2024-10-30 - feedback - external reviewer - server-side

Author: Luch76

server/src/main/java/com/objectcomputing/checkins/security/HomeController.java

@@ -1,14 +1,21 @@
 package com.objectcomputing.checkins.security;
 
+import com.objectcomputing.checkins.services.feedback_request.FeedbackRequestExternalRecipientController;
 import io.micronaut.context.env.Environment;
+import io.micronaut.http.HttpResponse;
+import io.micronaut.http.MediaType;
 import io.micronaut.http.annotation.Controller;
 import io.micronaut.http.annotation.Get;
+import io.micronaut.http.annotation.Produces;
 import io.micronaut.http.server.types.files.StreamedFile;
 import io.micronaut.security.annotation.Secured;
 import io.micronaut.security.rules.SecurityRule;
 import io.micronaut.views.View;
 
 import io.micronaut.core.annotation.Nullable;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import java.security.Principal;
 import java.util.HashMap;
 import java.util.Map;
@@ -19,6 +26,7 @@
 public class HomeController {
 
     private final Environment environment;
+    private static final Logger LOG = LoggerFactory.getLogger(HomeController.class);
 
     public HomeController(Environment environment) {
         this.environment = environment;
@@ -34,8 +42,11 @@ public Map<String, Object> forbidden(@Nullable Principal principal) {
      * Forwards any unmapped paths (except those containing a period) to the client {@code index.html}.
      * @return forward to client {@code index.html}.
      */
-    @Get("/{path:[^\\.]*}")
+    // 2024-10-29 - Note the path excludes "/feedbackExternalRecipient", which is handled by HomeExternalRecipientController
+    @Get("/{path:^(?!feedbackExternalRecipient)([^\\.]+)$}")
     public Optional<StreamedFile> forward(String path) {
+        LOG.info("HomeController, forward, path: " + path);
         return environment.getResource("public/index.html").map(StreamedFile::new);
     }
+
 }

server/src/main/java/com/objectcomputing/checkins/security/HomeExternalRecipientController.java

@@ -0,0 +1,39 @@
+package com.objectcomputing.checkins.security;
+
+import io.micronaut.context.env.Environment;
+import io.micronaut.core.annotation.Nullable;
+import io.micronaut.http.HttpResponse;
+import io.micronaut.http.MediaType;
+import io.micronaut.http.annotation.Controller;
+import io.micronaut.http.annotation.Get;
+import io.micronaut.http.annotation.Produces;
+import io.micronaut.http.server.types.files.StreamedFile;
+import io.micronaut.security.annotation.Secured;
+import io.micronaut.security.rules.SecurityRule;
+import io.micronaut.views.View;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Optional;
+
+@Controller
+@Secured(SecurityRule.IS_ANONYMOUS)
+public class HomeExternalRecipientController {
+
+    private final Environment environment;
+    private static final Logger LOG = LoggerFactory.getLogger(HomeExternalRecipientController.class);
+
+    public HomeExternalRecipientController(Environment environment) {
+        this.environment = environment;
+    }
+
+    @Get("/feedbackExternalRecipient/{path:.+}")
+    public Optional<StreamedFile> forward(String path) {
+        LOG.info("HomeExternalRecipientController, forward, path: " + path);
+        return environment.getResource("public/index_external_recipient.html").map(StreamedFile::new);
+    }
+
+}

server/src/main/java/com/objectcomputing/checkins/services/feedback_answer/FeedbackAnswerController.java

@@ -82,7 +82,7 @@ public HttpResponse<FeedbackAnswerResponseDTO> getById(UUID id) {
     @Get("/{?questionId,requestId}")
     @RequiredPermission(Permission.CAN_VIEW_FEEDBACK_ANSWER)
     public List<FeedbackAnswerResponseDTO> findByValues(@Nullable UUID questionId, @Nullable UUID requestId) {
-        return feedbackAnswerServices.findByValues(questionId, requestId)
+        return feedbackAnswerServices.findByValues(questionId, requestId, null)
                 .stream()
                 .map(this::fromEntity)
                 .toList();

server/src/main/java/com/objectcomputing/checkins/services/feedback_answer/FeedbackAnswerExternalRecipientController.java

