Merge pull request #2824 from objectcomputing/bugfix-2823/anonymous-pulse-causes-error

mkimberlin · web-flow · commit 6975f56aebb0 · 2025-01-21T09:22:28.000-06:00
Check for a null member id when checking pulse permissions.
diff --git a/server/src/main/java/com/objectcomputing/checkins/services/pulseresponse/PulseResponseServicesImpl.java b/server/src/main/java/com/objectcomputing/checkins/services/pulseresponse/PulseResponseServicesImpl.java
@@ -133,8 +133,9 @@ public Set<PulseResponse> findByFields(UUID teamMemberId, LocalDate dateFrom, Lo
     // The current user can view the pulse response if they are the team member who submitted the pulse response
     // or if they are the supervisor of the team member who submitted the pulse response
     private boolean canViewDueToReportingHierarchy(PulseResponse pulse, UUID currentUserId) {
-        return pulse.getTeamMemberId().equals(currentUserId) ||
-                isSubordinateTo(pulse.getTeamMemberId(), currentUserId);
+        UUID id = pulse.getTeamMemberId();
+        return id != null &&
+               (id.equals(currentUserId) || isSubordinateTo(id, currentUserId));
     }
 
     private boolean isSubordinateTo(UUID reportMember, UUID currentUserId) {
diff --git a/server/src/test/java/com/objectcomputing/checkins/services/fixture/PulseResponseFixture.java b/server/src/test/java/com/objectcomputing/checkins/services/fixture/PulseResponseFixture.java
@@ -10,4 +10,9 @@ default PulseResponse createADefaultPulseResponse(MemberProfile memberprofile) {
         return getPulseResponseRepository().save(new PulseResponse(0, 0, LocalDate.now(),
                 memberprofile.getId(), "internalfeelings", "externalfeelings"));
     }
+
+    default PulseResponse createADefaultAnonymousPulseResponse() {
+        return getPulseResponseRepository().save(new PulseResponse(0, 0, LocalDate.now(),
+                null, "internalfeelings", "externalfeelings"));
+    }
 }
diff --git a/server/src/test/java/com/objectcomputing/checkins/services/pulseresponse/PulseResponseControllerTest.java b/server/src/test/java/com/objectcomputing/checkins/services/pulseresponse/PulseResponseControllerTest.java
@@ -286,6 +286,22 @@ void testGetFindByfindBySubmissionDateBetween() {
         assertEquals(Set.of(pulseResponse), response.body());
     }
 
+    @Test
+    void testAnonymousGetFindByfindBySubmissionDateBetween() {
+        MemberProfile memberProfile = createADefaultMemberProfile();
+
+        PulseResponse pulseResponse = createADefaultAnonymousPulseResponse();
+
+        LocalDate testDateFrom = LocalDate.of(2019, 1, 1);
+        LocalDate testDateTo = Util.MAX.toLocalDate();
+
+        final HttpRequest<?> request = HttpRequest.GET(String.format("/?dateFrom=%tF&dateTo=%tF", testDateFrom, testDateTo)).basicAuth(memberProfile.getWorkEmail(), ADMIN_ROLE);
+        final HttpResponse<Set<PulseResponse>> response = client.toBlocking().exchange(request, Argument.setOf(PulseResponse.class));
+
+        assertEquals(HttpStatus.OK, response.getStatus());
+        assertEquals(Set.of(pulseResponse), response.body());
+    }
+
     @Test
     void testGetFindById() {
 

Original file line number	Diff line number	Diff line change
`@@ -10,4 +10,9 @@ default PulseResponse createADefaultPulseResponse(MemberProfile memberprofile) {`
`10`	`10`	`return getPulseResponseRepository().save(new PulseResponse(0, 0, LocalDate.now(),`
`11`	`11`	`memberprofile.getId(), "internalfeelings", "externalfeelings"));`
`12`	`12`	`}`
	`13`	`+`
	`14`	`+ default PulseResponse createADefaultAnonymousPulseResponse() {`
	`15`	`+ return getPulseResponseRepository().save(new PulseResponse(0, 0, LocalDate.now(),`
	`16`	`+ null, "internalfeelings", "externalfeelings"));`
	`17`	`+ }`
`13`	`18`	`}`