Merge branch 'develop' into bugfix-2642/member-role-controller-was-allowing-anonymous-security

Author: mkimberlin

README.md

@@ -1,4 +1,4 @@
-[![Gradle Build & Deploy - Develop](https://github.com/objectcomputing/check-ins/actions/workflows/gradle-build-development.yml/badge.svg)](https://github.com/objectcomputing/check-ins/actions/workflows/gradle-build-development.yml)
+[![Gradle Build & Deploy - Develop](https://github.com/objectcomputing/check-ins/actions/workflows/gradle-build-develop.yml/badge.svg)](https://github.com/objectcomputing/check-ins/actions/workflows/gradle-build-develop.yml)
 [![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg)](CODE_OF_CONDUCT.md)
 
 <!-- TOC -->
@@ -29,99 +29,9 @@ This web application is written in [Micronaut](https://micronaut.io) for uploadi
 
 See [Setting up your environment](https://objectcomputing.github.io/check-ins/getting-started/setup/) for instructions on setting up your development environment.
 
-# Project setup
-
-There are two files required to run the application successfully. Both of which must be created and placed in
-`src/main/resources/secrets`.
-
-### directory.json
-
-This is a simple JSON file containing the identifier for the Google Drive folder into which the uploaded files are to be deposited.
-
-```json
-{
-  "upload-directory-id": "GOOGLE_DRIVE_FOLDER_ID"
-}
-```
-
-### credentials.json
-
-This JSON file should create the generated credentials for a service account that has access to write to the identified Google Drive folder. Information on configuring GCP service account credentials can be [found here](https://cloud.google.com/iam/docs/creating-managing-service-account-keys).
-
-Note: Be sure that the target Google Drive folder has edit access granted to the service account.
-
-<!-- the two required files are no longer needed -->
-
 ## Running the application
 
-#### Installs
-
-- [Podman](https://podman.io/)
-- [Podman-Compose](https://github.com/containers/podman-compose)
-
-#### Building
-
-1. Start the database in a Podman container:
-   - Initialize and start a Podman VM:
-     ```shell
-     $ podman machine init
-     $ podman machine start
-     ```
-   - Start the Podman container:
-     ```shell
-     $ podman-compose up
-     ```
-2. In a different terminal, execute the following commands :
-
-   - On Bash/Zsh -
-
-     ```sh
-     $ OAUTH_CLIENT_ID=<Insert_Client_ID> OAUTH_CLIENT_SECRET=<Insert_Client_Secret> MICRONAUT_ENVIRONMENTS=local ./gradlew build
-     ```
-
-     ```sh
-     $ ./gradlew assemble
-     ```
-
-     ```sh
-     $ OAUTH_CLIENT_ID=<Insert_Client_ID> OAUTH_CLIENT_SECRET=<Insert_Client_Secret> MICRONAUT_ENVIRONMENTS=local ./gradlew run
-     ```
-
-   - On Powershell/Command-Line -
-     Set the following environment variables -
-     ```sh
-     MICRONAUT_ENVIRONMENTS=local
-     OAUTH_CLIENT_ID=<Client_ID>
-     OAUTH_CLIENT_SECRET=<Client_Secret>
-     ```
-     Build and run the application -
-     ```sh
-     $ gradlew build
-     ```
-     ```sh
-     $ gradlew assemble
-     ```
-     ```sh
-     $ gradlew run
-     ```
-
-3. Open the browser to run the application at `http://localhost:8080`
-4. Access swagger-UI at - `http://localhost:8080/swagger-ui`
-
-# Testing
-
-1. To run the server tests, run the following:
-    ```sh
-    $ ./gradlew :server:check
-    ```
-2. To run the UI tests, run the following:
-    ```sh
-    $ ./gradlew :web-ui:check
-    ```
-3. To update snapshots, run the following:
-    ```sh
-    $ cd web-ui && yarn test -u
-    ```
+See [Running the Application](https://objectcomputing.github.io/check-ins/getting-started/running/) for instructions on running the application locally.
 
