From 089eff49c0e61b8c4512dddcf4ece9b75fab3600 Mon Sep 17 00:00:00 2001 From: Shyam Vishwakarma Date: Mon, 2 Jun 2025 22:51:14 +0530 Subject: [PATCH 1/9] fix: ensure empty endorsements msg not allowed --- .../RDS/skilltree/viewmodels/UpdateEndorsementViewModel.java | 4 ++-- .../integration/skills/UpdateEndorsementsIntegrationTest.java | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/skill-tree/src/main/java/com/RDS/skilltree/viewmodels/UpdateEndorsementViewModel.java b/skill-tree/src/main/java/com/RDS/skilltree/viewmodels/UpdateEndorsementViewModel.java index 010fa53c..638f653a 100644 --- a/skill-tree/src/main/java/com/RDS/skilltree/viewmodels/UpdateEndorsementViewModel.java +++ b/skill-tree/src/main/java/com/RDS/skilltree/viewmodels/UpdateEndorsementViewModel.java @@ -1,13 +1,13 @@ package com.RDS.skilltree.viewmodels; import com.RDS.skilltree.utils.Constants.ExceptionMessages; -import jakarta.validation.constraints.NotNull; +import jakarta.validation.constraints.NotBlank; import lombok.Getter; import lombok.Setter; @Getter @Setter public class UpdateEndorsementViewModel { - @NotNull(message = ExceptionMessages.ENDORSEMENT_MESSAGE_EMPTY) + @NotBlank(message = ExceptionMessages.ENDORSEMENT_MESSAGE_EMPTY) private String message; } diff --git a/skill-tree/src/test/java/com/RDS/skilltree/integration/skills/UpdateEndorsementsIntegrationTest.java b/skill-tree/src/test/java/com/RDS/skilltree/integration/skills/UpdateEndorsementsIntegrationTest.java index 94e1cd77..6cbbf700 100644 --- a/skill-tree/src/test/java/com/RDS/skilltree/integration/skills/UpdateEndorsementsIntegrationTest.java +++ b/skill-tree/src/test/java/com/RDS/skilltree/integration/skills/UpdateEndorsementsIntegrationTest.java @@ -217,7 +217,6 @@ public void updateEndorsement_othersEndorsement_shouldNotUpdateEndorsement() thr } @Test - @Disabled("Fails due to validation bug tracked in #206 – re-enable once fixed") @DisplayName("Message is empty string, request is not valid") @WithCustomMockUser( username = userId1, From 2927fa96acbffd361ced963f252081d73881fa33 Mon Sep 17 00:00:00 2001 From: Shyam Vishwakarma Date: Tue, 3 Jun 2025 01:25:43 +0530 Subject: [PATCH 2/9] fix: add feature-flag in endorsement controller --- .../main/java/com/RDS/skilltree/apis/EndorsementsApi.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/skill-tree/src/main/java/com/RDS/skilltree/apis/EndorsementsApi.java b/skill-tree/src/main/java/com/RDS/skilltree/apis/EndorsementsApi.java index cd3d5212..25f96949 100644 --- a/skill-tree/src/main/java/com/RDS/skilltree/apis/EndorsementsApi.java +++ b/skill-tree/src/main/java/com/RDS/skilltree/apis/EndorsementsApi.java @@ -22,7 +22,9 @@ public class EndorsementsApi { @PatchMapping("/{id}") public ResponseEntity update( - @PathVariable Integer id, @Valid @RequestBody UpdateEndorsementViewModel body) { - return new ResponseEntity<>(endorsementService.update(id, body), HttpStatus.OK); + @PathVariable Integer id, + @Valid @RequestBody UpdateEndorsementViewModel body, + @RequestParam(name = "dev", required = false, defaultValue = "false") boolean isDev) { + return new ResponseEntity<>(endorsementService.update(id, body, isDev), HttpStatus.OK); } } From 181d78de4965889329da46fb7bd442c5adf16120 Mon Sep 17 00:00:00 2001 From: Shyam Vishwakarma Date: Tue, 3 Jun 2025 01:33:45 +0530 Subject: [PATCH 3/9] fix: update service impl to ensure no unauthorized endorsement update, user-not-found bug --- .../services/EndorsementService.java | 3 +- .../EndorsementServiceImplementation.java | 40 ++++++++++++++++--- 2 files changed, 37 insertions(+), 6 deletions(-) diff --git a/skill-tree/src/main/java/com/RDS/skilltree/services/EndorsementService.java b/skill-tree/src/main/java/com/RDS/skilltree/services/EndorsementService.java index 36ca6653..a2e310c7 100644 --- a/skill-tree/src/main/java/com/RDS/skilltree/services/EndorsementService.java +++ b/skill-tree/src/main/java/com/RDS/skilltree/services/EndorsementService.java @@ -10,5 +10,6 @@ public interface EndorsementService { EndorsementViewModel create(CreateEndorsementViewModel endorsement); - EndorsementViewModel update(Integer endorsementId, UpdateEndorsementViewModel endorsement); + EndorsementViewModel update( + Integer endorsementId, UpdateEndorsementViewModel endorsement, boolean isDev); } diff --git a/skill-tree/src/main/java/com/RDS/skilltree/services/EndorsementServiceImplementation.java b/skill-tree/src/main/java/com/RDS/skilltree/services/EndorsementServiceImplementation.java index 1c6d25c2..8f11e87b 100644 --- a/skill-tree/src/main/java/com/RDS/skilltree/services/EndorsementServiceImplementation.java +++ b/skill-tree/src/main/java/com/RDS/skilltree/services/EndorsementServiceImplementation.java @@ -1,10 +1,7 @@ package com.RDS.skilltree.services; import com.RDS.skilltree.dtos.RdsGetUserDetailsResDto; -import com.RDS.skilltree.exceptions.EndorsementAlreadyExistsException; -import com.RDS.skilltree.exceptions.EndorsementNotFoundException; -import com.RDS.skilltree.exceptions.SelfEndorsementNotAllowedException; -import com.RDS.skilltree.exceptions.SkillNotFoundException; +import com.RDS.skilltree.exceptions.*; import com.RDS.skilltree.models.Endorsement; import com.RDS.skilltree.models.JwtUser; import com.RDS.skilltree.models.Skill; @@ -130,7 +127,40 @@ public EndorsementViewModel create(CreateEndorsementViewModel endorsementViewMod } @Override - public EndorsementViewModel update(Integer endorsementId, UpdateEndorsementViewModel body) { + public EndorsementViewModel update( + Integer endorsementId, UpdateEndorsementViewModel body, boolean isDev) { + if (isDev) { + Optional existingEndorsement = endorsementRepository.findById(endorsementId); + + if (existingEndorsement.isEmpty()) { + log.info("Endorsement with id: {} not found", endorsementId); + throw new EndorsementNotFoundException(ExceptionMessages.ENDORSEMENT_NOT_FOUND); + } + + Endorsement endorsement = existingEndorsement.get(); + + JwtUser jwtDetails = + (JwtUser) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); + String userId = jwtDetails.getRdsUserId(); + + if (!endorsement.getEndorserId().equals(userId)) { + log.warn("User: {} is not authorized to update endorsement: {}", userId, endorsementId); + throw new ForbiddenException(ExceptionMessages.UNAUTHORIZED_ENDORSEMENT_UPDATE); + } + + RdsGetUserDetailsResDto endorseDetails = + rdsService.getUserDetails(endorsement.getEndorseId()); + RdsGetUserDetailsResDto endorserDetails = rdsService.getUserDetails(userId); + + endorsement.setMessage(body.getMessage()); + Endorsement savedEndorsementDetails = endorsementRepository.save(endorsement); + + return EndorsementViewModel.toViewModel( + savedEndorsementDetails, + UserViewModel.toViewModel(endorseDetails.getUser()), + UserViewModel.toViewModel(endorserDetails.getUser())); + } + Optional exitingEndorsement = endorsementRepository.findById(endorsementId); if (exitingEndorsement.isEmpty()) { From 2f3f3bd382fd2b437fb13159694718403dbe9282 Mon Sep 17 00:00:00 2001 From: Shyam Vishwakarma Date: Tue, 3 Jun 2025 01:34:23 +0530 Subject: [PATCH 4/9] fix: enable disabled test cases --- .../skills/UpdateEndorsementsIntegrationTest.java | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/skill-tree/src/test/java/com/RDS/skilltree/integration/skills/UpdateEndorsementsIntegrationTest.java b/skill-tree/src/test/java/com/RDS/skilltree/integration/skills/UpdateEndorsementsIntegrationTest.java index 6cbbf700..d6beacdb 100644 --- a/skill-tree/src/test/java/com/RDS/skilltree/integration/skills/UpdateEndorsementsIntegrationTest.java +++ b/skill-tree/src/test/java/com/RDS/skilltree/integration/skills/UpdateEndorsementsIntegrationTest.java @@ -59,6 +59,7 @@ public class UpdateEndorsementsIntegrationTest { private final String SKILL_NAME = "Java"; private final String INITIAL_MESSAGE = "Initial message"; private final String NEW_MESSAGE = "Updated message"; + private final String isDev = "?dev=true"; @BeforeEach void setUp() { @@ -192,7 +193,6 @@ public void updateEndorsement_whenEndorsementIdDoesNotExist_shouldReturnNotFound } @Test - @Disabled("Fails due to authorization bug tracked in #206 – re-enable once fixed") @DisplayName("when user is not the endorser, should not update endorsement") @WithCustomMockUser( username = userId1, @@ -205,7 +205,8 @@ public void updateEndorsement_othersEndorsement_shouldNotUpdateEndorsement() thr UpdateEndorsementViewModel updateEndorsementViewModel = createRequestModel(NEW_MESSAGE); String updateBody = objectMapper.writeValueAsString(updateEndorsementViewModel); - MvcResult result = performPatchRequest(createUrl(existingEndorsement.getId()), updateBody); + MvcResult result = + performPatchRequest(createUrl(existingEndorsement.getId()) + isDev, updateBody); assertThat(result.getResponse().getStatus()).isEqualTo(403); assertThat(result.getResponse().getContentAsString()) @@ -237,7 +238,6 @@ public void updateEndorsement_whenMessageIsValidAndEmpty_shouldReturnBadRequest( } @Test - @Disabled("Fails due to bug tracked in #206 – re-enable once fixed") @DisplayName("RdsService fails to get 'endorser' details, should return 404") @WithCustomMockUser( username = "non-existent-endorser-id", @@ -255,7 +255,8 @@ public void updateEndorsement_whenRdsServiceFailsForEndorserDetails_shouldReturn when(rdsService.getUserDetails(endorserId)) .thenThrow(new UserNotFoundException(ExceptionMessages.USER_NOT_FOUND)); - MvcResult result = performPatchRequest(createUrl(existingEndorsement.getId()), updateBody); + MvcResult result = + performPatchRequest(createUrl(existingEndorsement.getId()) + isDev, updateBody); assertThat(result.getResponse().getStatus()).isEqualTo(404); assertThat(result.getResponse().getContentAsString()) .contains(ExceptionMessages.USER_NOT_FOUND); @@ -266,7 +267,6 @@ public void updateEndorsement_whenRdsServiceFailsForEndorserDetails_shouldReturn } @Test - @Disabled("Fails due to bug tracked in #206 – re-enable once fixed") @DisplayName("RdsService fails to get 'endorse' details, should return 404") @WithCustomMockUser( username = userId1, @@ -284,7 +284,8 @@ public void updateEndorsement_whenRdsServiceFailsForEndorseDetails_shouldReturn4 when(rdsService.getUserDetails(endorseId)) .thenThrow(new UserNotFoundException(ExceptionMessages.USER_NOT_FOUND)); - MvcResult result = performPatchRequest(createUrl(existingEndorsement.getId()), updateBody); + MvcResult result = + performPatchRequest(createUrl(existingEndorsement.getId()) + isDev, updateBody); assertThat(result.getResponse().getStatus()).isEqualTo(404); assertThat(result.getResponse().getContentAsString()) .contains(ExceptionMessages.USER_NOT_FOUND); From 0c521b5bed477cef338201400effc95af815832a Mon Sep 17 00:00:00 2001 From: Shyam Vishwakarma Date: Thu, 5 Jun 2025 03:07:33 +0530 Subject: [PATCH 5/9] fix: disable endorsements update when not in dev mode --- .../exceptions/GlobalExceptionHandler.java | 7 +++++ .../EndorsementServiceImplementation.java | 26 +------------------ .../com/RDS/skilltree/utils/Constants.java | 2 ++ 3 files changed, 10 insertions(+), 25 deletions(-) diff --git a/skill-tree/src/main/java/com/RDS/skilltree/exceptions/GlobalExceptionHandler.java b/skill-tree/src/main/java/com/RDS/skilltree/exceptions/GlobalExceptionHandler.java index 447f65fc..86f1ca9c 100644 --- a/skill-tree/src/main/java/com/RDS/skilltree/exceptions/GlobalExceptionHandler.java +++ b/skill-tree/src/main/java/com/RDS/skilltree/exceptions/GlobalExceptionHandler.java @@ -140,4 +140,11 @@ public ResponseEntity handleEndorsementAlreadyExistsException( return new ResponseEntity<>( new GenericResponse<>(ex.getMessage()), HttpStatus.METHOD_NOT_ALLOWED); } + + @ExceptionHandler(IllegalStateException.class) + public ResponseEntity handleIllegalStateException(IllegalStateException ex) { + log.error("IllegalStateException - Error : {}", ex.getMessage()); + return new ResponseEntity<>( + new GenericResponse<>(ex.getMessage()), HttpStatus.METHOD_NOT_ALLOWED); + } } diff --git a/skill-tree/src/main/java/com/RDS/skilltree/services/EndorsementServiceImplementation.java b/skill-tree/src/main/java/com/RDS/skilltree/services/EndorsementServiceImplementation.java index 8f11e87b..55495b85 100644 --- a/skill-tree/src/main/java/com/RDS/skilltree/services/EndorsementServiceImplementation.java +++ b/skill-tree/src/main/java/com/RDS/skilltree/services/EndorsementServiceImplementation.java @@ -160,30 +160,6 @@ public EndorsementViewModel update( UserViewModel.toViewModel(endorseDetails.getUser()), UserViewModel.toViewModel(endorserDetails.getUser())); } - - Optional exitingEndorsement = endorsementRepository.findById(endorsementId); - - if (exitingEndorsement.isEmpty()) { - log.info(String.format("Endorsement with id: %s not found", endorsementId)); - throw new EndorsementNotFoundException(ExceptionMessages.ENDORSEMENT_NOT_FOUND); - } - - Endorsement endorsement = exitingEndorsement.get(); - String updatedMessage = body.getMessage(); - - if (updatedMessage != null) { - endorsement.setMessage(updatedMessage); - } - - Endorsement savedEndorsementDetails = endorsementRepository.save(endorsement); - RdsGetUserDetailsResDto endorseDetails = - rdsService.getUserDetails(savedEndorsementDetails.getEndorseId()); - RdsGetUserDetailsResDto endorserDetails = - rdsService.getUserDetails(savedEndorsementDetails.getEndorserId()); - - return EndorsementViewModel.toViewModel( - savedEndorsementDetails, - UserViewModel.toViewModel(endorseDetails.getUser()), - UserViewModel.toViewModel(endorserDetails.getUser())); + throw new IllegalStateException(ExceptionMessages.UPDATE_DISABLED_IN_NON_DEV_MODE); } } diff --git a/skill-tree/src/main/java/com/RDS/skilltree/utils/Constants.java b/skill-tree/src/main/java/com/RDS/skilltree/utils/Constants.java index 26e61621..340c2860 100644 --- a/skill-tree/src/main/java/com/RDS/skilltree/utils/Constants.java +++ b/skill-tree/src/main/java/com/RDS/skilltree/utils/Constants.java @@ -15,5 +15,7 @@ public static final class ExceptionMessages { public static final String INVALID_ACCESS_TOKEN = "The access token provided is expired, revoked, malformed, or invalid for other reasons."; public static final String ACCESS_DENIED = "Access Denied"; + public static final String UPDATE_DISABLED_IN_NON_DEV_MODE = + "Update is not allowed outside of development mode"; } } From cff5a25551f0ed694535e508fa91a7a3ec7f5449 Mon Sep 17 00:00:00 2001 From: Shyam Vishwakarma Date: Thu, 5 Jun 2025 03:08:50 +0530 Subject: [PATCH 6/9] fix: run all tests in dev mode, add test case to validate updation is no allowed in non-dev mode --- .../UpdateEndorsementsIntegrationTest.java | 34 ++++++++++++++----- 1 file changed, 26 insertions(+), 8 deletions(-) diff --git a/skill-tree/src/test/java/com/RDS/skilltree/integration/skills/UpdateEndorsementsIntegrationTest.java b/skill-tree/src/test/java/com/RDS/skilltree/integration/skills/UpdateEndorsementsIntegrationTest.java index d6beacdb..41a934f6 100644 --- a/skill-tree/src/test/java/com/RDS/skilltree/integration/skills/UpdateEndorsementsIntegrationTest.java +++ b/skill-tree/src/test/java/com/RDS/skilltree/integration/skills/UpdateEndorsementsIntegrationTest.java @@ -59,7 +59,6 @@ public class UpdateEndorsementsIntegrationTest { private final String SKILL_NAME = "Java"; private final String INITIAL_MESSAGE = "Initial message"; private final String NEW_MESSAGE = "Updated message"; - private final String isDev = "?dev=true"; @BeforeEach void setUp() { @@ -109,7 +108,8 @@ private MvcResult performPatchRequest(String url, String requestBody) throws Exc } private String createUrl(Integer endorsementId) { - return String.format("/v1/endorsements/%d", endorsementId); + String isDev = "?dev=true"; + return String.format("/v1/endorsements/%d" + isDev, endorsementId); } private UpdateEndorsementViewModel createRequestModel(String newMessage) { @@ -205,8 +205,7 @@ public void updateEndorsement_othersEndorsement_shouldNotUpdateEndorsement() thr UpdateEndorsementViewModel updateEndorsementViewModel = createRequestModel(NEW_MESSAGE); String updateBody = objectMapper.writeValueAsString(updateEndorsementViewModel); - MvcResult result = - performPatchRequest(createUrl(existingEndorsement.getId()) + isDev, updateBody); + MvcResult result = performPatchRequest(createUrl(existingEndorsement.getId()), updateBody); assertThat(result.getResponse().getStatus()).isEqualTo(403); assertThat(result.getResponse().getContentAsString()) @@ -255,8 +254,7 @@ public void updateEndorsement_whenRdsServiceFailsForEndorserDetails_shouldReturn when(rdsService.getUserDetails(endorserId)) .thenThrow(new UserNotFoundException(ExceptionMessages.USER_NOT_FOUND)); - MvcResult result = - performPatchRequest(createUrl(existingEndorsement.getId()) + isDev, updateBody); + MvcResult result = performPatchRequest(createUrl(existingEndorsement.getId()), updateBody); assertThat(result.getResponse().getStatus()).isEqualTo(404); assertThat(result.getResponse().getContentAsString()) .contains(ExceptionMessages.USER_NOT_FOUND); @@ -284,8 +282,7 @@ public void updateEndorsement_whenRdsServiceFailsForEndorseDetails_shouldReturn4 when(rdsService.getUserDetails(endorseId)) .thenThrow(new UserNotFoundException(ExceptionMessages.USER_NOT_FOUND)); - MvcResult result = - performPatchRequest(createUrl(existingEndorsement.getId()) + isDev, updateBody); + MvcResult result = performPatchRequest(createUrl(existingEndorsement.getId()), updateBody); assertThat(result.getResponse().getStatus()).isEqualTo(404); assertThat(result.getResponse().getContentAsString()) .contains(ExceptionMessages.USER_NOT_FOUND); @@ -352,4 +349,25 @@ public void updateEndorsement_whenUserIsUnauthenticated_shouldReturn401() throws assertThat(result.getResponse().getContentAsString()) .contains(ExceptionMessages.INVALID_ACCESS_TOKEN); } + + @Test + @DisplayName("Endorsement update not allowed in non-dev mode, should return 405") + @WithCustomMockUser( + username = userId1, + authorities = {"USER"}) + public void updateEndorsement_nonDevMode_shouldReturn403() throws Exception { + Skill skill = createAndSaveSkill(SKILL_NAME); + Endorsement existingEndorsement = + createAndSaveEndorsement(skill, userId2, userId1, INITIAL_MESSAGE); + + UpdateEndorsementViewModel updateEndorsementViewModel = createRequestModel(NEW_MESSAGE); + String updateBody = objectMapper.writeValueAsString(updateEndorsementViewModel); + + String url = String.format("/v1/endorsements/%d", existingEndorsement.getId()); + MvcResult result = performPatchRequest(url, updateBody); + + assertThat(result.getResponse().getStatus()).isEqualTo(405); + assertThat(result.getResponse().getContentAsString()) + .contains(ExceptionMessages.UPDATE_DISABLED_IN_NON_DEV_MODE); + } } From 0bc34b534067e47260da32ea0b27f3ef7961dda8 Mon Sep 17 00:00:00 2001 From: Shyam Vishwakarma Date: Thu, 5 Jun 2025 03:18:41 +0530 Subject: [PATCH 7/9] fix: update name of test case --- .../integration/skills/UpdateEndorsementsIntegrationTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/skill-tree/src/test/java/com/RDS/skilltree/integration/skills/UpdateEndorsementsIntegrationTest.java b/skill-tree/src/test/java/com/RDS/skilltree/integration/skills/UpdateEndorsementsIntegrationTest.java index 41a934f6..317f3414 100644 --- a/skill-tree/src/test/java/com/RDS/skilltree/integration/skills/UpdateEndorsementsIntegrationTest.java +++ b/skill-tree/src/test/java/com/RDS/skilltree/integration/skills/UpdateEndorsementsIntegrationTest.java @@ -355,7 +355,7 @@ public void updateEndorsement_whenUserIsUnauthenticated_shouldReturn401() throws @WithCustomMockUser( username = userId1, authorities = {"USER"}) - public void updateEndorsement_nonDevMode_shouldReturn403() throws Exception { + public void updateEndorsement_nonDevMode_shouldReturn405() throws Exception { Skill skill = createAndSaveSkill(SKILL_NAME); Endorsement existingEndorsement = createAndSaveEndorsement(skill, userId2, userId1, INITIAL_MESSAGE); From 6e66ec50731ca450ea514c91101316666a4e7d7b Mon Sep 17 00:00:00 2001 From: Shyam Vishwakarma Date: Thu, 5 Jun 2025 13:15:49 +0530 Subject: [PATCH 8/9] fix: import only used exceptions --- .../services/EndorsementServiceImplementation.