[Feat]: User / Administrator login #49#120
[Feat]: User / Administrator login #49#120pol-rivero merged 5 commits intoUdL-EPS-SoftArch-Igualada:mainfrom
Conversation
udl-softarch
bot
added
the
pr-not-ready
|
Thank you for your PR @MireiaTerri! Now, you should wait for the automated code analysis by CodeRabbit, Copilot and SonarQube. Once you are confident that you have fixed all the detected issues and this PR is ready to be merged, add a comment with exactly one word: |
📝 WalkthroughSummary by CodeRabbit
WalkthroughReplaces Record-related domain, repository, handlers, and tests with an Administrator subclass and repository; seeds the DB with a default admin; tightens security so POST/PUT/PATCH/DELETE require ADMIN; and adds/updates Cucumber stepdefs and feature files for admin login and administrator CRUD. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 6✅ Passed checks (6 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. 📝 Coding Plan
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment Tip You can make CodeRabbit's review stricter and more nitpicky using the `assertive` profile, if that's what you prefer.Change the |
There was a problem hiding this comment.
Pull request overview
Implements administrator-based authentication/authorization and introduces an Administrator subtype of User, while removing the template Record example.
Changes:
- Add
Administratorentity +AdministratorRepository, seed a defaultadmin, and enforce admin-only write operations inWebSecurityConfig. - Remove the template
Recorddomain/repository/handlers/tests. - Update/add Cucumber features and step definitions for login, administrator CRUD, and access control.
Reviewed changes
Copilot reviewed 42 out of 42 changed files in this pull request and generated 12 comments.
Show a summary per file
| File | Description |
|---|---|
| src/main/java/cat/udl/eps/softarch/fll/config/WebSecurityConfig.java | Restricts POST/PUT/PATCH/DELETE to ROLE_ADMIN; adds/keeps specific GET rules. |
| src/main/java/cat/udl/eps/softarch/fll/config/DBInitialization.java | Seeds default admin user and keeps demo for tests. |
| src/main/java/cat/udl/eps/softarch/fll/domain/User.java | Enables JPA inheritance for User subclasses. |
| src/main/java/cat/udl/eps/softarch/fll/domain/Administrator.java | Adds Administrator subtype with ROLE_ADMIN authorities. |
| src/main/java/cat/udl/eps/softarch/fll/repository/AdministratorRepository.java | Exposes Admin CRUD/search repository via Spring Data REST. |
| src/main/java/cat/udl/eps/softarch/fll/domain/Record.java | Removes template Record entity. |
| src/main/java/cat/udl/eps/softarch/fll/repository/RecordRepository.java | Removes template Record repository. |
| src/main/java/cat/udl/eps/softarch/fll/handler/RecordEventHandler.java | Removes template Record event handler. |
| src/test/java/cat/udl/eps/softarch/fll/domain/RecordValidationTest.java | Removes template Record validation tests. |
| src/test/java/cat/udl/eps/softarch/fll/steps/ManageRecordStepDefs.java | Removes Cucumber step definitions for Record. |
| src/test/java/cat/udl/eps/softarch/fll/steps/ManageAdministratorStepDefs.java | Adds steps for admin CRUD requests/assertions. |
| src/test/java/cat/udl/eps/softarch/fll/steps/LoginStepDefs.java | Adds steps for /identity checks. |
| src/test/java/cat/udl/eps/softarch/fll/steps/AdminAccessControlStepDefs.java | Adds steps for public read checks (editions list). |
| src/test/java/cat/udl/eps/softarch/fll/steps/SearchVenueStepDefs.java | Switches to shared auth helper; currently has duplicate imports. |
| src/test/java/cat/udl/eps/softarch/fll/steps/ManageJudgeStepDefs.java | Switches to shared auth helper; currently has duplicate imports. |
| src/test/java/cat/udl/eps/softarch/fll/steps/AssignCoachStepDefs.java | Switches to shared auth helper; currently has duplicate imports. |
| src/test/java/cat/udl/eps/softarch/fll/steps/AwardAndMatchStepDefs.java | Uses basic auth for setup; keeps shared auth for requests. |
| src/test/resources/features/Login.feature | Adds login/identity scenarios for admin and regular users. |
| src/test/resources/features/ManageAdministrator.feature | Adds admin CRUD access-control scenarios (missing update coverage). |
| src/test/resources/features/AdminAccessControl.feature | Adds basic admin-vs-user-vs-anon access control scenarios. |
| src/test/resources/features/ManageRecord.feature | Removes Record feature. |
| src/test/resources/features/Award.feature | Adjusts scenarios to log in as admin (reduces public-read coverage). |
