Resolved issues:

- Added equals and hashcode to all entities. - Resolved issue when anyone can search for any order items. - Refactored getOrderItem method.
nklimovych · May 24, 2024 · e3a5165 · e3a5165
1 parent ee46947
commit e3a5165
Show file tree

Hide file tree

Showing 10 changed files with 44 additions and 24 deletions.
diff --git a/src/main/java/mate/academy/bookstore/controller/OrderController.java b/src/main/java/mate/academy/bookstore/controller/OrderController.java
@@ -61,10 +61,11 @@ public void updateOrderStatus(
     @GetMapping("/{orderId}/items")
     @PreAuthorize("hasAnyRole('ROLE_USER','ROLE_ADMIN')")
     @Operation(summary = "Get all order items from order",
-            description = "Retrieves all items associated with a specific order by its id")
+            description = "Retrieves all items associated for authenticated user")
     public List<OrderItemResponseDto> getAllOrderItems(
-            @PathVariable Long orderId) {
-        return orderService.getAllOrderItems(orderId);
+            @PathVariable Long orderId,
+            @AuthenticationPrincipal User user) {
+        return orderService.getAllOrderItems(orderId, user);
     }
 
     @GetMapping("/{orderId}/items/{itemId}")

diff --git a/src/main/java/mate/academy/bookstore/model/CartItem.java b/src/main/java/mate/academy/bookstore/model/CartItem.java
@@ -12,10 +12,12 @@
 import lombok.EqualsAndHashCode;
 import lombok.Getter;
 import lombok.Setter;
+import lombok.ToString;
 
 @Getter
 @Setter
 @EqualsAndHashCode(of = {"id", "shoppingCart", "book"})
+@ToString
 @Entity
 @Table(name = "cart_items")
 public class CartItem {

diff --git a/src/main/java/mate/academy/bookstore/model/Category.java b/src/main/java/mate/academy/bookstore/model/Category.java
@@ -6,12 +6,16 @@
 import jakarta.persistence.GenerationType;
 import jakarta.persistence.Id;
 import jakarta.persistence.Table;
+import lombok.EqualsAndHashCode;
 import lombok.Getter;
 import lombok.Setter;
+import lombok.ToString;
 import org.hibernate.annotations.SoftDelete;
 
 @Getter
 @Setter
+@EqualsAndHashCode
+@ToString
 @Entity
 @SoftDelete
 @Table(name = "categories")

diff --git a/src/main/java/mate/academy/bookstore/model/Role.java b/src/main/java/mate/academy/bookstore/model/Role.java
@@ -8,12 +8,16 @@
 import jakarta.persistence.GenerationType;
 import jakarta.persistence.Id;
 import jakarta.persistence.Table;
+import lombok.EqualsAndHashCode;
 import lombok.Getter;
 import lombok.Setter;
+import lombok.ToString;
 import org.springframework.security.core.GrantedAuthority;
 
 @Getter
 @Setter
+@EqualsAndHashCode
+@ToString
 @Entity
 @Table(name = "roles")
 public class Role implements GrantedAuthority {

diff --git a/src/main/java/mate/academy/bookstore/model/ShoppingCart.java b/src/main/java/mate/academy/bookstore/model/ShoppingCart.java
@@ -12,14 +12,18 @@
 import jakarta.persistence.Table;
 import java.util.HashSet;
 import java.util.Set;
+import lombok.EqualsAndHashCode;
 import lombok.Getter;
 import lombok.NoArgsConstructor;
 import lombok.Setter;
+import lombok.ToString;
 import org.hibernate.annotations.SoftDelete;
 
 @Getter
 @Setter
 @Entity
+@EqualsAndHashCode(of = {"id", "user"})
+@ToString
 @SoftDelete
 @NoArgsConstructor
 @Table(name = "shopping_carts")
@@ -32,7 +36,7 @@ public class ShoppingCart {
     @JoinColumn(name = "user_id", referencedColumnName = "id", nullable = false)
     private User user;
 
-    @OneToMany(mappedBy = "shoppingCart", cascade = CascadeType.REMOVE)
+    @OneToMany(mappedBy = "shoppingCart", cascade = CascadeType.ALL)
     private Set<CartItem> cartItems = new HashSet<>();
 
     public ShoppingCart(User user) {

diff --git a/src/main/java/mate/academy/bookstore/model/order/Order.java b/src/main/java/mate/academy/bookstore/model/order/Order.java
@@ -17,13 +17,17 @@
 import java.time.LocalDateTime;
 import java.util.HashSet;
 import java.util.Set;
+import lombok.EqualsAndHashCode;
 import lombok.Getter;
 import lombok.Setter;
+import lombok.ToString;
 import mate.academy.bookstore.model.User;
 import org.hibernate.annotations.SoftDelete;
 