@@ -0,0 +1,121 @@
+package com.objectcomputing.checkins.services.feedback_answer;
+
+import com.objectcomputing.checkins.exceptions.BadArgException;
+import com.objectcomputing.checkins.services.feedback_request.FeedbackRequest;
+import com.objectcomputing.checkins.services.feedback_request.FeedbackRequestServices;
+import com.objectcomputing.checkins.services.permissions.Permission;
+import com.objectcomputing.checkins.services.permissions.RequiredPermission;
+import io.micronaut.core.annotation.Nullable;
+import io.micronaut.http.HttpResponse;
+import io.micronaut.http.annotation.*;
+import io.micronaut.scheduling.TaskExecutors;
+import io.micronaut.scheduling.annotation.ExecuteOn;
+import io.micronaut.security.annotation.Secured;
+import io.micronaut.security.rules.SecurityRule;
+import jakarta.validation.Valid;
+import jakarta.validation.constraints.NotNull;
+
+import java.net.URI;
+import java.util.List;
+import java.util.UUID;
+
+@Controller("/services/feedback/answers/external/recipients")
+@ExecuteOn(TaskExecutors.BLOCKING)
+@Secured(SecurityRule.IS_ANONYMOUS)
+public class FeedbackAnswerExternalRecipientController {
+
+    private final FeedbackAnswerServices feedbackAnswerServices;
+    private final FeedbackRequestServices feedbackRequestServices;
+
+    public FeedbackAnswerExternalRecipientController(FeedbackAnswerServices feedbackAnswerServices, FeedbackRequestServices feedbackRequestServices) {
+        this.feedbackAnswerServices = feedbackAnswerServices;
+        this.feedbackRequestServices = feedbackRequestServices;
+    }
+
+    /**
+     * Create a feedback answer
+     *
+     * @param requestBody {@link FeedbackAnswerCreateDTO} New feedback answer to create
+     * @return {@link FeedbackAnswerResponseDTO}
+     */
+    @Post
+    public HttpResponse<FeedbackAnswerResponseDTO> save(@Body @Valid @NotNull FeedbackAnswerCreateDTO requestBody) {
+        FeedbackRequest feedbackRequest = this.feedbackRequestServices.getById(requestBody.getRequestId());
+        if (feedbackRequest.getExternalRecipientId() == null) {
+            throw new BadArgException("This feedback request is not for an external recipient");
+        }
+        FeedbackAnswer savedAnswer = feedbackAnswerServices.save(fromDTO(requestBody));
+        return HttpResponse.created(fromEntity(savedAnswer))
+                .headers(headers -> headers.location(URI.create("/feedback_answer/" + savedAnswer.getId())));
+    }
+
+    /**
+     * Update a feedback answer
+     *
+     * @param requestBody {@link FeedbackAnswerUpdateDTO} The updated feedback answer
+     * @return {@link FeedbackAnswerResponseDTO}
+     */
+    @Put
+    public HttpResponse<FeedbackAnswerResponseDTO> update(@Body @Valid @NotNull FeedbackAnswerUpdateDTO requestBody) {
+        FeedbackAnswer feedbackAnswerExistingRecord = this.feedbackAnswerServices.getById(requestBody.getId());
+        FeedbackRequest feedbackRequest = this.feedbackRequestServices.getById(feedbackAnswerExistingRecord.getRequestId());
+        if (feedbackRequest.getExternalRecipientId() == null) {
+            throw new BadArgException("This feedback request is not for an external recipient");
+        }
+        FeedbackAnswer savedAnswer = feedbackAnswerServices.update(fromDTO(requestBody));
+        return HttpResponse.ok(fromEntity(savedAnswer))
+                .headers(headers -> headers.location(URI.create("/feedback_answer/" + savedAnswer.getId())));
+    }
+
+    /**
+     * Get a feedback answer by ID
+     *
+     * @param id {@link UUID} ID of the feedback answer
+     * @return {@link FeedbackAnswerResponseDTO}
+     */
+    @Get("/{id}")
+    public HttpResponse<FeedbackAnswerResponseDTO> getById(UUID id) {
+        FeedbackAnswer savedAnswer = feedbackAnswerServices.getById(id);
+        FeedbackRequest feedbackRequest = this.feedbackRequestServices.getById(savedAnswer.getRequestId());
+        if (feedbackRequest.getExternalRecipientId() == null) {
+            throw new BadArgException("This feedback request is not for an external recipient");
+        }
+        return HttpResponse.ok(fromEntity(savedAnswer))
+                .headers(headers -> headers.location(URI.create("/feedback_answer/" + savedAnswer.getId())));
+    }
+
+    /**
+     * Search for all feedback requests that match the intersection of the provided values
+     * Any values that are null are not applied to the intersection
+     *
+     * @param questionId The attached {@link UUID} of the related question
+     * @param requestId  The attached {@link UUID} of the request that corresponds with the answer
+     * @param externalRecipientId  The attached {@link UUID} of the external-recipient that corresponds with the answer
+     * @return {@link FeedbackAnswerResponseDTO}
+     */
+    @Get("/{?questionId,requestId,externalRecipientId}")
+    public List<FeedbackAnswerResponseDTO> findByValues(@Nullable UUID questionId, @Nullable UUID requestId, @Nullable UUID externalRecipientId) {
+        return feedbackAnswerServices.findByValues(questionId, requestId, externalRecipientId)
+                .stream()
+                .map(this::fromEntity)
+                .toList();
+    }
+
+    private FeedbackAnswer fromDTO(FeedbackAnswerCreateDTO dto) {
+        return new FeedbackAnswer(dto.getAnswer(), dto.getQuestionId(), dto.getRequestId(), dto.getSentiment());
+    }
+
+    private FeedbackAnswer fromDTO(FeedbackAnswerUpdateDTO dto) {
+        return new FeedbackAnswer(dto.getId(), dto.getAnswer(), dto.getSentiment());
+    }
+
+    private FeedbackAnswerResponseDTO fromEntity(FeedbackAnswer feedbackAnswer) {
+        FeedbackAnswerResponseDTO dto = new FeedbackAnswerResponseDTO();
+        dto.setId(feedbackAnswer.getId());
+        dto.setAnswer(feedbackAnswer.getAnswer());
+        dto.setQuestionId(feedbackAnswer.getQuestionId());
+        dto.setRequestId(feedbackAnswer.getRequestId());
+        dto.setSentiment(feedbackAnswer.getSentiment());
+        return dto;
+    }
+}

