Added auth to the /event/del endpoint

2022-01-17 05:57:44 +01:00 · 2022-01-17 05:57:44 +01:00 · 3796afb712
commit 3796afb712
parent e05faab31e
2 changed files with 31 additions and 8 deletions
--- a/server/src/main/java/com/vpr/server/controller/EventController.java
+++ b/server/src/main/java/com/vpr/server/controller/EventController.java
@ -15,6 +15,7 @@ import org.springframework.web.server.ResponseStatusException;

 import java.sql.Time;
 import java.text.SimpleDateFormat;
+import java.util.Optional;

@Controller
@RequestMapping(path = "/event")
@ -109,6 +110,13 @@ public class EventController {
            return new ResponseEntity<>( "Du hast keine Rechte um den Termin zu löschen", HttpStatus.UNAUTHORIZED);
        }

+        Optional<Event> event = eventRepository.findById(eventId);
+
+        if (event.isEmpty()){
+            return new ResponseEntity<>( "Der Termin exestiert nicht", HttpStatus.BAD_REQUEST);
+        }
+
+
        eventRepository.deleteUserEventsById(Long.valueOf(eventId));
        eventRepository.deleteById(Long.valueOf(eventId));
        return new ResponseEntity<>("", HttpStatus.OK);
--- a/server/src/main/java/com/vpr/server/repository/EventRepository.java
+++ b/server/src/main/java/com/vpr/server/repository/EventRepository.java
@ -11,7 +11,8 @@ import javax.transaction.Transactional;
 // CRUD refers Create, Read, Update, Delete

 public interface EventRepository extends CrudRepository<Event, Integer> {
-    @Query(value = "SELECT e.id AS eid, e.name AS ename, e.start, e.end, e.priority , e.is_full_day, " +
+    @Query(
+            value = "SELECT e.id AS eid, e.name AS ename, e.start, e.end, e.priority , e.is_full_day, " +
            "ue.date, " +
            "u.id AS uid, u.forename, u.name AS uname " +
            "FROM event e " +
@ -21,27 +22,41 @@ public interface EventRepository extends CrudRepository<Event, Integer> {
            "ON ue.user_id = u.id " +
            "WHERE u.id = ?1 " +
            "OR e.is_private = 0",
-            nativeQuery = true)
+            nativeQuery = true
+    )
    Object[] findAllVisibleByUserId(long id);

-    @Query(value = "SELECT * " +
+    @Query(
+            value = "SELECT * " +
            "FROM event e " +
            "INNER JOIN user_event ue " +
            "ON e.id = ue.event_id " +
            "WHERE ue.user_id = ?1",
-            nativeQuery = true)
+            nativeQuery = true
+    )
    Object[] findAllByUserId(long id);

+
+    @Query(
+            value = "DELETE ue FROM user_event ue WHERE ue.event_id = ?1",
+            nativeQuery = true
+    )
+    Object[] findUserIdByEventId(long id);
+
    @Modifying
    @Transactional
-    @Query(value = "DELETE ue FROM user_event ue WHERE ue.event_id = ?1",
-    nativeQuery = true)
+    @Query(
+            value = "DELETE ue FROM user_event ue WHERE ue.event_id = ?1",
+            nativeQuery = true
+    )
    void deleteUserEventsById(long id);


    @Modifying
    @Transactional
-    @Query(value = "DELETE e FROM event e WHERE e.id = ?1",
-            nativeQuery = true)
+    @Query(
+            value = "DELETE e FROM event e WHERE e.id = ?1",
+            nativeQuery = true
+    )
    void deleteById(long id);
 }