| 1 | package edu.ucsb.cs156.organic.controllers; | |
| 2 | ||
| 3 | import edu.ucsb.cs156.organic.entities.Course; | |
| 4 | import edu.ucsb.cs156.organic.entities.Staff; | |
| 5 | import edu.ucsb.cs156.organic.entities.User; | |
| 6 | import edu.ucsb.cs156.organic.repositories.CourseRepository; | |
| 7 | import edu.ucsb.cs156.organic.repositories.StaffRepository; | |
| 8 | import edu.ucsb.cs156.organic.repositories.UserRepository; | |
| 9 | import io.swagger.v3.oas.annotations.Operation; | |
| 10 | import io.swagger.v3.oas.annotations.Parameter; | |
| 11 | import io.swagger.v3.oas.annotations.tags.Tag; | |
| 12 | import lombok.extern.slf4j.Slf4j; | |
| 13 | ||
| 14 | import com.fasterxml.jackson.core.JsonProcessingException; | |
| 15 | ||
| 16 | ||
| 17 | import org.springframework.beans.factory.annotation.Autowired; | |
| 18 | import org.springframework.format.annotation.DateTimeFormat; | |
| 19 | import org.springframework.security.access.prepost.PreAuthorize; | |
| 20 | import org.springframework.web.bind.annotation.DeleteMapping; | |
| 21 | import org.springframework.web.bind.annotation.GetMapping; | |
| 22 | import org.springframework.web.bind.annotation.PostMapping; | |
| 23 | import org.springframework.web.bind.annotation.DeleteMapping; | |
| 24 | import org.springframework.web.bind.annotation.PutMapping; | |
| 25 | import org.springframework.web.bind.annotation.RequestBody; | |
| 26 | import org.springframework.web.bind.annotation.RequestMapping; | |
| 27 | import org.springframework.web.bind.annotation.RequestParam; | |
| 28 | import org.springframework.web.bind.annotation.RestController; | |
| 29 | ||
| 30 | import edu.ucsb.cs156.organic.errors.EntityNotFoundException; | |
| 31 | ||
| 32 | import org.springframework.security.access.AccessDeniedException; | |
| 33 | import java.time.LocalDateTime; | |
| 34 | ||
| 35 | ||
| 36 | import javax.transaction.Transactional; | |
| 37 | ||
| 38 | import javax.validation.Valid; | |
| 39 | ||
| 40 | import java.util.Optional; | |
| 41 | ||
| 42 | @Tag(name = "Courses") | |
| 43 | @RequestMapping("/api/courses") | |
| 44 | @RestController | |
| 45 | @Slf4j | |
| 46 | public class CoursesController extends ApiController { | |
| 47 | ||
| 48 | @Autowired | |
| 49 | CourseRepository courseRepository; | |
| 50 | ||
| 51 | @Autowired | |
| 52 | StaffRepository courseStaffRepository; | |
| 53 | ||
| 54 | @Autowired | |
| 55 | UserRepository userRepository; | |
| 56 | ||
| 57 | @Operation(summary = "List all courses") | |
| 58 | @PreAuthorize("hasAnyRole('ROLE_USER', 'ROLE_ADMIN')") | |
| 59 | @GetMapping("/all") | |
| 60 | public Iterable<Course> allCourses() { | |
| 61 | User u = getCurrentUser().getUser(); | |
| 62 | log.info("u={}", u); | |
| 63 |
1
1. allCourses : negated conditional → KILLED |
if (u.isAdmin()) { |
| 64 |
1
1. allCourses : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::allCourses → KILLED |
return courseRepository.findAll(); |
| 65 | } else { | |
| 66 |
1
1. allCourses : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::allCourses → KILLED |
return courseRepository.findCoursesStaffedByUser(u.getGithubId()); |
| 67 | } | |
| 68 | } | |
| 69 | ||
| 70 | // POST-Course | |
| 71 | @Operation(summary = "Create a new course") | |
| 72 | @PreAuthorize("hasRole('ROLE_ADMIN')") | |
| 73 | @PostMapping("/post") | |
| 74 | public Course postCourse( | |
| 75 | @Parameter(name = "name", description ="course name, e.g. CMPSC 156" ) @RequestParam String name, | |
| 76 | @Parameter(name = "school", description ="school abbreviation e.g. UCSB" ) @RequestParam String school, | |
| 77 | @Parameter(name = "term", description = "quarter or semester, e.g. F23") @RequestParam String term, | |