| src/test/resources/features/MatchResult.feature | Adjusts scenarios to log in as admin (reduces public-read coverage). |
| src/test/resources/features/assign_coach.feature | Adds admin login background. |
| src/test/resources/features/TeamMember.feature | Uses admin login in background. |
| src/test/resources/features/TeamEditionRegistration.feature | Uses admin login in background. |
| src/test/resources/features/SearchVenue.feature | Uses admin login in background. |
| src/test/resources/features/RoundSearchByEdition.feature | Uses admin login in scenarios. |
| src/test/resources/features/RegisterUser.feature | Adjusts authenticated-registration scenario to use an actually registered user. |
| src/test/resources/features/MatchTableAssignment.feature | Uses admin login in background. |
| src/test/resources/features/MatchScoreRegistration.feature | Uses admin login in scenarios. |
| src/test/resources/features/MatchAssignment.feature | Uses admin login in background. |
| src/test/resources/features/ManageVenue.feature | Uses admin login across scenarios. |
| src/test/resources/features/ManageScientificProject.feature | Uses admin login across scenarios. |
| src/test/resources/features/ManageMediaContent.feature | Uses admin login in background. |
| src/test/resources/features/ManageJudge.feature | Uses admin login in background. |
| src/test/resources/features/ManageFloater.feature | Uses admin login in background. |
| src/test/resources/features/ManageEdition.feature | Uses admin login in background. |
| src/test/resources/features/EditionVolunteers.feature | Uses admin login in scenarios. |
| src/test/resources/features/EditionLifecycle.feature | Uses admin login in background. |
| src/test/resources/features/EditionCompetitionTables.feature | Uses admin login in scenarios. |
| src/test/resources/features/Coach.feature | Updates admin password used in background. |
You can also share your feedback on Copilot code review. Take the survey.
src/test/java/cat/udl/eps/softarch/fll/steps/SearchVenueStepDefs.java
Outdated
Show resolved
Hide resolved
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 7
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
src/test/resources/features/Coach.feature (1)
6-14:⚠️ Potential issue | 🔴 CriticalThe test will fail with the new security configuration because it uses a regular User instead of an Administrator.
The step "There is a registered user with username 'admin'..." creates a plain
Userentity withROLE_USER(fromRegisterStepDefs.java:36-41). However, the coach creation endpoint requires a POST request, which is restricted to users withROLE_ADMINperWebSecurityConfig.java:34:.requestMatchers(HttpMethod.POST, "/**").hasRole("ADMIN").Since
User.getAuthorities()returnsROLE_USERandAdministrator.getAuthorities()returnsROLE_ADMIN, the test will receive a 403 Forbidden response when attempting to create a coach with a non-administrator user.Change the step definition to create an Administrator, or update the feature file to use a step that explicitly creates an admin user with the appropriate role.
🧹 Nitpick comments (16)
src/test/resources/features/Award.feature (1)
6-6: Optional: move repeated login step intoBackgroundThe same
Given I login as "admin"...step is duplicated across all scenarios. UsingBackgroundwould keep the feature shorter and easier to maintain.Also applies to: 11-11, 19-19, 26-26, 34-34
src/test/java/cat/udl/eps/softarch/fll/steps/SearchVenueStepDefs.java (1)
6-7: Remove duplicatehasSizestatic import.
hasSizeis imported twice; keep a single import to avoid redundancy.Proposed cleanup
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.hamcrest.Matchers.hasSize; -import static org.hamcrest.Matchers.hasSize;src/test/resources/features/MatchTableAssignment.feature (1)
8-9: Unnecessary user registration in Background.Line 8 registers a user with username "user", but line 9 logs in as "admin" (seeded by DBInitialization). The registered "user" is never referenced in any scenario and appears to be leftover from before the admin-based authentication change.
Consider removing the unused user registration to keep the test setup minimal and clear:
Suggested fix
Background: Given the match table assignment system is empty - And There is a registered user with username "user" and password "password" and email "user@sample.app" And I login as "admin" with password "password"src/test/resources/features/MatchAssignment.feature (1)
8-9: Unnecessary user registration in Background.Same issue as in MatchTableAssignment.feature: Line 8 registers "user" but line 9 logs in as "admin". The registered user is not used in any scenario.
