2024-11-19 - Correction to test-cases

Luch76 · Luch76 · commit 7e2785d9d3fb · 2024-11-19T14:26:17.000-05:00
diff --git a/server/src/main/java/com/objectcomputing/checkins/services/feedback_request/FeedbackRequestServicesImpl.java b/server/src/main/java/com/objectcomputing/checkins/services/feedback_request/FeedbackRequestServicesImpl.java
@@ -415,7 +415,7 @@ public boolean selfRevieweeIsCurrentUserReviewee(FeedbackRequest request, UUID c
         // request in the same review period that is assigned to the current
         // user and the requestee is the same as the self-review request.  If
         // so, this user is allowed to see the self-review request.
-        if (request.getRecipientId().equals(request.getRequesteeId())) {
+        if (request.getRecipientId() != null && request.getRecipientId().equals(request.getRequesteeId())) {
             List<FeedbackRequest> other = feedbackReqRepository.findByValues(
                 null, request.getRecipientId().toString(),
                 currentUserId.toString(), null,
@@ -455,9 +455,16 @@ private boolean getIsPermitted(FeedbackRequest feedbackReq) {
     private boolean getIsPermittedForExternalRecipient(FeedbackRequest feedbackReq) {
         final LocalDate sendDate = feedbackReq.getSendDate();
         final LocalDate today = LocalDate.now();
+        MemberProfile currentUser;
+        try {
+            currentUser = currentUserServices.getCurrentUser();
+        } catch (NotFoundException notFoundException) {
+            currentUser = null;
+        }
 
         // The recipient can only access the feedback request after it has been sent
-        if (sendDate.isAfter(today)) {
+        // Since request is for an external recipient, any logged in user can access it as long as they have feedback-reques-id
+        if (sendDate.isAfter(today) && currentUser == null) {
             throw new PermissionException("You are not permitted to access this request before the send date.");
         }
         return true;
diff --git a/server/src/main/java/com/objectcomputing/checkins/services/feedback_template/template_question/TemplateQuestionServicesImpl.java b/server/src/main/java/com/objectcomputing/checkins/services/feedback_template/template_question/TemplateQuestionServicesImpl.java
@@ -116,12 +116,14 @@ public void delete(UUID id) {
     @Override
     public TemplateQuestion getById(UUID id) {
         final Optional<TemplateQuestion> templateQuestion = templateQuestionRepository.findById(id);
-        if (!getIsPermitted(id)) {
-            throw new PermissionException(NOT_AUTHORIZED_MSG);
+        if (templateQuestion == null || templateQuestion.isEmpty()) {
+            throw new NotFoundException("No feedback question with ID " + id);
         }
+        final Optional<FeedbackTemplate> feedbackTemplateOptional = feedbackTemplateRepo.findById(templateQuestion.get().getTemplateId());
+        FeedbackTemplate feedbackTemplate = feedbackTemplateOptional != null && feedbackTemplateOptional.isPresent() ? feedbackTemplateOptional.get() : null;
 
-        if (templateQuestion.isEmpty()) {
-            throw new NotFoundException("No feedback question with ID " + id);
+        if (!getIsPermitted(feedbackTemplate)) {
+            throw new PermissionException(NOT_AUTHORIZED_MSG);
         }
 
         return templateQuestion.get();
@@ -131,10 +133,14 @@ public TemplateQuestion getById(UUID id) {
     public List<TemplateQuestion> findByFields(UUID templateId) {
         if (templateId == null) {
             throw new BadArgException("Cannot find template questions for null template ID");
-        } else if (!getIsPermitted(templateId)) {
-            throw new PermissionException(NOT_AUTHORIZED_MSG);
         }
 
+        final Optional<FeedbackTemplate> feedbackTemplateOptional = feedbackTemplateRepo.findById(templateId);
+        FeedbackTemplate feedbackTemplate = feedbackTemplateOptional != null && feedbackTemplateOptional.isPresent() ? feedbackTemplateOptional.get() : null;
+
+        if (!getIsPermitted(feedbackTemplate)) {
+            throw new PermissionException(NOT_AUTHORIZED_MSG);
+        }
         return new ArrayList<>(templateQuestionRepository.findByTemplateId(Util.nullSafeUUIDToString(templateId)));
     }
 
@@ -153,22 +159,17 @@ public boolean deleteIsPermitted(UUID templateCreatorId) {
         return createIsPermitted(templateCreatorId);
     }
 
-    public boolean getIsPermitted(UUID templateId) {
+    public boolean getIsPermitted(FeedbackTemplate feedbackTemplate) {
         UUID currentUserId;
         MemberProfile currentUser;
 