 # Contributing
 

server/src/main/java/com/objectcomputing/checkins/services/reviews/ReviewAssignmentServices.java

@@ -16,4 +16,5 @@ public interface ReviewAssignmentServices {
     void delete(UUID id);
     Set<ReviewAssignment> findAllByReviewPeriodIdAndReviewerId(UUID reviewPeriodId, @Nullable UUID reviewerId);
 
+    Set<ReviewAssignment> defaultReviewAssignments(UUID reviewPeriodId);
 }

server/src/main/java/com/objectcomputing/checkins/services/reviews/ReviewAssignmentServicesImpl.java

@@ -82,10 +82,6 @@ public Set<ReviewAssignment> findAllByReviewPeriodIdAndReviewerId(UUID reviewPer
         } else {
             reviewAssignments = reviewAssignmentRepository.findByReviewPeriodIdAndReviewerId(reviewPeriodId, reviewerId);
         }
-        if (reviewAssignments.isEmpty()) {
-            //If no assignments exist for the review period, then a set of default review assignments should be returned
-            reviewAssignments = defaultReviewAssignments(reviewPeriodId);
-        }
 
         return reviewAssignments;
     }
@@ -109,7 +105,7 @@ public void delete(UUID id) {
         }
     }
 
-    private Set<ReviewAssignment> defaultReviewAssignments(UUID reviewPeriodId) {
+    public Set<ReviewAssignment> defaultReviewAssignments(UUID reviewPeriodId) {
         Set<ReviewAssignment> reviewAssignments = new HashSet<>();
 
         memberProfileRepository.findAll().forEach(memberProfile -> {

server/src/main/java/com/objectcomputing/checkins/services/reviews/ReviewPeriodController.java

@@ -33,9 +33,11 @@
 public class ReviewPeriodController {
 
     private final ReviewPeriodServices reviewPeriodServices;
+    private final ReviewAssignmentServices reviewAssignmentServices;
 
-    public ReviewPeriodController(ReviewPeriodServices reviewPeriodServices) {
+    public ReviewPeriodController(ReviewPeriodServices reviewPeriodServices, ReviewAssignmentServices reviewAssignmentServices) {
         this.reviewPeriodServices = reviewPeriodServices;
+        this.reviewAssignmentServices = reviewAssignmentServices;
     }
 
     /**
@@ -47,11 +49,17 @@ public ReviewPeriodController(ReviewPeriodServices reviewPeriodServices) {
     @Post
     @RequiredPermission(Permission.CAN_CREATE_REVIEW_PERIOD)
     public HttpResponse<ReviewPeriod> createReviewPeriod(@Body @Valid ReviewPeriodCreateDTO period, HttpRequest<?> request) {
+        HttpResponse httpResponse;
+        Set<ReviewAssignment> reviewAssignments;
+
         ReviewPeriod reviewPeriod = reviewPeriodServices.save(period.convertToEntity());
-        return HttpResponse.created(reviewPeriod)
+        httpResponse = HttpResponse.created(reviewPeriod)
                         .headers(headers -> headers
                                 .location(URI.create(String.format("%s/%s", request.getPath(), reviewPeriod.getId())))
                         );
+        reviewAssignments = reviewAssignmentServices.defaultReviewAssignments(reviewPeriod.getId());
+        reviewAssignmentServices.saveAll(reviewPeriod.getId(), reviewAssignments.stream().toList(), true);
+        return httpResponse;
     }
 
     /**

server/src/test/java/com/objectcomputing/checkins/services/reviews/ReviewAssignmentControllerTest.java

@@ -146,12 +146,13 @@ void testGETFindAssignmentsByPeriodIdDefaultAssignments() {
 
         final HttpResponse<Set<ReviewAssignment>> response = client.toBlocking().exchange(request, Argument.setOf(ReviewAssignment.class));
 
+        // A review period only has default review assignments added to it when
+        // the review period is created through the controller.  And, they are
+        // no longer added to the review period when retrieving the review
+        // assignments for a specific review period.  Therefore, this review
+        // period should have zero review assignments associated with it.
         assertNotNull(response.body());
-        assertEquals(3, Objects.requireNonNull(response.body()).size());
-        assertTrue(response.body().stream().anyMatch(ra -> ra.getRevieweeId().equals(memberOne.getId())));
-        assertTrue(response.body().stream().anyMatch(ra -> ra.getRevieweeId().equals(memberTwo.getId())));
-        assertTrue(response.body().stream().anyMatch(ra -> ra.getRevieweeId().equals(memberThree.getId())));
-        assertEquals(HttpStatus.OK, response.getStatus());
+        assertEquals(0, Objects.requireNonNull(response.body()).size());
     }
 
     @Test
@@ -287,4 +288,4 @@ void deleteReviewAssignmentWithoutPermissions() {
         assertNotNull(responseException.getResponse());
         assertEquals(HttpStatus.FORBIDDEN, responseException.getStatus());
     }
-}
+}