Suggested fix
Background: Given the match assignment system is empty - And There is a registered user with username "user" and password "password" and email "user@sample.app" And I login as "admin" with password "password"src/test/resources/features/MatchResult.feature (1)
11-12: Potentially redundant user registration.Line 11 attempts to register "admin", but DBInitialization already seeds the admin user at startup. Per the
RegisterStepDefsimplementation, if the user already exists, the registration is skipped. This means the email "admin@fll.udl.cat" specified here may not be applied.Consider removing the redundant registration step for clarity, or verify that the scenario doesn't depend on the specific email value:
Suggested fix
Scenario: Direct MatchResult creation is disabled - Given There is a registered user with username "admin" and password "password" and email "admin@fll.udl.cat" - And I login as "admin" with password "password" + Given I login as "admin" with password "password" And The dependencies existsrc/test/resources/features/ManageEdition.feature (1)
7-8: Unnecessary user registration in Background.Line 7 registers a user with username "user", but line 8 logs in as "admin". The registered "user" is not referenced in any scenario. This is the same pattern seen in MatchTableAssignment.feature and MatchAssignment.feature.
Suggested fix
Background: - Given There is a registered user with username "user" and password "password" and email "user@sample.app" - And I login as "admin" with password "password" + Given I login as "admin" with password "password"src/test/resources/features/ManageMediaContent.feature (1)
2-8: Update feature description and consider removing unused user registration.Two minor inconsistencies:
- Line 3 says "As a user" but the test now logs in as "admin". Consider updating to "As an admin" for consistency.
- Line 7 registers a "user" that appears unused since line 8 logs in as "admin".
📝 Suggested update
Feature: Manage MediaContent In order to manage media content - As a user + As an admin I want to be able to create, retrieve, update and delete media content Background: - Given There is a registered user with username "user" and password "password" and email "user@sample.app" - And I login as "admin" with password "password" + Given I login as "admin" with password "password"src/test/resources/features/RoundSearchByEdition.feature (1)
6-22: LGTM - consider extracting login to Background.The authentication change to "admin" is correct. As an optional improvement, the repeated login step on lines 7 and 18 could be moved to a Background section to reduce duplication.
♻️ Optional DRY refactor
+ Background: + Given I login as "admin" with password "password" + Scenario: Retrieve all rounds for an edition - Given I login as "admin" with password "password" - And An edition exists with year 2025 and venue "Test Venue" and description "Round search test" + Given An edition exists with year 2025 and venue "Test Venue" and description "Round search test" ... Scenario: Returns empty list when edition has no rounds - Given I login as "admin" with password "password" - And An edition exists with year 2026 and venue "Empty Venue" and description "No rounds edition" + Given An edition exists with year 2026 and venue "Empty Venue" and description "No rounds edition"src/test/resources/features/ManageVenue.feature (1)
2-7: Update feature description and consider using Background for shared login.Two improvements to consider:
- Line 3 says "As a user" but all scenarios now log in as "admin" - update for consistency.
- The login step is repeated in all 6 scenarios. Moving it to a Background section would reduce duplication.
♻️ Suggested refactor
Feature: Manage Venue In order to manage venues - As a user + As an admin I want to be able to create, retrieve, edit and delete venues + Background: + Given I login as "admin" with password "password" + Scenario: Create a venue - Given I login as "admin" with password "password" - And There is no venue with name "My Venue" + Given There is no venue with name "My Venue" ...Apply the same pattern to remove the login step from the remaining 5 scenarios.
src/test/resources/features/EditionLifecycle.feature (1)
6-8: Consider removing the unused user registration step.Line 7 registers a "user" but line 8 logs in as "admin" (seeded by
DBInitialization). The scenarios don't appear to reference the registered "user", so this step may be unnecessary setup.♻️ Suggested cleanup
Background: - Given There is a registered user with username "user" and password "password" and email "user@sample.app" - And I login as "admin" with password "password" + Given I login as "admin" with password "password"src/test/resources/features/TeamEditionRegistration.feature (1)
6-8: Consider removing the unused user registration step.Line 7 registers a "user" but line 8 logs in as "admin" instead. None of the 8 scenarios in this feature reference the registered "user"—all scenarios operate with admin credentials and use separate test teams like "LegoStars", "Team19", "RacerA", and "RacerB". Removing this unused registration would simplify the Background setup without affecting any test behavior.
