From a7c39ec168836f9c6b2db91e86e8d2e6e1df28b2 Mon Sep 17 00:00:00 2001 From: Yash Raj <56453897+yesyash@users.noreply.github.com> Date: Sun, 1 Sep 2024 04:00:24 +0530 Subject: [PATCH] allow non super users to view skill requests & filter out skill requests not generated by non super users (#153) * allow non super users to create endorsements * filter out skill requests if the user is not superuser --- .../com/RDS/skilltree/apis/SkillsApi.java | 2 -- .../repositories/UserSkillRepository.java | 8 +++++++ .../services/SkillServiceImplementation.java | 21 ++++++++++++++++++- .../viewmodels/RdsUserViewModel.java | 1 + 4 files changed, 29 insertions(+), 3 deletions(-) diff --git a/skill-tree/src/main/java/com/RDS/skilltree/apis/SkillsApi.java b/skill-tree/src/main/java/com/RDS/skilltree/apis/SkillsApi.java index 4254b0c..c829e99 100644 --- a/skill-tree/src/main/java/com/RDS/skilltree/apis/SkillsApi.java +++ b/skill-tree/src/main/java/com/RDS/skilltree/apis/SkillsApi.java @@ -25,7 +25,6 @@ @RestController @RequiredArgsConstructor @RequestMapping("v1/skills") -@AuthorizedRoles({UserRoleEnum.USER, UserRoleEnum.SUPERUSER}) public class SkillsApi { private final SkillService skillService; private final EndorsementService endorsementService; @@ -36,7 +35,6 @@ public ResponseEntity> getAll() { } @GetMapping("/requests") - @AuthorizedRoles({UserRoleEnum.SUPERUSER}) public ResponseEntity getAllRequests( @RequestParam(value = "status", required = false) UserSkillStatusEnum status) { if (status != null) { diff --git a/skill-tree/src/main/java/com/RDS/skilltree/repositories/UserSkillRepository.java b/skill-tree/src/main/java/com/RDS/skilltree/repositories/UserSkillRepository.java index 5dd821e..1286897 100644 --- a/skill-tree/src/main/java/com/RDS/skilltree/repositories/UserSkillRepository.java +++ b/skill-tree/src/main/java/com/RDS/skilltree/repositories/UserSkillRepository.java @@ -4,9 +4,17 @@ import com.RDS.skilltree.models.UserSkills; import java.util.List; import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.data.jpa.repository.Query; +import org.springframework.data.repository.query.Param; public interface UserSkillRepository extends JpaRepository { List findByStatus(UserSkillStatusEnum status); List findByUserIdAndSkillId(String userId, Integer skillId); + + @Query( + "SELECT us FROM UserSkills us " + + "JOIN Endorsement e ON us.userId = e.endorseId " + + "WHERE e.endorserId = :endorserId") + List findUserSkillsByEndorserId(@Param("endorserId") String endorserId); } diff --git a/skill-tree/src/main/java/com/RDS/skilltree/services/SkillServiceImplementation.java b/skill-tree/src/main/java/com/RDS/skilltree/services/SkillServiceImplementation.java index 270cfe4..153ea33 100644 --- a/skill-tree/src/main/java/com/RDS/skilltree/services/SkillServiceImplementation.java +++ b/skill-tree/src/main/java/com/RDS/skilltree/services/SkillServiceImplementation.java @@ -3,6 +3,7 @@ import com.RDS.skilltree.dtos.RdsGetUserDetailsResDto; import com.RDS.skilltree.dtos.SkillRequestsDto; import com.RDS.skilltree.enums.UserSkillStatusEnum; +import com.RDS.skilltree.exceptions.InternalServerErrorException; import com.RDS.skilltree.exceptions.NoEntityException; import com.RDS.skilltree.exceptions.SkillAlreadyExistsException; import com.RDS.skilltree.models.Endorsement; @@ -54,7 +55,25 @@ public List getAll() { @Override public SkillRequestsDto getAllRequests() { - List skillRequests = userSkillRepository.findAll(); + JwtUser jwtDetails = + (JwtUser) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); + + RdsGetUserDetailsResDto userDetails = rdsService.getUserDetails(jwtDetails.getRdsUserId()); + RdsUserViewModel.Roles userRole = userDetails.getUser().getRoles(); + String userId = userDetails.getUser().getId(); + + List skillRequests = null; + + if (userRole.isSuper_user()) { + skillRequests = userSkillRepository.findAll(); + } else { + skillRequests = userSkillRepository.findUserSkillsByEndorserId(userId); + } + + if (skillRequests == null) { + throw new InternalServerErrorException("Unable to fetch skill requests"); + } + SkillRequestsWithUserDetailsViewModel skillRequestsWithUserDetails = toSkillRequestsWithUserDetailsViewModel(skillRequests); diff --git a/skill-tree/src/main/java/com/RDS/skilltree/viewmodels/RdsUserViewModel.java b/skill-tree/src/main/java/com/RDS/skilltree/viewmodels/RdsUserViewModel.java index bc8f2b1..6110042 100644 --- a/skill-tree/src/main/java/com/RDS/skilltree/viewmodels/RdsUserViewModel.java +++ b/skill-tree/src/main/java/com/RDS/skilltree/viewmodels/RdsUserViewModel.java @@ -37,6 +37,7 @@ public static class Roles { private boolean archived; private boolean in_discord; private boolean member; + private boolean super_user; } @Getter