ReviewController.java

package edu.ucsb.cs156.dining.controllers;

import com.fasterxml.jackson.core.JsonProcessingException;
import edu.ucsb.cs156.dining.entities.MenuItem;
import edu.ucsb.cs156.dining.entities.Review;
import edu.ucsb.cs156.dining.entities.User;
import edu.ucsb.cs156.dining.errors.EntityNotFoundException;
import edu.ucsb.cs156.dining.models.CurrentUser;
import edu.ucsb.cs156.dining.models.EditedReview;
import edu.ucsb.cs156.dining.repositories.AdminRepository;
import edu.ucsb.cs156.dining.repositories.MenuItemRepository;
import edu.ucsb.cs156.dining.repositories.ReviewRepository;
import edu.ucsb.cs156.dining.statuses.ModerationStatus;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.validation.Valid;
import java.time.LocalDateTime;
import java.util.HashMap;
import java.util.Map;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.format.annotation.DateTimeFormat;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

/** This is a REST controller for Reviews */
@Tag(name = "Review")
@RequestMapping("/api/reviews")
@RestController
@Slf4j
public class ReviewController extends ApiController {

  @ExceptionHandler(IllegalArgumentException.class)
  public ResponseEntity<Map<String, String>> handleValidationExceptions(
      IllegalArgumentException ex) {
    Map<String, String> errors = new HashMap<>();
    errors.put("error", ex.getMessage());
    return ResponseEntity.badRequest().body(errors);
  }

  @Autowired ReviewRepository reviewRepository;

  @Autowired MenuItemRepository menuItemRepository;

  @Autowired AdminRepository adminRepository;

  /**
   * This method returns a list of all Reviews.
   *
   * @return a list of all Reviews
   */
  @Operation(summary = "List all Reviews")
  @PreAuthorize("hasRole('ROLE_ADMIN')")
  @GetMapping("/all")
  public Iterable<Review> allReviews() {
    log.info("Attempting to log all reviews");
    Iterable<Review> reviews = reviewRepository.findAll();
    log.info("all reviews found, ", reviews);
    return reviews;
  }

  /**
   * This method returns a list of all Reviews.
   *
   * @return a list of all Reviews
   */
  @Operation(summary = "List all approved reviews for a specific item")
  @GetMapping("/approved/forItem/{itemId}")
  public Iterable<Review> allApprovedReviewsForItem(
      @Parameter(name = "itemId") @PathVariable("itemId") long itemId) {
    log.info("Attempting to log all approved reviews for item with id: {}", itemId);
    MenuItem item =
        menuItemRepository
            .findById(itemId)
            .orElseThrow(() -> new EntityNotFoundException(MenuItem.class, itemId));
    Iterable<Review> reviews =
        reviewRepository.findByItemAndStatus(item, ModerationStatus.APPROVED);
    log.info("all approved reviews for item found, ", reviews);
    return reviews;
  }

  /**
   * This method allows a user to submit a review
   *
   * @return message that says an review was added to the database
   * @param itemId id of the item
   * @param dateItemServed localDataTime All others params must not be parameters and instead
   *     derived from data sources that are dynamic (Date), or set to be null or some other
   *     signifier
   */
  @Operation(summary = "Create a new review")
  @PreAuthorize("hasRole('ROLE_USER')")
  @PostMapping("/post")
  public Review postReview(
      @Parameter(name = "itemId") @RequestParam long itemId,
      @Parameter(description = "Comments by the reviewer, can be blank")
          @RequestParam(required = false)
          String reviewerComments,
      @Parameter(name = "itemsStars") @RequestParam Long itemsStars,
      @Parameter(
              name = "dateItemServed",
              description =
                  "date (in iso format, e.g. YYYY-mm-ddTHH:MM:SS; see https://en.wikipedia.org/wiki/ISO_8601)")
          @RequestParam("dateItemServed")
          @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME)
          LocalDateTime dateItemServed) // For
      throws JsonProcessingException {
    LocalDateTime now = LocalDateTime.now();
    Review review = new Review();
    review.setDateItemServed(dateItemServed);

    // Ensures content of truly empty and sets to null if so
    if (reviewerComments != null && !reviewerComments.trim().isEmpty()) {
      review.setReviewerComments(reviewerComments);
    }

    // Ensure user inputs rating 1-5
    if (itemsStars < 1 || itemsStars > 5) {
      throw new IllegalArgumentException("Items stars must be between 1 and 5.");
    }

    review.setItemsStars(itemsStars);

    MenuItem reviewedItem =
        menuItemRepository
            .findById(itemId)
            .orElseThrow(() -> new EntityNotFoundException(MenuItem.class, itemId));

    if (review.getReviewerComments() == null) {
      review.setStatus(ModerationStatus.APPROVED);
    }

    review.setItem(reviewedItem);
    CurrentUser user = getCurrentUser();
    review.setReviewer(user.getUser());
    log.info("reviews={}", review);
    review = reviewRepository.save(review);
    return review;
  }

