2024-10-23 - feedback - external reviewer - server-side

Author: Luch76

server/src/main/java/com/objectcomputing/checkins/services/feedback_external_recipient/FeedbackExternalRecipientController.java

@@ -0,0 +1,67 @@
+package com.objectcomputing.checkins.services.feedback_external_recipient;
+
+import com.objectcomputing.checkins.services.feedback_request.*;
+import com.objectcomputing.checkins.services.permissions.Permission;
+import com.objectcomputing.checkins.services.permissions.RequiredPermission;
+import io.micronaut.core.annotation.Nullable;
+import io.micronaut.core.convert.format.Format;
+import io.micronaut.http.HttpResponse;
+import io.micronaut.http.HttpStatus;
+import io.micronaut.http.annotation.*;
+import io.micronaut.scheduling.TaskExecutors;
+import io.micronaut.scheduling.annotation.ExecuteOn;
+import io.micronaut.security.annotation.Secured;
+import io.micronaut.security.rules.SecurityRule;
+import io.micronaut.security.utils.SecurityService;
+import io.micronaut.validation.Validated;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.inject.Inject;
+import jakarta.validation.Valid;
+import jakarta.validation.constraints.NotNull;
+
+import java.net.URI;
+import java.time.LocalDate;
+import java.util.List;
+import java.util.UUID;
+
+@Validated
+@Controller("/services/feedback/external/recipients")
+@ExecuteOn(TaskExecutors.BLOCKING)
+@Secured(SecurityRule.IS_ANONYMOUS)
+@Tag(name = "feedback external recipient")
+public class FeedbackExternalRecipientController {
+
+    private final FeedbackRequestServices feedbackReqServices;
+    private final FeedbackExternalRecipientServices feedbackExternalRecipientServices;
+
+    public FeedbackExternalRecipientController(FeedbackRequestServices feedbackRequestServices, FeedbackExternalRecipientServices feedbackExternalRecipientServices) {
+        this.feedbackReqServices = feedbackRequestServices;
+        this.feedbackExternalRecipientServices = feedbackExternalRecipientServices;
+    }
+
+    @Get("/{?externalRecipientId}")
+    public List<FeedbackRequestResponseDTO> findByValues(@Nullable UUID externalRecipientId) {
+        return feedbackReqServices.findByValues(null, null, null, null, null, null, null, null)
+                .stream()
+                .map(this::fromEntity)
+                .toList();
+    }
+
+    private FeedbackRequestResponseDTO fromEntity(FeedbackRequest feedbackRequest) {
+        FeedbackRequestResponseDTO dto = new FeedbackRequestResponseDTO();
+        dto.setId(feedbackRequest.getId());
+        dto.setCreatorId(feedbackRequest.getCreatorId());
+        dto.setRequesteeId(feedbackRequest.getRequesteeId());
+        dto.setRecipientId(feedbackRequest.getRecipientId());
+        dto.setTemplateId(feedbackRequest.getTemplateId());
+        dto.setSendDate(feedbackRequest.getSendDate());
+        dto.setDueDate(feedbackRequest.getDueDate());
+        dto.setStatus(feedbackRequest.getStatus());
+        dto.setSubmitDate(feedbackRequest.getSubmitDate());
+        dto.setReviewPeriodId(feedbackRequest.getReviewPeriodId());
+        dto.setExternalRecipientId(feedbackRequest.getExternalRecipientId());
+
+        return dto;
+    }
+
+}

server/src/main/java/com/objectcomputing/checkins/services/feedback_request/FeedbackRequestController.java

@@ -123,9 +123,9 @@ public HttpResponse<FeedbackRequestResponseDTO> getById(UUID id) {
      * @return list of {@link FeedbackRequestResponseDTO}
      */
     @RequiredPermission(Permission.CAN_VIEW_FEEDBACK_REQUEST)
-    @Get("/{?creatorId,requesteeId,recipientId,oldestDate,reviewPeriodId,templateId,externalRecipientId,requesteeIds}")
-    public List<FeedbackRequestResponseDTO> findByValues(@Nullable UUID creatorId, @Nullable UUID requesteeId, @Nullable UUID recipientId, @Nullable @Format("yyyy-MM-dd") LocalDate oldestDate, @Nullable UUID reviewPeriodId, @Nullable UUID templateId, @Nullable UUID externalRecipientId, @Nullable List<UUID> requesteeIds) {
-        return feedbackReqServices.findByValues(creatorId, requesteeId, recipientId, oldestDate, reviewPeriodId, templateId, externalRecipientId, requesteeIds)
+    @Get("/{?creatorId,requesteeId,recipientId,oldestDate,reviewPeriodId,templateId,requesteeIds}")
+    public List<FeedbackRequestResponseDTO> findByValues(@Nullable UUID creatorId, @Nullable UUID requesteeId, @Nullable UUID recipientId, @Nullable @Format("yyyy-MM-dd") LocalDate oldestDate, @Nullable UUID reviewPeriodId, @Nullable UUID templateId, @Nullable List<UUID> requesteeIds) {
+        return feedbackReqServices.findByValues(creatorId, requesteeId, recipientId, oldestDate, reviewPeriodId, templateId, null, requesteeIds)
                 .stream()
                 .map(this::fromEntity)
                 .toList();

