From 598c5b28e5621bade036962ad17b2f46f051e54a Mon Sep 17 00:00:00 2001
From: tsznaj <tsznajderski@soldevelo.com>
Date: Mon, 17 Jun 2024 13:44:52 +0200
Subject: [PATCH] Revert "OAM-200: added delete endpoint with rights"

This reverts commit fd63632492b7dbf315bcf6be89c5b52f822b5306.
---
 .../service/PermissionService.java            |  9 +---
 .../fulfillment/web/OrderController.java      | 54 ++++++-------------
 src/main/resources/api-definition.yaml        | 27 ----------
 3 files changed, 17 insertions(+), 73 deletions(-)

diff --git a/src/main/java/org/openlmis/fulfillment/service/PermissionService.java b/src/main/java/org/openlmis/fulfillment/service/PermissionService.java
index ace8b227..f6ab564c 100644
--- a/src/main/java/org/openlmis/fulfillment/service/PermissionService.java
+++ b/src/main/java/org/openlmis/fulfillment/service/PermissionService.java
@@ -19,7 +19,6 @@
 import static org.apache.commons.lang3.StringUtils.startsWith;
 import static org.openlmis.fulfillment.i18n.MessageKeys.ORDER_NOT_FOUND;
 
-import java.util.List;
 import java.util.UUID;
 import javax.validation.constraints.NotNull;
 import org.openlmis.fulfillment.domain.Order;
@@ -53,7 +52,6 @@ public class PermissionService {
   public static final String ORDERS_VIEW = "ORDERS_VIEW";
   public static final String ORDERS_EDIT = "ORDERS_EDIT";
   public static final String ORDER_CREATE = "ORDER_CREATE";
-  public static final String ORDER_DELETE = "ORDER_DELETE";
   public static final String SHIPMENTS_VIEW = "SHIPMENTS_VIEW";
   public static final String SHIPMENTS_EDIT = "SHIPMENTS_EDIT";
   static final String SYSTEM_SETTINGS_MANAGE = "SYSTEM_SETTINGS_MANAGE";
@@ -154,12 +152,6 @@ public void canCreateOrder(Order order) {
     checkPermission(ORDER_CREATE, order.getReceivingFacilityId());
   }
 
-  public void canDeleteOrders(List<UUID> ids) {
-    for (UUID id : ids) {
-      checkPermission(ORDER_DELETE, id);
-    }
-  }
-
   /**
    * Checks if user has permission to view Shipments.
    *
@@ -309,4 +301,5 @@ private boolean checkServiceToken(boolean allowApiKey,
 
     return false;
   }
+
 }
diff --git a/src/main/java/org/openlmis/fulfillment/web/OrderController.java b/src/main/java/org/openlmis/fulfillment/web/OrderController.java
index ad5d462f..e26fee26 100644
--- a/src/main/java/org/openlmis/fulfillment/web/OrderController.java
+++ b/src/main/java/org/openlmis/fulfillment/web/OrderController.java
@@ -26,7 +26,6 @@
 import java.nio.charset.StandardCharsets;
 import java.text.DecimalFormat;
 import java.text.DecimalFormatSymbols;
-import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -75,7 +74,6 @@
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.stereotype.Controller;
 import org.springframework.transaction.annotation.Transactional;
-import org.springframework.util.CollectionUtils;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -195,16 +193,16 @@ public OrderDto createRequisitionLessOrder(@RequestBody OrderDto orderDto) {
   /**
    * Allows updating orders.
    *
-   * @param orderId  UUID of order which we want to update
+   * @param orderId UUID of order which we want to update
    * @param orderDto An order bound to the request body
    * @return updated order
    */
   @PutMapping("/orders/{id}")
   @ResponseBody
   public OrderDto updateOrder(
-      @PathVariable("id") UUID orderId,
-      @RequestBody OrderDto orderDto,
-      BindingResult bindingResult
+          @PathVariable("id") UUID orderId,
+          @RequestBody OrderDto orderDto,
+          BindingResult bindingResult
   ) {
     permissionService.canCreateOrder(orderDto);
 
@@ -222,15 +220,15 @@ public OrderDto updateOrder(
   /**
    * Send requisition-less order.
    *
-   * @param orderId  UUID of order
+   * @param orderId UUID of order
    * @param orderDto An order bound to the request body
    */
   @PutMapping("/orders/{id}/requisitionLess/send")
   @ResponseBody
   public void sendRequisitionLessOrder(
-      @PathVariable("id") UUID orderId,
-      @RequestBody OrderDto orderDto,
-      BindingResult bindingResult
+          @PathVariable("id") UUID orderId,
+          @RequestBody OrderDto orderDto,
+          BindingResult bindingResult
   ) {
     permissionService.canCreateOrder(orderDto);
 