  /**
   * This method allows a user to get a list of reviews that they have previously made. Only user
   * can only get a list of their own reviews, and you cant request another persons reviews
   *
   * @return a list of reviews sent by a given user
   */
  @Operation(summary = "Get all reviews a user has sent: only callable by the user")
  @PreAuthorize("hasRole('ROLE_USER')")
  @GetMapping("/userReviews")
  public Iterable<Review> get_all_review_by_user_id() {
    CurrentUser user = getCurrentUser();
    Iterable<Review> reviews = reviewRepository.findByReviewer(user.getUser());
    return reviews;
  }

  @Operation(summary = "Edit a review")
  @PreAuthorize("hasRole('ROLE_USER')")
  @PutMapping("/reviewer")
  public Review editReview(@Parameter Long id, @RequestBody @Valid EditedReview incoming) {

    Review oldReview =
        reviewRepository
            .findById(id)
            .orElseThrow(() -> new EntityNotFoundException(Review.class, id));
    User current = getCurrentUser().getUser();
    if (current.getId() != oldReview.getReviewer().getId()) {
      throw new AccessDeniedException("No permission to edit review");
    }

    if (incoming.getItemStars() < 1 || incoming.getItemStars() > 5) {
      throw new IllegalArgumentException("Items stars must be between 1 and 5.");
    } else {
      oldReview.setItemsStars(incoming.getItemStars());
    }

    if (incoming.getReviewerComments() != null
        && !incoming.getReviewerComments().trim().isEmpty()) {
      oldReview.setReviewerComments(incoming.getReviewerComments());
      oldReview.setStatus(ModerationStatus.AWAITING_REVIEW);
    } else {
      oldReview.setReviewerComments(null);
      oldReview.setStatus(ModerationStatus.APPROVED);
    }

    oldReview.setDateItemServed(incoming.getDateItemServed());

    oldReview.setModeratorComments(null);

    Review review = reviewRepository.save(oldReview);

    return review;
  }

  @Operation(summary = "Delete a review")
  @PreAuthorize("hasRole('ROLE_USER')")
  @DeleteMapping("/reviewer")
  public Object deleteReview(@Parameter Long id) {
    Review review =
        reviewRepository
            .findById(id)
            .orElseThrow(() -> new EntityNotFoundException(Review.class, id));

    User current = getCurrentUser().getUser();
    if (current.getId() != review.getReviewer().getId()
        && !adminRepository.existsByEmail(current.getEmail())) {
      throw new AccessDeniedException("No permission to delete review");
    }

    reviewRepository.delete(review);
    return genericMessage("Review with id %s deleted".formatted(id));
  }

  @Operation(summary = "Moderate a review")
  @PreAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_MODERATOR')")
  @PutMapping("/moderate")
  public Review moderateReview(
      @Parameter Long id, @Parameter ModerationStatus status, @Parameter String moderatorComments) {
    Review review =
        reviewRepository
            .findById(id)
            .orElseThrow(() -> new EntityNotFoundException(Review.class, id));

    review.setModeratorComments(moderatorComments);
    review.setStatus(status);

    review = reviewRepository.save(review);
    return review;
  }

  @Operation(summary = "See reviews that need moderation")
  @PreAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_MODERATOR')")
  @GetMapping("/needsmoderation")
  public Iterable<Review> needsmoderation() {
    Iterable<Review> reviewsList = reviewRepository.findByStatus(ModerationStatus.AWAITING_REVIEW);
    return reviewsList;
  }

  @PreAuthorize("hasRole('ROLE_USER')")
  @GetMapping("/{id}")
  public Review getReviewById(@PathVariable Long id) {

    // 1. Look up the review or 404
    Review review =
        reviewRepository
            .findById(id)
            .orElseThrow(() -> new EntityNotFoundException(Review.class, id));

    // 2. Get current requester
    User requester = getCurrentUser().getUser();

    // 3. Evaluate permissions
    boolean isOwner = (review.getReviewer().getId() == requester.getId());
    boolean isAdmin =
        getCurrentUser().getRoles().stream().anyMatch(r -> r.getAuthority().equals("ROLE_ADMIN"));
    boolean isModerator =
        getCurrentUser().getRoles().stream()
            .anyMatch(r -> r.getAuthority().equals("ROLE_MODERATOR"));

    // 4. Enforce access rules
    if (!(isOwner || isAdmin || isModerator)) {
      throw new AccessDeniedException("No permission to view this review");
    }

