Ratings can be cast by users in the frontend

Author: sezanzeb

backend/src/controllers/dto.ts

@@ -620,14 +620,16 @@ export class RatingDTO {
   @Expose()
   @Type(() => CriterionDTO)
   @ValidateNested()
-  public criteria!: CriterionDTO;
+  public criterion!: CriterionDTO;
   @Expose()
   @IsInt()
   @Min(1)
   @Max(5)
   public rating!: number;
 }
 
+// Do not send all ratings to the client,
+// because peoples opinion on the projects should be anonymous
 export class ProjectRatingResultDTO {
   @Expose()
   @Type(() => ProjectDTO)

backend/src/controllers/rating-controller.ts

@@ -4,7 +4,8 @@ import {
   CurrentUser,
   Get,
   Post,
-  Body
+  Body,
+  Param
 } from "routing-controllers";
 import { Inject } from "typedi";
 import { UserRole } from "../entities/user-role";
@@ -26,13 +27,16 @@ export class RatingController {
   ) {}
 
   /**
-   * Get all ratings.
+   * Get aggregated rating results grouped by project and criteria.
    */
-  @Get("/")
-  @Authorized(UserRole.Root)
-  public async getAllRatings(): Promise<RatingDTO[]> {
-    const ratings = await this._ratings.getAllRatings();
-    return ratings.map((r) => convertBetweenEntityAndDTO(r, RatingDTO));
+  @Get("/by-project/:id")
+  @Authorized(UserRole.User)
+  public async getUsersRatingsForProject(
+    @Param("id") projectId: number,
+    @CurrentUser() user: User,
+  ): Promise<RatingDTO[]> {
+    const results = await this._ratings.getUsersRatingsForProject(projectId, user);
+    return results.map((r) => convertBetweenEntityAndDTO(r, RatingDTO));
   }
 
   /**
@@ -50,7 +54,7 @@ export class RatingController {
    */
   @Post("/rate")
   @Authorized(UserRole.User)
-  public async createRating(
+  public async rate(
     @Body() { data: ratingDTO }: { data: RatingDTO },
     @CurrentUser() user: User,
   ): Promise<RatingDTO> {
@@ -60,7 +64,7 @@ export class RatingController {
     // write the requesting user into it.
     rating.user = user;
 
-    const createdRating = await this._ratings.createRating(rating, user);
+    const createdRating = await this._ratings.upsertRating(rating, user);
     return convertBetweenEntityAndDTO(createdRating, RatingDTO);
   }
 }

backend/src/services/rating-service.ts

@@ -10,6 +10,7 @@ import { User } from "../entities/user";
 import { Team } from "../entities/team";
 import { Project } from "../entities/project";
 import { Criterion } from "../entities/criterion";
+import { UserRole } from "../entities/user-role";
 
 export interface ProjectRatingResult {
   project: Project;
@@ -18,21 +19,18 @@ export interface ProjectRatingResult {
 
 export interface IRatingService extends IService {
   /**
-   * Get all ratings
+   * Get the ratings for a specific project, cast by a specific user.
+   * Users may only read their own created ratings.
    */
-  getAllRatings(): Promise<readonly Rating[]>;
+  getUsersRatingsForProject(projectId: number, user: User): Promise<readonly Rating[]>;
   /**
-   * Create new rating
+   *  Upsert a rating
    */
-  createRating(rating: Rating, user: User): Promise<Rating>;
-  /**
-   *  Update rating
-   */
-  updateRating(rating: Rating, user: User): Promise<Rating>;
+  upsertRating(rating: Rating, user: User): Promise<Rating>;
   /**
    * Get rating by id
    */
-  getRatingByID(id: number): Promise<RatingDTO | undefined>;
+  getRatingByID(id: number, user: User): Promise<RatingDTO | undefined>;
   /**
    * Delete single rating by id
    */
@@ -74,49 +72,48 @@ export class RatingService implements IRatingService {
   }
 
   /**
-   * Gets all ratings.
-   */
-  public async getAllRatings(): Promise<readonly Rating[]> {
-    return this._database.getRepository(Rating).find();
-  }
-
-  /**
-   * Updates a rating.
-   * @param rating The rating to update
+   * Get the ratings for a specific project, cast by a specific user.
+   * Users may only read their own created ratings.
    */
-  public async updateRating(rating: Rating, user: User): Promise<Rating> {
-    const originRating = await this._ratings.findOneBy({ id: rating.id });
-
-    if (!originRating) {
-      throw new NotFoundError("Rating not found");
-    }
-
-    if (user.id !== originRating.user.id) {
-      throw new ForbiddenError("You can only update your own ratings");
-    }
-
-    await this.checkPermission(rating, user);
-
-    return this._ratings.save(rating);
+  public async getUsersRatingsForProject(projectId: number, user: User): Promise<readonly Rating[]> {
+    // TODO test
+    return this._database.getRepository(Rating).find({
+      where: {
+        project: {
+          id: projectId
+        },
+        user: {
+          id: user.id
+        }
+      }
+    });
   }
 
   /**
-   * Creates a rating.
+   * Upsert a rating.
    * @param rating The rating to create
    */
-  public async createRating(rating: Rating, user: User): Promise<Rating> {
+  public async upsertRating(rating: Rating, user: User): Promise<Rating> {
     await this.checkPermission(rating, user);
 