 @Getter
 @Setter
+@EqualsAndHashCode(of = {"id", "user", "orderDate", "shippingAddress"})
+@ToString
 @SoftDelete
 @Entity
 @Table(name = "orders")

diff --git a/src/main/java/mate/academy/bookstore/repository/order/OrderItemRepository.java b/src/main/java/mate/academy/bookstore/repository/order/OrderItemRepository.java
@@ -2,11 +2,19 @@
 
 import java.util.List;
 import java.util.Optional;
+import mate.academy.bookstore.model.User;
 import mate.academy.bookstore.model.order.OrderItem;
 import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
 
 public interface OrderItemRepository extends JpaRepository<OrderItem, Long> {
-    List<OrderItem> findByOrderId(Long orderId);
 
-    Optional<OrderItem> findByIdAndOrderId(Long itemId, Long orderId);
+    @Query("SELECT oi FROM OrderItem oi JOIN oi.order o WHERE o.id = :orderId AND o.user = :user")
+    List<OrderItem> findByOrderIdAndUser(@Param("orderId") Long orderId, @Param("user") User user);
+
+    @Query("SELECT oi FROM OrderItem oi LEFT JOIN oi.order o WHERE o.id = :orderId "
+            + "AND oi.id = :itemId AND o.user = :user")
+    Optional<OrderItem> findByOrderIdAndItemIdAndUser(
+            @Param("orderId") Long orderId, @Param("itemId") Long itemId, @Param("user") User user);
 }
diff --git a/src/main/java/mate/academy/bookstore/service/OrderService.java b/src/main/java/mate/academy/bookstore/service/OrderService.java
@@ -14,7 +14,7 @@ public interface OrderService {
 
     void updateStatus(OrderStatusDto statusDto, Long orderId, Long userId);
 
-    List<OrderItemResponseDto> getAllOrderItems(Long orderId);
+    List<OrderItemResponseDto> getAllOrderItems(Long orderId, User user);
 
     OrderItemResponseDto getOrderItem(Long orderId, Long itemId, User user);
 }
diff --git a/src/main/java/mate/academy/bookstore/service/impl/OrderServiceImpl.java b/src/main/java/mate/academy/bookstore/service/impl/OrderServiceImpl.java
@@ -24,7 +24,6 @@
 import mate.academy.bookstore.repository.order.OrderRepository;
 import mate.academy.bookstore.service.OrderService;
 import mate.academy.bookstore.service.ShoppingCartService;
-import org.springframework.security.access.AccessDeniedException;
 import org.springframework.stereotype.Service;
 
 @Service
@@ -68,12 +67,12 @@ public void updateStatus(OrderStatusDto statusDto, Long orderId, Long userId) {
     }
 
     @Override
-    public List<OrderItemResponseDto> getAllOrderItems(Long orderId) {
-        List<OrderItem> items = itemRepository.findByOrderId(orderId);
+    public List<OrderItemResponseDto> getAllOrderItems(Long orderId, User user) {
+        List<OrderItem> items = itemRepository.findByOrderIdAndUser(orderId, user);
 
         if (items.isEmpty()) {
             throw new EntityNotFoundException(
-                    "Unable to proceed: No order items found for the order with id: " + orderId);
+                    "Unable to proceed: No order items found for user with id: " + user.getId());
         }
         return items.stream()
                     .map(itemMapper::toDto)
@@ -82,18 +81,11 @@ public List<OrderItemResponseDto> getAllOrderItems(Long orderId) {
 
     @Override
     public OrderItemResponseDto getOrderItem(Long orderId, Long itemId, User user) {
-        Order order = orderRepository.findById(orderId).orElseThrow(() ->
-                new EntityNotFoundException(
-                        "Unable to proceed: Order not found with id: " + orderId));
-
-        if (!order.getUser().equals(user)) {
-            throw new AccessDeniedException(
-                    "User doesn't have permission to view order with id: " + orderId);
-        }
-        return itemRepository.findByIdAndOrderId(itemId, orderId)
-                             .map(itemMapper::toDto)
-                             .orElseThrow(() -> new EntityNotFoundException(
-                                     "Unable to proceed: Order item not found with id: " + itemId));
+        return itemRepository.findByOrderIdAndItemIdAndUser(orderId, itemId, user)
+                         .map(itemMapper::toDto)
+                         .orElseThrow(() -> new EntityNotFoundException(
+                                 "Unable to proceed: The requested item with id " + itemId
+                                         + " was not found in order with id " + orderId));
     }
 
     private Set<OrderItem> createOrderItems(Order order, Set<CartItem> cartItems) {

diff --git a/src/main/java/mate/academy/bookstore/service/impl/ShoppingCartServiceImpl.java b/src/main/java/mate/academy/bookstore/service/impl/ShoppingCartServiceImpl.java
@@ -51,9 +51,10 @@ public CartItemResponseDto addCartItem(User user, CartItemRequestDto requestItem
                                           .orElseGet(() -> {
                                               CartItem item = new CartItem();
                                               item.setShoppingCart(cart);
+                                              item.setBook(book);
                                               return item;
                                           });
-        cartItem.setBook(book);
+
         cartItem.setQuantity(requestItemDto.getQuantity());
         return itemMapper.toDto(itemRepository.save(cartItem));
     }