proper handling of accessing project data without defining projectId

ef8e3561 · Piotr Gawron · 993d6795 · ef8e3561 · ef8e3561
Commit ef8e3561 authored 5 years ago by Piotr Gawron
--- a/rest-api/src/main/java/lcsb/mapviewer/api/projects/ProjectRestImpl.java
+++ b/rest-api/src/main/java/lcsb/mapviewer/api/projects/ProjectRestImpl.java
@@ -651,6 +651,10 @@ public class ProjectRestImpl extends BaseRestImpl {
  }

  public Map<String, Object> grantPrivilegesProject(String projectId, Map[] data) throws QueryException {
+    Project project = getProjectService().getProjectByProjectId(projectId);
+    if (project == null) {
+      throw new ObjectNotFoundException("Project with given id doesn't exist");
+    }
    for (Map m : data) {
      PrivilegeType privilege = getPrivilegeType(m);
      User user = getUser(m);
@@ -672,6 +676,10 @@ public class ProjectRestImpl extends BaseRestImpl {
  }

  public Map<String, Object> revokePrivilegesProject(String projectId, Map[] data) throws QueryException {
+    Project project = getProjectService().getProjectByProjectId(projectId);
+    if (project == null) {
+      throw new ObjectNotFoundException("Project with given id doesn't exist");
+    }
    for (Map m : data) {
      PrivilegeType privilege = getPrivilegeType(m);
      User user = getUser(m);

--- a/web/src/test/java/lcsb/mapviewer/web/ProjectControllerIntegrationTest.java
+++ b/web/src/test/java/lcsb/mapviewer/web/ProjectControllerIntegrationTest.java
 package lcsb.mapviewer.web;

 import static org.junit.Assert.*;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.patch;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;

 import org.apache.logging.log4j.LogManager;
@@ -26,7 +25,7 @@ import lcsb.mapviewer.model.security.PrivilegeType;
 import lcsb.mapviewer.model.user.User;
 import lcsb.mapviewer.persist.dao.ProjectDao;
 import lcsb.mapviewer.services.interfaces.IUserService;
-
+ 
 @RunWith(SpringJUnit4ClassRunner.class)
 @Transactional
 @Rollback
@@ -57,8 +56,7 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest
  @Test
  public void testGetAllProjectsAsAdmin() throws Exception {
    MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
-    Project project = new Project(TEST_PROJECT);
-    projectDao.add(project);
+    createProject(TEST_PROJECT);

    RequestBuilder request = get("/projects/")
        .contentType(MediaType.APPLICATION_FORM_URLENCODED)
@@ -77,8 +75,7 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest

  @Test
  public void testGetLimitedProjectsAsCurator() throws Exception {
-    Project project = new Project(TEST_PROJECT);
-    projectDao.add(project);
+    Project project = createProject(TEST_PROJECT);

    userService.grantUserPrivilege(curator, PrivilegeType.READ_PROJECT, project.getProjectId());
    Project project2 = new Project("test_project2");
@@ -120,8 +117,7 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest

  @Test
  public void testGetLogsForProject() throws Exception {
-    Project project = new Project(TEST_PROJECT);
-    projectDao.add(project);
+    Project project = createProject(TEST_PROJECT);

    userService.grantUserPrivilege(curator, PrivilegeType.READ_PROJECT, project.getProjectId());

@@ -136,8 +132,7 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest

  @Test
  public void testGrantPrivilege() throws Exception {
-    Project project = new Project(TEST_PROJECT);
-    projectDao.add(project);
+    createProject(TEST_PROJECT);

    MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);

@@ -158,8 +153,7 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest

  @Test
  public void testRevokePrivilege() throws Exception {
-    Project project = new Project(TEST_PROJECT);
-    projectDao.add(project);
+    Project project = createProject(TEST_PROJECT);
    userService.grantUserPrivilege(curator, PrivilegeType.READ_PROJECT, project.getProjectId());

    MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
@@ -179,4 +173,139 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest
    assertFalse(curator.getPrivileges().contains(new Privilege(PrivilegeType.READ_PROJECT, TEST_PROJECT)));
  }

