Skip to content
Snippets Groups Projects
Commit ac222b07 authored by Dominika Zemanovičová's avatar Dominika Zemanovičová
Browse files

Merge branch 'M3-fix-exercise-scopes' into 'main'

M3 fix exercise scopes

See merge request !47
parents e5d5e34d 21b2508b
No related branches found
No related tags found
1 merge request!47M3 fix exercise scopes
Pipeline #
......@@ -11,21 +11,20 @@ public class ModuleExerciseApplication {
private static final String SECURITY_SCHEME_BEARER = "Bearer";
public static final String SECURITY_SCHEME_NAME = SECURITY_SCHEME_BEARER;
public static void main(String[] args) {
SpringApplication.run(ModuleExerciseApplication.class, args);
}
@Bean
public OpenApiCustomizer openAPICustomizer() {
return openApi -> {
openApi.getComponents()
.addSecuritySchemes(SECURITY_SCHEME_BEARER,
new SecurityScheme()
.type(SecurityScheme.Type.HTTP)
.scheme("bearer")
.description("provide a valid access token")
);
};
return openApi -> openApi.getComponents()
.addSecuritySchemes(SECURITY_SCHEME_BEARER,
new SecurityScheme()
.type(SecurityScheme.Type.HTTP)
.scheme("bearer")
.description("provide a valid access token")
);
}
}
......@@ -43,7 +43,7 @@ public class AnswerController {
* @return a ResponseEntity containing an AnswerDto object representing the newly created answer, or a 404 Not Found response
* if the question with the specified ID in dto was not found
*/
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME,scopes = {"test_1","test_2"}),
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME),
summary = "Create new answer for question", description = "Creates new answer for question.")
@ApiResponses(value = {
@ApiResponse(responseCode = "201", description = "Answers created successfully."),
......@@ -62,7 +62,7 @@ public class AnswerController {
* @return A ResponseEntity with an AnswerDto object representing the updated answer on an HTTP status code of 200 if the update was successful.
* or a NOT_FOUND response if the answer ID is invalid
*/
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME,scopes = {"test_1","test_2"}),
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME),
summary = "Update an answer", description = "Updates an answer with the specified ID.")
@ApiResponses(value = {
@ApiResponse(responseCode = "200", description = "Answer with the specified ID updated successfully."),
......@@ -80,7 +80,7 @@ public class AnswerController {
* @param id of answer to delete
* @throws ResponseStatusException if answer with specified id does not exist
*/
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME,scopes = {"test_1","test_2"}),
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME),
summary = "Delete an answer with specified ID", description = "Deletes an answer with the specified ID.")
@ApiResponses(value = {
@ApiResponse(responseCode = "204", description = "Answer with the specified ID deleted successfully."),
......
package org.fuseri.moduleexercise.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
......@@ -19,19 +20,20 @@ public class AppSecurityConfig {
public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf().disable();
httpSecurity.authorizeHttpRequests(x -> x
.requestMatchers("/swagger-ui/**", "/v3/api-docs/**").permitAll()
.requestMatchers("/swagger-ui/**", "/v3/api-docs/**", "/datainitializer").permitAll()
.requestMatchers(HttpMethod.POST, "/answers/**").hasAnyAuthority("SCOPE_test_1", "SCOPE_test_2")
.requestMatchers(HttpMethod.DELETE, "/answers/**").hasAnyAuthority("SCOPE_test_1", "SCOPE_test_2")
.requestMatchers(HttpMethod.PUT, "/answers/**").hasAnyAuthority("SCOPE_test_1","SCOPE_test_2")
.requestMatchers(HttpMethod.PUT, "/answers/**").hasAnyAuthority("SCOPE_test_1", "SCOPE_test_2")
.requestMatchers(HttpMethod.POST, "/questions/**").hasAnyAuthority("SCOPE_test_1", "SCOPE_test_2")
.requestMatchers(HttpMethod.DELETE, "/questions/**").hasAnyAuthority("SCOPE_test_1", "SCOPE_test_2")
.requestMatchers(HttpMethod.PUT, "/questions/**").hasAnyAuthority("SCOPE_test_1","SCOPE_test_2")
.requestMatchers(HttpMethod.PUT, "/questions/**").hasAnyAuthority("SCOPE_test_1", "SCOPE_test_2")
.requestMatchers(HttpMethod.PATCH, "/questions/**").hasAnyAuthority("SCOPE_test_1", "SCOPE_test_2")
.requestMatchers(HttpMethod.POST, "/exercises/**").hasAnyAuthority("SCOPE_test_1", "SCOPE_test_2")
.requestMatchers(HttpMethod.DELETE, "/exercises/**").hasAnyAuthority("SCOPE_test_1", "SCOPE_test_2")
.requestMatchers(HttpMethod.PUT, "/exercises/**").hasAnyAuthority("SCOPE_test_1","SCOPE_test_2")
.requestMatchers(HttpMethod.PUT, "/exercises/**").hasAnyAuthority("SCOPE_test_1", "SCOPE_test_2")
.anyRequest().authenticated()
).oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken)
......