server/src/main/java/com/objectcomputing/checkins/services/feedback_answer/FeedbackAnswerRepository.java

@@ -23,7 +23,17 @@ public interface FeedbackAnswerRepository extends CrudRepository<FeedbackAnswer,
     @Override
     <S extends FeedbackAnswer> S update(@NotNull @Valid S entity);
 
-    @Query("SELECT id, PGP_SYM_DECRYPT(cast(answer as bytea), '${aes.key}') as answer, question_id, request_id, sentiment FROM feedback_answers WHERE (:questionId IS NULL OR question_id = :questionId) AND (request_id = :requestId)")
+    @Query("SELECT id, PGP_SYM_DECRYPT(cast(answer as bytea), '${aes.key}') as answer, question_id, request_id, sentiment " +
+            "FROM feedback_answers WHERE (:questionId IS NULL OR question_id = :questionId) AND (request_id = :requestId)")
     List<FeedbackAnswer> getByQuestionIdAndRequestId(@Nullable String questionId, @Nullable String requestId);
 
+    @Query("SELECT FA.id, PGP_SYM_DECRYPT(cast(FA.answer as bytea), '${aes.key}') as answer, FA.question_id, FA.request_id, FA.sentiment " +
+            "FROM feedback_answers FA JOIN feedback_requests FR on FA.request_id = FR.id " +
+            "WHERE 1=1 " +
+            "and (:questionId IS NULL OR question_id = :questionId) " +
+            "AND (request_id = :requestId) " +
+            "AND :externalRecipientId = FR.external_recipient_id " +
+            "")
+    List<FeedbackAnswer> getByQuestionIdAndRequestId(@Nullable String questionId, @Nullable String requestId, @NotNull String externalRecipientId);
+
 }

server/src/main/java/com/objectcomputing/checkins/services/feedback_answer/FeedbackAnswerServices.java