| 78 | @Parameter(name = "startDate", description = "in iso format, i.e. YYYY-mm-ddTHH:MM:SS; e.g. 2023-10-01T00:00:00 see https://en.wikipedia.org/wiki/ISO_8601") @RequestParam("startDate") @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) LocalDateTime startDate, | |
| 79 | @Parameter(name = "endDate", description = "in iso format, i.e. YYYY-mm-ddTHH:MM:SS; e.g. 2023-12-31T11:59:59 see https://en.wikipedia.org/wiki/ISO_8601") @RequestParam("endDate") @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) LocalDateTime endDate, | |
| 80 | @Parameter(name = "githubOrg", description = "for example ucsb-cs156-f23" ) @RequestParam String githubOrg) | |
| 81 | throws JsonProcessingException { | |
| 82 | ||
| 83 | Course course = Course.builder() | |
| 84 | .name(name) | |
| 85 | .school(school) | |
| 86 | .term(term) | |
| 87 | .startDate(startDate) | |
| 88 | .endDate(endDate) | |
| 89 | .githubOrg(githubOrg) | |
| 90 | .build(); | |
| 91 | ||
| 92 | Course savedCourse = courseRepository.save(course); | |
| 93 | User u = getCurrentUser().getUser(); | |
| 94 | ||
| 95 | Staff courseStaff = Staff.builder() | |
| 96 | .courseId(savedCourse.getId()) | |
| 97 | .githubId(u.getGithubId()) | |
| 98 | .build(); | |
| 99 | ||
| 100 | log.info("courseStaff={}", courseStaff); | |
| 101 | courseStaffRepository.save(courseStaff); | |
| 102 | ||
| 103 |
1
1. postCourse : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::postCourse → KILLED |
return savedCourse; |
| 104 | } | |
| 105 | ||
| 106 | // Post-Staff | |
| 107 | @Operation(summary = "Add a staff member to a course") | |
| 108 | @PreAuthorize("hasRole('ROLE_ADMIN')") | |
| 109 | @PostMapping("/addStaff") | |
| 110 | public Staff addStaff( | |
| 111 | @Parameter(name = "courseId") @RequestParam Long courseId, | |
| 112 | @Parameter(name = "githubLogin") @RequestParam String githubLogin) | |
| 113 | throws JsonProcessingException { | |
| 114 | ||
| 115 | Course course = courseRepository.findById(courseId) | |
| 116 |
1
1. lambda$addStaff$0 : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::lambda$addStaff$0 → KILLED |
.orElseThrow(() -> new EntityNotFoundException(Course.class, courseId.toString())); |
| 117 | ||
| 118 | User user = userRepository.findByGithubLogin(githubLogin) | |
| 119 |
1
1. lambda$addStaff$1 : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::lambda$addStaff$1 → KILLED |
.orElseThrow(() -> new EntityNotFoundException(User.class, githubLogin.toString())); |
| 120 | ||
| 121 | Staff courseStaff = Staff.builder() | |
| 122 | .courseId(course.getId()) | |
| 123 | .githubId(user.getGithubId()) | |
| 124 | .user(user) | |
| 125 | .build(); | |
| 126 | ||
| 127 | courseStaff = courseStaffRepository.save(courseStaff); | |
| 128 | log.info("courseStaff={}", courseStaff); | |
| 129 | ||
| 130 |
1
1. addStaff : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::addStaff → KILLED |
return courseStaff; |
| 131 | } | |
| 132 | ||
| 133 | // Get-Staff | |
| 134 | @Operation(summary = "Get Staff for course") | |
| 135 | @PreAuthorize("hasRole('ROLE_ADMIN')") | |
| 136 | @GetMapping("/getStaff") | |
| 137 | public Iterable<Staff> getStaff( | |
| 138 | @Parameter(name = "courseId") @RequestParam Long courseId | |
| 139 | ) | |
| 140 | throws JsonProcessingException { | |
| 141 | ||
| 142 | Course course = courseRepository.findById(courseId) | |
| 143 |
1
1. lambda$getStaff$2 : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::lambda$getStaff$2 → KILLED |
.orElseThrow(() -> new EntityNotFoundException(Course.class, courseId.toString())); |
| 144 | ||
| 145 | Iterable<Staff> courseStaff = courseStaffRepository.findByCourseId(course.getId()); | |
| 146 |
1
1. getStaff : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::getStaff → KILLED |
return courseStaff; |
| 147 | } | |
| 148 | ||
| 149 | ||
| 150 | //PUT | |