server/src/main/java/com/objectcomputing/checkins/services/feedback_request/FeedbackRequestServicesImpl.java

@@ -347,10 +347,6 @@ public FeedbackRequest getById(UUID id) {
 
     @Override
     public List<FeedbackRequest> findByValues(UUID creatorId, UUID requesteeId, UUID recipientId, LocalDate oldestDate, UUID reviewPeriodId, UUID templateId, UUID externalRecipientId, List<UUID> requesteeIds) {
-        final UUID currentUserId = currentUserServices.getCurrentUser().getId();
-        if (currentUserId == null) {
-            throw new PermissionException(NOT_AUTHORIZED_MSG);
-        }
 
         List<FeedbackRequest> feedbackReqList = new ArrayList<>();
         if (requesteeIds != null && !requesteeIds.isEmpty()) {
@@ -363,15 +359,27 @@ public List<FeedbackRequest> findByValues(UUID creatorId, UUID requesteeId, UUID
 
         feedbackReqList = feedbackReqList.stream().filter((FeedbackRequest request) -> {
             boolean visible = false;
-            final UUID recipientIdLocal;
             if (currentUserServices.isAdmin()) {
                 visible = true;
             } else if (request != null) {
-                if (currentUserId.equals(request.getCreatorId())) visible = true;
-                if (isSupervisor(request.getRequesteeId(), currentUserId)) visible = true;
-                recipientIdLocal = request.getRecipientId();
-                if (currentUserId.equals(recipientIdLocal)) visible = true;
-                if (request.getExternalRecipientId() != null) visible = true;
+                MemberProfile currentUser;
+                UUID currentUserId;
+
+                try {
+                    currentUser = currentUserServices.getCurrentUser();
+                    currentUserId = currentUser.getId();
+                } catch (NotFoundException notFoundException) {
+                    currentUser = null;
+                    currentUserId = null;
+                }
+                if (currentUserId != null) {
+                    if (currentUserId.equals(request.getCreatorId())) visible = true;
+                    if (isSupervisor(request.getRequesteeId(), currentUserId)) visible = true;
+                    if (currentUserId.equals(request.getRecipientId())) visible = true;
+                } else {
+                    if (request.getExternalRecipientId() != null) visible = true;
+                }
+
             }
             return visible;
         }).toList();

server/src/test/java/com/objectcomputing/checkins/services/feedback_request/FeedbackRequestControllerTest.java

@@ -53,6 +53,10 @@ class FeedbackRequestControllerTest extends TestContainersSuite implements Membe
     @Client("/services/feedback/requests")
     HttpClient client;
 
+    @Inject
+    @Client("/services/feedback/external/recipients")
+    HttpClient clientExternalRecipient;
+
     @Inject
     CheckInsConfiguration checkInsConfiguration;
 
@@ -1227,9 +1231,9 @@ void testGetByCreatorRecipientIdPermittedToExternalRecipients() {
         FeedbackRequest feedbackRequest = saveFeedbackRequest(pdlMemberProfile, requestee, externalRecipient);
 
         //get feedback request
-        final HttpRequest<?> request = HttpRequest.GET(String.format("/?externalRecipientId=%s", feedbackRequest.getExternalRecipientId()))
-                .basicAuth(recipient.getWorkEmail(), RoleType.Constants.MEMBER_ROLE);
-        final HttpResponse<FeedbackRequestResponseDTO> response = client.toBlocking().exchange(request, FeedbackRequestResponseDTO.class);
+        final HttpRequest<?> request = HttpRequest.GET(String.format("/?externalRecipientId=%s", feedbackRequest.getExternalRecipientId()));
+                //.basicAuth(recipient.getWorkEmail(), RoleType.Constants.MEMBER_ROLE);
+        final HttpResponse<FeedbackRequestResponseDTO> response = clientExternalRecipient.toBlocking().exchange(request, FeedbackRequestResponseDTO.class);
 
         // recipient must be able to get the feedback request
         assertEquals(HttpStatus.OK, response.getStatus());