src/test/resources/features/ManageAdministrator.feature (1)
1-5: Consider adding update and public read scenarios.The feature description mentions "update" but no update (PUT/PATCH) scenario is included. Additionally, per the requirements, reads should be public—a scenario verifying anonymous retrieval of administrators would strengthen coverage.
src/main/java/cat/udl/eps/softarch/fll/config/WebSecurityConfig.java (1)
34-37: Consider extracting the "ADMIN" literal to a constant.The role name
"ADMIN"is duplicated 4 times. Extracting it to a constant improves maintainability and addresses the SonarCloud finding.Proposed refactor
public class WebSecurityConfig { + private static final String ROLE_ADMIN = "ADMIN"; + `@Value`("${allowed-origins}") String[] allowedOrigins; `@Bean` protected SecurityFilterChain securityFilterChain(HttpSecurity http) { http.authorizeHttpRequests(auth -> auth .requestMatchers(HttpMethod.GET, "/identity").authenticated() .requestMatchers(HttpMethod.GET, "/users").authenticated() .requestMatchers(HttpMethod.GET, "/editions/*/volunteers").authenticated() .requestMatchers(HttpMethod.POST, "/users").anonymous() .requestMatchers(HttpMethod.POST, "/users/*").denyAll() - .requestMatchers(HttpMethod.POST, "/**").hasRole("ADMIN") - .requestMatchers(HttpMethod.PUT, "/**").hasRole("ADMIN") - .requestMatchers(HttpMethod.PATCH, "/**").hasRole("ADMIN") - .requestMatchers(HttpMethod.DELETE, "/**").hasRole("ADMIN") + .requestMatchers(HttpMethod.POST, "/**").hasRole(ROLE_ADMIN) + .requestMatchers(HttpMethod.PUT, "/**").hasRole(ROLE_ADMIN) + .requestMatchers(HttpMethod.PATCH, "/**").hasRole(ROLE_ADMIN) + .requestMatchers(HttpMethod.DELETE, "/**").hasRole(ROLE_ADMIN)src/main/java/cat/udl/eps/softarch/fll/domain/Administrator.java (1)
19-24: Consider including ROLE_USER for admin users.The
Administratorreturns onlyROLE_ADMIN. If any endpoints or logic check specifically forROLE_USER, administrators would be excluded. A common pattern is to grant admins both roles.Optional: Grant both roles to administrators
`@Override` `@JsonValue`(value = false) `@JsonProperty`(access = JsonProperty.Access.READ_ONLY) public Collection<? extends GrantedAuthority> getAuthorities() { - return AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_ADMIN"); + return AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_ADMIN,ROLE_USER"); }src/main/java/cat/udl/eps/softarch/fll/config/DBInitialization.java (2)
30-40: Remove inline comments from this class.Please replace these with self-explanatory structure (e.g., extracted private methods), since inline comments are disallowed here.
As per coding guidelines, "
**/*.{java,ts,tsx,js,jsx,py,go,rb,cs}: Code must be self-documenting with clear variable names and types; inline comments are not allowed (Javadoc is permitted)".
