From 148fb7b7dbe1bb177122f0dc297157e36287faa5 Mon Sep 17 00:00:00 2001
From: Eneko <eneko@eneko.ovh>
Date: Sat, 27 Mar 2021 15:22:39 +0100
Subject: [PATCH] Code cleanup

---
 build.gradle.kts                              |  3 +--
 .../controller/PrivateTravelRestController.kt | 26 ++++++++++++++-----
 .../controller/PrivateUserRestController.kt   | 12 ++++++++-
 .../spring/services/AuthService.kt            |  9 +++++--
 .../spring/services/MatrixService.kt          |  2 +-
 .../usecases/travel/ListUserTravels.kt        |  1 -
 src/main/resources/application.yml            | 10 +++----
 7 files changed, 45 insertions(+), 18 deletions(-)

diff --git a/build.gradle.kts b/build.gradle.kts
index db989a6..2a646ba 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -26,8 +26,7 @@ dependencies {
 	implementation("org.jetbrains.kotlin:kotlin-stdlib-jdk8")
 	implementation("io.github.microutils:kotlin-logging-jvm:2.0.6")
 	// https://mvnrepository.com/artifact/net.folivo/matrix-spring-boot-bot
-	implementation ("net.folivo:matrix-spring-boot-bot:0.4.5")
-//	implementation (group = "net.folivo", name = "matrix-spring-boot-bot", version = "0.4.6")
+	implementation ("net.folivo:matrix-spring-boot-bot:0.4.6")
 	developmentOnly("org.springframework.boot:spring-boot-devtools")
 	runtimeOnly("com.h2database:h2")
 	runtimeOnly("io.r2dbc:r2dbc-h2")
diff --git a/src/main/kotlin/eu/fosil/okupamicoche/spring/controller/PrivateTravelRestController.kt b/src/main/kotlin/eu/fosil/okupamicoche/spring/controller/PrivateTravelRestController.kt
index 85975d2..80fc4a2 100644
--- a/src/main/kotlin/eu/fosil/okupamicoche/spring/controller/PrivateTravelRestController.kt
+++ b/src/main/kotlin/eu/fosil/okupamicoche/spring/controller/PrivateTravelRestController.kt
@@ -9,9 +9,13 @@ import eu.fosil.okupamicoche.repositories.UserRepository
 import eu.fosil.okupamicoche.spring.services.AuthService
 import eu.fosil.okupamicoche.spring.services.UseCaseService
 import eu.fosil.okupamicoche.usecases.travel.*
+import mu.KotlinLogging
 import org.springframework.data.repository.findByIdOrNull
 import org.springframework.validation.annotation.Validated
-import org.springframework.web.bind.annotation.*
+import org.springframework.web.bind.annotation.RequestBody
+import org.springframework.web.bind.annotation.RequestMapping
+import org.springframework.web.bind.annotation.RequestParam
+import org.springframework.web.bind.annotation.RestController
 
 @RestController
 @RequestMapping("/api/travel")
@@ -21,6 +25,7 @@ class PrivateTravelRestController(
     private val travelRepository: TravelRepository,
     private val useCaseService: UseCaseService
 ) : ApiRestController {
+    private val logger = KotlinLogging.logger {}
 