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/skill-tree/src/main/java/com/RDS/skilltree/services/EndorsementServiceImplementation.java b/skill-tree/src/main/java/com/RDS/skilltree/services/EndorsementServiceImplementation.java index 55495b85..10581da7 100644 --- a/skill-tree/src/main/java/com/RDS/skilltree/services/EndorsementServiceImplementation.java +++ b/skill-tree/src/main/java/com/RDS/skilltree/services/EndorsementServiceImplementation.java @@ -1,7 +1,11 @@ package com.RDS.skilltree.services; import com.RDS.skilltree.dtos.RdsGetUserDetailsResDto; -import com.RDS.skilltree.exceptions.*; +import com.RDS.skilltree.exceptions.EndorsementAlreadyExistsException; +import com.RDS.skilltree.exceptions.EndorsementNotFoundException; +import com.RDS.skilltree.exceptions.ForbiddenException; +import com.RDS.skilltree.exceptions.SelfEndorsementNotAllowedException; +import com.RDS.skilltree.exceptions.SkillNotFoundException; import com.RDS.skilltree.models.Endorsement; import com.RDS.skilltree.models.JwtUser; import com.RDS.skilltree.models.Skill; From 91fc9c1451e42c7ca72b7510e95a7066e66c5ce7 Mon Sep 17 00:00:00 2001 From: Shyam Vishwakarma Date: Sat, 7 Jun 2025 14:29:42 +0530 Subject: [PATCH 9/9] fix: update control flow --- .../EndorsementServiceImplementation.java | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/skill-tree/src/main/java/com/RDS/skilltree/services/EndorsementServiceImplementation.java b/skill-tree/src/main/java/com/RDS/skilltree/services/EndorsementServiceImplementation.java index 10581da7..34a8e4dc 100644 --- a/skill-tree/src/main/java/com/RDS/skilltree/services/EndorsementServiceImplementation.java +++ b/skill-tree/src/main/java/com/RDS/skilltree/services/EndorsementServiceImplementation.java @@ -147,22 +147,22 @@ public EndorsementViewModel update( (JwtUser) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); String userId = jwtDetails.getRdsUserId(); - if (!endorsement.getEndorserId().equals(userId)) { + if (endorsement.getEndorserId().equals(userId)) { + RdsGetUserDetailsResDto endorseDetails = + rdsService.getUserDetails(endorsement.getEndorseId()); + RdsGetUserDetailsResDto endorserDetails = rdsService.getUserDetails(userId); + + endorsement.setMessage(body.getMessage()); + Endorsement savedEndorsementDetails = endorsementRepository.save(endorsement); + + return EndorsementViewModel.toViewModel( + savedEndorsementDetails, + UserViewModel.toViewModel(endorseDetails.getUser()), + UserViewModel.toViewModel(endorserDetails.getUser())); + } else { log.warn("User: {} is not authorized to update endorsement: {}", userId, endorsementId); throw new ForbiddenException(ExceptionMessages.UNAUTHORIZED_ENDORSEMENT_UPDATE); } - - RdsGetUserDetailsResDto endorseDetails = - rdsService.getUserDetails(endorsement.getEndorseId()); - RdsGetUserDetailsResDto endorserDetails = rdsService.getUserDetails(userId); - - endorsement.setMessage(body.getMessage()); - Endorsement savedEndorsementDetails = endorsementRepository.save(endorsement); - - return EndorsementViewModel.toViewModel( - savedEndorsementDetails, - UserViewModel.toViewModel(endorseDetails.getUser()), - UserViewModel.toViewModel(endorserDetails.getUser())); } throw new IllegalStateException(ExceptionMessages.UPDATE_DISABLED_IN_NON_DEV_MODE); }