1 | package edu.ucsb.cs156.organic.controllers; | |
2 | ||
3 | import edu.ucsb.cs156.organic.entities.Course; | |
4 | import edu.ucsb.cs156.organic.entities.Staff; | |
5 | import edu.ucsb.cs156.organic.entities.User; | |
6 | import edu.ucsb.cs156.organic.repositories.CourseRepository; | |
7 | import edu.ucsb.cs156.organic.repositories.StaffRepository; | |
8 | import edu.ucsb.cs156.organic.repositories.UserRepository; | |
9 | import io.swagger.v3.oas.annotations.Operation; | |
10 | import io.swagger.v3.oas.annotations.Parameter; | |
11 | import io.swagger.v3.oas.annotations.tags.Tag; | |
12 | import lombok.extern.slf4j.Slf4j; | |
13 | ||
14 | import com.fasterxml.jackson.core.JsonProcessingException; | |
15 | ||
16 | ||
17 | import org.springframework.beans.factory.annotation.Autowired; | |
18 | import org.springframework.format.annotation.DateTimeFormat; | |
19 | import org.springframework.security.access.prepost.PreAuthorize; | |
20 | import org.springframework.web.bind.annotation.DeleteMapping; | |
21 | import org.springframework.web.bind.annotation.GetMapping; | |
22 | import org.springframework.web.bind.annotation.PostMapping; | |
23 | import org.springframework.web.bind.annotation.DeleteMapping; | |
24 | import org.springframework.web.bind.annotation.PutMapping; | |
25 | import org.springframework.web.bind.annotation.RequestBody; | |
26 | import org.springframework.web.bind.annotation.RequestMapping; | |
27 | import org.springframework.web.bind.annotation.RequestParam; | |
28 | import org.springframework.web.bind.annotation.RestController; | |
29 | ||
30 | import edu.ucsb.cs156.organic.errors.EntityNotFoundException; | |
31 | ||
32 | import org.springframework.security.access.AccessDeniedException; | |
33 | import java.time.LocalDateTime; | |
34 | ||
35 | ||
36 | import javax.transaction.Transactional; | |
37 | ||
38 | import javax.validation.Valid; | |
39 | ||
40 | import java.util.Optional; | |
41 | ||
42 | @Tag(name = "Courses") | |
43 | @RequestMapping("/api/courses") | |
44 | @RestController | |
45 | @Slf4j | |
46 | public class CoursesController extends ApiController { | |
47 | ||
48 | @Autowired | |
49 | CourseRepository courseRepository; | |
50 | ||
51 | @Autowired | |
52 | StaffRepository courseStaffRepository; | |
53 | ||
54 | @Autowired | |
55 | UserRepository userRepository; | |
56 | ||
57 | @Operation(summary = "List all courses") | |
58 | @PreAuthorize("hasAnyRole('ROLE_USER', 'ROLE_ADMIN')") | |
59 | @GetMapping("/all") | |
60 | public Iterable<Course> allCourses() { | |
61 | User u = getCurrentUser().getUser(); | |
62 | log.info("u={}", u); | |
63 |
1
1. allCourses : negated conditional → KILLED |
if (u.isAdmin()) { |
64 |
1
1. allCourses : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::allCourses → KILLED |
return courseRepository.findAll(); |
65 | } else { | |
66 |
1
1. allCourses : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::allCourses → KILLED |
return courseRepository.findCoursesStaffedByUser(u.getGithubId()); |
67 | } | |
68 | } | |
69 | ||
70 | // POST-Course | |
71 | @Operation(summary = "Create a new course") | |
72 | @PreAuthorize("hasRole('ROLE_ADMIN')") | |
73 | @PostMapping("/post") | |
74 | public Course postCourse( | |
75 | @Parameter(name = "name", description ="course name, e.g. CMPSC 156" ) @RequestParam String name, | |
76 | @Parameter(name = "school", description ="school abbreviation e.g. UCSB" ) @RequestParam String school, | |
77 | @Parameter(name = "term", description = "quarter or semester, e.g. F23") @RequestParam String term, | |