......@@ -51,7 +51,7 @@ public class ExerciseController {
* @param dto containing information about the exercise to create
* @return a ResponseEntity containing an ExerciseDto object representing the newly created exercise
*/
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME,scopes = {"test_1","test_2"}),
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME),
summary = "Create an exercise", description = "Creates a new exercise.")
@ApiResponses(value = {
@ApiResponse(responseCode = "201", description = "Exercise created successfully."),
......@@ -70,7 +70,7 @@ public class ExerciseController {
* @return a ResponseEntity containing an ExerciseDto object representing the found exercise, or a 404 Not Found response
* if the exercise with the specified ID was not found
*/
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME,scopes = {"test_1","test_2"}),
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME),
summary = "Get an exercise by ID", description = "Returns an exercise with the specified ID.")
@ApiResponses(value = {
@ApiResponse(responseCode = "200", description = "Exercise with the specified ID retrieved successfully."),
......@@ -87,7 +87,7 @@ public class ExerciseController {
* @param page the page number of the exercises to retrieve
* @return A ResponseEntity containing paginated ExerciseDTOs.
*/
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME,scopes = {"test_1","test_2"}),
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME),
summary = "Get exercises in paginated format", description = "Returns exercises in paginated format.")
@ApiResponses(value = {
@ApiResponse(responseCode = "200", description = "Successfully retrieved paginated exercises"),
......@@ -106,7 +106,7 @@ public class ExerciseController {
* @param page the page number of the exercises to retrieve
* @return A ResponseEntity containing filtered and paginated ExerciseDTOs
*/
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME,scopes = {"test_1","test_2"}),
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME),
summary = "Filter exercises per difficulty and per course", description = "Returns exercises which belong to specified course and have specified difficulty.")
@ApiResponses(value = {
@ApiResponse(responseCode = "200", description = "Successfully retrieved filtered paginated exercises."),
......@@ -127,7 +127,7 @@ public class ExerciseController {
* @return a ResponseEntity containing paginated QuestionDTOs which belong to an exercise with exerciseId
* or a NOT_FOUND response if the exercise ID is invalid
*/
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME,scopes = {"test_1","test_2"}),
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME),
summary = "Find questions belonging to exercise by exercise ID",
description = "Returns a paginated list of questions for the specified exercise ID.")
@ApiResponses(value = {
......@@ -149,7 +149,7 @@ public class ExerciseController {
* @return A ResponseEntity with an ExerciseDto object representing the updated exercise an HTTP status code of 200 if the update was successful.
* or a NOT_FOUND response if the exercise ID is invalid
*/
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME,scopes = {"test_1","test_2"}),
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME),
summary = "Update a exercise", description = "Updates a exercise with the specified ID.")
@ApiResponses(value = {
@ApiResponse(responseCode = "200", description = "Exercise with the specified ID updated successfully."),
......@@ -166,7 +166,7 @@ public class ExerciseController {
*
* @param id the ID of the exercise to delete
*/
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME,scopes = {"test_1","test_2"}),
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME),
summary = "Delete a exercise with specified ID", description = "Deletes a exercise with the specified ID.")
@ApiResponses(value = {
@ApiResponse(responseCode = "204", description = "Exercise with the specified ID deleted successfully."),
......
......@@ -56,7 +56,8 @@ public class QuestionController {
* @return a ResponseEntity containing a QuestionDto object representing the found question, or a 404 Not Found response
* if the question with the specified ID was not found
*/
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME,scopes = {"test_1","test_2"}),summary = "Get a question by ID", description = "Returns a question with the specified ID.")
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME),
summary = "Get a question by ID", description = "Returns a question with the specified ID.")
@ApiResponses(value = {
@ApiResponse(responseCode = "200", description = "Question with the specified ID retrieved successfully.",
content = @Content(schema = @Schema(implementation = QuestionDto.class))),
......@@ -74,7 +75,7 @@ public class QuestionController {
* @return a ResponseEntity containing a List of AnswerDto objects, or a 404 Not Found response
* if the question with the specified ID was not found
*/
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME,scopes = {"test_1","test_2"}),
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME),
summary = "Retrieve answers for a specific question")
@ApiResponse(responseCode = "200", description = "Successfully retrieved answers",
content = @Content(schema = @Schema(implementation = AnswerDto.class)))
......@@ -91,8 +92,9 @@ public class QuestionController {
* @return a ResponseEntity containing a QuestionDto object representing the posted question, or a 404 Not Found response
* if the exercise with the specified ID in dto was not found
*/
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME,scopes = {"test_1","test_2"}),
summary = "Add a new question with answers to an exercise", description = "Creates a new question with answers and associates it with the specified exercise.")
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME),
summary = "Add a new question with answers to an exercise",
description = "Creates a new question with answers and associates it with the specified exercise.")
@ApiResponses(value = {
@ApiResponse(responseCode = "201", description = "Question with answers created and added to the exercise successfully.",
content = @Content(schema = @Schema(implementation = QuestionDto.class))),
......@@ -111,7 +113,7 @@ public class QuestionController {
* @return a ResponseEntity containing a QuestionUpdateDto object representing the updated question,
* or a 404 Not Found response if the question with the specified ID was not found
*/
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME,scopes = {"test_1","test_2"}),
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME),
summary = "Update a question by ID", description = "Updates a question with the specified ID.")
@ApiResponses(value = {
@ApiResponse(responseCode = "200", description = "Question with the specified ID updated successfully."),
......@@ -127,7 +129,7 @@ public class QuestionController {
*
* @param id of question to delete
*/
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME,scopes = {"test_1","test_2"}),
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME),
summary = "Delete a question with specified ID", description = "Deletes a question with the specified ID.")
@ApiResponses(value = {
@ApiResponse(responseCode = "204", description = "Question with the specified ID deleted successfully."),
......@@ -144,7 +146,7 @@ public class QuestionController {
* @param id id of question to update
* @return the LectureDto representing the updated lecture
*/
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME,scopes = {"test_1","test_2"}),
@Operation(security = @SecurityRequirement(name = ModuleExerciseApplication.SECURITY_SCHEME_NAME),
summary = "Add answers to the existing question.")
@PatchMapping("/{id}/answers")
@ApiResponses(value = {
......
