make edit buttons conditional on user

author: realtradam <[email protected]> 2024-07-27 23:24:57 -0400
committer: realtradam <[email protected]> 2024-07-27 23:24:57 -0400
commit: 55ec4c9dbd9fa1b98cab03f046c98d33125fb484 (patch)
tree: cc6efb54999dfbfd0208bfee0a9da76c822791ca /backend/src/main/java/com
parent: c366e70e95156d2637f82116312770e12a9aad32 (diff)
download: spring-blog-55ec4c9dbd9fa1b98cab03f046c98d33125fb484.tar.gz
spring-blog-55ec4c9dbd9fa1b98cab03f046c98d33125fb484.zip
5 files changed, 23 insertions, 11 deletions
diff --git a/backend/src/main/java/com/blog/web/controllers/ArticleController.java b/backend/src/main/java/com/blog/web/controllers/ArticleController.java
index b321cd2..e7890b0 100644
--- a/backend/src/main/java/com/blog/web/controllers/ArticleController.java
+++ b/backend/src/main/java/com/blog/web/controllers/ArticleController.java
@@ -78,7 +78,7 @@ public class ArticleController {
     }
 
     @PostMapping("/articles/edit/{articleId}")
-    public String updateArticle(@PathVariable("articleId") Long articleId, @Valid @ModelAttribute("article") ArticleDto article, BindingResult result) {
+    public String updateArticle(@PathVariable("articleId") long articleId, @Valid @ModelAttribute("article") ArticleDto article, BindingResult result) {
         if (result.hasErrors()) {
             return "articles/edit";
         }
diff --git a/backend/src/main/java/com/blog/web/dto/ArticleDto.java b/backend/src/main/java/com/blog/web/dto/ArticleDto.java
index 755b1f6..9e82c40 100644
--- a/backend/src/main/java/com/blog/web/dto/ArticleDto.java
+++ b/backend/src/main/java/com/blog/web/dto/ArticleDto.java
@@ -29,7 +29,7 @@ public class ArticleDto {
     @JoinColumn(name = "created_by", nullable = false)
     private UserEntity createdBy;
 
-    public ArticleDto(long id, String title, String photoUrl, String content, UserEntity createdBy, LocalDateTime createdOn, LocalDateTime updatedOn) {
+    public ArticleDto(Long id, String title, String photoUrl, String content, UserEntity createdBy, LocalDateTime createdOn, LocalDateTime updatedOn) {
         this.id = id;
         this.title = title;
         this.photoUrl = photoUrl;
@@ -111,4 +111,8 @@ public class ArticleDto {
     public String getUsername() {
         return createdBy.getUsername();
     }
+
+    public Long getUserId() {
+        return createdBy.getId();
+    }
 }
diff --git a/backend/src/main/java/com/blog/web/dto/ArticlePublicDto.java b/backend/src/main/java/com/blog/web/dto/ArticlePublicDto.java
index 5dac4fe..50dda43 100644
--- a/backend/src/main/java/com/blog/web/dto/ArticlePublicDto.java
+++ b/backend/src/main/java/com/blog/web/dto/ArticlePublicDto.java
@@ -13,7 +13,7 @@ public class ArticlePublicDto {
     private LocalDateTime updatedOn;
     private String createdBy;
 
-    public ArticlePublicDto(long id, String title, String photoUrl, String content, String createdBy, LocalDateTime createdOn, LocalDateTime updatedOn) {
+    public ArticlePublicDto(Long id, String title, String photoUrl, String content, String createdBy, LocalDateTime createdOn, LocalDateTime updatedOn) {
         this.id = id;
         this.title = title;
         this.photoUrl = photoUrl;
diff --git a/backend/src/main/java/com/blog/web/models/Article.java b/backend/src/main/java/com/blog/web/models/Article.java
index 78ad668..ed4ac1c 100644
--- a/backend/src/main/java/com/blog/web/models/Article.java
+++ b/backend/src/main/java/com/blog/web/models/Article.java
@@ -46,7 +46,7 @@ public class Article {
         this.updatedOn = articleDto.getUpdatedOn();
     }
 
-    public long getId() {
+    public Long getId() {
         return id;
     }
 
diff --git a/backend/src/main/java/com/blog/web/services/impl/ArticleServiceImpl.java b/backend/src/main/java/com/blog/web/services/impl/ArticleServiceImpl.java
index 2f9de6c..04cc8be 100644
--- a/backend/src/main/java/com/blog/web/services/impl/ArticleServiceImpl.java
+++ b/backend/src/main/java/com/blog/web/services/impl/ArticleServiceImpl.java
@@ -61,13 +61,21 @@ public class ArticleServiceImpl implements ArticleService {
     }
 
     @Override
-    public void updateArticle(ArticleDto articleDto) {
-        final String username = SecurityUtil.getSessionUser();
-        final UserEntity user = userRepository.findByUsername(username).orElse(null);
-        if (user == null) {
-            return;
-        }
-        final Article article = mapToArticle(articleDto);
+    public void updateArticle(ArticleDto newArticle) {
+        if(newArticle == null) { return; }
+        final Optional<ArticleDto> optExistingArticle = this.findArticleById(newArticle.getId());
+        if(optExistingArticle.isEmpty()) { return; } // cant find article, give up
+        final ArticleDto existingArticle = optExistingArticle.get();
+        Long ownerId = existingArticle.getUserId();
+
+        final Optional<UserEntity> optUser = userService.getLoggedInUser();
+        if (optUser.isEmpty()) { return; } // not logged in, not allowed to edit
+        final UserEntity user = optUser.get();
+        Long userId = user.getId();
+
+        if (!ownerId.equals(userId)) { return; } // logged in a different user, not allowed to edit
+
+        final Article article = mapToArticle(newArticle);
         article.setCreatedBy(user);
         articleRepository.save(article);
     }
author	realtradam <[email protected]>	2024-07-27 23:24:57 -0400
committer	realtradam <[email protected]>	2024-07-27 23:24:57 -0400
commit	55ec4c9dbd9fa1b98cab03f046c98d33125fb484 (patch)
tree	cc6efb54999dfbfd0208bfee0a9da76c822791ca /backend/src/main/java/com
parent	c366e70e95156d2637f82116312770e12a9aad32 (diff)
download	spring-blog-55ec4c9dbd9fa1b98cab03f046c98d33125fb484.tar.gz spring-blog-55ec4c9dbd9fa1b98cab03f046c98d33125fb484.zip