diff --git a/backend/src/main/java/de/htwg_konstanz/mobilelearning/services/feedback/FeedbackFormService.java b/backend/src/main/java/de/htwg_konstanz/mobilelearning/services/feedback/FeedbackFormService.java index 1310882a..e421e9db 100644 --- a/backend/src/main/java/de/htwg_konstanz/mobilelearning/services/feedback/FeedbackFormService.java +++ b/backend/src/main/java/de/htwg_konstanz/mobilelearning/services/feedback/FeedbackFormService.java @@ -3,6 +3,7 @@ import java.util.List; import org.bson.types.ObjectId; +import org.eclipse.microprofile.jwt.JsonWebToken; import org.jboss.resteasy.reactive.RestPath; import de.htwg_konstanz.mobilelearning.enums.FormStatus; @@ -28,6 +29,9 @@ public class FeedbackFormService { @Inject private CourseRepository courseRepository; + @Inject + private JsonWebToken jwt; + @GET @Produces(MediaType.APPLICATION_JSON) @RolesAllowed({ UserRole.PROF, UserRole.STUDENT }) @@ -72,7 +76,9 @@ public FeedbackForm updateFeedbackForm(@RestPath String courseId, @RestPath Stri if (feedbackFormToUpdate == null) { throw new NotFoundException("Feedbackcourse not found"); } - + if(!course.isOwner(jwt.getSubject())){ + return null; + } if (feedbackForm.description != null) { feedbackFormToUpdate.description = feedbackForm.description; } @@ -130,7 +136,10 @@ public FeedbackForm clearFeedbackFormResults(@RestPath String courseId, @RestPat if (feedbackForm == null) { throw new NotFoundException("Feedbackcourse not found"); } - + if (!course.isOwner(jwt.getSubject())) { + System.out.println("User is not owner of course"); + return null; + } feedbackForm.clearResults(); courseRepository.update(course); return feedbackForm; diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties index 3fe78b7f..30ff4dcf 100644 --- a/backend/src/main/resources/application.properties +++ b/backend/src/main/resources/application.properties @@ -12,3 +12,5 @@ quarkus.native.resources.includes=publicKey.pem # Private signing key smallrye.jwt.sign.key.location=privateKey.pem + +quarkus.jacoco.excludes=**/helper/**/* \ No newline at end of file diff --git a/backend/src/test/java/de/htwg_konstanz/mobilelearning/services/feedback/FeedbackFormServiceTest.java b/backend/src/test/java/de/htwg_konstanz/mobilelearning/services/feedback/FeedbackFormServiceTest.java index 2132ec3a..e794df2c 100644 --- a/backend/src/test/java/de/htwg_konstanz/mobilelearning/services/feedback/FeedbackFormServiceTest.java +++ b/backend/src/test/java/de/htwg_konstanz/mobilelearning/services/feedback/FeedbackFormServiceTest.java @@ -5,6 +5,7 @@ import java.util.Base64; import java.util.List; +import org.bson.types.ObjectId; import org.jose4j.jwt.JwtClaims; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.BeforeEach; @@ -17,6 +18,7 @@ import de.htwg_konstanz.mobilelearning.models.Course; import de.htwg_konstanz.mobilelearning.models.auth.UserRole; import de.htwg_konstanz.mobilelearning.models.feedback.FeedbackForm; +import de.htwg_konstanz.mobilelearning.repositories.CourseRepository; import de.htwg_konstanz.mobilelearning.services.CourseService; import de.htwg_konstanz.mobilelearning.services.api.ApiService; import de.htwg_konstanz.mobilelearning.services.api.models.ApiCourse; @@ -44,6 +46,9 @@ public class FeedbackFormServiceTest { @Inject private CourseService courseService; + @Inject + private CourseRepository courseRepository; + @Inject private ApiService apiService; @@ -132,7 +137,7 @@ public void getFeedbackFormWithResult() { addResult(courseId, formId, questionId); List feedbackForms = feedbackFormService.getFeedbackForms(courses.get(0).id.toString()); - // Assert get feedback form without results + // Assert get feedback form with results FeedbackForm feedbackFormFromService = feedbackFormService.getFeedbackForm(courses.get(0).id.toString(), feedbackForms.get(0).id.toString(), true); Assertions.assertEquals("Erster Sprint", feedbackFormFromService.name); Assertions.assertEquals("Hier wollen wir Ihr Feedback zum ersten Sprint einholen", feedbackFormFromService.description); @@ -143,7 +148,7 @@ public void getFeedbackFormWithResult() { @Test @TestSecurity(user = "Prof", roles = { UserRole.PROF}) - @JwtSecurity(claims = { @Claim(key = "email", value = "prof@htwg-konstanz.de") }) + @JwtSecurity(claims = { @Claim(key = "sub", value = "111111111111111111111111") }) public void clearResults() { //create & get courses + ids List courses = createCourse(); @@ -154,6 +159,12 @@ public void clearResults() { addResult(courseId, formId, questionId); FeedbackForm feedbackForm = feedbackFormService.getFeedbackForm(courses.get(0).id.toString(), formId, true); + // need to manually add owner because anntation sub claim needs to be static and profId is different + Course course = courseService.getCourse(courseId); + ObjectId ownerId = new ObjectId("111111111111111111111111"); + course.addOwner(ownerId); + courseRepository.update(course); + // Assert that results were cleared Assertions.assertEquals(1, feedbackForm.questions.get(0).results.size()); feedbackFormService.clearFeedbackFormResults(courses.get(0).id.toString(), feedbackForm.id.toString()); @@ -174,11 +185,11 @@ public void clearResultsNotOwner() { addResult(courseId, formId, questionId); FeedbackForm feedbackForm = feedbackFormService.getFeedbackForm(courses.get(0).id.toString(), formId, true); - // Todo Assert that results were not cleared (not owner) + // Assert that results were not cleared (not owner) Assertions.assertEquals(1, feedbackForm.questions.get(0).results.size()); feedbackFormService.clearFeedbackFormResults(courses.get(0).id.toString(), feedbackForm.id.toString()); FeedbackForm feedbackFormCleared = feedbackFormService.getFeedbackForm(courses.get(0).id.toString(), formId, true); - Assertions.assertEquals(0, feedbackFormCleared.questions.get(0).results.size()); + Assertions.assertEquals(1, feedbackFormCleared.questions.get(0).results.size()); } @Test @@ -200,13 +211,19 @@ public void clearResultsForbidden() { @Test @TestSecurity(user = "Prof", roles = { UserRole.PROF}) - @JwtSecurity(claims = { @Claim(key = "email", value = "prof@htwg-konstanz.de") }) + @JwtSecurity(claims = { @Claim(key = "sub", value = "111111111111111111111111") }) public void updateFeedbackForm() { //create & get courses + ids List courses = createCourse(); String courseId = courses.getFirst().getId().toString(); String formId = courses.getFirst().getFeedbackForms().get(0).getId().toString(); + // need to manually add owner because anntation sub claim needs to be static profId is different + Course course = courseService.getCourse(courseId); + ObjectId ownerId = new ObjectId("111111111111111111111111"); + course.addOwner(ownerId); + courseRepository.update(course); + // update the feedback form name, description and questions FeedbackForm feedbackFormUpdate = new FeedbackForm(courses.get(0).id, "nameUpdate", "descriptionUpdate", List.of(), FormStatus.NOT_STARTED); feedbackFormService.updateFeedbackForm(courseId, formId, feedbackFormUpdate); @@ -231,11 +248,11 @@ public void updateFeedbackFormNotOwner() { FeedbackForm feedbackFormUpdate = new FeedbackForm(courses.get(0).id, "nameUpdate", "descriptionUpdate", List.of(), FormStatus.NOT_STARTED); feedbackFormService.updateFeedbackForm(courseId, formId, feedbackFormUpdate); - // Todo