@@ -257,7 +255,7 @@ public void sendRequisitionLessOrder(
   @ResponseStatus(HttpStatus.OK)
   @ResponseBody
   public Iterable<BasicOrderDto> batchCreateOrders(@RequestBody List<OrderDto> orders,
-                                                   OAuth2Authentication authentication) {
+      OAuth2Authentication authentication) {
     List<Order> newOrders = orders
         .stream()
         .map(order -> createSingleOrder(order, authentication))
@@ -319,7 +317,7 @@ public NumberOfOrdersData getOrdersData() {
   public OrderStatsData getOrderStatusesStatsData() {
     Profiler profiler = new Profiler("GET_ORDER_STATISTICS_DATA");
     profiler.setLogger(XLOGGER);
-    UUID facilityId = authenticationHelper.getCurrentUser().getHomeFacilityId();
+    UUID facilityId =  authenticationHelper.getCurrentUser().getHomeFacilityId();
     if (facilityId == null) {
       return new OrderStatsData();
     }
@@ -334,7 +332,7 @@ public OrderStatsData getOrderStatusesStatsData() {
    * Get chosen order.
    *
    * @param orderId UUID of order whose we want to get
-   * @param expand  a set of field names to expand
+   * @param expand a set of field names to expand
    * @return OrderDto.
    */
   @RequestMapping(value = "/orders/{id}", method = RequestMethod.GET)
@@ -358,7 +356,7 @@ public OrderDto getOrder(@PathVariable("id") UUID orderId,
   @ResponseBody
   public List<UUID> getRequestingFacilities(
       @RequestParam(name = "supplyingFacilityId", required = false)
-      List<UUID> supplyingFacilityIds) {
+          List<UUID> supplyingFacilityIds) {
     return orderRepository.getRequestingFacilities(supplyingFacilityIds);
   }
 
@@ -371,7 +369,7 @@ public List<UUID> getRequestingFacilities(
   @RequestMapping(value = "/orders/{id}/print", method = RequestMethod.GET)
   @ResponseStatus(HttpStatus.OK)
   public ResponseEntity<byte[]> printOrder(@PathVariable("id") UUID orderId,
-                                           @RequestParam("format") String format) throws IOException {
+                                 @RequestParam("format") String format) throws IOException {
 
     Order order = orderRepository.findById(orderId)
         .orElseThrow(() -> new OrderNotFoundException(orderId));
@@ -434,9 +432,9 @@ public ResponseEntity<byte[]> printOrder(@PathVariable("id") UUID orderId,
   @RequestMapping(value = "/orders/{id}/export", method = RequestMethod.GET)
   @ResponseStatus(HttpStatus.OK)
   public void export(@PathVariable("id") UUID orderId,
-                     @RequestParam(value = "type", required = false,
-                         defaultValue = TYPE_CSV) String type,
-                     HttpServletResponse response) throws IOException {
+      @RequestParam(value = "type", required = false,
+          defaultValue = TYPE_CSV) String type,
+      HttpServletResponse response) throws IOException {
     if (!TYPE_CSV.equals(type)) {
       String msg = "Export type: " + type + " not allowed";
       XLOGGER.warn(msg);
@@ -499,26 +497,6 @@ public ResultDto<Boolean> retryOrderTransfer(@PathVariable("id") UUID id) {
     return new ResultDto<>(TRANSFER_FAILED != order.getStatus());
   }
 
-  @RequestMapping(value = "/orders", method = RequestMethod.DELETE)
-  @ResponseStatus(HttpStatus.OK)
-  public void deleteMultipleOrders(@RequestParam(name = "ids") List<UUID> ids) {
-
-    if (CollectionUtils.isEmpty(ids)) {
-      XLOGGER.info("Nothing to delete");
-    }
-    Iterable<Order> orders = orderRepository.findAllById(ids);
-    List<UUID> receivingIds = new ArrayList<>();
-    orders.forEach(order -> {
-      receivingIds.add(order.getReceivingFacilityId());
-    });
-
-    permissionService.canDeleteOrders(receivingIds);
-
-    for (UUID id : ids) {
-      orderRepository.deleteById(id);
-    }
-  }
-
   private Order createSingleOrder(OrderDto orderDto,
                                   OAuth2Authentication authentication) {
 
diff --git a/src/main/resources/api-definition.yaml b/src/main/resources/api-definition.yaml
index 470dedb4..4db7234e 100644
--- a/src/main/resources/api-definition.yaml
+++ b/src/main/resources/api-definition.yaml
@@ -367,33 +367,6 @@ resourceTypes:
                 body:
                   application/json:
                     schema: localizedMessage
-      delete:
-        is: [ secured ]
-        description: Removes many orders by id. This endpoint requires ORDERE_DELETE right.
-        body:
-          application/json:
-            schema:
-              type: "array",
-              items: {
-                type: "string",
-              }
-        responses:
-          "204":
-            headers:
-              Keep-Alive:
-          "404":
-            body:
-              application/json:
-                schema: localizedErrorResponse
-          "409":
-            body:
-              application/json:
-          "403":
-            headers:
-              Keep-Alive:
-            body:
-              application/json:
-                schema: localizedErrorResponse
       /requisitionLess:
         post:
           is: [ secured ]