     @RequestMapping("/create")
     suspend fun createTravel(@RequestBody @Validated travel: TravelDto): ApiResponse<Unit> {
@@ -39,6 +44,7 @@ class PrivateTravelRestController(
     @RequestMapping("/cancel")
     suspend fun cancelTravel(@RequestParam @Validated travelId: TravelId): ApiResponse<Unit> {
         return response {
+            throwErrorIfCannotEditTravel(travelId)
             CancelTravel(travelRepository).cancelTravel(travelId)
         }
     }
@@ -46,8 +52,7 @@ class PrivateTravelRestController(
     @RequestMapping("/delete")
     suspend fun deleteTravel(@RequestParam @Validated travelId: TravelId): ApiResponse<Unit> {
         return response {
-            if (!authService.canEditTravel(travelId))
-                throw InsufficientPermissions("Only admins and travel driver can delete this travel.")
+            throwErrorIfCannotEditTravel(travelId)
             DeleteTravel(travelRepository).deleteTravel(travelId)
         }
     }
@@ -55,8 +60,7 @@ class PrivateTravelRestController(
     @RequestMapping("/edit")
     suspend fun editTravel(@RequestBody @Validated travel: TravelDto): ApiResponse<Unit> {
         return response {
-            if (!authService.canEditTravel(travel.id))
-                throw InsufficientPermissions("Only admins and travel driver can edit this travel.")
+            throwErrorIfCannotEditTravel(travel.id)
             EditTravel(travelRepository).editTravel(travel.toTravel(userRepository))
         }
     }
@@ -67,7 +71,7 @@ class PrivateTravelRestController(
             val userId = authService.currentUser().id
             val useCase = ListUserTravels(travelRepository)
             val travels = useCase.listUserTravels(userId).map { t -> TravelDto(t) }
-            println("travels=$travels")
+            logger.debug { "travels=$travels" }
             ListDto(useCase.countUserTravels(userId), travels)
         }
     }
@@ -94,6 +98,7 @@ class PrivateTravelRestController(
         @RequestParam @Validated userId: UserId
     ): ApiResponse<Unit> {
         return response {
+            throwErrorIfCannotEditTravel(travelId)
             AddTraveler(userRepository, travelRepository).addTraveler(travelId, userId)
         }
     }
@@ -104,7 +109,16 @@ class PrivateTravelRestController(
         @RequestParam @Validated userId: UserId
     ): ApiResponse<Unit> {
         return response {
+            throwErrorIfCannotEditTravel(travelId)
             RemoveTraveler(userRepository, travelRepository).removeTraveler(travelId, userId)
         }
     }
+
+    private fun throwErrorIfCannotEditTravel(
+        travelId: TravelId?,
+        message: String = "Only admins and travel driver can modify this travel."
+    ) {
+        if (!authService.canEditTravel(travelId))
+            throw InsufficientPermissions(message)
+    }
 }
\ No newline at end of file
diff --git a/src/main/kotlin/eu/fosil/okupamicoche/spring/controller/PrivateUserRestController.kt b/src/main/kotlin/eu/fosil/okupamicoche/spring/controller/PrivateUserRestController.kt
index b93fa8e..af7f3ae 100644
--- a/src/main/kotlin/eu/fosil/okupamicoche/spring/controller/PrivateUserRestController.kt
+++ b/src/main/kotlin/eu/fosil/okupamicoche/spring/controller/PrivateUserRestController.kt
@@ -39,7 +39,7 @@ class PrivateUserRestController(
     @RequestMapping("/create")
     suspend fun createUser(@RequestBody @Validated createUserDto: CreateUserDto): ApiResponse<Unit> {
         return response {
-            if (!authService.currentUser().admin)
+            if (!authService.isAdmin())
                 throw InsufficientPermissions("Only admins can create users.")
             CreateUser(userRepository).createUser(createUserDto.toUser())
         }
@@ -55,6 +55,7 @@ class PrivateUserRestController(
     @RequestMapping("/delete")
     suspend fun deleteUser(@RequestBody @Validated userId: UserId): ApiResponse<Unit> {
         return response {
+            throwErrorIfCannotEditUser(userId)
             DeleteUser(userRepository).deleteUser(userId)
         }
     }
@@ -62,6 +63,7 @@ class PrivateUserRestController(
     @RequestMapping("/edit")
     suspend fun editUser(@RequestBody @Validated userDto: UserDto): ApiResponse<Unit> {
         return response {
+            throwErrorIfCannotEditUser(userDto.id)
             EditUser(userRepository).editUser(userDto.toUser(userRepository))
         }
     }
@@ -72,4 +74,12 @@ class PrivateUserRestController(
             ListUsers(userRepository).listUsers().map { UserDto(it) }
         }
     }
+
+    private fun throwErrorIfCannotEditUser(
+        userId: UserId?,
+        message: String = "Only admins and travel driver can modify this user."
+    ) {
+        if (!authService.canEditUser(userId))
+            throw InsufficientPermissions(message)
+    }
 }
\ No newline at end of file
diff --git a/src/main/kotlin/eu/fosil/okupamicoche/spring/services/AuthService.kt b/src/main/kotlin/eu/fosil/okupamicoche/spring/services/AuthService.kt
index a575df2..4b3398f 100644
--- a/src/main/kotlin/eu/fosil/okupamicoche/spring/services/AuthService.kt
+++ b/src/main/kotlin/eu/fosil/okupamicoche/spring/services/AuthService.kt
@@ -25,12 +25,17 @@ class AuthService(
         throw UserIdNotFoundException()
     }
 