    // 5. Return the review
    return review;
  }
}















































Active mutators

CONDITIONALS_BOUNDARY
EMPTY_RETURNS
FALSE_RETURNS
INCREMENTS
INVERT_NEGS
MATH
NEGATE_CONDITIONALS
NULL_RETURNS
PRIMITIVE_RETURNS
TRUE_RETURNS
VOID_METHOD_CALLS

Tests examined

edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:wrong_user_cannot_edit()] (6 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:can_set_stars_at_low_boundary()] (5 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:can_set_stars_at_high_boundary()] (6 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:cannot_set_stars_over_boundaries()] (9 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:trim_works_correctly()] (5 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:edit_works_correctly()] (6 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:null_works_correctly()] (23 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:admin_nonexistent_cannot_approve()] (6 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:moderator_nonexistent_cannot_approve()] (10 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:nonexistent_cannot_delete()] (4 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:user_can_delete()] (6 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:admin_can_delete()] (8 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:logged_in_admin_can_get_all()] (5 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:a_logged_in_admin_can_get_all()] (6 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:not_found_throws_exception()] (6 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:getReviewById_not_found_returns_404()] (5 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:getReviewById_non_owner_user_forbidden()] (7 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:getReviewById_admin_can_view()] (9 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:getReviewById_owner_can_view()] (10 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:getReviewById_moderator_can_view()] (12 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:test_rating_below_1_throws_exception()] (6 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:test_rating_above_5_throws_exception()] (9 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:moderator_get_needs_moderation_returns_moderation_needed()] (5 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:admin_get_needs_moderation_returns_moderation_needed()] (6 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:testItemIdIsInvalid_NotFound()] (9 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:postReview_ShouldAcceptRatingAtBoundaries()] (12 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:test_emptyString_on_creating_new_review()] (9 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:a_user_can_post_a_new_review()] (10 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:test_no_string_on_creating_new_review()] (10 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:admin_can_moderate_a_review()] (6 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:moderator_can_moderate_a_review()] (9 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:allApprovedReviewsForItem_returns_not_found_for_nonexistent_item()] (7 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:allApprovedReviewsForItem_returns_approved_reviews_for_existing_item()] (7 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:a_logged_in_user_can_get_own_reviews_list()] (22 ms)
edu.ucsb.cs156.dining.controllers.ReviewControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.dining.controllers.ReviewControllerTests]/[method:wrong_user_cannot_delete()] (6 ms)

Report generated by PIT 1.17.0

1		package edu.ucsb.cs156.dining.controllers;
2
3		import com.fasterxml.jackson.core.JsonProcessingException;
4		import edu.ucsb.cs156.dining.entities.MenuItem;
5		import edu.ucsb.cs156.dining.entities.Review;
6		import edu.ucsb.cs156.dining.entities.User;
7		import edu.ucsb.cs156.dining.errors.EntityNotFoundException;
8		import edu.ucsb.cs156.dining.models.CurrentUser;
9		import edu.ucsb.cs156.dining.models.EditedReview;
10		import edu.ucsb.cs156.dining.repositories.AdminRepository;
11		import edu.ucsb.cs156.dining.repositories.MenuItemRepository;
12		import edu.ucsb.cs156.dining.repositories.ReviewRepository;
13		import edu.ucsb.cs156.dining.statuses.ModerationStatus;
14		import io.swagger.v3.oas.annotations.Operation;
15		import io.swagger.v3.oas.annotations.Parameter;
16		import io.swagger.v3.oas.annotations.tags.Tag;
17		import jakarta.validation.Valid;
18		import java.time.LocalDateTime;
19		import java.util.HashMap;
20		import java.util.Map;
21		import lombok.extern.slf4j.Slf4j;
22		import org.springframework.beans.factory.annotation.Autowired;
23		import org.springframework.format.annotation.DateTimeFormat;
24		import org.springframework.http.ResponseEntity;
25		import org.springframework.security.access.AccessDeniedException;
26		import org.springframework.security.access.prepost.PreAuthorize;
27		import org.springframework.web.bind.annotation.DeleteMapping;
28		import org.springframework.web.bind.annotation.ExceptionHandler;
29		import org.springframework.web.bind.annotation.GetMapping;
30		import org.springframework.web.bind.annotation.PathVariable;
31		import org.springframework.web.bind.annotation.PostMapping;
32		import org.springframework.web.bind.annotation.PutMapping;
33		import org.springframework.web.bind.annotation.RequestBody;
34		import org.springframework.web.bind.annotation.RequestMapping;
35		import org.springframework.web.bind.annotation.RequestParam;
36		import org.springframework.web.bind.annotation.RestController;
37
38		/** This is a REST controller for Reviews */
39		@Tag(name = "Review")
40		@RequestMapping("/api/reviews")

ReviewController.java

Mutations

Active mutators

Tests examined