@@ -13,5 +13,5 @@ public interface FeedbackAnswerServices {
 
     FeedbackAnswer getById(UUID id);
 
-    List<FeedbackAnswer> findByValues(@Nullable UUID questionId, @Nullable UUID requestId);
+    List<FeedbackAnswer> findByValues(@Nullable UUID questionId, @Nullable UUID requestId, @Nullable UUID externalRecipientId);
 }

server/src/main/java/com/objectcomputing/checkins/services/feedback_answer/FeedbackAnswerServicesImpl.java

@@ -98,10 +98,20 @@ public FeedbackAnswer getById(UUID id) {
     }
 
     @Override
-    public List<FeedbackAnswer> findByValues(@Nullable UUID questionId, @Nullable UUID requestId) {
+    public List<FeedbackAnswer> findByValues(@Nullable UUID questionId, @Nullable UUID requestId, @Nullable UUID externalRecipientId) {
         List<FeedbackAnswer> response = new ArrayList<>();
         FeedbackRequest feedbackRequest;
-        UUID currentUserId = currentUserServices.getCurrentUser().getId();
+        MemberProfile currentUser;
+
+        try {
+            currentUser = currentUserServices.getCurrentUser();
+
+        } catch (NotFoundException e) {
+            currentUser = null;
+
+        }
+        final UUID currentUserId = (currentUser != null) ? currentUser.getId() : null;
+
         try {
             feedbackRequest = feedbackRequestServices.getById(requestId);
         } catch (NotFoundException e) {
@@ -110,16 +120,18 @@ public List<FeedbackAnswer> findByValues(@Nullable UUID questionId, @Nullable UU
         final UUID requestCreatorId = feedbackRequest.getCreatorId();
         final UUID requesteeId = feedbackRequest.getRequesteeId();
         final UUID recipientId = feedbackRequest.getRecipientId();
-        boolean isRequesteesSupervisor = requesteeId != null ? memberProfileServices.getSupervisorsForId(requesteeId).stream().anyMatch(profile -> currentUserId.equals(profile.getId())) : false;
+        boolean isRequesteesSupervisor = requesteeId != null && currentUserId != null ? memberProfileServices.getSupervisorsForId(requesteeId).stream().anyMatch(profile -> currentUserId.equals(profile.getId())) : false;
         MemberProfile requestee = memberProfileServices.getById(requesteeId);
         final UUID requesteePDL = requestee.getPdlId();
-        if (currentUserServices.isAdmin() || currentUserId.equals(requesteePDL) || isRequesteesSupervisor || requestCreatorId.equals(currentUserId) || recipientId.equals(currentUserId)) {
+        if (currentUserServices.isAdmin() || (currentUserId != null && currentUserId.equals(requesteePDL)) || isRequesteesSupervisor || requestCreatorId.equals(currentUserId) || (recipientId != null && recipientId.equals(currentUserId))) {
             response.addAll(feedbackAnswerRepository.getByQuestionIdAndRequestId(Util.nullSafeUUIDToString(questionId), Util.nullSafeUUIDToString(requestId)));
             return response;
+        } else if (externalRecipientId != null) {
+            response.addAll(feedbackAnswerRepository.getByQuestionIdAndRequestId(Util.nullSafeUUIDToString(questionId), Util.nullSafeUUIDToString(requestId), externalRecipientId.toString()));
+            return response;
         }
 
         throw new PermissionException(NOT_AUTHORIZED_MSG);
-
     }
 
     public FeedbackRequest getRelatedFeedbackRequest(FeedbackAnswer feedbackAnswer) {
@@ -136,24 +148,48 @@ public FeedbackRequest getRelatedFeedbackRequest(FeedbackAnswer feedbackAnswer)
 
