Merge pull request #310 from bounswe/fix-request-authentication

Fix feedback and survey endpoint authenticaiton
bounswe · Dec 15, 2024 · 14f80a1 · 14f80a1
2 parents 45e945b + 8adc014
commit 14f80a1
Show file tree

Hide file tree

Showing 4 changed files with 117 additions and 57 deletions.
diff --git a/backend/demo-group7/src/main/java/com/group7/demo/controllers/FeedbackController.java b/backend/demo-group7/src/main/java/com/group7/demo/controllers/FeedbackController.java
@@ -4,6 +4,7 @@
 import com.group7.demo.dtos.FeedbackResponse;
 import com.group7.demo.models.Feedback;
 import com.group7.demo.services.FeedbackService;
+import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 
@@ -20,20 +21,20 @@ public FeedbackController(FeedbackService feedbackService) {
     }
 
     @PostMapping
-    public ResponseEntity<FeedbackResponse> addFeedback(@RequestBody FeedbackRequest request) {
-        FeedbackResponse response = feedbackService.addFeedback(request);
+    public ResponseEntity<FeedbackResponse> addFeedback(@RequestBody FeedbackRequest feedbackRequest, HttpServletRequest request) {
+        FeedbackResponse response = feedbackService.addFeedback(feedbackRequest, request);
         return ResponseEntity.ok(response);
     }
 
     @GetMapping("/training-program/{id}")
-    public ResponseEntity<List<FeedbackResponse>> getFeedbackForTrainingProgram(@PathVariable Long id) {
-        List<FeedbackResponse> feedbackList = feedbackService.getFeedbackForTrainingProgram(id);
+    public ResponseEntity<List<FeedbackResponse>> getFeedbackForTrainingProgram(@PathVariable Long id, HttpServletRequest request) {
+        List<FeedbackResponse> feedbackList = feedbackService.getFeedbackForTrainingProgram(id, request);
         return ResponseEntity.ok(feedbackList);
     }
 
-    @GetMapping("/user/{id}")
-    public ResponseEntity<List<FeedbackResponse>> getFeedbackForUser(@PathVariable Long id) {
-        List<FeedbackResponse> feedbackList = feedbackService.getFeedbackForUser(id);
+    @GetMapping("/user/{username}")
+    public ResponseEntity<List<FeedbackResponse>> getFeedbackForUser(@PathVariable String username, HttpServletRequest request) {
+        List<FeedbackResponse> feedbackList = feedbackService.getFeedbackForUser(username, request);
         return ResponseEntity.ok(feedbackList);
     }
 }
diff --git a/backend/demo-group7/src/main/java/com/group7/demo/controllers/SurveyController.java b/backend/demo-group7/src/main/java/com/group7/demo/controllers/SurveyController.java
@@ -3,6 +3,7 @@
 import com.group7.demo.dtos.SurveyRequest;
 import com.group7.demo.dtos.SurveyResponse;
 import com.group7.demo.services.SurveyService;
+import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 
@@ -20,35 +21,36 @@ public SurveyController(SurveyService surveyService) {
 
     // Add a new survey
     @PostMapping
-    public ResponseEntity<SurveyResponse> addSurvey(@RequestBody SurveyRequest request) {
-        SurveyResponse response = surveyService.addSurvey(request);
+    public ResponseEntity<SurveyResponse> addSurvey(@RequestBody SurveyRequest request, HttpServletRequest httpServletRequest) {
+        SurveyResponse response = surveyService.addSurvey(request, httpServletRequest);
         return ResponseEntity.ok(response);
     }
 
     // Get survey by username
-    @GetMapping("/user/{username}")
-    public ResponseEntity<SurveyResponse> getSurveyByUser(@PathVariable String username) {
-        SurveyResponse response = surveyService.getSurveyByUser(username);
+    @GetMapping("/user")
+    public ResponseEntity<SurveyResponse> getSurveyByUser(HttpServletRequest request) {
+        SurveyResponse response = surveyService.getSurveyForAuthenticatedUser(request);
         return ResponseEntity.ok(response);
     }
 
-    @GetMapping("/{username}/fitness-goals")
-    public ResponseEntity<List<String>> getUserFitnessGoals(@PathVariable String username) {
-        List<String> fitnessGoals = surveyService.getUserFitnessGoals(username);
+    @GetMapping("/fitness-goals")
+    public ResponseEntity<List<String>> getUserFitnessGoals(HttpServletRequest request) {
+        List<String> fitnessGoals = surveyService.getUserFitnessGoals(request);
         return ResponseEntity.ok(fitnessGoals);
     }
 
     // Add multiple fitness goals
-    @PostMapping("/{username}/fitness-goals")
-    public ResponseEntity<List<String>> addFitnessGoals(@PathVariable String username, @RequestBody List<String> goals) {
-        List<String> addedGoals = surveyService.addFitnessGoals(username, goals);
+    @PostMapping("/fitness-goals")
+    public ResponseEntity<List<String>> addFitnessGoals(@RequestBody List<String> goals, HttpServletRequest request) {
+        List<String> addedGoals = surveyService.addFitnessGoals(goals, request);
         return ResponseEntity.ok(addedGoals);
     }
 
+
     // Remove multiple fitness goals
-    @DeleteMapping("/{username}/fitness-goals")
-    public ResponseEntity<Void> removeFitnessGoals(@PathVariable String username, @RequestBody List<String> goals) {
-        surveyService.removeFitnessGoals(username, goals);
+    @DeleteMapping("/fitness-goals")
+    public ResponseEntity<Void> removeFitnessGoals(@RequestBody List<String> goals, HttpServletRequest request) {
+        surveyService.removeFitnessGoals(goals, request);
         return ResponseEntity.ok().build();
     }
 }
diff --git a/backend/demo-group7/src/main/java/com/group7/demo/services/FeedbackService.java b/backend/demo-group7/src/main/java/com/group7/demo/services/FeedbackService.java
@@ -9,6 +9,7 @@
 import com.group7.demo.repository.FeedbackRepository;
 import com.group7.demo.repository.TrainingProgramRepository;
 import com.group7.demo.repository.UserRepository;
+import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.stereotype.Service;
 
 import java.util.List;
@@ -22,52 +23,83 @@ public class FeedbackService {
     private final TrainingProgramRepository trainingProgramRepository;
     private final UserRepository userRepository;
     private final Mapper mapper;
+    private final AuthenticationService authenticationService;
 
-    public FeedbackService(FeedbackRepository feedbackRepository, TrainingProgramRepository trainingProgramRepository, UserRepository userRepository, Mapper mapper) {
+    public FeedbackService(FeedbackRepository feedbackRepository, TrainingProgramRepository trainingProgramRepository, UserRepository userRepository, Mapper mapper, AuthenticationService authenticationService) {
         this.feedbackRepository = feedbackRepository;
         this.trainingProgramRepository = trainingProgramRepository;
         this.userRepository = userRepository;
         this.mapper = mapper;
+        this.authenticationService = authenticationService;
     }
 
-    public FeedbackResponse addFeedback(FeedbackRequest request) {
+
+    public FeedbackResponse addFeedback(FeedbackRequest feedbackRequest, HttpServletRequest request) {
         // Validate and fetch related entities
-        TrainingProgram trainingProgram = trainingProgramRepository.findById(request.getTrainingProgramId())
+        TrainingProgram trainingProgram = trainingProgramRepository.findById(feedbackRequest.getTrainingProgramId())
                 .orElseThrow(() -> new IllegalArgumentException("Training Program not found"));
 
-        User user = userRepository.findById(request.getUserId())
-                .orElseThrow(() -> new IllegalArgumentException("User not found"));
+        User user = authenticationService.getAuthenticatedUserInternal(request);
+
+        boolean isParticipant = trainingProgram.getParticipants().stream()
+                .anyMatch(participant -> participant.getUser().equals(user));
+
+        if (!isParticipant) {
+            throw new IllegalArgumentException("User is not a participant of the Training Program");
+        }
 
         // Create the Feedback entity
         Feedback feedback = Feedback.builder()
                 .trainingProgram(trainingProgram)
                 .user(user)
-                .bodyPart(request.getBodyPart())
-                .weekNumber(request.getWeekNumber())
-                .workoutNumber(request.getWorkoutNumber())
-                .exerciseNumber(request.getExerciseNumber())
-                .feedbackText(request.getFeedbackText())
+                .bodyPart(feedbackRequest.getBodyPart())
+                .weekNumber(feedbackRequest.getWeekNumber())
+                .workoutNumber(feedbackRequest.getWorkoutNumber())
+                .exerciseNumber(feedbackRequest.getExerciseNumber())
+                .feedbackText(feedbackRequest.getFeedbackText())
                 .build();
 
         // Save the Feedback and map to FeedbackResponse
         Feedback savedFeedback = feedbackRepository.save(feedback);
         return mapper.mapToFeedbackResponse(savedFeedback);
     }
 
-    public List<FeedbackResponse> getFeedbackForTrainingProgram(Long trainingProgramId) {
+    public List<FeedbackResponse> getFeedbackForTrainingProgram(Long trainingProgramId, HttpServletRequest request) {
+        User user = authenticationService.getAuthenticatedUserInternal(request);
+
+        TrainingProgram trainingProgram = trainingProgramRepository.findById(trainingProgramId)
+                .orElseThrow(() -> new IllegalArgumentException("Training Program not found"));
+
+        if (!trainingProgram.getTrainer().equals(user)) {
+            throw new IllegalArgumentException("User is not authorized to view feedback for this Training Program");
+        }
+
+
         List<Feedback> feedbackList = feedbackRepository.findByTrainingProgramId(trainingProgramId);
         return feedbackList.stream()
                 .map(mapper::mapToFeedbackResponse)
                 .collect(Collectors.toList());
     }
 
-    public List<FeedbackResponse> getFeedbackForUser(Long userId) {
-        List<Feedback> feedbackList = feedbackRepository.findByUserId(userId);
+    public List<FeedbackResponse> getFeedbackForUser(String username, HttpServletRequest request) {
+        // Fetch the authenticated user (trainer)
+        User trainer = authenticationService.getAuthenticatedUserInternal(request);
 
-        // Map each Feedback entity to a FeedbackResponse DTO
-        return feedbackList.stream()
-                .map(mapper::mapToFeedbackResponse) // Use the Mapper to convert each Feedback to FeedbackResponse
-                .collect(Collectors.toList());
+        // Find the user by username
+        User targetUser = userRepository.findByUsername(username)
+                .orElseThrow(() -> new IllegalArgumentException("User not found"));
 
+        // Fetch feedback for the specified user
+        List<Feedback> feedbackList = feedbackRepository.findByUserId(targetUser.getId());
+
+        // Filter feedback to include only those for training programs created by the trainer
+        List<Feedback> filteredFeedback = feedbackList.stream()
+                .filter(feedback -> feedback.getTrainingProgram().getTrainer().equals(trainer))
+                .toList();
+
+        // Map the filtered feedback to FeedbackResponse DTOs
+        return filteredFeedback.stream()
+                .map(mapper::mapToFeedbackResponse)
+                .collect(Collectors.toList());
     }
 }
diff --git a/backend/demo-group7/src/main/java/com/group7/demo/services/SurveyService.java b/backend/demo-group7/src/main/java/com/group7/demo/services/SurveyService.java
@@ -9,6 +9,8 @@
 import com.group7.demo.repository.SurveyRepository;
 import com.group7.demo.repository.TagRepository;
 import com.group7.demo.repository.UserRepository;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.transaction.Transactional;
 import org.springframework.stereotype.Service;
 
 import java.util.List;
@@ -21,18 +23,20 @@ public class SurveyService {
     private final SurveyRepository surveyRepository;
     private final TagRepository tagRepository;
     private final UserRepository userRepository;
+    private final AuthenticationService authenticationService;
 
-    public SurveyService(SurveyRepository surveyRepository, TagRepository tagRepository, UserRepository userRepository) {
+    public SurveyService(SurveyRepository surveyRepository, TagRepository tagRepository, UserRepository userRepository, AuthenticationService authenticationService) {
         this.surveyRepository = surveyRepository;
         this.tagRepository = tagRepository;
         this.userRepository = userRepository;
+        this.authenticationService = authenticationService;
     }
 
     // Add a new survey
-    public SurveyResponse addSurvey(SurveyRequest request) {
+    @Transactional
+    public SurveyResponse addSurvey(SurveyRequest request, HttpServletRequest httpServletRequest) {
         // Validate the user
-        User user = userRepository.findByUsername(request.getUsername())
-                .orElseThrow(() -> new IllegalArgumentException("User not found"));
+        User user = authenticationService.getAuthenticatedUserInternal(httpServletRequest);
 
         // Map tag names to Tag entities (convert input to lowercase)
         Set<Tag> tags = request.getFitnessGoals().stream()
@@ -54,12 +58,18 @@ public SurveyResponse addSurvey(SurveyRequest request) {
     }
 
 
-    // Get survey by user username
-    public SurveyResponse getSurveyByUser(String username) {
-        Long userId = getUserIdFromUsername(username);
+    // Get survey of authenticated user
+    public SurveyResponse getSurveyForAuthenticatedUser(HttpServletRequest request) {
+        // Fetch the authenticated user
+        User user = authenticationService.getAuthenticatedUserInternal(request);
+
+        Long userId = getUserIdFromUsername(user.getUsername());
+
+        // Find the survey for the authenticated user
         Survey survey = surveyRepository.findByUserId(userId)
-                .orElseThrow(() -> new IllegalArgumentException("Survey not found for user ID: " + userId));
+                .orElseThrow(() -> new IllegalArgumentException("Survey not found for the authenticated user."));
 
+        // Map the survey to SurveyResponse DTO
         return mapToResponse(survey);
     }
 
@@ -75,26 +85,38 @@ private SurveyResponse mapToResponse(Survey survey) {
                 .build();
     }
 
-    public List<String> getUserFitnessGoals(String username) {
-        Long userId = getUserIdFromUsername(username);
+    public List<String> getUserFitnessGoals(HttpServletRequest request) {
+        // Fetch the authenticated user
+        User user = authenticationService.getAuthenticatedUserInternal(request);
+        Long userId = getUserIdFromUsername(user.getUsername());
+        // Find the survey for the authenticated user
         Survey survey = surveyRepository.findByUserId(userId)
-                .orElseThrow(() -> new IllegalArgumentException("Survey not found for user ID: " + userId));
+                .orElseThrow(() -> new IllegalArgumentException("Survey not found for the authenticated user."));
 
+        // Extract and return the fitness goals as a list of strings
         return survey.getFitnessGoals().stream()
-                .map(Tag::getName)
+                .map(Tag::getName) // Assuming fitness goals are stored as a collection of Tag entities
                 .collect(Collectors.toList());
     }
 
 
-    public List<String> addFitnessGoals(String username, List<String> goals) {
-        Long userId = getUserIdFromUsername(username);
+
+    @Transactional
+    public List<String> addFitnessGoals(List<String> goals, HttpServletRequest request) {
+        User user = authenticationService.getAuthenticatedUserInternal(request);
+        Long userId = getUserIdFromUsername(user.getUsername());
+
         Survey survey = surveyRepository.findByUserId(userId)
-                .orElseThrow(() -> new IllegalArgumentException("Survey not found for user ID: " + userId));
+                .orElseThrow(() -> new IllegalArgumentException("Survey not found for user name: " + user.getUsername()));
 
-        // Find and collect Tag entities for the provided goal names
         Set<Tag> tagsToAdd = goals.stream()
                 .map(goal -> tagRepository.findByName(goal.toLowerCase())
-                        .orElseThrow(() -> new IllegalArgumentException("Tag not found: " + goal)))
+                        .orElseGet(() -> {
+                            // Create and save a new Tag if not found
+                            Tag newTag = new Tag();
+                            newTag.setName(goal.toLowerCase());
+                            return tagRepository.save(newTag);
+                        }))
                 .collect(Collectors.toSet());
 
         // Add the new tags to the survey
@@ -111,8 +133,11 @@ public List<String> addFitnessGoals(String username, List<String> goals) {
                 .collect(Collectors.toList());
     }
 
-    public void removeFitnessGoals(String username, List<String> goals) {
-        Long userId = getUserIdFromUsername(username);
+    @Transactional
+    public void removeFitnessGoals(List<String> goals, HttpServletRequest request) {
+        User user = authenticationService.getAuthenticatedUserInternal(request);
+
+        Long userId = getUserIdFromUsername(user.getUsername());
         Survey survey = surveyRepository.findByUserId(userId)
                 .orElseThrow(() -> new IllegalArgumentException("Survey not found for user ID: " + userId));