#42 enable method security. delete and update plant endpoint + service.

c73d04dd · Karsch Lukas · 43d995d1 · c73d04dd · c73d04dd · c73d04dd
Commit c73d04dd authored 1 year ago by Karsch Lukas
--- a/src/main/java/hdm/mi/growbros/config/MethodSecurityConfig.java
+++ b/src/main/java/hdm/mi/growbros/config/MethodSecurityConfig.java
+package hdm.mi.growbros.config;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
+@Configuration
+@EnableMethodSecurity(
+        securedEnabled = true
+)
+public class MethodSecurityConfig {
+}
--- a/src/main/java/hdm/mi/growbros/controllers/PlantsController.java
+++ b/src/main/java/hdm/mi/growbros/controllers/PlantsController.java
@@ -2,6 +2,8 @@ package hdm.mi.growbros.controllers;
 import hdm.mi.growbros.exceptions.PlantNotFoundException;
 import hdm.mi.growbros.models.dto.CustomPageDto;
+import hdm.mi.growbros.models.dto.DeletedPlantDto;
+import hdm.mi.growbros.models.dto.PlantUpdateRequest;
 import hdm.mi.growbros.models.plant.Plant;
 import hdm.mi.growbros.models.search.SearchRequest;
 import hdm.mi.growbros.service.PlantsService;
@@ -45,4 +47,14 @@ public class PlantsController {
    public void createPlant(@RequestBody @Valid Plant plant) {
        plantsService.createPlant(plant);
    }
+    @DeleteMapping("/{id}")
+    public DeletedPlantDto deletePlant(@PathVariable long id) {
+        return plantsService.deletePlant(id);
+    }
+    @PatchMapping("/{id}")
+    public Plant updatePlant(@PathVariable long id, @RequestBody PlantUpdateRequest updateRequest) {
+        return plantsService.updatePlant(id, updateRequest);
+    }
 }
--- a/src/main/java/hdm/mi/growbros/controllers/RestErrorHandler.java
+++ b/src/main/java/hdm/mi/growbros/controllers/RestErrorHandler.java
@@ -6,6 +6,7 @@ import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.context.request.WebRequest;
@@ -22,6 +23,11 @@ public class RestErrorHandler extends ResponseEntityExceptionHandler {
        return ResponseEntity.status(e.getStatusCode()).body(e.getMessage());
    }
+    @ExceptionHandler(AccessDeniedException.class)
+    protected ResponseEntity<String> handleAccessDeniedException() {
+        return ResponseEntity.status(401).body("Access denied: role not sufficient");
+    }
    @ExceptionHandler
    protected ResponseEntity<Object> handleInternalServerError(RuntimeException e, WebRequest req) {
        log.error("Handling internal server error: {}", e.getClass());

--- a/src/main/java/hdm/mi/growbros/models/dto/DeletedPlantDto.java
+++ b/src/main/java/hdm/mi/growbros/models/dto/DeletedPlantDto.java
+package hdm.mi.growbros.models.dto;
+import hdm.mi.growbros.models.plant.Plant;
+public record DeletedPlantDto(Plant plant, int deletedGardenEntries, int deletedWishlistEntries) {
+}
--- a/src/main/java/hdm/mi/growbros/models/dto/PlantUpdateRequest.java
+++ b/src/main/java/hdm/mi/growbros/models/dto/PlantUpdateRequest.java
+package hdm.mi.growbros.models.dto;
+import hdm.mi.growbros.models.plant.GroundType;
+import hdm.mi.growbros.models.plant.LightingDemand;
+import hdm.mi.growbros.models.plant.NutrientDemand;
+import hdm.mi.growbros.models.plant.WaterDemand;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+@Getter
+public class PlantUpdateRequest {
+    private String name;
+    private String latinName;
+    private String description;
+    private String origin;
+    private String growingTips;
+    private Integer plantWeekStart;
+    private Integer plantWeekEnd;
+    private Integer growthDuration;
+    private Integer harvestWeekStart;
+    private Integer harvestWeekEnd;
+    private GroundType groundType;
+    private NutrientDemand nutrientDemand;
+    private WaterDemand waterDemand;
+    private LightingDemand lightingDemand;
+    private String imageUrl;
+}
--- a/src/main/java/hdm/mi/growbros/models/plant/Plant.java
+++ b/src/main/java/hdm/mi/growbros/models/plant/Plant.java
@@ -30,7 +30,6 @@ public class Plant {
    @Column(columnDefinition = "TEXT")
    private String description;
    @Column(columnDefinition = "TEXT")
    private String origin;

