.ALIAS.getJsName(), elementId, name,
email, content, pinned.toLowerCase().equals("true"), pointCoordinates, modelId, user);
}
......@@ -155,6 +159,9 @@ public class CommentController extends BaseController {
@PathVariable(value = "modelId") String modelId, Authentication authentication) throws QueryException {
Point2D pointCoordinates = parseCoordinates(coordinates);
User user = userService.getUserByLogin(authentication.getName());
if (user.getLogin().equals(Configuration.ANONYMOUS_LOGIN)) {
user = null;
}
return commentController.addComment(projectId, ElementIdentifierType.REACTION.getJsName(), reactionId, name,
email, content, pinned.toLowerCase().equals("true"), pointCoordinates, modelId, user);
}
......@@ -171,6 +178,9 @@ public class CommentController extends BaseController {
@PathVariable(value = "modelId") String modelId, Authentication authentication) throws QueryException {
Point2D pointCoordinates = parseCoordinates(coordinates);
User user = userService.getUserByLogin(authentication.getName());
if (user.getLogin().equals(Configuration.ANONYMOUS_LOGIN)) {
user = null;
}
return commentController.addComment(projectId, ElementIdentifierType.POINT.getJsName(), coordinates, name,
email, content, pinned.toLowerCase().equals("true"), pointCoordinates, modelId, user);
}
......
......@@ -24,6 +24,7 @@ import org.springframework.transaction.annotation.Transactional;
import com.google.gson.JsonParser;
import lcsb.mapviewer.common.Configuration;
import lcsb.mapviewer.model.Project;
import lcsb.mapviewer.model.map.Comment;
import lcsb.mapviewer.model.map.model.ModelData;
......@@ -628,6 +629,33 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
assertEquals("Owner of the comment wasn't set properly", user, comment.getUser());
}
@Test
public void testAddElementCommentAsAnonymous() throws Exception {
String body = EntityUtils.toString(new UrlEncodedFormEntity(Arrays.asList(
new BasicNameValuePair("name", "test_user"),
new BasicNameValuePair("email", "a@a.lu"),
new BasicNameValuePair("content", "tes content"),
new BasicNameValuePair("pinned", "true"),
new BasicNameValuePair("coordinates", "10,2"),
new BasicNameValuePair("modelId", map.getId().toString()))));
userService.grantUserPrivilege(userService.getUserByLogin(Configuration.ANONYMOUS_LOGIN),
PrivilegeType.READ_PROJECT, TEST_PROJECT);
RequestBuilder request = post(
"/projects/" + TEST_PROJECT + "/comments/models/" + map.getId() + "/bioEntities/elements/" + element.getId())
.contentType(MediaType.APPLICATION_FORM_URLENCODED)
.content(body);
mockMvc.perform(request)
.andExpect(status().is2xxSuccessful());
assertEquals(1, commentDao.getCommentByModel(map, null, null).size());
Comment comment = commentDao.getCommentByModel(map, null, null).get(0);
assertNull("Owner of the comment wasn't set properly", comment.getUser());
}
@Test
public void testAddElementCommentWithUndefinedProject() throws Exception {
createAdmin(TEST_ADMIN_LOGIN, TEST_ADMIN_PASSWORD);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment