Refactor delivery (#268)

GeoWerkstatt · Sep 2, 2024 · a3453a8 · a3453a8
2 parents e9bcd21 + 983516a
commit a3453a8
Show file tree

Hide file tree

Showing 59 changed files with 6,776 additions and 784 deletions.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -69,8 +69,8 @@ services:
     volumes:
       - ./src/Geopilot.Api/Uploads:/uploads
       - ./src/Geopilot.Api/Persistent:/assets
-      - ./README.md:/public/info-hilfe.md
-      - ./LICENSE:/public/nutzungsbestimmungen.md
+      - ./README.md:/public/info.md
+      - ./LICENSE:/public/terms-of-use.md
     extra_hosts:
       - "localhost:host-gateway"
     depends_on:

diff --git a/src/Geopilot.Api/ContextExtensions.cs b/src/Geopilot.Api/ContextExtensions.cs
@@ -35,7 +35,7 @@ public static void SeedTestData(this Context context)
         context.SeedMandates();
         context.SeedDeliveries();
         context.SeedAssets();
-        context.AuthorizeFirstUser();
+        context.AddOrganisationsToDefaultUsers();
 
         transaction.Commit();
     }
@@ -187,15 +187,15 @@ public static void SeedAssets(this Context context)
         context.SaveChanges();
     }
 
-    public static void AuthorizeFirstUser(this Context context)
+    public static void AddOrganisationsToDefaultUsers(this Context context)
     {
-        var user = context.Users.OrderBy(u => u.Id).First();
-        var organisation = context.Organisations.OrderBy(o => o.Id).First();
-        var mandates = context.Mandates.OrderBy(m => m.Id).Skip(1);
+        var admin = context.Users.Single(user => user.Email == "[email protected]");
+        var adminOrganisations = context.Organisations.OrderBy(o => o.Id).Skip(1);
+        admin.Organisations.AddRange(adminOrganisations);
 
-        user.IsAdmin = true;
-        user.Organisations.Add(organisation);
-        organisation.Mandates.AddRange(mandates);
+        var user = context.Users.Single(user => user.Email == "[email protected]");
+        var userOrganistions = context.Organisations.OrderBy(o => o.Id).Take(2);
+        user.Organisations.AddRange(userOrganistions);
 
         context.SaveChanges();
     }

diff --git a/src/Geopilot.Api/Controllers/DeliveryController.cs b/src/Geopilot.Api/Controllers/DeliveryController.cs
@@ -43,6 +43,7 @@ public DeliveryController(ILogger<DeliveryController> logger, Context context, I
     [Authorize(Policy = GeopilotPolicies.User)]
     [SwaggerResponse(StatusCodes.Status201Created, "The delivery was created successfully.")]
     [SwaggerResponse(StatusCodes.Status400BadRequest, "The server cannot process the request due to invalid or malformed request.", typeof(ValidationProblemDetails), "application/json")]
+    [SwaggerResponse(StatusCodes.Status401Unauthorized, "The user is not authorized.")]
     [SwaggerResponse(StatusCodes.Status404NotFound, "The validation job or mandate could not be found.")]
     [SwaggerResponse(StatusCodes.Status500InternalServerError, "The server encountered an unexpected condition that prevented it from fulfilling the request. Likely there was an error persisting the assets.", typeof(ProblemDetails), "application/json")]
     public async Task<IActionResult> Create(DeliveryRequest declaration)
@@ -69,8 +70,14 @@ public async Task<IActionResult> Create(DeliveryRequest declaration)
 
         if (mandate is null || !mandate.Organisations.SelectMany(u => u.Users).Any(u => u.Id == user.Id))
         {
-            logger.LogTrace("User <{AuthIdentifier}> is not authorized to create a delivery for mandate with id <{MandateId}>.", user.AuthIdentifier, declaration.MandateId);
-            return NotFound($"Mandate with id <{declaration.MandateId}> not found or user is not authorized.");
+            logger.LogTrace($"Mandate with id <{declaration.MandateId}> not found.");
+            return NotFound($"Mandate with id <{declaration.MandateId}> not found.");
+        }
+
+        if (!mandate.Organisations.SelectMany(u => u.Users).Any(u => u.Id == user.Id))
+        {
+            logger.LogTrace($"User <{user.AuthIdentifier}> is not authorized to create a delivery for mandate with id <{declaration.MandateId}>.");
+            return Unauthorized($"User is not authorized for mandate with id <{declaration.MandateId}>");
         }
 
         var precursorDelivery = declaration.PrecursorDeliveryId.HasValue ?

diff --git a/src/Geopilot.Api/Controllers/MandateController.cs b/src/Geopilot.Api/Controllers/MandateController.cs
@@ -50,7 +50,7 @@ public async Task<IActionResult> Get(
         var user = await context.GetUserByPrincipalAsync(User);
         var mandates = context.MandatesWithIncludes.AsNoTracking();
 
-        if (!user.IsAdmin)
+        if (!user.IsAdmin || jobId != default)
         {
             mandates = mandates.Where(m => m.Organisations.SelectMany(o => o.Users).Any(u => u.Id == user.Id));
         }

diff --git a/src/Geopilot.Frontend/cypress/e2e/app.cy.js b/src/Geopilot.Frontend/cypress/e2e/app.cy.js
@@ -1,5 +1,6 @@
 import {
   isSelectedNavItem,
+  loadWithoutAuth,
   loginAsAdmin,
   loginAsNewUser,
   loginAsUploader,
@@ -11,12 +12,8 @@ import { selectAdminNavItem } from "./helpers/adminHelpers.js";
 
 describe("General app tests", () => {
   it("shows no login button if auth settings could not be loaded", () => {
-    cy.visit("/");
-    cy.intercept("/api/v1/user/auth", {
-      statusCode: 200,
-      body: { authority: "", clientId: "" },
-    });
-    cy.get('[data-cy="loggedInUser-button"]').should("not.exist");
+    loadWithoutAuth();
+    cy.get('[data-cy="login-button"]').should("not.exist");
   });
 
   it.skip("registers new users and logs them in", () => {