78 | @Parameter(name = "startDate", description = "in iso format, i.e. YYYY-mm-ddTHH:MM:SS; e.g. 2023-10-01T00:00:00 see https://en.wikipedia.org/wiki/ISO_8601") @RequestParam("startDate") @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) LocalDateTime startDate, | |
79 | @Parameter(name = "endDate", description = "in iso format, i.e. YYYY-mm-ddTHH:MM:SS; e.g. 2023-12-31T11:59:59 see https://en.wikipedia.org/wiki/ISO_8601") @RequestParam("endDate") @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) LocalDateTime endDate, | |
80 | @Parameter(name = "githubOrg", description = "for example ucsb-cs156-f23" ) @RequestParam String githubOrg) | |
81 | throws JsonProcessingException { | |
82 | ||
83 | Course course = Course.builder() | |
84 | .name(name) | |
85 | .school(school) | |
86 | .term(term) | |
87 | .startDate(startDate) | |
88 | .endDate(endDate) | |
89 | .githubOrg(githubOrg) | |
90 | .build(); | |
91 | ||
92 | Course savedCourse = courseRepository.save(course); | |
93 | User u = getCurrentUser().getUser(); | |
94 | ||
95 | Staff courseStaff = Staff.builder() | |
96 | .courseId(savedCourse.getId()) | |
97 | .githubId(u.getGithubId()) | |
98 | .build(); | |
99 | ||
100 | log.info("courseStaff={}", courseStaff); | |
101 | courseStaffRepository.save(courseStaff); | |
102 | ||
103 |
1
1. postCourse : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::postCourse → KILLED |
return savedCourse; |
104 | } | |
105 | ||
106 | // Post-Staff | |
107 | @Operation(summary = "Add a staff member to a course") | |
108 | @PreAuthorize("hasRole('ROLE_ADMIN')") | |
109 | @PostMapping("/addStaff") | |
110 | public Staff addStaff( | |
111 | @Parameter(name = "courseId") @RequestParam Long courseId, | |
112 | @Parameter(name = "githubLogin") @RequestParam String githubLogin) | |
113 | throws JsonProcessingException { | |
114 | ||
115 | Course course = courseRepository.findById(courseId) | |
116 |
1
1. lambda$addStaff$0 : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::lambda$addStaff$0 → KILLED |
.orElseThrow(() -> new EntityNotFoundException(Course.class, courseId.toString())); |
117 | ||
118 | User user = userRepository.findByGithubLogin(githubLogin) | |
119 |
1
1. lambda$addStaff$1 : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::lambda$addStaff$1 → KILLED |
.orElseThrow(() -> new EntityNotFoundException(User.class, githubLogin.toString())); |
120 | ||
121 | Staff courseStaff = Staff.builder() | |
122 | .courseId(course.getId()) | |
123 | .githubId(user.getGithubId()) | |
124 | .user(user) | |
125 | .build(); | |
126 | ||
127 | courseStaff = courseStaffRepository.save(courseStaff); | |
128 | log.info("courseStaff={}", courseStaff); | |
129 | ||
130 |
1
1. addStaff : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::addStaff → KILLED |
return courseStaff; |
131 | } | |
132 | ||
133 | // Get-Staff | |
134 | @Operation(summary = "Get Staff for course") | |
135 | @PreAuthorize("hasRole('ROLE_ADMIN')") | |
136 | @GetMapping("/getStaff") | |
137 | public Iterable<Staff> getStaff( | |
138 | @Parameter(name = "courseId") @RequestParam Long courseId | |
139 | ) | |
140 | throws JsonProcessingException { | |
141 | ||
142 | Course course = courseRepository.findById(courseId) | |
143 |
1
1. lambda$getStaff$2 : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::lambda$getStaff$2 → KILLED |
.orElseThrow(() -> new EntityNotFoundException(Course.class, courseId.toString())); |
144 | ||
145 | Iterable<Staff> courseStaff = courseStaffRepository.findByCourseId(course.getId()); | |
146 |
1
1. getStaff : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::getStaff → KILLED |
return courseStaff; |
147 | } | |
148 | ||
149 | ||
150 | //PUT | |
151 | @Operation(summary = "Update a course") | |