Assert that results were not cleared (not owner) + // Assert that results were not cleared (not owner) List updatedFeedbackForms = feedbackFormService.getFeedbackForms(courses.get(0).id.toString()); - Assertions.assertEquals("nameUpdate", updatedFeedbackForms.get(0).name); - Assertions.assertEquals("descriptionUpdate", updatedFeedbackForms.get(0).description); - Assertions.assertEquals(0, updatedFeedbackForms.get(0).questions.size()); + Assertions.assertEquals("Erster Sprint", updatedFeedbackForms.get(0).name); + Assertions.assertEquals("Hier wollen wir Ihr Feedback zum ersten Sprint einholen", updatedFeedbackForms.get(0).description); + Assertions.assertEquals(1, updatedFeedbackForms.get(0).questions.size()); } @Test diff --git a/backend/src/test/java/de/htwg_konstanz/mobilelearning/services/feedback/socket/LiveFeedbackSocketTest.java b/backend/src/test/java/de/htwg_konstanz/mobilelearning/services/feedback/socket/LiveFeedbackSocketTest.java index 2b53a25c..ff930567 100644 --- a/backend/src/test/java/de/htwg_konstanz/mobilelearning/services/feedback/socket/LiveFeedbackSocketTest.java +++ b/backend/src/test/java/de/htwg_konstanz/mobilelearning/services/feedback/socket/LiveFeedbackSocketTest.java @@ -298,7 +298,7 @@ public void clearFeedback() { Thread.sleep(1000); session.close(); - // form status should not change because user student + // form should be cleared after status is set to NOT_STARTED Assertions.assertTrue(courseService.getCourse(courseId).getFeedbackForms().get(0).getStatus().toString().equals("NOT_STARTED")); Assertions.assertEquals(0, feedbackFormService.getFeedbackForms(courseId).get(0).getQuestions().get(0).results.size()); } catch (Exception e) { @@ -349,7 +349,7 @@ public void stopFeedbackNotOwner() { session.close(); session2.close(); - // form status should not change because user student + // form status should not change because User is not owner of the course Assertions.assertTrue(courseService.getCourse(courseId).getFeedbackForms().get(0).getStatus().toString().equals("STARTED")); } catch (Exception e) { System.out.println(e); diff --git a/backend/src/test/java/de/htwg_konstanz/mobilelearning/services/quiz/socket/LiveQuizSocketTest.java b/backend/src/test/java/de/htwg_konstanz/mobilelearning/services/quiz/socket/LiveQuizSocketTest.java index a231d032..c74cdb3a 100644 --- a/backend/src/test/java/de/htwg_konstanz/mobilelearning/services/quiz/socket/LiveQuizSocketTest.java +++ b/backend/src/test/java/de/htwg_konstanz/mobilelearning/services/quiz/socket/LiveQuizSocketTest.java @@ -2,7 +2,6 @@ import java.net.URI; import java.nio.charset.StandardCharsets; -import java.util.ArrayList; import java.util.Base64; import java.util.LinkedHashMap; import java.util.List; @@ -14,7 +13,6 @@ import org.junit.jupiter.api.Test; import org.junit.jupiter.api.TestInfo; -import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.ObjectMapper; import de.htwg_konstanz.mobilelearning.LiveFeedbackSocketClient; @@ -36,7 +34,6 @@ import io.quarkus.test.security.TestSecurity; import io.quarkus.test.security.jwt.Claim; import io.quarkus.test.security.jwt.JwtSecurity; -import io.smallrye.common.constraint.Assert; import io.smallrye.jwt.auth.principal.DefaultJWTCallerPrincipal; import jakarta.inject.Inject; import jakarta.websocket.ContainerProvider; @@ -208,7 +205,7 @@ public void addResult() { addResult(courseId, formId, questionId, "Prof"); List quizForms = quizFormService.getQuizForms(courses.get(0).id.toString()); - // Assert get quiz form without results + // check that the result was added QuizForm quizFormFromService = quizFormService.getQuizForm(courses.get(0).id.toString(), quizForms.get(0).id.toString(), true); Assertions.assertEquals("Rollenverständnis bei Scrum", quizFormFromService.name); Assertions.assertEquals("Ein Quiz zum Rollenverständnis und Teamaufbau bei Scrum", quizFormFromService.description); @@ -232,7 +229,7 @@ public void submitResultOnlyAcceptedOnce() { addResult(courseId, formId, questionId, "Prof"); List quizForms = quizFormService.getQuizForms(courses.get(0).id.toString()); - // Assert get quiz form without results + // check that only one result was added QuizForm quizFormFromService = quizFormService.getQuizForm(courses.get(0).id.toString(), quizForms.get(0).id.toString(), true); Assertions.assertEquals("Rollenverständnis bei Scrum", quizFormFromService.name); Assertions.assertEquals("Ein Quiz zum Rollenverständnis und Teamaufbau bei Scrum", quizFormFromService.description); @@ -453,6 +450,7 @@ public void clearResults() { session.close(); quizForm = quizFormService.getQuizForms(courses.get(0).id.toString()).get(0); + // form should be cleared after status is set to NOT_STARTED Assertions.assertEquals(0, quizForm.questions.get(0).results.size()); } catch (Exception e) { System.out.println(e); @@ -498,6 +496,7 @@ public void nextQuestion() { } """); Thread.sleep(500); + // newest messagqueue item after first next should be CLOSED_QUESTION Map next1 = mapper.readerFor(Map.class).readValue(client.getMessageQueue().get(1)); Assertions.assertEquals("CLOSED_QUESTION", next1.get("action")); Object obj1 = next1.get("form"); // replace with your object @@ -512,6 +511,7 @@ public void nextQuestion() { } """); Thread.sleep(500); + // newest messagqueue item after second next should be OPENED_NEXT_QUESTION Map next2 = mapper.readerFor(Map.class).readValue(client.getMessageQueue().get(2)); Assertions.assertEquals("OPENED_NEXT_QUESTION", next2.get("action")); client.sendMessage(""" @@ -521,6 +521,7 @@ public void nextQuestion() { } """); Thread.sleep(500); + // newest messagqueue item after third next should be CLOSED_QUESTION Map next3 = mapper.readerFor(Map.class).readValue(client.getMessageQueue().get(3)); Assertions.assertEquals("CLOSED_QUESTION", next3.get("action")); client.sendMessage(""" @@ -530,6 +531,7 @@ public void nextQuestion() { } """); Thread.sleep(500); + // newest messagqueue items after fourth next should be CLOSED_QUESTION & FINISHED Map next4 = mapper.readerFor(Map.class).readValue(client.getMessageQueue().get(4)); Assertions.assertEquals("CLOSED_QUESTION", next4.get("action")); Map next5 = mapper.readerFor(Map.class).readValue(client.getMessageQueue().get(5)); @@ -564,6 +566,7 @@ public void nextQuestionNotOnwer() { // create a websocket client // (@ServerEndpoint("/course/{courseId}/quiz/form/{formId}/subscribe/{userId}/{jwt}") try { + // Owner stats feedback & 2nd prof (not owner) tries to change question LiveFeedbackSocketClient client = new LiveFeedbackSocketClient(); LiveFeedbackSocketClient client2 = new LiveFeedbackSocketClient(); Session session = ContainerProvider.getWebSocketContainer().connectToServer( @@ -618,6 +621,7 @@ public void nextQuestionStudent() { // create a websocket client // (@ServerEndpoint("/course/{courseId}/quiz/form/{formId}/subscribe/{userId}/{jwt}") try { + // Owner stats feedback & 2nd prof (with student role) tries to change question LiveFeedbackSocketClient client = new LiveFeedbackSocketClient(); LiveFeedbackSocketClient client2 = new LiveFeedbackSocketClient(); Session session = ContainerProvider.getWebSocketContainer().connectToServer(