Add and delete functionality for Roles (#509)

* Add and delete functionality for Roles

* Added Exception for deleting the user Role

* Inverted if statement and reformatted tests

src/main/java/ch/wisv/areafiftylan/exception/CannotRemoveUserRoleException.java

@@ -0,0 +1,9 @@
+package ch.wisv.areafiftylan.exception;
+
+import ch.wisv.areafiftylan.users.model.Role;
+
+public class CannotRemoveUserRoleException extends AreaFiftyLANException {
+    public CannotRemoveUserRoleException(Role role) {
+        super("Role " + role.name() + " cannot be removed");
+    }
+}

src/main/java/ch/wisv/areafiftylan/users/controller/UserRestController.java

@@ -17,8 +17,10 @@
 
 package ch.wisv.areafiftylan.users.controller;
 
+import ch.wisv.areafiftylan.exception.CannotRemoveUserRoleException;
 import ch.wisv.areafiftylan.seats.model.Seat;
 import ch.wisv.areafiftylan.seats.service.SeatService;
+import ch.wisv.areafiftylan.users.model.RoleDTO;
 import ch.wisv.areafiftylan.users.model.User;
 import ch.wisv.areafiftylan.users.model.UserDTO;
 import ch.wisv.areafiftylan.users.service.UserService;
@@ -169,6 +171,25 @@ public List<Seat> getSeatByUser(@PathVariable Long userId) {
         return seatService.getSeatsByEmail(user.getEmail());
     }
 
+    @PreAuthorize("hasRole('ADMIN')")
+    @PostMapping("/{userId}/role")
+    public ResponseEntity<?> addRole(@PathVariable Long userId, @Validated @RequestBody RoleDTO input) {
+        userService.addRole(userId, input);
+        return new ResponseEntity<>(getUserById(userId), HttpStatus.OK);
+    }
+
+    @PreAuthorize("hasRole('ADMIN')")
+    @PostMapping("/{userId}/role/delete")
+    public ResponseEntity<?> deleteRole(@PathVariable Long userId, @Validated @RequestBody RoleDTO input) {
+        userService.deleteRole(userId, input);
+        return new ResponseEntity<>(getUserById(userId), HttpStatus.OK);
+    }
+
+    @ExceptionHandler(CannotRemoveUserRoleException.class)
+    public ResponseEntity<?> handleCannotRemoveUserRoleException(CannotRemoveUserRoleException ex) {
+        return createResponseEntity(HttpStatus.BAD_REQUEST, ex.getMessage());
+    }
+
     @ExceptionHandler(DataIntegrityViolationException.class)
     public ResponseEntity<?> handleDataIntegrityViolationException(DataIntegrityViolationException ex) {
         return createResponseEntity(HttpStatus.CONFLICT, "Email is already in use");

src/main/java/ch/wisv/areafiftylan/users/model/RoleDTO.java

@@ -0,0 +1,14 @@
+package ch.wisv.areafiftylan.users.model;
+
+import lombok.Getter;
+import lombok.Setter;
+
+import javax.validation.constraints.NotNull;
+
+@Getter
+@Setter
+public class RoleDTO {
+
+    @NotNull
+    private Role role;
+}

src/main/java/ch/wisv/areafiftylan/users/model/User.java

@@ -110,4 +110,8 @@ public void addRole(Role role) {
     public int getReference() {
         return email.hashCode();
     }
+
+    public void deleteRole(Role role) {
+        this.roles.remove(role);
+    }
 }

src/main/java/ch/wisv/areafiftylan/users/service/UserService.java

@@ -20,6 +20,7 @@
 
 import ch.wisv.areafiftylan.users.model.Profile;
 import ch.wisv.areafiftylan.users.model.ProfileDTO;
+import ch.wisv.areafiftylan.users.model.RoleDTO;
 import ch.wisv.areafiftylan.users.model.User;
 import ch.wisv.areafiftylan.users.model.UserDTO;
 import org.springframework.dao.DataIntegrityViolationException;
@@ -67,4 +68,8 @@ public interface UserService {
      * @return A boolean indicating wether a user is old enough.
      */
     Boolean alcoholCheck(Long userId);
+
+    void addRole(Long userId, RoleDTO input);
+
+    void deleteRole(Long userId, RoleDTO input);
 }

src/main/java/ch/wisv/areafiftylan/users/service/UserServiceImpl.java

@@ -17,6 +17,7 @@
 
 package ch.wisv.areafiftylan.users.service;
 