39-48: Flatten the nestedifto reduce branching.This can be expressed as a single guard condition and keeps
initializeDatabase()easier to scan.Suggested refactor
- if (Arrays.asList(activeProfiles.split(",")).contains("test")) { - // Testing instances - if (!userRepository.existsById("demo")) { - User user = new User(); - user.setEmail("demo@sample.app"); - user.setId("demo"); - user.setPassword(defaultPassword); - user.encodePassword(); - userRepository.save(user); - } - } + if (Arrays.asList(activeProfiles.split(",")).contains("test") + && !userRepository.existsById("demo")) { + User user = new User(); + user.setEmail("demo@sample.app"); + user.setId("demo"); + user.setPassword(defaultPassword); + user.encodePassword(); + userRepository.save(user); + }
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: ace61e2b-bc22-4c6a-9b07-e2adadbbc21c
📒 Files selected for processing (42)
src/main/java/cat/udl/eps/softarch/fll/config/DBInitialization.javasrc/main/java/cat/udl/eps/softarch/fll/config/WebSecurityConfig.javasrc/main/java/cat/udl/eps/softarch/fll/domain/Administrator.javasrc/main/java/cat/udl/eps/softarch/fll/domain/Record.javasrc/main/java/cat/udl/eps/softarch/fll/domain/User.javasrc/main/java/cat/udl/eps/softarch/fll/handler/RecordEventHandler.javasrc/main/java/cat/udl/eps/softarch/fll/repository/AdministratorRepository.javasrc/main/java/cat/udl/eps/softarch/fll/repository/RecordRepository.javasrc/test/java/cat/udl/eps/softarch/fll/domain/RecordValidationTest.javasrc/test/java/cat/udl/eps/softarch/fll/steps/AdminAccessControlStepDefs.javasrc/test/java/cat/udl/eps/softarch/fll/steps/AssignCoachStepDefs.javasrc/test/java/cat/udl/eps/softarch/fll/steps/AwardAndMatchStepDefs.javasrc/test/java/cat/udl/eps/softarch/fll/steps/LoginStepDefs.javasrc/test/java/cat/udl/eps/softarch/fll/steps/ManageAdministratorStepDefs.javasrc/test/java/cat/udl/eps/softarch/fll/steps/ManageJudgeStepDefs.javasrc/test/java/cat/udl/eps/softarch/fll/steps/ManageRecordStepDefs.javasrc/test/java/cat/udl/eps/softarch/fll/steps/SearchVenueStepDefs.javasrc/test/resources/features/AdminAccessControl.featuresrc/test/resources/features/Award.featuresrc/test/resources/features/Coach.featuresrc/test/resources/features/EditionCompetitionTables.featuresrc/test/resources/features/EditionLifecycle.featuresrc/test/resources/features/EditionVolunteers.featuresrc/test/resources/features/Login.featuresrc/test/resources/features/ManageAdministrator.featuresrc/test/resources/features/ManageEdition.featuresrc/test/resources/features/ManageFloater.featuresrc/test/resources/features/ManageJudge.featuresrc/test/resources/features/ManageMediaContent.featuresrc/test/resources/features/ManageRecord.featuresrc/test/resources/features/ManageScientificProject.featuresrc/test/resources/features/ManageVenue.featuresrc/test/resources/features/MatchAssignment.featuresrc/test/resources/features/MatchResult.featuresrc/test/resources/features/MatchScoreRegistration.featuresrc/test/resources/features/MatchTableAssignment.featuresrc/test/resources/features/RegisterUser.featuresrc/test/resources/features/RoundSearchByEdition.featuresrc/test/resources/features/SearchVenue.featuresrc/test/resources/features/TeamEditionRegistration.featuresrc/test/resources/features/TeamMember.featuresrc/test/resources/features/assign_coach.feature
💤 Files with no reviewable changes (6)
- src/main/java/cat/udl/eps/softarch/fll/handler/RecordEventHandler.java
- src/main/java/cat/udl/eps/softarch/fll/repository/RecordRepository.java
- src/test/java/cat/udl/eps/softarch/fll/domain/RecordValidationTest.java
- src/main/java/cat/udl/eps/softarch/fll/domain/Record.java
- src/test/resources/features/ManageRecord.feature
- src/test/java/cat/udl/eps/softarch/fll/steps/ManageRecordStepDefs.java
src/test/java/cat/udl/eps/softarch/fll/steps/AssignCoachStepDefs.java
Outdated
Show resolved
Hide resolved
src/test/java/cat/udl/eps/softarch/fll/steps/ManageAdministratorStepDefs.java
Outdated
Show resolved
Hide resolved
src/test/java/cat/udl/eps/softarch/fll/steps/ManageJudgeStepDefs.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
src/test/java/cat/udl/eps/softarch/fll/steps/ManageScientificProjectStepDefs.java (1)
79-80: Hardcoded admin credentials are duplicated across setup calls.This creates brittle test coupling and scattered auth config. Extract one helper for privileged setup auth and reuse it.