+    fun isAdmin(): Boolean {
+        return currentUser().admin
+    }
+
     fun canEditTravel(travelId: TravelId?): Boolean {
         val travel = travelRepository.findByIdOrNull(travelId) ?: return false
         return currentUser().admin || currentUser().id == travel.driver.id
     }
 
-    fun canEditUser(user: User): Boolean {
-        return currentUser().admin || currentUser().id == user.id
+    fun canEditUser(userId: UserId?): Boolean {
+        if (userId == null) return false
+        return currentUser().admin || currentUser().id == userId
     }
 }
\ No newline at end of file
diff --git a/src/main/kotlin/eu/fosil/okupamicoche/spring/services/MatrixService.kt b/src/main/kotlin/eu/fosil/okupamicoche/spring/services/MatrixService.kt
index 8df6326..f1963f8 100644
--- a/src/main/kotlin/eu/fosil/okupamicoche/spring/services/MatrixService.kt
+++ b/src/main/kotlin/eu/fosil/okupamicoche/spring/services/MatrixService.kt
@@ -18,7 +18,7 @@ class MatrixService(private val matrixClient: MatrixClient): MatrixApi {
         val roomId = matrixClient.roomsApi.createRoom(
             name = name,
             roomAliasId = MatrixId.RoomAliasId("#$alias:synapse"),
-            invite = usersToInviteId.collect(Collectors.toSet()),
+//            invite = usersToInviteId.collect(Collectors.toSet()),
             topic = topic
         )
         return roomId.full
diff --git a/src/main/kotlin/eu/fosil/okupamicoche/usecases/travel/ListUserTravels.kt b/src/main/kotlin/eu/fosil/okupamicoche/usecases/travel/ListUserTravels.kt
index 9a93956..6b85382 100644
--- a/src/main/kotlin/eu/fosil/okupamicoche/usecases/travel/ListUserTravels.kt
+++ b/src/main/kotlin/eu/fosil/okupamicoche/usecases/travel/ListUserTravels.kt
@@ -6,7 +6,6 @@ import eu.fosil.okupamicoche.repositories.TravelRepository
 
 class ListUserTravels(private val travelRepository: TravelRepository) {
     fun listUserTravels(idUser: UserId): List<Travel> {
-        println("idUser=$idUser")
         return listOf(
             travelRepository.findUserTravelsAsDriver(idUser),
             travelRepository.findUserTravelsAsTraveler(idUser)
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index 194107f..fa412f9 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -38,12 +38,12 @@ matrix:
     # (optional) Configure if ALL membership changes should be tracked/saved with help of MatrixAppserviceRoomService
     # or only membership changes of users, which are MANAGED by the bridge. Default is ALL (no tracking/saving).
     trackMembership: ALL
-    # Connection settings to the database (only r2dbc drivers are supported)
+    # Connection setting to the database for migration purpose only (only jdbc drivers ar supported)
     migration:
       url: jdbc:h2:file:./matrix
       username: sa
       password:
-    # Connection setting to the database for migration purpose only (only jdbc drivers ar supported)
+    # Connection settings to the database (only r2dbc drivers are supported)
     database:
       url: r2dbc:h2:file:///./matrix
       username: sa
@@ -57,13 +57,13 @@ matrix:
       # (optional) Use http or https. Default is true (so uses https).
       secure: false
     # The token to authenticate against the Homeserver.
-    token: 30c05ae90a248a4188e620216fa72e349803310ec83e2a77b34fe90be6081f46
+    token: "30c05ae90a248a4188e620216fa72e349803310ec83e2a77b34fe90be6081f46"
   appservice:
     # A unique token for Homeservers to use to authenticate requests to application services.
-    hsToken: 312df522183efd404ec1cd22d2ffa4bbc76a8c1ccf541dd692eef281356bb74e
+    hsToken: "312df522183efd404ec1cd22d2ffa4bbc76a8c1ccf541dd692eef281356bb74e"
     # A list of users, aliases and rooms namespaces that the application service controls.
     namespaces:
       users: [ ]
       aliases:
-        - localpartRegex: "#viaje_.*"
+        - localpartRegex: "viaje_.*"
       rooms: [ ]
\ No newline at end of file