| 151 | @Operation(summary = "Update a course") | |
| 152 | @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_INSTRUCTOR')") | |
| 153 | @PutMapping("/update") | |
| 154 | public Course updateCourse( | |
| 155 | @Parameter(name = "courseId") @RequestParam Long courseId, | |
| 156 | @RequestBody @Valid Course incoming) throws JsonProcessingException { | |
| 157 | ||
| 158 | User user = getCurrentUser().getUser(); | |
| 159 | | |
| 160 | Course course = courseRepository.findById(courseId) | |
| 161 |
1
1. lambda$updateCourse$3 : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::lambda$updateCourse$3 → KILLED |
.orElseThrow(() -> new EntityNotFoundException(Course.class, courseId.toString())); |
| 162 |
1
1. updateCourse : negated conditional → KILLED |
if (!user.isAdmin()) { |
| 163 | courseStaffRepository.findByCourseIdAndGithubId(courseId, user.getGithubId()) | |
| 164 |
1
1. lambda$updateCourse$4 : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::lambda$updateCourse$4 → KILLED |
.orElseThrow(() -> new AccessDeniedException( |
| 165 | String.format("%s is not allowed to update course %d", user.getGithubLogin(), courseId))); | |
| 166 | } | |
| 167 | ||
| 168 |
1
1. updateCourse : removed call to edu/ucsb/cs156/organic/entities/Course::setName → KILLED |
course.setName(incoming.getName()); |
| 169 |
1
1. updateCourse : removed call to edu/ucsb/cs156/organic/entities/Course::setSchool → KILLED |
course.setSchool(incoming.getSchool()); |
| 170 |
1
1. updateCourse : removed call to edu/ucsb/cs156/organic/entities/Course::setTerm → KILLED |
course.setTerm(incoming.getTerm()); |
| 171 |
1
1. updateCourse : removed call to edu/ucsb/cs156/organic/entities/Course::setStartDate → KILLED |
course.setStartDate(incoming.getStartDate()); |
| 172 |
1
1. updateCourse : removed call to edu/ucsb/cs156/organic/entities/Course::setEndDate → KILLED |
course.setEndDate(incoming.getEndDate()); |
| 173 |
1
1. updateCourse : removed call to edu/ucsb/cs156/organic/entities/Course::setGithubOrg → KILLED |
course.setGithubOrg(incoming.getGithubOrg()); |
| 174 | ||
| 175 | courseRepository.save(course); | |
| 176 |
1
1. updateCourse : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::updateCourse → KILLED |
return course; |
| 177 | } | |
| 178 | ||
| 179 | @Transactional | |
| 180 | @Operation(summary = "Delete a course") | |
| 181 | @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_INSTRUCTOR')") | |
| 182 | @DeleteMapping("/delete") | |
| 183 | public Object deleteCourse( | |
| 184 | @Parameter(name = "courseId") @RequestParam Long courseId) throws JsonProcessingException { | |
| 185 | ||
| 186 | User u = getCurrentUser().getUser(); | |
| 187 | Course course = courseRepository.findById(courseId) | |
| 188 |
1
1. lambda$deleteCourse$5 : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::lambda$deleteCourse$5 → KILLED |
.orElseThrow(() -> new EntityNotFoundException(Course.class, courseId.toString())); |
| 189 |
1
1. deleteCourse : negated conditional → KILLED |
if(!u.isAdmin()) |
| 190 | courseStaffRepository.findByCourseIdAndGithubId(courseId, u.getGithubId()) | |
| 191 |
1
1. lambda$deleteCourse$6 : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::lambda$deleteCourse$6 → KILLED |
.orElseThrow(() -> new AccessDeniedException( |
| 192 | String.format("%s is not allowed to delete course %d", u.getGithubLogin(), courseId))); | |
| 193 | ||
| 194 |
1
1. deleteCourse : removed call to edu/ucsb/cs156/organic/repositories/CourseRepository::delete → KILLED |
courseRepository.delete(course); |
| 195 |
1
1. deleteCourse : removed call to edu/ucsb/cs156/organic/repositories/StaffRepository::deleteByCourseId → KILLED |
courseStaffRepository.deleteByCourseId(courseId); |
| 196 |
1
1. deleteCourse : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::deleteCourse → KILLED |
