anonymous user shouldn't be owner of the comment

rest-api/src/main/java/lcsb/mapviewer/api/projects/comments/CommentController.java

@@ -16,6 +16,7 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.web.bind.annotation.*;
 
 import lcsb.mapviewer.api.*;
+import lcsb.mapviewer.common.Configuration;
 import lcsb.mapviewer.model.security.PrivilegeType;
 import lcsb.mapviewer.model.user.User;
 import lcsb.mapviewer.services.interfaces.IUserService;
@@ -136,8 +137,11 @@ public class CommentController extends BaseController {
       @RequestParam(value = "coordinates") String coordinates,
       @PathVariable(value = "modelId") String modelId, Authentication authentication) throws QueryException {
     Point2D pointCoordinates = parseCoordinates(coordinates);
-    
+
     User user = userService.getUserByLogin(authentication.getName());
+    if (user.getLogin().equals(Configuration.ANONYMOUS_LOGIN)) {
+      user = null;
+    }
     return commentController.addComment(projectId, ElementIdentifierType.ALIAS.getJsName(), elementId, name,
         email, content, pinned.toLowerCase().equals("true"), pointCoordinates, modelId, user);
   }
@@ -155,6 +159,9 @@ public class CommentController extends BaseController {
       @PathVariable(value = "modelId") String modelId, Authentication authentication) throws QueryException {
     Point2D pointCoordinates = parseCoordinates(coordinates);
     User user = userService.getUserByLogin(authentication.getName());
+    if (user.getLogin().equals(Configuration.ANONYMOUS_LOGIN)) {
+      user = null;
+    }
     return commentController.addComment(projectId, ElementIdentifierType.REACTION.getJsName(), reactionId, name,
         email, content, pinned.toLowerCase().equals("true"), pointCoordinates, modelId, user);
   }
@@ -171,6 +178,9 @@ public class CommentController extends BaseController {
       @PathVariable(value = "modelId") String modelId, Authentication authentication) throws QueryException {
     Point2D pointCoordinates = parseCoordinates(coordinates);
     User user = userService.getUserByLogin(authentication.getName());
+    if (user.getLogin().equals(Configuration.ANONYMOUS_LOGIN)) {
+      user = null;
+    }
     return commentController.addComment(projectId, ElementIdentifierType.POINT.getJsName(), coordinates, name,
         email, content, pinned.toLowerCase().equals("true"), pointCoordinates, modelId, user);
   }

web/src/test/java/lcsb/mapviewer/web/CommentControllerIntegrationTest.java

@@ -24,6 +24,7 @@ import org.springframework.transaction.annotation.Transactional;
 
 import com.google.gson.JsonParser;
 
+import lcsb.mapviewer.common.Configuration;
 import lcsb.mapviewer.model.Project;
 import lcsb.mapviewer.model.map.Comment;
 import lcsb.mapviewer.model.map.model.ModelData;
@@ -628,6 +629,33 @@ public class CommentControllerIntegrationTest extends ControllerIntegrationTest
     assertEquals("Owner of the comment wasn't set properly", user, comment.getUser());
   }
 
+  @Test
+  public void testAddElementCommentAsAnonymous() throws Exception {
+    String body = EntityUtils.toString(new UrlEncodedFormEntity(Arrays.asList(
+        new BasicNameValuePair("name", "test_user"),
+        new BasicNameValuePair("email", "a@a.lu"),
+        new BasicNameValuePair("content", "tes content"),
+        new BasicNameValuePair("pinned", "true"),
+        new BasicNameValuePair("coordinates", "10,2"),
+        new BasicNameValuePair("modelId", map.getId().toString()))));
+
+    userService.grantUserPrivilege(userService.getUserByLogin(Configuration.ANONYMOUS_LOGIN),
+        PrivilegeType.READ_PROJECT, TEST_PROJECT);
+
+    RequestBuilder request = post(
+        "/projects/" + TEST_PROJECT + "/comments/models/" + map.getId() + "/bioEntities/elements/" + element.getId())
+            .contentType(MediaType.APPLICATION_FORM_URLENCODED)
+            .content(body);
+
+    mockMvc.perform(request)
+        .andExpect(status().is2xxSuccessful());
+
+    assertEquals(1, commentDao.getCommentByModel(map, null, null).size());
+
+    Comment comment = commentDao.getCommentByModel(map, null, null).get(0);
+    assertNull("Owner of the comment wasn't set properly", comment.getUser());
+  }
+
   @Test
   public void testAddElementCommentWithUndefinedProject() throws Exception {
     createAdmin(TEST_ADMIN_LOGIN, TEST_ADMIN_PASSWORD);