152 | @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_INSTRUCTOR')") | |
153 | @PutMapping("/update") | |
154 | public Course updateCourse( | |
155 | @Parameter(name = "courseId") @RequestParam Long courseId, | |
156 | @RequestBody @Valid Course incoming) throws JsonProcessingException { | |
157 | ||
158 | User user = getCurrentUser().getUser(); | |
159 | | |
160 | Course course = courseRepository.findById(courseId) | |
161 |
1
1. lambda$updateCourse$3 : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::lambda$updateCourse$3 → KILLED |
.orElseThrow(() -> new EntityNotFoundException(Course.class, courseId.toString())); |
162 |
1
1. updateCourse : negated conditional → KILLED |
if (!user.isAdmin()) { |
163 | courseStaffRepository.findByCourseIdAndGithubId(courseId, user.getGithubId()) | |
164 |
1
1. lambda$updateCourse$4 : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::lambda$updateCourse$4 → KILLED |
.orElseThrow(() -> new AccessDeniedException( |
165 | String.format("%s is not allowed to update course %d", user.getGithubLogin(), courseId))); | |
166 | } | |
167 | ||
168 |
1
1. updateCourse : removed call to edu/ucsb/cs156/organic/entities/Course::setName → KILLED |
course.setName(incoming.getName()); |
169 |
1
1. updateCourse : removed call to edu/ucsb/cs156/organic/entities/Course::setSchool → KILLED |
course.setSchool(incoming.getSchool()); |
170 |
1
1. updateCourse : removed call to edu/ucsb/cs156/organic/entities/Course::setTerm → KILLED |
course.setTerm(incoming.getTerm()); |
171 |
1
1. updateCourse : removed call to edu/ucsb/cs156/organic/entities/Course::setStartDate → KILLED |
course.setStartDate(incoming.getStartDate()); |
172 |
1
1. updateCourse : removed call to edu/ucsb/cs156/organic/entities/Course::setEndDate → KILLED |
course.setEndDate(incoming.getEndDate()); |
173 |
1
1. updateCourse : removed call to edu/ucsb/cs156/organic/entities/Course::setGithubOrg → KILLED |
course.setGithubOrg(incoming.getGithubOrg()); |
174 | ||
175 | courseRepository.save(course); | |
176 |
1
1. updateCourse : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::updateCourse → KILLED |
return course; |
177 | } | |
178 | ||
179 | @Transactional | |
180 | @Operation(summary = "Delete a course") | |
181 | @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_INSTRUCTOR')") | |
182 | @DeleteMapping("/delete") | |
183 | public Object deleteCourse( | |
184 | @Parameter(name = "courseId") @RequestParam Long courseId) throws JsonProcessingException { | |
185 | ||
186 | User u = getCurrentUser().getUser(); | |
187 | Course course = courseRepository.findById(courseId) | |
188 |
1
1. lambda$deleteCourse$5 : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::lambda$deleteCourse$5 → KILLED |
.orElseThrow(() -> new EntityNotFoundException(Course.class, courseId.toString())); |
189 |
1
1. deleteCourse : negated conditional → KILLED |
if(!u.isAdmin()) |
190 | courseStaffRepository.findByCourseIdAndGithubId(courseId, u.getGithubId()) | |
191 |
1
1. lambda$deleteCourse$6 : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::lambda$deleteCourse$6 → KILLED |
.orElseThrow(() -> new AccessDeniedException( |
192 | String.format("%s is not allowed to delete course %d", u.getGithubLogin(), courseId))); | |
193 | ||
194 |
1
1. deleteCourse : removed call to edu/ucsb/cs156/organic/repositories/CourseRepository::delete → KILLED |
courseRepository.delete(course); |
195 |
1
1. deleteCourse : removed call to edu/ucsb/cs156/organic/repositories/StaffRepository::deleteByCourseId → KILLED |
courseStaffRepository.deleteByCourseId(courseId); |
196 |
1