     public boolean createIsPermitted(FeedbackRequest feedbackRequest) {
         final UUID recipientId = feedbackRequest.getRecipientId();
-        final UUID currentUserId = currentUserServices.getCurrentUser().getId();
-        return recipientId.equals(currentUserId);
+        MemberProfile currentUser;
+        UUID currentUserId;
+
+        try {
+            currentUser = currentUserServices.getCurrentUser();
+            currentUserId = currentUser.getId();
+        } catch (NotFoundException e) {
+            currentUser = null;
+            currentUserId = null;
+        }
+        return (recipientId != null && recipientId.equals(currentUserId)) || (currentUserId == null && feedbackRequest.getExternalRecipientId() != null);
     }
 
     public boolean updateIsPermitted(FeedbackRequest feedbackRequest) {
         return createIsPermitted(feedbackRequest);
     }
 
     public boolean getIsPermitted(FeedbackRequest feedbackRequest) {
+        MemberProfile currentUser;
+
+        try {
+            currentUser = currentUserServices.getCurrentUser();
+        } catch (NotFoundException e) {
+            currentUser = null;
+        }
+        final UUID currentUserId = (currentUser != null) ? currentUserServices.getCurrentUser().getId() : null;
+
         final boolean isAdmin = currentUserServices.isAdmin();
         final UUID requestCreatorId = feedbackRequest.getCreatorId();
         UUID requesteeId = feedbackRequest.getRequesteeId();
         MemberProfile requestee = memberProfileServices.getById(requesteeId);
-        final UUID currentUserId = currentUserServices.getCurrentUser().getId();
         final UUID recipientId = feedbackRequest.getRecipientId();
-        boolean isRequesteesSupervisor = requesteeId != null ? memberProfileServices.getSupervisorsForId(requesteeId).stream().anyMatch(profile -> currentUserId.equals(profile.getId())) : false;
+        boolean isRequesteesSupervisor;
+
+        if  (requesteeId != null && currentUserId != null) {
+            isRequesteesSupervisor = memberProfileServices.getSupervisorsForId(requesteeId).stream().anyMatch(profile -> currentUserId.equals(profile.getId()));
+        } else {
+            isRequesteesSupervisor = false;
+        }
+
         final UUID requesteePDL = requestee.getPdlId();
 
-        return isAdmin || currentUserId.equals(requesteePDL) || isRequesteesSupervisor || requestCreatorId.equals(currentUserId) || recipientId.equals(currentUserId);
+        return isAdmin || (currentUserId != null && currentUserId.equals(requesteePDL)) || isRequesteesSupervisor || requestCreatorId.equals(currentUserId) || (recipientId != null && recipientId.equals(currentUserId)) || feedbackRequest.getExternalRecipientId()!= null;
     }
 }

server/src/main/java/com/objectcomputing/checkins/services/feedback_answer/question_and_answer/QuestionAndAnswerServicesImpl.java

@@ -46,7 +46,7 @@ public List<Tuple> getAllQuestionsAndAnswers(UUID requestId) {
             throw new PermissionException(NOT_AUTHORIZED_MSG);
         }
         List<TemplateQuestion> templateQuestions = templateQuestionServices.findByFields(feedbackRequest.getTemplateId());
-        List<FeedbackAnswer> answerList = feedbackAnswerServices.findByValues(null, requestId);
+        List<FeedbackAnswer> answerList = feedbackAnswerServices.findByValues(null, requestId, null);
 
         List<Tuple> returnerList = new ArrayList<>();
 
@@ -86,7 +86,7 @@ public Tuple getQuestionAndAnswer(@Nullable UUID requestId, @Nullable UUID quest
         }
 
         List<FeedbackAnswer> list;
-        list = feedbackAnswerServices.findByValues(questionId, requestId);
+        list = feedbackAnswerServices.findByValues(questionId, requestId, null);
 
         FeedbackAnswer returnedAnswer;
         if (list.isEmpty()) {

server/src/main/java/com/objectcomputing/checkins/services/feedback_request/FeedbackRequestController.java

@@ -92,7 +92,6 @@ public void delete(@NotNull UUID id) {
      * @param id {@link UUID} ID of the request
      * @return {@link FeedbackRequestResponseDTO}
      */
-    //@Secured(SecurityRule.IS_ANONYMOUS)
     @Get("/{id}")
     @RequiredPermission(Permission.CAN_VIEW_FEEDBACK_REQUEST)
     public HttpResponse<FeedbackRequestResponseDTO> getById(UUID id) {