From cfe3848d7e4ef6814e57a2d16a642d119a901f59 Mon Sep 17 00:00:00 2001
From: "Claudio Maggioni (maggicl)" <maggicl@kolabnow.ch>
Date: Tue, 21 Apr 2020 14:06:56 +0200
Subject: [PATCH] Done method to get dimmable light if owner or guest

---
 .../controller/DimmableLightController.java   | 54 +++++++++----------
 .../smarthut/models/DeviceRepository.java     | 10 ++++
 2 files changed, 36 insertions(+), 28 deletions(-)

diff --git a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/DimmableLightController.java b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/DimmableLightController.java
index 9a36125..bde6bef 100644
--- a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/DimmableLightController.java
+++ b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/DimmableLightController.java
@@ -8,7 +8,6 @@ import ch.usi.inf.sa4.sanmarinoes.smarthut.error.NotFoundException;
 import ch.usi.inf.sa4.sanmarinoes.smarthut.models.*;
 import java.security.Principal;
 import java.util.List;
-import java.util.Optional;
 import javax.validation.Valid;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
@@ -20,7 +19,6 @@ import org.springframework.web.bind.annotation.*;
 public class DimmableLightController {
 
     @Autowired private UserRepository userRepository;
-    @Autowired private RoomRepository roomRepository;
     @Autowired private DimmableLightRepository dimmableLightService;
     @Autowired private SceneRepository sceneRepository;
     @Autowired private StateRepository<State<?>> stateRepository;
@@ -48,35 +46,35 @@ public class DimmableLightController {
         return save(new DimmableLight(), dl);
     }
 
+    private DimmableLight fetchIfOwnerOrGuest(final Principal principal, Long id, Long hostId)
+            throws NotFoundException {
+        if (hostId == null) {
+            return dimmableLightService
+                    .findByIdAndUsername(id, principal.getName())
+                    .orElseThrow(NotFoundException::new);
+        } else {
+            /*
+             * Slightly less extremely verbose check through various repositories to control user/guest authorization.
+             */
+            DimmableLight dl =
+                    dimmableLightService
+                            .findByIdAndUserId(id, hostId)
+                            .orElseThrow(NotFoundException::new);
+            User host = userRepository.findById(hostId).orElseThrow(IllegalStateException::new);
+            User guest = userRepository.findByUsername(principal.getName());
+            if (!host.getGuests().contains(guest)) {
+                throw new NotFoundException();
+            } else {
+                return dl;
+            }
+        }
+    }
+
     @PutMapping
     public DimmableLight update(
-            @Valid @RequestBody DimmableSaveRequest sp,
-            final Principal principal,
-            Optional<Long> guestId)
+            @Valid @RequestBody DimmableSaveRequest sp, final Principal principal, Long hostId)
             throws NotFoundException {
-
-        /**
-         * Extremely verbose check through various repositories to control user/guest authorization.
-         */
-        if (guestId.isPresent()
-                && userRepository
-                        .findById(
-                                roomRepository
-                                        .findById(sp.getRoomId().longValue())
-                                        .get()
-                                        .getUserId()
-                                        .longValue())
-                        .get()
-                        .getGuests()
-                        .contains(userRepository.findById(guestId.get().longValue()))) {
-            return save(
-                    dimmableLightService
-                            .findByIdAndUsername(sp.getId(), principal.getName())
-                            .orElseThrow(NotFoundException::new),
-                    sp);
-        } else {
-            throw new Error("401: Unauthorized user. Not a guest.");
-        }
+        return save(fetchIfOwnerOrGuest(principal, sp.getId(), hostId), sp);
     }
 
     @DeleteMapping("/{id}")
diff --git a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/models/DeviceRepository.java b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/models/DeviceRepository.java
index 2496029..cf5c004 100644
--- a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/models/DeviceRepository.java
+++ b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/models/DeviceRepository.java
@@ -25,6 +25,16 @@ public interface DeviceRepository<T extends Device> extends CrudRepository<T, Lo
     @Query("SELECT d FROM Device d JOIN d.room r JOIN r.user u WHERE d.id = ?1 AND u.username = ?2")
     Optional<T> findByIdAndUsername(Long id, String username);
 
+    /**
+     * Finds devices by their id and a user id
+     *
+     * @param id the device id
+     * @param userId a User's id
+     * @return an optional device, empty if none found
+     */
+    @Query("SELECT d FROM Device d JOIN d.room r JOIN r.user u WHERE d.id = ?1 AND u.id = ?2")
+    Optional<T> findByIdAndUserId(Long id, Long userId);
+
     /**
      * Finds all devices belonging to a user
      *