added business Rule, everyone can create and update only their post and blog

cevheri · cevheri · commit dbe918a27272 · 2022-06-12T14:10:57.000+03:00
diff --git a/src/main/java/com/cevheri/blog/repository/PostRepository.java b/src/main/java/com/cevheri/blog/repository/PostRepository.java
@@ -43,4 +43,6 @@ default Page<Post> findAllWithEagerRelationships(Pageable pageable) {
 
     @Query("select post from Post post left join fetch post.user left join fetch post.blog where post.id =:id")
     Optional<Post> findOneWithToOneRelationships(@Param("id") Long id);
+
+    Page<Post> findByBlogUserLoginOrderByCreatedDateDesc(String currentUserLogin, Pageable pageable);
 }
diff --git a/src/main/java/com/cevheri/blog/web/rest/BlogResource.java b/src/main/java/com/cevheri/blog/web/rest/BlogResource.java
@@ -1,6 +1,7 @@
 package com.cevheri.blog.web.rest;
 
 import com.cevheri.blog.repository.BlogRepository;
+import com.cevheri.blog.security.SecurityUtils;
 import com.cevheri.blog.service.BlogService;
 import com.cevheri.blog.service.dto.BlogDTO;
 import com.cevheri.blog.web.rest.errors.BadRequestAlertException;
@@ -56,12 +57,18 @@ public BlogResource(BlogService blogService, BlogRepository blogRepository) {
      * @throws URISyntaxException if the Location URI syntax is incorrect.
      */
     @PostMapping("/blogs")
-    public ResponseEntity<BlogDTO> createBlog(@Valid @RequestBody BlogDTO blogDTO) throws URISyntaxException {
+    public ResponseEntity<?> createBlog(@Valid @RequestBody BlogDTO blogDTO) throws URISyntaxException {
         log.debug("REST request to save Blog : {}", blogDTO);
         if (blogDTO.getId() != null) {
             throw new BadRequestAlertException("A new blog cannot already have an ID", ENTITY_NAME, "idexists");
         }
+
+        if (!blogDTO.getUser().getLogin().equals(SecurityUtils.getCurrentUserLogin().orElse(""))) {
+            return new ResponseEntity<>("error.http.403", HttpStatus.FORBIDDEN);
+        }
+
         BlogDTO result = blogService.save(blogDTO);
+
         return ResponseEntity
             .created(new URI("/api/blogs/" + result.getId()))
             .headers(HeaderUtil.createEntityCreationAlert(applicationName, true, ENTITY_NAME, result.getId().toString()))
@@ -79,7 +86,7 @@ public ResponseEntity<BlogDTO> createBlog(@Valid @RequestBody BlogDTO blogDTO) t
      * @throws URISyntaxException if the Location URI syntax is incorrect.
      */
     @PutMapping("/blogs/{id}")
-    public ResponseEntity<BlogDTO> updateBlog(
+    public ResponseEntity<?> updateBlog(
         @PathVariable(value = "id", required = false) final Long id,
         @Valid @RequestBody BlogDTO blogDTO
     ) throws URISyntaxException {
@@ -95,6 +102,11 @@ public ResponseEntity<BlogDTO> updateBlog(
             throw new BadRequestAlertException("Entity not found", ENTITY_NAME, "idnotfound");
         }
 
+        if (blogDTO.getUser() != null &&
+            !blogDTO.getUser().getLogin().equals(SecurityUtils.getCurrentUserLogin().orElse(""))) {
+            return new ResponseEntity<>("error.http.403", HttpStatus.FORBIDDEN);
+        }
+
         BlogDTO result = blogService.update(blogDTO);
         return ResponseEntity
             .ok()
@@ -168,9 +180,14 @@ public ResponseEntity<List<BlogDTO>> getAllBlogs(
      * @return the {@link ResponseEntity} with status {@code 200 (OK)} and with body the blogDTO, or with status {@code 404 (Not Found)}.
      */
     @GetMapping("/blogs/{id}")
-    public ResponseEntity<BlogDTO> getBlog(@PathVariable Long id) {
+    public ResponseEntity<?> getBlog(@PathVariable Long id) {
         log.debug("REST request to get Blog : {}", id);
         Optional<BlogDTO> blogDTO = blogService.findOne(id);
+
+//        if (blogDTO.isPresent() && blogDTO.get().getUser() != null &&
+//            !blogDTO.get().getUser().getLogin().equals(SecurityUtils.getCurrentUserLogin().orElse(""))) {
+//            return new ResponseEntity<>("error.http.403", HttpStatus.FORBIDDEN);
+//        }
         return ResponseUtil.wrapOrNotFound(blogDTO);
     }
 
@@ -181,8 +198,16 @@ public ResponseEntity<BlogDTO> getBlog(@PathVariable Long id) {
      * @return the {@link ResponseEntity} with status {@code 204 (NO_CONTENT)}.
      */
     @DeleteMapping("/blogs/{id}")
-    public ResponseEntity<Void> deleteBlog(@PathVariable Long id) {
+    public ResponseEntity<?> deleteBlog(@PathVariable Long id) {
         log.debug("REST request to delete Blog : {}", id);
+
+        //BusinessRule!!! Everyone can only delete their own blog.
+        Optional<BlogDTO> blogDTO = blogService.findOne(id);
+        if (blogDTO.isPresent() && blogDTO.get().getUser() != null &&
+            !blogDTO.get().getUser().getLogin().equals(SecurityUtils.getCurrentUserLogin().orElse(""))) {
+            return new ResponseEntity<>("error.http.403", HttpStatus.FORBIDDEN);
+        }
+
         blogService.delete(id);
         return ResponseEntity
             .noContent()
diff --git a/src/main/java/com/cevheri/blog/web/rest/PostResource.java b/src/main/java/com/cevheri/blog/web/rest/PostResource.java
@@ -1,6 +1,8 @@
 package com.cevheri.blog.web.rest;
 
