Added a check for at least one recipient and more tests.

Author: ocielliottc

server/src/main/java/com/objectcomputing/checkins/services/kudos/KudosServicesImpl.java

@@ -163,6 +163,12 @@ public Kudos update(KudosUpdateDTO kudos) {
             throw new PermissionException(NOT_AUTHORIZED_MSG);
         }
 
+        if (kudos.getRecipientMembers() == null ||
+            kudos.getRecipientMembers().isEmpty()) {
+            throw new BadArgException(
+                          "Kudos must contain at least one recipient");
+        }
+
         // Begin modifying the existing kudos to reflect desired changes.
         existingKudos.setMessage(kudos.getMessage());
 

server/src/test/java/com/objectcomputing/checkins/services/kudos/KudosControllerTest.java

@@ -634,4 +634,56 @@ void testUpdateKudos(boolean supplyTeam, boolean publiclyVisible) {
         }
     }
 
+    @Test
+    void testUpdateKudosNoPermission() {
+        // Create a kudos
+        final Kudos kudos = testCreateKudos(false, true);
+
+        KudosUpdateDTO proposed = new KudosUpdateDTO(kudos.getId(),
+                                                     kudos.getMessage(),
+                                                     false, recipientMembers);
+        final HttpRequest<KudosUpdateDTO> request =
+            HttpRequest.PUT("", proposed).basicAuth(other.getWorkEmail(),
+                                                    MEMBER_ROLE);
+        final HttpClientResponseException responseException =
+            assertThrows(HttpClientResponseException.class,
+                         () -> client.exchange(request, Kudos.class));
+
+        assertEquals(HttpStatus.FORBIDDEN, responseException.getStatus());
+    }
+
+    @Test
+    void testUpdateKudosAdminPermission() {
+        // Create a kudos
+        final Kudos kudos = testCreateKudos(false, true);
+
+        KudosUpdateDTO proposed = new KudosUpdateDTO(kudos.getId(),
+                                                     kudos.getMessage(),
+                                                     false, recipientMembers);
+        final HttpRequest<KudosUpdateDTO> request =
+            HttpRequest.PUT("", proposed).basicAuth(admin.getWorkEmail(),
+                                                    ADMIN_ROLE);
+        final HttpResponse<Kudos> response = client.exchange(request,
+                                                             Kudos.class);
+        assertEquals(HttpStatus.OK, response.getStatus());
+    }
+
+    @Test
+    void testUpdateKudosNoMembers() {
+        // Create a kudos
+        final Kudos kudos = testCreateKudos(false, true);
+
+        final List<MemberProfile> members = new ArrayList<>();
+        KudosUpdateDTO proposed = new KudosUpdateDTO(kudos.getId(),
+                                                     kudos.getMessage(),
+                                                     false, members);
+        final HttpRequest<KudosUpdateDTO> request =
+            HttpRequest.PUT("", proposed).basicAuth(senderWorkEmail,
+                                                    MEMBER_ROLE);
+        final HttpClientResponseException responseException =
+            assertThrows(HttpClientResponseException.class,
+                         () -> client.exchange(request, Kudos.class));
+
+        assertEquals(HttpStatus.BAD_REQUEST, responseException.getStatus());
+    }
 }

web-ui/src/components/kudos_card/KudosCard.jsx

@@ -344,7 +344,9 @@ const KudosCard = ({ kudos, includeActions, includeEdit, onKudosAction }) => {
             Cancel
           </Button>
           <Button onClick={updateKudosCallback}
-                  disabled={kudosMessage.trim().length == 0} autoFocus>
+                  disabled={kudosMessage.trim().length == 0 ||
+                            kudosRecipientMembers.length == 0}
+                  autoFocus>
             Save
           </Button>
         </DialogActions>