-        final Optional<FeedbackTemplate> feedbackTemplateOptional = feedbackTemplateRepo.findById(templateId);
-        FeedbackTemplate feedbackTemplate;
-        feedbackTemplate = feedbackTemplateOptional.orElse(null);
-
         try {
             currentUser = currentUserServices.getCurrentUser();
             currentUserId = currentUser.getId();
         } catch (NotFoundException e) {
             currentUser = null;
             currentUserId = null;
         }
-
         if (currentUserId != null) return true;
 
         boolean templateForExternalRecipient = (feedbackTemplate != null && feedbackTemplate.getIsForExternalRecipient() == true);
diff --git a/server/src/test/java/com/objectcomputing/checkins/services/feedback_request/FeedbackRequestControllerTest.java b/server/src/test/java/com/objectcomputing/checkins/services/feedback_request/FeedbackRequestControllerTest.java
@@ -803,12 +803,21 @@ void testGetFeedbackRequestByUnassignedPdlToExternalRecipient() {
         FeedbackRequest feedbackRequest = saveFeedbackRequest(pdlMemberProfile, requestee, externalRecipient);
 
         //get feedback request
-        final HttpRequest<?> request = HttpRequest.GET(String.format("%s", feedbackRequest.getId()))
-                .basicAuth(unrelatedPdl.getWorkEmail(), RoleType.Constants.PDL_ROLE);
+        final HttpRequest<?> requestHttp = HttpRequest.GET(String.format("%s", feedbackRequest.getId())).basicAuth(unrelatedPdl.getWorkEmail(), RoleType.Constants.PDL_ROLE);
+
+        // Access by un-assigned PDL is allowed since the recipient is an external recipient
+        final HttpResponse<FeedbackRequestResponseDTO> response = client.toBlocking().exchange(requestHttp, FeedbackRequestResponseDTO.class);
+
+        assertEquals(HttpStatus.OK, response.getStatus());
+        assertTrue(response.getBody().isPresent());
+        assertResponseEqualsEntity(feedbackRequest, response.getBody().get());
+
+        /*
         final HttpClientResponseException responseException = assertThrows(HttpClientResponseException.class, () ->
-                client.toBlocking().exchange(request, Map.class));
+                client.toBlocking().exchange(requestHttp, Map.class));
 
         assertUnauthorized(responseException);
+        */
     }
 
     @Test
@@ -840,13 +849,20 @@ void testGetFeedbackRequestByRequesteeToExternalRecipient() {
         FeedbackRequest feedbackRequest = saveFeedbackRequest(pdlMemberProfile, employeeMemberProfile, externalRecipient);
 
         //get feedback request
-        final HttpRequest<?> request = HttpRequest.GET(String.format("%s", feedbackRequest.getId()))
-                .basicAuth(memberProfile2.getWorkEmail(), RoleType.Constants.MEMBER_ROLE);
-        final HttpClientResponseException responseException = assertThrows(HttpClientResponseException.class, () ->
-                client.toBlocking().exchange(request, Map.class));
+        final HttpRequest<?> request = HttpRequest.GET(String.format("%s", feedbackRequest.getId())).basicAuth(memberProfile2.getWorkEmail(), RoleType.Constants.MEMBER_ROLE);
+        // Access by requestee is allowed since the recipient is an external recipient
+        final HttpResponse<FeedbackRequestResponseDTO> response = client.toBlocking().exchange(request, FeedbackRequestResponseDTO.class);
+
+        assertEquals(HttpStatus.OK, response.getStatus());
+        assertTrue(response.getBody().isPresent());
+        assertResponseEqualsEntity(feedbackRequest, response.getBody().get());
 
+        /*
+        Older:
+        final HttpClientResponseException responseException = assertThrows(HttpClientResponseException.class, () -> client.toBlocking().exchange(request, Map.class));
         // requestee should not be able to get the feedback request about them
         assertUnauthorized(responseException);
+        */
     }
 
     @Test
@@ -2353,8 +2369,7 @@ void testRecipientGetBeforeSendDateAsAdminAuthorizedToExternalRecipient() {
         getFeedbackRequestRepository().save(feedbackRequest);
 
         //get feedback request
-        final HttpRequest<?> request = HttpRequest.GET(String.format("%s", feedbackRequest.getId()))
-                .basicAuth(adminUser.getWorkEmail(), RoleType.Constants.ADMIN_ROLE);
+        final HttpRequest<?> request = HttpRequest.GET(String.format("%s", feedbackRequest.getId())).basicAuth(adminUser.getWorkEmail(), RoleType.Constants.ADMIN_ROLE);
         final HttpResponse<FeedbackRequestResponseDTO> response = client.toBlocking().exchange(request, FeedbackRequestResponseDTO.class);
 
         // the sendDate must be before the sent date unless its an admin
diff --git a/web-ui-external-feedback/src/api/api.test.js b/web-ui-external-feedback/src/api/api.test.js
@@ -6,13 +6,13 @@ const successResult = { id: 123, name: 'test result' };
 
 const server = setupServer(
   ...[
-    http.get('http://localhost:8080/fail', () => {
+    http.get('http://localhost:8080/services/feedback/requests/external/recipients/fail', () => {
       return HttpResponse.json(
         { message: 'Internal Server PROBLEM' },
         { status: 500 }
       );
     }),
-    http.get('http://localhost:8080/success', () => {
+    http.get('http://localhost:8080/services/feedback/requests/external/recipients/success', () => {
       return HttpResponse.json(successResult);
     })
   ]
