From 3796afb7128bbed74135c06e27f2944eb2445dc1 Mon Sep 17 00:00:00 2001 From: Marc Beyer Date: Mon, 17 Jan 2022 05:57:44 +0100 Subject: [PATCH] Added auth to the /event/del endpoint --- .../server/controller/EventController.java | 8 +++++ .../server/repository/EventRepository.java | 31 ++++++++++++++----- 2 files changed, 31 insertions(+), 8 deletions(-) diff --git a/server/src/main/java/com/vpr/server/controller/EventController.java b/server/src/main/java/com/vpr/server/controller/EventController.java index 853dad4..18ba039 100644 --- a/server/src/main/java/com/vpr/server/controller/EventController.java +++ b/server/src/main/java/com/vpr/server/controller/EventController.java @@ -15,6 +15,7 @@ import org.springframework.web.server.ResponseStatusException; import java.sql.Time; import java.text.SimpleDateFormat; +import java.util.Optional; @Controller @RequestMapping(path = "/event") @@ -109,6 +110,13 @@ public class EventController { return new ResponseEntity<>( "Du hast keine Rechte um den Termin zu löschen", HttpStatus.UNAUTHORIZED); } + Optional event = eventRepository.findById(eventId); + + if (event.isEmpty()){ + return new ResponseEntity<>( "Der Termin exestiert nicht", HttpStatus.BAD_REQUEST); + } + + eventRepository.deleteUserEventsById(Long.valueOf(eventId)); eventRepository.deleteById(Long.valueOf(eventId)); return new ResponseEntity<>("", HttpStatus.OK); diff --git a/server/src/main/java/com/vpr/server/repository/EventRepository.java b/server/src/main/java/com/vpr/server/repository/EventRepository.java index af93e94..a5c17d6 100644 --- a/server/src/main/java/com/vpr/server/repository/EventRepository.java +++ b/server/src/main/java/com/vpr/server/repository/EventRepository.java @@ -11,7 +11,8 @@ import javax.transaction.Transactional; // CRUD refers Create, Read, Update, Delete public interface EventRepository extends CrudRepository { - @Query(value = "SELECT e.id AS eid, e.name AS ename, e.start, e.end, e.priority , e.is_full_day, " + + @Query( + value = "SELECT e.id AS eid, e.name AS ename, e.start, e.end, e.priority , e.is_full_day, " + "ue.date, " + "u.id AS uid, u.forename, u.name AS uname " + "FROM event e " + @@ -21,27 +22,41 @@ public interface EventRepository extends CrudRepository { "ON ue.user_id = u.id " + "WHERE u.id = ?1 " + "OR e.is_private = 0", - nativeQuery = true) + nativeQuery = true + ) Object[] findAllVisibleByUserId(long id); - @Query(value = "SELECT * " + + @Query( + value = "SELECT * " + "FROM event e " + "INNER JOIN user_event ue " + "ON e.id = ue.event_id " + "WHERE ue.user_id = ?1", - nativeQuery = true) + nativeQuery = true + ) Object[] findAllByUserId(long id); + + @Query( + value = "DELETE ue FROM user_event ue WHERE ue.event_id = ?1", + nativeQuery = true + ) + Object[] findUserIdByEventId(long id); + @Modifying @Transactional - @Query(value = "DELETE ue FROM user_event ue WHERE ue.event_id = ?1", - nativeQuery = true) + @Query( + value = "DELETE ue FROM user_event ue WHERE ue.event_id = ?1", + nativeQuery = true + ) void deleteUserEventsById(long id); @Modifying @Transactional - @Query(value = "DELETE e FROM event e WHERE e.id = ?1", - nativeQuery = true) + @Query( + value = "DELETE e FROM event e WHERE e.id = ?1", + nativeQuery = true + ) void deleteById(long id); } \ No newline at end of file