--- a/src/main/java/hdm/mi/growbros/repositories/GardenRepository.java
+++ b/src/main/java/hdm/mi/growbros/repositories/GardenRepository.java
@@ -22,6 +22,8 @@ public interface GardenRepository extends JpaRepository<GardenEntry, Long> {
    void deleteByIdAndUser(Long entryId, User user);
+    int deleteAllByPlant_Id(Long plantId);
    @Query("""
                SELECT ge FROM GardenEntry ge
                WHERE ge.user = :user

--- a/src/main/java/hdm/mi/growbros/repositories/WishListRepository.java
+++ b/src/main/java/hdm/mi/growbros/repositories/WishListRepository.java
 package hdm.mi.growbros.repositories;
-import hdm.mi.growbros.models.plant.Plant;
 import hdm.mi.growbros.models.WishListEntry;
+import hdm.mi.growbros.models.plant.Plant;
 import hdm.mi.growbros.models.user.User;
 import org.springframework.data.domain.Sort;
 import org.springframework.data.jpa.repository.JpaRepository;
@@ -48,4 +48,6 @@ public interface WishListRepository extends JpaRepository<WishListEntry, Long> {
    List<WishListEntry> findByCurrentPlantingWeek(@Param("user") User user, @Param("week") int currentWeek);
    boolean existsByUserAndPlant(User user, Plant plant);
+    int deleteAllByPlant_Id(long id);
 }
\ No newline at end of file
--- a/src/main/java/hdm/mi/growbros/service/PlantsService.java
+++ b/src/main/java/hdm/mi/growbros/service/PlantsService.java
 package hdm.mi.growbros.service;
+import hdm.mi.growbros.exceptions.PlantNotFoundException;
 import hdm.mi.growbros.models.dto.CustomPageDto;
+import hdm.mi.growbros.models.dto.DeletedPlantDto;
+import hdm.mi.growbros.models.dto.PlantUpdateRequest;
 import hdm.mi.growbros.models.plant.Plant;
 import hdm.mi.growbros.models.search.PlantSpecification;
 import hdm.mi.growbros.models.search.SearchRequest;
+import hdm.mi.growbros.repositories.GardenRepository;
 import hdm.mi.growbros.repositories.PlantRepository;
+import hdm.mi.growbros.repositories.WishListRepository;
+import hdm.mi.growbros.util.EntityMapper;
+import jakarta.transaction.Transactional;
 import lombok.RequiredArgsConstructor;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.data.domain.PageRequest;
 import org.springframework.data.domain.Pageable;
 import org.springframework.data.jpa.domain.Specification;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.stereotype.Service;
 import java.util.*;
@@ -22,7 +30,10 @@ public class PlantsService {
    private final static int MAX_PAGE_SIZE = 100;
    private final PlantRepository plantRepository;
+    private final WishListRepository wishListRepository;
+    private final GardenRepository gardenRepository;
    private final PlantSpecification plantSpecification;
+    private final EntityMapper entityMapper;
    public CustomPageDto<Plant> getPlants(int pageNumber, int pageSize) {
        pageNumber = Math.max(0, pageNumber);
@@ -51,6 +62,7 @@ public class PlantsService {
        return plantRepository.findAll(spec);
    }
+    @Secured({"ADMIN"})
    public void createPlant(Plant plant) {
        log.info("Saving plant '{}' to repository.", plant.getName());
        plantRepository.save(plant);
@@ -59,4 +71,27 @@ public class PlantsService {
    public Optional<Plant> findById(long id) {
        return plantRepository.findById(id);
    }
+    @Transactional
+    @Secured({"ADMIN"})
+    public DeletedPlantDto deletePlant(long id) {
+        Optional<Plant> plant = plantRepository.findById(id);
+        if (plant.isEmpty()) {
+            return new DeletedPlantDto(null, 0, 0);
+        }
+        log.info("Deleting plant with id {}.", id);
+        int deletedGardenEntries = gardenRepository.deleteAllByPlant_Id(id);
+        int deletedWishlistEntries = wishListRepository.deleteAllByPlant_Id(id);
+        plantRepository.deleteById(id);
+        log.info("Plant '{}' was deleted. {} garden entries and {} wishlist entries were affected", plant.get().getName(), deletedGardenEntries, deletedWishlistEntries);
+        return new DeletedPlantDto(plant.get(), deletedGardenEntries, deletedWishlistEntries);
+    }
+    @Transactional
+    @Secured({"ADMIN"})
+    public Plant updatePlant(long id, PlantUpdateRequest updateRequest) {
+        Plant plant = plantRepository.findById(id).orElseThrow(() -> new PlantNotFoundException(id));
+        entityMapper.map(updateRequest, plant);
+        return plantRepository.save(plant);
+    }
 }
--- a/src/main/java/hdm/mi/growbros/util/EntityMapper.java
+++ b/src/main/java/hdm/mi/growbros/util/EntityMapper.java
@@ -88,6 +88,7 @@ public class EntityMapper {
                entityField.setAccessible(true);
                final Object newValue = updateField.get(updateRequest);
                entityField.set(existingEntity, newValue);
+                log.debug("set new value for {} : {}", updateField.getName(), newValue);
            } catch (IllegalAccessException e) {
                log.error("Illegal access exception while mapping object", e);
            }

--- a/src/test/java/hdm/mi/growbros/service/PlantsServiceIntegrationTest.java
+++ b/src/test/java/hdm/mi/growbros/service/PlantsServiceIntegrationTest.java
+package hdm.mi.growbros.service;
+import hdm.mi.growbros.models.dto.PlantUpdateRequest;
+import hdm.mi.growbros.models.plant.Plant;
+import hdm.mi.growbros.repositories.PlantRepository;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.ActiveProfiles;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+@SpringBootTest
+@ActiveProfiles("test")
+class PlantsServiceIntegrationTest {
+    @Autowired
+    private PlantsService plantsService;
+    @Autowired
+    private PlantRepository plantRepository;
+    private static Plant plant;
+    @BeforeAll
+    static void setup(@Autowired PlantRepository plantRepository) {
+        plant = plantRepository.save(Plant.builder().name("My plant!").build());
+    }
+    @Test
+    void canUpdatePlant() {
+        String newName = "new name!";
+        plantsService.updatePlant(plant.getId(), PlantUpdateRequest.builder().name(newName).build());
+        assertEquals(newName, plantRepository.findById(plant.getId()).get().getName());
+    }
+}
--- a/src/test/java/hdm/mi/growbros/util/EntityMapperTest.java
+++ b/src/test/java/hdm/mi/growbros/util/EntityMapperTest.java
 package hdm.mi.growbros.util;
+import hdm.mi.growbros.models.dto.PlantUpdateRequest;
+import hdm.mi.growbros.models.plant.Plant;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -46,6 +48,25 @@ class EntityMapperTest {
        );
    }
+    @Test
+    void shouldWork_onActualModel() {
+        //arrange
+        String description = "My description";
+        final Plant plant = Plant.builder().name("Plant initial name").description(description).build();
+        String newName = "new name!";
+        final PlantUpdateRequest updateRequest = PlantUpdateRequest.builder().name(newName).build();
+        //act
+        entityMapper.map(updateRequest, plant);
+        //assert
+        assertAll(
+                () -> assertEquals(newName, plant.getName()),
+                () -> assertEquals(description, plant.getDescription())
+        );
+    }
    private class UpdaterObject {
        private String value1;
        private String value2;