♻️ Suggested refactor
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic; +import org.springframework.test.web.servlet.request.RequestPostProcessor; ... + private RequestPostProcessor adminAuth() { + return httpBasic("admin", "password"); + } ... - .with(org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic("admin", "password"))) + .with(adminAuth())) ... - .with(org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic("admin", "password"))) + .with(adminAuth())) ... - .with(org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic("admin", "password"))); + .with(adminAuth())); ... - .with(org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic("admin", "password"))); + .with(adminAuth()));Also applies to: 103-104, 207-213, 225-231
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 1df07e85-d598-4abf-bb6a-1d9d9b3a428f
📒 Files selected for processing (11)
src/test/java/cat/udl/eps/softarch/fll/steps/AssignCoachStepDefs.javasrc/test/java/cat/udl/eps/softarch/fll/steps/AuthenticationStepDefs.javasrc/test/java/cat/udl/eps/softarch/fll/steps/ManageAdministratorStepDefs.javasrc/test/java/cat/udl/eps/softarch/fll/steps/ManageJudgeStepDefs.javasrc/test/java/cat/udl/eps/softarch/fll/steps/ManageScientificProjectStepDefs.javasrc/test/java/cat/udl/eps/softarch/fll/steps/SearchVenueStepDefs.javasrc/test/resources/features/Award.featuresrc/test/resources/features/ManageAdministrator.featuresrc/test/resources/features/ManageScientificProject.featuresrc/test/resources/features/MatchResult.featuresrc/test/resources/features/TeamMember.feature
🚧 Files skipped from review as they are similar to previous changes (6)
- src/test/java/cat/udl/eps/softarch/fll/steps/SearchVenueStepDefs.java
- src/test/resources/features/TeamMember.feature
- src/test/resources/features/MatchResult.feature
- src/test/resources/features/ManageScientificProject.feature
- src/test/resources/features/ManageAdministrator.feature
- src/test/java/cat/udl/eps/softarch/fll/steps/AssignCoachStepDefs.java
src/test/java/cat/udl/eps/softarch/fll/steps/ManageAdministratorStepDefs.java
Outdated
Show resolved
Hide resolved
|
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
src/test/java/cat/udl/eps/softarch/fll/steps/ManageAdministratorStepDefs.java (1)
70-73: Add an explicit success status assertion in the retrieval assertion step.
theRetrievedAdministratorHasEmailchecks only the payload field. Addingstatus().isOk()makes failures clearer and tighter.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: f428fc1e-bccc-45b6-be2e-ee50bbc8ec9b
📒 Files selected for processing (1)
src/test/java/cat/udl/eps/softarch/fll/steps/ManageAdministratorStepDefs.java
src/test/java/cat/udl/eps/softarch/fll/steps/ManageAdministratorStepDefs.java
Show resolved
Hide resolved
|
Ready |
udl-softarch
bot
removed
the
pr-not-ready
|
This PR is now marked as ready to be merged. |
There was a problem hiding this comment.
Pull request overview
Implements administrator support and access control so that write operations require an admin login, while removing the template “Record” example entity and updating/adding Cucumber coverage for login/admin flows.
Changes:
- Adds
Administratoras aUsersubtype, exposes it viaAdministratorRepository, and seeds a default admin inDBInitialization. - Tightens
WebSecurityConfigto requireROLE_ADMINforPOST/PUT/PATCH/DELETEacross the API. - Updates many Cucumber scenarios/step defs to authenticate via the shared
AuthenticationStepDefsflow; adds new login/admin CRUD/access-control features; removes Record-related code/tests.
Reviewed changes
Copilot reviewed 44 out of 44 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| src/test/resources/features/assign_coach.feature | Logs in before coach assignment scenario. |
| src/test/resources/features/TeamMember.feature | Switches background login to admin for write operations. |
| src/test/resources/features/TeamEditionRegistration.feature | Switches background login to admin. |
| src/test/resources/features/SearchVenue.feature | Switches background login to admin. |
| src/test/resources/features/RoundSearchByEdition.feature | Switches scenarios to log in as admin. |
| src/test/resources/features/RegisterUser.feature | Adjusts “already authenticated” case to use an existing user. |
| src/test/resources/features/MatchTableAssignment.feature | Switches background login to admin. |
| src/test/resources/features/MatchScoreRegistration.feature | Switches scenarios to log in as admin. |
| src/test/resources/features/MatchResult.feature | Uses admin login for the “direct creation disabled” check. |