+import com.cevheri.blog.domain.Post;
 import com.cevheri.blog.repository.PostRepository;
+import com.cevheri.blog.security.SecurityUtils;
 import com.cevheri.blog.service.PostService;
 import com.cevheri.blog.service.dto.PostDTO;
 import com.cevheri.blog.web.rest.errors.BadRequestAlertException;
@@ -56,12 +58,17 @@ public PostResource(PostService postService, PostRepository postRepository) {
      * @throws URISyntaxException if the Location URI syntax is incorrect.
      */
     @PostMapping("/posts")
-    public ResponseEntity<PostDTO> createPost(@Valid @RequestBody PostDTO postDTO) throws URISyntaxException {
+    public ResponseEntity<?> createPost(@Valid @RequestBody PostDTO postDTO) throws URISyntaxException {
         log.debug("REST request to save Post : {}", postDTO);
         if (postDTO.getId() != null) {
             throw new BadRequestAlertException("A new post cannot already have an ID", ENTITY_NAME, "idexists");
         }
         PostDTO result = postService.save(postDTO);
+
+        if (postDTO.getBlog() != null &&
+            !postDTO.getBlog().getUser().getLogin().equals(SecurityUtils.getCurrentUserLogin().orElse(""))) {
+            return new ResponseEntity<>("Unauthorized", HttpStatus.UNAUTHORIZED);
+        }
         return ResponseEntity
             .created(new URI("/api/posts/" + result.getId()))
             .headers(HeaderUtil.createEntityCreationAlert(applicationName, true, ENTITY_NAME, result.getId().toString()))
@@ -79,7 +86,7 @@ public ResponseEntity<PostDTO> createPost(@Valid @RequestBody PostDTO postDTO) t
      * @throws URISyntaxException if the Location URI syntax is incorrect.
      */
     @PutMapping("/posts/{id}")
-    public ResponseEntity<PostDTO> updatePost(
+    public ResponseEntity<?> updatePost(
         @PathVariable(value = "id", required = false) final Long id,
         @Valid @RequestBody PostDTO postDTO
     ) throws URISyntaxException {
@@ -95,6 +102,13 @@ public ResponseEntity<PostDTO> updatePost(
             throw new BadRequestAlertException("Entity not found", ENTITY_NAME, "idnotfound");
         }
 
+
+        if (postDTO.getBlog() != null &&
+            !postDTO.getBlog().getUser().getLogin().equals(SecurityUtils.getCurrentUserLogin().orElse(""))) {
+            return new ResponseEntity<>("Unauthorized", HttpStatus.UNAUTHORIZED);
+        }
+
+
         PostDTO result = postService.update(postDTO);
         return ResponseEntity
             .ok()
@@ -168,9 +182,15 @@ public ResponseEntity<List<PostDTO>> getAllPosts(
      * @return the {@link ResponseEntity} with status {@code 200 (OK)} and with body the postDTO, or with status {@code 404 (Not Found)}.
      */
     @GetMapping("/posts/{id}")
-    public ResponseEntity<PostDTO> getPost(@PathVariable Long id) {
+    public ResponseEntity<?> getPost(@PathVariable Long id) {
         log.debug("REST request to get Post : {}", id);
         Optional<PostDTO> postDTO = postService.findOne(id);
+
+//        if (postDTO.isPresent() && postDTO.get().getBlog() != null &&
+//            !postDTO.get().getBlog().getUser().getLogin().equals(SecurityUtils.getCurrentUserLogin().orElse(""))) {
+//            return new ResponseEntity<>("Unauthorized", HttpStatus.UNAUTHORIZED);
+//        }
+
         return ResponseUtil.wrapOrNotFound(postDTO);
     }
 
@@ -181,8 +201,16 @@ public ResponseEntity<PostDTO> getPost(@PathVariable Long id) {
      * @return the {@link ResponseEntity} with status {@code 204 (NO_CONTENT)}.
      */
     @DeleteMapping("/posts/{id}")
-    public ResponseEntity<Void> deletePost(@PathVariable Long id) {
+    public ResponseEntity<?> deletePost(@PathVariable Long id) {
         log.debug("REST request to delete Post : {}", id);
+
+        //BusinessRule!!! Everyone can only delete their own Post.
+        Optional<Post> result = postRepository.findOneWithEagerRelationships(id);
+        if (result.isPresent() && result.get().getBlog() != null &&
+            !result.get().getBlog().getUser().getLogin().equals(SecurityUtils.getCurrentUserLogin().orElse(""))) {
+            return new ResponseEntity<>("Unauthorized", HttpStatus.UNAUTHORIZED);
+        }
+
         postService.delete(id);
         return ResponseEntity
             .noContent()

Original file line number	Diff line number	Diff line change
`@@ -43,4 +43,6 @@ default Page<Post> findAllWithEagerRelationships(Pageable pageable) {`
`43`	`43`
`44`	`44`	`@Query("select post from Post post left join fetch post.user left join fetch post.blog where post.id =:id")`
`45`	`45`	`Optional<Post> findOneWithToOneRelationships(@Param("id") Long id);`
	`46`	`+`
	`47`	`+ Page<Post> findByBlogUserLoginOrderByCreatedDateDesc(String currentUserLogin, Pageable pageable);`
`46`	`48`	`}`