+import ch.wisv.areafiftylan.exception.CannotRemoveUserRoleException;
 import ch.wisv.areafiftylan.exception.UserNotFoundException;
 import ch.wisv.areafiftylan.security.token.PasswordResetToken;
 import ch.wisv.areafiftylan.security.token.VerificationToken;
@@ -266,6 +267,24 @@ public Boolean alcoholCheck(Long userId) {
         return user.getProfile().getBirthday().isBefore(LocalDate.now().minusYears(ALCOHOL_AGE));
     }
 
+    @Override
+    public void addRole(Long userId, RoleDTO input) {
+        User user = getUserById(userId);
+        user.addRole(input.getRole());
+        userRepository.saveAndFlush(user);
+    }
+
+    @Override
+    public void deleteRole(Long userId, RoleDTO input) {
+        if (input.getRole() == Role.ROLE_USER) {
+            throw new CannotRemoveUserRoleException(input.getRole());
+        }
+
+        User user = getUserById(userId);
+        user.deleteRole(input.getRole());
+        userRepository.saveAndFlush(user);
+    }
+
     /**
      * Encrypt the password using the BCryptPasswordEncoder with default settings
      *

src/test/java/ch/wisv/areafiftylan/integration/UserRestIntegrationTest.java

@@ -19,6 +19,7 @@
 
 import ch.wisv.areafiftylan.security.token.repository.VerificationTokenRepository;
 import ch.wisv.areafiftylan.users.model.Role;
+import ch.wisv.areafiftylan.users.model.RoleDTO;
 import ch.wisv.areafiftylan.users.model.User;
 import io.restassured.http.ContentType;
 import io.restassured.http.Header;
@@ -856,4 +857,75 @@ public void testWrongCaseLogin() {
             body("authorities", hasItem("ROLE_USER"));
         //@formatter:on
     }
+
+    @Test
+    public void testAddRole() {
+        User admin = createAdmin();
+        User user = createUser();
+        RoleDTO roleDTO = new RoleDTO();
+        roleDTO.setRole(Role.ROLE_ADMIN);
+        //@formatter:off
+        given().
+                header(getXAuthTokenHeaderForUser(admin.getEmail())).
+        when().
+                body(roleDTO).
+                contentType(ContentType.JSON).
+                post("/users/" + user.getId() + "/role").
+        then().statusCode(HttpStatus.SC_OK).
+                body("email", equalTo(user.getEmail())).
+                body("authorities", hasItem("ROLE_ADMIN"));
+        //@formatter:on
+    }
+
+    @Test
+    public void testDeleteRole() {
+        User admin = createAdmin();
+        User user = createCommitteeMember();
+        RoleDTO roleDTO = new RoleDTO();
+        roleDTO.setRole(Role.ROLE_COMMITTEE);
+        //@formatter:off
+        given().
+                header(getXAuthTokenHeaderForUser(admin.getEmail())).
+        when().
+                body(roleDTO).
+                contentType(ContentType.JSON).
+                post("/users/" + user.getId() + "/role/delete").
+        then().statusCode(HttpStatus.SC_OK).
+                body("email", equalTo(user.getEmail())).
+                body("authorities", not(hasItem("ROLE_COMMITTEE")));
+        //@formatter:on
+    }
+
+    @Test
+    public void testDeleteUserRole() {
+        User admin = createAdmin();
+        User user = createUser();
+        RoleDTO roleDTO = new RoleDTO();
+        roleDTO.setRole(Role.ROLE_USER);
+        //@formatter:off
+        given().
+                header(getXAuthTokenHeaderForUser(admin.getEmail())).
+        when().
+                body(roleDTO).
+                contentType(ContentType.JSON).
+                post("/users/" + user.getId() + "/role/delete").
+        then().statusCode(HttpStatus.SC_BAD_REQUEST);
+        //@formatter:on
+    }
+
+    @Test
+    public void testDeleteNullRole() {
+        User admin = createAdmin();
+        User user = createUser();
+        RoleDTO roleDTO = new RoleDTO();
+        //@formatter:off
+        given().
+                header(getXAuthTokenHeaderForUser(admin.getEmail())).
+        when().
+                body(roleDTO).
+                contentType(ContentType.JSON).
+                post("/users/" + user.getId() + "/role/delete").
+        then().statusCode(HttpStatus.SC_BAD_REQUEST);
+        //@formatter:on
+    }
 }