| src/test/resources/features/MatchAssignment.feature | Switches background login to admin. |
| src/test/resources/features/ManageVenue.feature | Switches venue CRUD scenarios to admin login. |
| src/test/resources/features/ManageScientificProject.feature | Switches scenarios to admin login for project writes. |
| src/test/resources/features/ManageRecord.feature | Removes Record feature (template cleanup). |
| src/test/resources/features/ManageMediaContent.feature | Switches background login to admin. |
| src/test/resources/features/ManageJudge.feature | Switches background login to admin. |
| src/test/resources/features/ManageFloater.feature | Switches background login to admin. |
| src/test/resources/features/ManageEdition.feature | Switches background login to admin. |
| src/test/resources/features/ManageAdministrator.feature | Adds Administrator CRUD/authorization scenarios. |
| src/test/resources/features/Login.feature | Adds login + identity verification scenarios. |
| src/test/resources/features/EditionVolunteers.feature | Switches scenarios to admin login where needed. |
| src/test/resources/features/EditionLifecycle.feature | Switches background login to admin. |
| src/test/resources/features/EditionCompetitionTables.feature | Switches scenarios to admin login. |
| src/test/resources/features/Coach.feature | Normalizes admin credentials to password. |
| src/test/resources/features/Award.feature | Uses admin for writes and logs out to verify public reads. |
| src/test/resources/features/AdminAccessControl.feature | Adds new access-control feature scenarios (admin-only writes / public reads). |
| src/test/java/cat/udl/eps/softarch/fll/steps/SearchVenueStepDefs.java | Uses shared authentication helper instead of mock user principal. |
| src/test/java/cat/udl/eps/softarch/fll/steps/ManageScientificProjectStepDefs.java | Adjusts auth usage and adds setup helpers for dependencies. |
| src/test/java/cat/udl/eps/softarch/fll/steps/ManageRecordStepDefs.java | Removes Record step definitions (template cleanup). |
| src/test/java/cat/udl/eps/softarch/fll/steps/ManageJudgeStepDefs.java | Uses shared authentication helper instead of mock user principal. |
| src/test/java/cat/udl/eps/softarch/fll/steps/ManageAdministratorStepDefs.java | Adds step definitions for Administrator CRUD flows. |
| src/test/java/cat/udl/eps/softarch/fll/steps/LoginStepDefs.java | Adds identity-check step definitions for login feature. |
| src/test/java/cat/udl/eps/softarch/fll/steps/AwardAndMatchStepDefs.java | Updates dependency-setup requests to authenticate as admin. |
| src/test/java/cat/udl/eps/softarch/fll/steps/AuthenticationStepDefs.java | Adds logout step (clears basic-auth credentials). |
| src/test/java/cat/udl/eps/softarch/fll/steps/AssignCoachStepDefs.java | Uses shared authentication helper instead of mock user principal. |
| src/test/java/cat/udl/eps/softarch/fll/steps/AdminAccessControlStepDefs.java | Adds step to retrieve editions list for access-control feature. |
| src/test/java/cat/udl/eps/softarch/fll/domain/RecordValidationTest.java | Removes Record unit test (template cleanup). |
| src/main/java/cat/udl/eps/softarch/fll/repository/RecordRepository.java | Removes Record repository (template cleanup). |
| src/main/java/cat/udl/eps/softarch/fll/repository/AdministratorRepository.java | Adds Administrator repository (Spring Data REST exposure). |
| src/main/java/cat/udl/eps/softarch/fll/handler/RecordEventHandler.java | Removes Record event handler (template cleanup). |
| src/main/java/cat/udl/eps/softarch/fll/domain/User.java | Enables JPA inheritance to support Administrator subtype. |
| src/main/java/cat/udl/eps/softarch/fll/domain/Record.java | Removes Record entity (template cleanup). |
| src/main/java/cat/udl/eps/softarch/fll/domain/Administrator.java | Adds Administrator subtype with ROLE_ADMIN authorities. |
| src/main/java/cat/udl/eps/softarch/fll/config/WebSecurityConfig.java | Enforces admin-only access for write operations globally. |
| src/main/java/cat/udl/eps/softarch/fll/config/DBInitialization.java | Seeds a default admin user; removes Record seeding. |
You can also share your feedback on Copilot code review. Take the survey.
src/test/java/cat/udl/eps/softarch/fll/steps/ManageScientificProjectStepDefs.java
Show resolved
Hide resolved
src/test/java/cat/udl/eps/softarch/fll/steps/ManageScientificProjectStepDefs.java
Show resolved
Hide resolved
src/test/java/cat/udl/eps/softarch/fll/steps/ManageScientificProjectStepDefs.java
Show resolved
Hide resolved
|
Fantastic effort! |
pol-rivero
merged commit a8994a0
into
UdL-EPS-SoftArch-Igualada:main
|
Thanks |
Closes #49