1. deleteCourse : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::deleteCourse → KILLED |
return genericMessage("Course with id %s deleted".formatted(courseId)); |
197 | } | |
198 | ||
199 | // DELETE endpoint for staff | |
200 | @Operation(summary = "Delete staff from a course") | |
201 | @PreAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_INSTRUCTOR')") | |
202 | @DeleteMapping("/staff") | |
203 | public Object deleteStaff( | |
204 | @Parameter(name = "id") @RequestParam Long id) throws JsonProcessingException { | |
205 | // Find staff member by id (including courses they're in) | |
206 | Staff staff = courseStaffRepository.findById(id) | |
207 |
1
1. lambda$deleteStaff$7 : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::lambda$deleteStaff$7 → KILLED |
.orElseThrow(() -> new EntityNotFoundException(Staff.class, id.toString())); |
208 | | |
209 | // If instructor && not admin, check: if user is staff in the same course of the staff member they're trying to remove | |
210 | User u = getCurrentUser().getUser(); | |
211 |
1
1. deleteStaff : negated conditional → KILLED |
if (!u.isAdmin()) { |
212 | Long courseId = staff.getCourseId(); | |
213 | log.info("staff={}\nthe parameter id={}", staff, id); | |
214 | courseStaffRepository.findByCourseIdAndGithubId(courseId, u.getGithubId()) | |
215 |
1
1. lambda$deleteStaff$8 : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::lambda$deleteStaff$8 → KILLED |
.orElseThrow(() -> new AccessDeniedException( // Throw error = find fails. they aren't in the same course |
216 | String.format("User %s is not authorized to delete staff of id %d", u.getGithubLogin(), id))); | |
217 | } | |
218 |
1
1. deleteStaff : removed call to edu/ucsb/cs156/organic/repositories/StaffRepository::delete → KILLED |
courseStaffRepository.delete(staff); |
219 |
1
1. deleteStaff : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::deleteStaff → KILLED |
return genericMessage("Staff with id %s deleted".formatted(id)); |
220 | } | |
221 | ||
222 | // Get by ID | |
223 | @Operation(summary= "Get a single course by Id") | |
224 | @PreAuthorize("hasAnyRole('ROLE_USER', 'ROLE_ADMIN')") | |
225 | @GetMapping("") | |
226 | public Course getCourseById( | |
227 | @Parameter(name="id") @RequestParam Long id) { | |
228 | User u = getCurrentUser().getUser(); | |
229 | ||
230 | Course course = courseRepository.findById(id) | |
231 |
1
1. lambda$getCourseById$9 : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::lambda$getCourseById$9 → KILLED |
.orElseThrow(() -> new EntityNotFoundException(Course.class, id)); |
232 | | |
233 |
1
1. getCourseById : negated conditional → KILLED |
if(!u.isAdmin()){ |
234 | courseStaffRepository.findByCourseIdAndGithubId(id, u.getGithubId()) | |
235 |
1
1. lambda$getCourseById$10 : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::lambda$getCourseById$10 → KILLED |
.orElseThrow(() -> new AccessDeniedException( |
236 | String.format("User %s is not authorized to get course %d", u.getGithubLogin(), id))); | |
237 | } | |
238 |
1
1. getCourseById : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::getCourseById → KILLED |
return course; |
239 | } | |
240 | ||
241 | } | |
Mutations | ||
63 |
1.1 |
|
64 |
1.1 |
|
66 |
1.1 |
|
103 |
1.1 |
|
116 |
1.1 |
|
119 |
1.1 |
|
130 |
1.1 |
|
143 |
1.1 |
|
146 |
1.1 |
|
161 |
1.1 |
|
162 |
1.1 |
|
164 |
1.1 |
|
168 |
1.1 |
|
169 |
1.1 |
|
170 |
1.1 |
|
171 |
1.1 |
|
172 |
1.1 |
|
173 |
1.1 |
|
176 |
1.1 |
|
188 |
1.1 |
|
189 |
1.1 |
|
191 |
1.1 |
|
194 |
1.1 |
|
195 |
1.1 |
|
196 |
1.1 |
|
207 |
1.1 |
|
211 |
1.1 |
|
215 |
1.1 |
|
218 |
1.1 |
|
219 |
1.1 |
|
231 |
1.1 |
|
233 |
1.1 |
|
235 |
1.1 |
|
238 |
1.1 |