+  @Test
+  public void testGetNonExistingProject() throws Exception {
+    MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
+
+    RequestBuilder request = get("/projects/*/")
+        .contentType(MediaType.APPLICATION_FORM_URLENCODED)
+        .session(session);
+
+    mockMvc.perform(request)
+        .andExpect(status().isNotFound());
+  }
+
+  @Test
+  public void testUpdateProject() throws Exception {
+    MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
+    Project project = createProject(TEST_PROJECT);
+
+    String content = "{\"project\":{\"version\":\"xxx\"}}";
+
+    RequestBuilder request = patch("/projects/" + TEST_PROJECT + "/")
+        .contentType(MediaType.APPLICATION_FORM_URLENCODED)
+        .content(content)
+        .session(session);
+
+    mockMvc.perform(request)
+        .andExpect(status().is2xxSuccessful());
+
+    assertEquals("xxx", project.getVersion());
+
+  }
+
+  @Test
+  public void testUpdateProjectWithUndefinedProjectId() throws Exception {
+    MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
+
+    String content = "{\"project\":{\"version\":\"xxx\"}}";
+
+    RequestBuilder request = patch("/projects/*/")
+        .contentType(MediaType.APPLICATION_FORM_URLENCODED)
+        .content(content)
+        .session(session);
+
+    mockMvc.perform(request)
+        .andExpect(status().isNotFound());
+  }
+
+  @Test
+  public void testGrantPrivilegeForUndefinedProject() throws Exception {
+    MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
+
+    String body = "[{"
+        + "\"privilegeType\":\"" + PrivilegeType.READ_PROJECT + "\", "
+        + "\"login\":\"" + CURATOR_LOGIN + "\""
+        + "}]";
+
+    RequestBuilder request = patch("/projects/*:grantPrivileges")
+        .content(body)
+        .session(session);
+
+    mockMvc.perform(request)
+        .andExpect(status().isNotFound());
+  }
+
+  @Test
+  public void testRevokePrivilegeForUndefinedProject() throws Exception {
+    MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
+
+    String body = "[{"
+        + "\"privilegeType\":\"" + PrivilegeType.READ_PROJECT + "\", "
+        + "\"login\":\"" + CURATOR_LOGIN + "\""
+        + "}]";
+
+    RequestBuilder request = patch("/projects/*:revokePrivileges")
+        .content(body)
+        .session(session);
+
+    mockMvc.perform(request)
+        .andExpect(status().isNotFound());
+  }
+
+  @Test
+  public void testRemoveProjectForUndefinedProjectId() throws Exception {
+    MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
+
+    RequestBuilder request = delete("/projects/*/")
+        .session(session);
+
+    mockMvc.perform(request)
+        .andExpect(status().isNotFound());
+  }
+
+  @Test
+  public void testGetStatisticsForUndefinedProjectId() throws Exception {
+    MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
+
+    RequestBuilder request = get("/projects/*/statistics")
+        .session(session);
+
+    mockMvc.perform(request)
+        .andExpect(status().isNotFound());
+  }
+
+  @Test
+  public void testDownloadSourceForUndefinedProjectId() throws Exception {
+    MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
+
+    RequestBuilder request = get("/projects/*:downloadSource")
+        .session(session);
+
+    mockMvc.perform(request)
+        .andExpect(status().isNotFound());
+  }
+
+  @Test
+  public void testGetLogsForUndefinedProjectId() throws Exception {
+    MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
+
+    RequestBuilder request = get("/projects/*/logs/")
+        .session(session);
+
+    mockMvc.perform(request)
+        .andExpect(status().isNotFound());
+  }
+
+  @Test
+  public void testGetSubmapConnectionsForUndefinedProjectId() throws Exception {
+    MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
+
+    RequestBuilder request = get("/projects/*/submapConnections/")
+        .session(session);
+
+    mockMvc.perform(request)
+        .andExpect(status().isNotFound());
+  }
+
 }