......@@ -48,12 +48,7 @@ public class ExerciseControllerTest {
}
private ExerciseDto exerciseDto;
private ExerciseDto exerciseDto1;
private ExerciseDto exerciseDto2;
private ExerciseCreateDto exerciseCreateDto;
private ExerciseCreateDto exerciseCreateDto1;
private ExerciseCreateDto exerciseCreateDto2;
@BeforeEach
void init() {
......@@ -63,24 +58,10 @@ public class ExerciseControllerTest {
exerciseDto.setDifficulty(2);
exerciseDto.setCourseId(0);
exerciseDto1 = new ExerciseDto();
exerciseDto1.setName("idioms1");
exerciseDto1.setDescription("exercise on basic idioms");
exerciseDto1.setDifficulty(2);
exerciseDto1.setCourseId(0);
exerciseDto2 = new ExerciseDto();
exerciseDto2.setName("idioms2");
exerciseDto2.setDescription("exercise on basic idioms");
exerciseDto2.setDifficulty(1);
exerciseDto2.setCourseId(0);
exerciseCreateDto = new ExerciseCreateDto("idioms", "exercise on basic idioms", 2, 0);
exerciseCreateDto1 = new ExerciseCreateDto("idioms1", "exercise on intermediate idioms", 2, 0);
exerciseCreateDto2 = new ExerciseCreateDto("idioms2", "exercise on basic idioms", 1, 0L);
}
@WithMockUser(authorities = {"SCOPE_test_1"})
@WithMockUser()
@Test
void getExercise() throws Exception {
long id = 1L;
......@@ -100,7 +81,7 @@ public class ExerciseControllerTest {
.andExpect(status().is2xxSuccessful());
}
@WithMockUser(authorities = {"SCOPE_test_1"})
@WithMockUser()
@Test
void getExercise_notFound() throws Exception {
long id = 1L;
......@@ -109,7 +90,7 @@ public class ExerciseControllerTest {
.andExpect(status().isNotFound());
}
@WithMockUser(authorities = {"SCOPE_test_1"})
@WithMockUser()
@Test
void FindAll() {
when(facade.findAll(0)).thenReturn(new PageImpl<>(new ArrayList<>()));
......@@ -126,7 +107,7 @@ public class ExerciseControllerTest {
}
@WithMockUser(authorities = {"SCOPE_test_1"})
@WithMockUser()
@Test
void getFiltered() {
when(facade.findByCourseIdAndDifficulty(0, 2, 0)).thenReturn(new PageImpl<>(new ArrayList<>()));
......@@ -140,7 +121,7 @@ public class ExerciseControllerTest {
}
}
@WithMockUser(authorities = {"SCOPE_test_1"})
@WithMockUser(authorities = {"SCOPE_test_2"})
@Test
void testCreateExercise() throws Exception {
when(facade.create(ArgumentMatchers.isA(ExerciseCreateDto.class))).thenReturn(exerciseDto);
......@@ -152,7 +133,7 @@ public class ExerciseControllerTest {
.andExpect(jsonPath("$.courseId").value("0")).andReturn().getResponse().getContentAsString();
}
@WithMockUser(authorities = {"SCOPE_test_1"})
@WithMockUser(authorities = {"SCOPE_test_2"})
@Test
void testCreateExerciseEmptyBody() throws Exception {
var postExercise = "";
......
......@@ -55,8 +55,6 @@ public class QuestionControllerTest {
qston = new QuestionDto("\"what is the meaning of: costs an arm and leg\"", 1, new ArrayList<>());
}
@WithMockUser(authorities = {"SCOPE_test_1"})
@Test
void testCreateQuestion() throws Exception {
......@@ -114,7 +112,7 @@ public class QuestionControllerTest {
}
@WithMockUser(authorities = {"SCOPE_test_1"})
@WithMockUser()
@Test
void getQuestion() throws Exception {
var question = new QuestionDto("this statement is false", 1L, new ArrayList<>());
......@@ -123,7 +121,7 @@ public class QuestionControllerTest {
gets.andExpect(status().isOk()).andExpect(jsonPath("$.text", is("this statement is false")));
}
@WithMockUser(authorities = {"SCOPE_test_1"})
@WithMockUser()
@Test
void getQuestionNotFound() throws Exception {
when(facade.find(9999)).thenThrow(new EntityNotFoundException());
......@@ -132,7 +130,7 @@ public class QuestionControllerTest {
}
@WithMockUser(authorities = {"SCOPE_test_1"})
@WithMockUser()
@Test
void getAnswer() throws Exception {
var sss = List.of(new AnswerDto("February", false), new AnswerDto("All of them", true));
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment