From 451a25a53c859e2d5382842450158ea641ec92f7 Mon Sep 17 00:00:00 2001 From: domoberzin <74132255+domoberzin@users.noreply.github.com> Date: Fri, 12 Apr 2024 21:34:07 +0800 Subject: [PATCH] [#11878] Handle Duplicate Approved Account Requests (#13009) --- .../it/ui/webapi/UpdateAccountRequestActionIT.java | 14 ++++++++++++++ src/main/java/teammates/sqllogic/api/Logic.java | 7 +++++++ .../sqllogic/core/AccountRequestsLogic.java | 10 ++++++++++ .../storage/sqlapi/AccountRequestsDb.java | 14 ++++++++++++++ .../ui/webapi/UpdateAccountRequestAction.java | 7 +++++++ 5 files changed, 52 insertions(+) diff --git a/src/it/java/teammates/it/ui/webapi/UpdateAccountRequestActionIT.java b/src/it/java/teammates/it/ui/webapi/UpdateAccountRequestActionIT.java index 65045f269d2..f5932deaf99 100644 --- a/src/it/java/teammates/it/ui/webapi/UpdateAccountRequestActionIT.java +++ b/src/it/java/teammates/it/ui/webapi/UpdateAccountRequestActionIT.java @@ -227,6 +227,20 @@ public void testExecute() throws Exception { assertEquals(email, data.getEmail()); assertEquals(institute, data.getInstitute()); assertEquals(null, data.getComments()); + + ______TS("email with approved account request throws exception"); + logic.createAccountRequestWithTransaction("test", "test@email.com", + "institute", AccountRequestStatus.APPROVED, "comments"); + accountRequest = logic.createAccountRequestWithTransaction("test", "test@email.com", + "institute", AccountRequestStatus.PENDING, "comments"); + requestBody = new AccountRequestUpdateRequest(accountRequest.getName(), accountRequest.getEmail(), + accountRequest.getInstitute(), AccountRequestStatus.APPROVED, comments); + params = new String[] {Const.ParamsNames.ACCOUNT_REQUEST_ID, accountRequest.getId().toString()}; + + ipe = verifyInvalidOperation(requestBody, params); + + assertEquals(String.format("An account request with email %s has already been approved. " + + "Please reject or delete the account request instead.", accountRequest.getEmail()), ipe.getMessage()); } @Override diff --git a/src/main/java/teammates/sqllogic/api/Logic.java b/src/main/java/teammates/sqllogic/api/Logic.java index 67bdc5ec5fa..53d90026646 100644 --- a/src/main/java/teammates/sqllogic/api/Logic.java +++ b/src/main/java/teammates/sqllogic/api/Logic.java @@ -204,6 +204,13 @@ public List getAllAccountRequests() { return accountRequestLogic.getAllAccountRequests(); } + /** + * Get a list of account requests associated with email provided. + */ + public List getApprovedAccountRequestsForEmailWithTransaction(String email) { + return accountRequestLogic.getApprovedAccountRequestsForEmailWithTransaction(email); + } + /** * Gets an account. */ diff --git a/src/main/java/teammates/sqllogic/core/AccountRequestsLogic.java b/src/main/java/teammates/sqllogic/core/AccountRequestsLogic.java index fcde8f217f0..2e5af513560 100644 --- a/src/main/java/teammates/sqllogic/core/AccountRequestsLogic.java +++ b/src/main/java/teammates/sqllogic/core/AccountRequestsLogic.java @@ -142,6 +142,16 @@ public List getAllAccountRequests() { return accountRequestDb.getAllAccountRequests(); } + /** + * Get a list of account requests associated with email provided. + */ + public List getApprovedAccountRequestsForEmailWithTransaction(String email) { + HibernateUtil.beginTransaction(); + List accountRequests = accountRequestDb.getApprovedAccountRequestsForEmail(email); + HibernateUtil.commitTransaction(); + return accountRequests; + } + /** * Creates/resets the account request with the given id such that it is not registered. */ diff --git a/src/main/java/teammates/storage/sqlapi/AccountRequestsDb.java b/src/main/java/teammates/storage/sqlapi/AccountRequestsDb.java index 92d61afb8eb..310b78e6239 100644 --- a/src/main/java/teammates/storage/sqlapi/AccountRequestsDb.java +++ b/src/main/java/teammates/storage/sqlapi/AccountRequestsDb.java @@ -103,6 +103,20 @@ public List getAllAccountRequests() { return query.getResultList(); } + /** + * Get all Account Requests for a given {@code email}. + */ + public List getApprovedAccountRequestsForEmail(String email) { + CriteriaBuilder cb = HibernateUtil.getCriteriaBuilder(); + CriteriaQuery cr = cb.createQuery(AccountRequest.class); + Root root = cr.from(AccountRequest.class); + cr.select(root).where(cb.and(cb.equal(root.get("email"), email), + cb.equal(root.get("status"), AccountRequestStatus.APPROVED))); + + TypedQuery query = HibernateUtil.createQuery(cr); + return query.getResultList(); + } + /** * Get AccountRequest by {@code registrationKey} from database. */ diff --git a/src/main/java/teammates/ui/webapi/UpdateAccountRequestAction.java b/src/main/java/teammates/ui/webapi/UpdateAccountRequestAction.java index da579026897..7699709c8d8 100644 --- a/src/main/java/teammates/ui/webapi/UpdateAccountRequestAction.java +++ b/src/main/java/teammates/ui/webapi/UpdateAccountRequestAction.java @@ -47,6 +47,13 @@ public JsonResult execute() throws InvalidOperationException, InvalidHttpRequest accountRequest.getEmail())); } + if (sqlLogic.getApprovedAccountRequestsForEmailWithTransaction(accountRequest.getEmail()).size() > 0) { + throw new InvalidOperationException(String.format( + "An account request with email %s has already been approved. " + + "Please reject or delete the account request instead.", + accountRequest.getEmail())); + } + try { // should not need to update other fields for an approval accountRequest.setStatus(accountRequestUpdateRequest.getStatus());