BE-#0: Fix guest cannot get list of granted events

SE-TINF22B2 · May 30, 2024 · be1b00e · be1b00e
1 parent a493f4d
commit be1b00e
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 20 deletions.
diff --git a/backend/src/main/java/com/dhbw/get2gether/backend/event/adapter/in/EventController.java b/backend/src/main/java/com/dhbw/get2gether/backend/event/adapter/in/EventController.java
@@ -27,8 +27,8 @@ public EventDetailDto createEvent(
     }
 
     @GetMapping("/own")
-    public List<EventOverviewDto> getOwnEvents(@AuthenticationPrincipal OAuth2User principal) {
-        return eventService.getAllEventsFromUser(principal);
+    public List<EventOverviewDto> getOwnEvents(@AuthenticationPrincipal AuthenticatedPrincipal principal) {
+        return eventService.getAllEventsFromPrincipal(principal);
     }
 
     @GetMapping("/{eventId}")

diff --git a/backend/src/main/java/com/dhbw/get2gether/backend/event/adapter/out/EventRepository.java b/backend/src/main/java/com/dhbw/get2gether/backend/event/adapter/out/EventRepository.java
@@ -4,6 +4,7 @@
 import org.springframework.data.mongodb.repository.MongoRepository;
 import org.springframework.stereotype.Repository;
 
+import java.util.Collection;
 import java.util.List;
 import java.util.Optional;
 
@@ -12,5 +13,7 @@ public interface EventRepository extends MongoRepository<Event, String> {
 
     List<Event> findEventsByParticipantIdsContainsOrderByDateDesc(String participantId);
 
+    List<Event> findAllByIdInOrderByDateDesc(Collection<String> id);
+
     Optional<Event> findByInvitationLink(String invitationLink);
 }
diff --git a/backend/src/main/java/com/dhbw/get2gether/backend/event/application/EventService.java b/backend/src/main/java/com/dhbw/get2gether/backend/event/application/EventService.java
@@ -51,14 +51,18 @@ public Event createEvent(AuthenticatedPrincipal principal, EventCreateCommand ev
         return eventRepository.insert(event);
     }
 
-    @PreAuthorize("hasRole('USER')")
-    public List<EventOverviewDto> getAllEventsFromUser(AuthenticatedPrincipal principal) {
-        // TODO: check if principal is guest and return granted events
-        List<Event> userEvents = userService
-                .findUserFromPrincipal(principal)
-                .map(user -> eventRepository.findEventsByParticipantIdsContainsOrderByDateDesc(user.getId()))
-                .orElse(List.of());
-        return userEvents.stream().map(eventMapper::toEventOverviewDto).toList();
+    @PreAuthorize("hasRole('GUEST')")
+    public List<EventOverviewDto> getAllEventsFromPrincipal(AuthenticatedPrincipal principal) {
+        List<Event> events;
+        if (principal instanceof GuestAuthenticationPrincipal guestPrincipal) {
+            events = eventRepository.findAllByIdInOrderByDateDesc(guestPrincipal.getGrantedEventIds());
+        } else {
+            events = userService
+                    .findUserFromPrincipal(principal)
+                    .map(user -> eventRepository.findEventsByParticipantIdsContainsOrderByDateDesc(user.getId()))
+                    .orElse(List.of());
+        }
+        return events.stream().map(eventMapper::toEventOverviewDto).toList();
     }
 
     @PreAuthorize("hasRole('GUEST')")

diff --git a/backend/src/test/java/com/dhbw/get2gether/backend/event/application/EventServiceTest.java b/backend/src/test/java/com/dhbw/get2gether/backend/event/application/EventServiceTest.java
@@ -18,10 +18,7 @@
 import org.springframework.security.core.AuthenticatedPrincipal;
 import org.springframework.security.core.context.SecurityContextHolder;
 
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-import java.util.Optional;
+import java.util.*;
 
 import static org.assertj.core.api.Assertions.*;
 import static org.mockito.ArgumentMatchers.any;
@@ -92,7 +89,7 @@ void shouldGetEventsFromUser() {
                 .thenReturn(Collections.singletonList(event));
 
         // when
-        List<EventOverviewDto> events = eventService.getAllEventsFromUser(principal);
+        List<EventOverviewDto> events = eventService.getAllEventsFromPrincipal(principal);
 
         // then
         verify(eventRepository).findEventsByParticipantIdsContainsOrderByDateDesc(eq(user.getId()));
@@ -101,17 +98,22 @@ void shouldGetEventsFromUser() {
 
     @Test
     @WithMockGuestUser
-    void shouldNotGetEventsFromGuest() {
+    void shouldGetGrantedEventsFromGuest() {
         // given
-        AuthenticatedPrincipal principal = (AuthenticatedPrincipal)
+        GuestAuthenticationPrincipal principal = (GuestAuthenticationPrincipal)
                 SecurityContextHolder.getContext().getAuthentication().getPrincipal();
+        principal.grantAccessToEvent("test");
+        Event event = Event.builder().id("test").build();
 
-        when(userService.findUserFromPrincipal(any())).thenReturn(Optional.empty());
+        when(eventRepository.findAllByIdInOrderByDateDesc(eq(principal.getGrantedEventIds())))
+                .thenReturn(Collections.singletonList(event));
 
         // when
+        List<EventOverviewDto> events = eventService.getAllEventsFromPrincipal(principal);
+
         // then
-        assertThatThrownBy(() -> eventService.getAllEventsFromUser(principal))
-                .isInstanceOf(AccessDeniedException.class);
+        verify(eventRepository).findAllByIdInOrderByDateDesc(eq(principal.getGrantedEventIds()));
+        assertThat(events).hasSize(1);
     }
 
     @Test