return genericMessage("Course with id %s deleted".formatted(courseId)); |
| 197 | } | |
| 198 | ||
| 199 | // DELETE endpoint for staff | |
| 200 | @Operation(summary = "Delete staff from a course") | |
| 201 | @PreAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_INSTRUCTOR')") | |
| 202 | @DeleteMapping("/staff") | |
| 203 | public Object deleteStaff( | |
| 204 | @Parameter(name = "id") @RequestParam Long id) throws JsonProcessingException { | |
| 205 | // Find staff member by id (including courses they're in) | |
| 206 | Staff staff = courseStaffRepository.findById(id) | |
| 207 |
1
1. lambda$deleteStaff$7 : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::lambda$deleteStaff$7 → KILLED |
.orElseThrow(() -> new EntityNotFoundException(Staff.class, id.toString())); |
| 208 | | |
| 209 | // If instructor && not admin, check: if user is staff in the same course of the staff member they're trying to remove | |
| 210 | User u = getCurrentUser().getUser(); | |
| 211 |
1
1. deleteStaff : negated conditional → KILLED |
if (!u.isAdmin()) { |
| 212 | Long courseId = staff.getCourseId(); | |
| 213 | log.info("staff={}\nthe parameter id={}", staff, id); | |
| 214 | courseStaffRepository.findByCourseIdAndGithubId(courseId, u.getGithubId()) | |
| 215 |
1
1. lambda$deleteStaff$8 : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::lambda$deleteStaff$8 → KILLED |
.orElseThrow(() -> new AccessDeniedException( // Throw error = find fails. they aren't in the same course |
| 216 | String.format("User %s is not authorized to delete staff of id %d", u.getGithubLogin(), id))); | |
| 217 | } | |
| 218 |
1
1. deleteStaff : removed call to edu/ucsb/cs156/organic/repositories/StaffRepository::delete → KILLED |
courseStaffRepository.delete(staff); |
| 219 |
1
1. deleteStaff : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::deleteStaff → KILLED |
return genericMessage("Staff with id %s deleted".formatted(id)); |
| 220 | } | |
| 221 | ||
| 222 | // Get by ID | |
| 223 | @Operation(summary= "Get a single course by Id") | |
| 224 | @PreAuthorize("hasAnyRole('ROLE_USER', 'ROLE_ADMIN')") | |
| 225 | @GetMapping("") | |
| 226 | public Course getCourseById( | |
| 227 | @Parameter(name="id") @RequestParam Long id) { | |
| 228 | User u = getCurrentUser().getUser(); | |
| 229 | ||
| 230 | Course course = courseRepository.findById(id) | |
| 231 |
1
1. lambda$getCourseById$9 : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::lambda$getCourseById$9 → KILLED |
.orElseThrow(() -> new EntityNotFoundException(Course.class, id)); |
| 232 | | |
| 233 |
1
1. getCourseById : negated conditional → KILLED |
if(!u.isAdmin()){ |
| 234 | courseStaffRepository.findByCourseIdAndGithubId(id, u.getGithubId()) | |
| 235 |
1
1. lambda$getCourseById$10 : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::lambda$getCourseById$10 → KILLED |
.orElseThrow(() -> new AccessDeniedException( |
| 236 | String.format("User %s is not authorized to get course %d", u.getGithubLogin(), id))); | |
| 237 | } | |
| 238 |
1
1. getCourseById : replaced return value with null for edu/ucsb/cs156/organic/controllers/CoursesController::getCourseById → KILLED |
return course; |
| 239 | } | |
| 240 | ||
| 241 | } | |
Mutations | ||
| 63 |
1.1 |
|
| 64 |
1.1 |
|
| 66 |
1.1 |
|
| 103 |
1.1 |
|
| 116 |
1.1 |
|
| 119 |
1.1 |
|
| 130 |
1.1 |
|
| 143 |
1.1 |
|
| 146 |
1.1 |
|
| 161 |
1.1 |
|
| 162 |
1.1 |
|
| 164 |
1.1 |
|
| 168 |
1.1 |
|
| 169 |
1.1 |
|
| 170 |
1.1 |
|
| 171 |
1.1 |
|
| 172 |
1.1 |
|
| 173 |
1.1 |
|
| 176 |
1.1 |
|
| 188 |
1.1 |
|
| 189 |
1.1 |
|
| 191 |
1.1 |
|
| 194 |
1.1 |
|
| 195 |
1.1 |
|
| 196 |
1.1 |
|
| 207 |
1.1 |
|
| 211 |
1.1 |
|
| 215 |
1.1 |
|
| 218 |
1.1 |
|
| 219 |
1.1 |
|
| 231 |
1.1 |
|
| 233 |
1.1 |
|
| 235 |
1.1 |
|
| 238 |
1.1 |