diff --git a/src/main/java/cz/cvut/kbss/study/rest/PatientRecordController.java b/src/main/java/cz/cvut/kbss/study/rest/PatientRecordController.java index 64e148a..9d925f4 100644 --- a/src/main/java/cz/cvut/kbss/study/rest/PatientRecordController.java +++ b/src/main/java/cz/cvut/kbss/study/rest/PatientRecordController.java @@ -7,6 +7,7 @@ import cz.cvut.kbss.study.exception.NotFoundException; import cz.cvut.kbss.study.model.PatientRecord; import cz.cvut.kbss.study.model.RecordPhase; +import cz.cvut.kbss.study.model.User; import cz.cvut.kbss.study.model.export.RawRecord; import cz.cvut.kbss.study.persistence.dao.util.RecordFilterParams; import cz.cvut.kbss.study.rest.event.PaginatedResultRetrievedEvent; @@ -17,6 +18,7 @@ import cz.cvut.kbss.study.service.ConfigReader; import cz.cvut.kbss.study.service.ExcelRecordConverter; import cz.cvut.kbss.study.service.PatientRecordService; +import cz.cvut.kbss.study.service.UserService; import cz.cvut.kbss.study.util.ConfigParam; import cz.cvut.kbss.study.util.Constants; import jakarta.servlet.http.HttpServletRequest; @@ -52,16 +54,19 @@ public class PatientRecordController extends BaseController { private final RestTemplate restTemplate; private final ConfigReader configReader; private ObjectMapper objectMapper; + private final UserService userService; public PatientRecordController(PatientRecordService recordService, ApplicationEventPublisher eventPublisher, ExcelRecordConverter excelRecordConverter, RestTemplate restTemplate, - ConfigReader configReader, ObjectMapper objectMapper) { + ConfigReader configReader, ObjectMapper objectMapper, + UserService userService) { this.recordService = recordService; this.eventPublisher = eventPublisher; this.excelRecordConverter = excelRecordConverter; this.restTemplate = restTemplate; this.configReader = configReader; this.objectMapper = objectMapper; + this.userService = userService; } @PreAuthorize("hasRole('" + SecurityConstants.ROLE_ADMIN + "') or @securityUtils.isMemberOfInstitution(#institutionKey)") @@ -150,9 +155,15 @@ private PatientRecord findInternal(String key) { return record; } + + @PostMapping(consumes = MediaType.APPLICATION_JSON_VALUE) @ResponseStatus(HttpStatus.CREATED) - public ResponseEntity createRecord(@RequestBody PatientRecord record) { + public ResponseEntity createRecord(@RequestBody PatientRecord record) { + + if(userService.getCurrentUser().getInstitution() == null) + return ResponseEntity.status(HttpStatus.CONFLICT).body("User is not assigned to any institution"); + recordService.persist(record); if (LOG.isTraceEnabled()) { LOG.trace("Patient record {} successfully created.", record); diff --git a/src/main/java/cz/cvut/kbss/study/rest/UserController.java b/src/main/java/cz/cvut/kbss/study/rest/UserController.java index b097621..8b82ba5 100644 --- a/src/main/java/cz/cvut/kbss/study/rest/UserController.java +++ b/src/main/java/cz/cvut/kbss/study/rest/UserController.java @@ -76,6 +76,7 @@ public ResponseEntity create(@RequestBody User user) { return new ResponseEntity<>(headers, HttpStatus.CREATED); } + @PreAuthorize( "hasRole('" + SecurityConstants.ROLE_ADMIN + "') " + "or hasRole('" + SecurityConstants.ROLE_USER + "') and @securityUtils.isMemberOfInstitution(#institutionKey)") diff --git a/src/test/java/cz/cvut/kbss/study/rest/PatientRecordControllerTest.java b/src/test/java/cz/cvut/kbss/study/rest/PatientRecordControllerTest.java index fe532cf..250d0ce 100644 --- a/src/test/java/cz/cvut/kbss/study/rest/PatientRecordControllerTest.java +++ b/src/test/java/cz/cvut/kbss/study/rest/PatientRecordControllerTest.java @@ -16,6 +16,7 @@ import cz.cvut.kbss.study.rest.event.PaginatedResultRetrievedEvent; import cz.cvut.kbss.study.rest.util.RestUtils; import cz.cvut.kbss.study.service.PatientRecordService; +import cz.cvut.kbss.study.service.UserService; import cz.cvut.kbss.study.util.Constants; import cz.cvut.kbss.study.util.IdentificationUtils; import org.junit.jupiter.api.BeforeEach; @@ -66,6 +67,9 @@ public class PatientRecordControllerTest extends BaseControllerTestRunner { @Mock private ApplicationEventPublisher eventPublisherMock; + @Mock + private UserService userService; + @Spy private ObjectMapper objectMapper = Environment.getObjectMapper(); @@ -178,6 +182,7 @@ public void findByInstitutionReturnsRecords() throws Exception { @Test public void createRecordReturnsResponseStatusCreated() throws Exception { PatientRecord record = Generator.generatePatientRecord(user); + when(userService.getCurrentUser()).thenReturn(user); final MvcResult result = mockMvc.perform(post("/records").content(toJson(record)) .contentType(MediaType.APPLICATION_JSON_VALUE)) @@ -186,6 +191,22 @@ public void createRecordReturnsResponseStatusCreated() throws Exception { assertEquals(HttpStatus.CREATED, HttpStatus.valueOf(result.getResponse().getStatus())); } + @Test + public void createRecordWithoutInstitutionReturnsResponseStatusBadRequest() throws Exception { + user.setInstitution(null); + + PatientRecord record = Generator.generatePatientRecord(user); + + when(userService.getCurrentUser()).thenReturn(user); + + final MvcResult result = mockMvc.perform(post("/records").content(toJson(record)) + .contentType(MediaType.APPLICATION_JSON_VALUE)) + .andReturn(); + + assertEquals(HttpStatus.CONFLICT, HttpStatus.valueOf(result.getResponse().getStatus())); + } + + @Test public void updateRecordReturnsResponseStatusNoContent() throws Exception { final String key = "12345"; diff --git a/src/test/java/cz/cvut/kbss/study/rest/UserControllerTest.java b/src/test/java/cz/cvut/kbss/study/rest/UserControllerTest.java index ba0159f..2eba739 100644 --- a/src/test/java/cz/cvut/kbss/study/rest/UserControllerTest.java +++ b/src/test/java/cz/cvut/kbss/study/rest/UserControllerTest.java @@ -63,6 +63,7 @@ public void getUserByUsernameThrowsNotFoundWhenUserIsNotFound() throws Exception assertEquals(HttpStatus.NOT_FOUND, HttpStatus.valueOf(result.getResponse().getStatus())); } + @Test public void getUserByUsernameFoundUser() throws Exception { final String username = "tom";