-    const existing = await this._ratings.findOne({
-      where: {
-        user: { id: user.id },
-        project: { id: rating.project.id },
-        criterion: { id: rating.criterion.id },
+    const existingRating = await this._ratings.findOneBy({
+      user: {
+        id: user.id
       },
+      project: {
+        id: rating.project.id
+      },
+      criterion: {
+        id: rating.criterion.id
+      }
     });
 
-    if (existing) {
-      throw new BadRequestError("You have already rated this project for this criterion");
+    if (existingRating !== null) {
+      // Update
+      return this._ratings.save({
+        ...rating,
+        id: existingRating.id
+      });
     }
 
     return this._ratings.save(rating);
@@ -126,8 +123,17 @@ export class RatingService implements IRatingService {
    * Gets a rating by its id.
    * @param id The id of the rating
    */
-  public async getRatingByID(id: number): Promise<RatingDTO | undefined> {
+  public async getRatingByID(id: number, user: User): Promise<RatingDTO | undefined> {
     const rating = await this._ratings.findOneBy({ id });
+
+    if (!rating) {
+      throw new NotFoundError("Rating not found");
+    }
+
+    if (rating.user.id !== user.id && user.role !== UserRole.Root) {
+      throw new ForbiddenError()
+    }
+
     return rating ? convertBetweenEntityAndDTO(rating, RatingDTO) : undefined;
   }
 
@@ -196,6 +202,9 @@ export class RatingService implements IRatingService {
     return result;
   }
 
+  /**
+   * Check if the user is permitted to create/modify/delete this rating.
+   */
   private async checkPermission(rating: Rating, user: User): Promise<void> {
     const settings = await this._settings.getSettings();
     if (!settings.application.allowRatingProjects) {
@@ -207,7 +216,7 @@ export class RatingService implements IRatingService {
       throw new NotFoundError("Project not found");
     }
     if (!project.allowRating) {
-      throw new ForbiddenError("Rating this project is not allowed")
+      throw new ForbiddenError("Rating this project is not allowed");
     }
 
     const team = await this._teams.findOneBy({ id: project.team.id })

frontend/src/api/index.ts

@@ -629,8 +629,10 @@ export class ApiClient {
   /**
    * Gets all ratings.
    */
-  public async getAllRatings(): Promise<readonly RatingDTO[]> {
-    return await this.get<RatingControllerMethods["getAllRatings"]>("/ratings");
+  public async getUsersRatingsForProject(project): Promise<readonly RatingDTO[]> {
+    return await this.get<RatingControllerMethods["getUsersRatingsForProject"]>(
+      `/ratings/by-project/${project.id}`
+    );
   }
 
   /**

…ntend/src/components/pages/criterion.tsx …end/src/components/pages/rating-form.tsxfrontend/src/components/pages/criterion.tsx renamed to frontend/src/components/pages/rating-form.tsx frontend/src/components/pages/criterion.tsx renamed to frontend/src/components/pages/rating-form.tsx

@@ -13,36 +13,38 @@ import {
 import { api } from "../../hooks/use-api";
 import { useLoginContext } from "../../contexts/login-context";
 
-export const CriterionRating = ({
+/**
+ * Component that allows users to submit and edit ratings for projects.
+ * Only for one criterion, use multiple of this to cover all of them.
+ */
+export const RatingForm = ({
+  rating,
   criterion,
   project,
 }) => {
   const loginState = useLoginContext();
   const { user } = loginState;
 
-  const [rating, setRating] = useState<string>("3");
+  const [ratingValue, setRatingValue] = useState(rating.rating);
   const [isSubmitting, setIsSubmitting] = useState(false);
   const [error, setError] = useState<string | null>(null);
 
   const handleSubmit = async () => {
     setIsSubmitting(true);
     setError(null);
 
-    console.log({ criterion, user, project })
-
     await api.createRating({
       criterion: {
-        Id: criterion.id
+        id: criterion.id
       },
-      rating: parseInt(rating),
+      rating: parseInt(ratingValue),
       user: {
         id: user.id
       },
       project: {
         id: project.id
       },
     });
-    onRatingSubmitted?.();
 
     setIsSubmitting(false);
   };
@@ -70,8 +72,8 @@ export const CriterionRating = ({
         <FormControl component="fieldset">
           <RadioGroup
             row
-            value={rating}
-            onChange={(e) => setRating(e.target.value)}
+            value={ratingValue}
+            onChange={(e) => setRatingValue(e.target.value)}
           >
             {[1, 2, 3, 4, 5].map((value) => (
               <FormControlLabel

frontend/src/components/pages/read-only-project.tsx

@@ -10,7 +10,7 @@ import { useApi, api } from "../../hooks/use-api";
 import { useLoginContext } from "../../contexts/login-context";
 import { TeamDTO } from "../../api/types/dto";
 import { PageHeader } from "../base/page-header";
-import { CriterionRating } from "./criterion";
+import { RatingForm } from "./rating-form";
 
 const HeaderContainer = styled(NonGrowingFlexContainer)`
   justify-content: space-between;
@@ -32,6 +32,7 @@ export const ReadOnlyProject = ({ project }) => {
   const [allowRating, setAllowRating] = React.useState(false);
   const [criteria, setCriteria] = React.useState([]);
   const [allUsers, setAllUsers] = React.useState([]);
+  const [ratings, setRatings] = React.useState([]);
 
   React.useEffect(() => {
     if (project) {
@@ -46,14 +47,20 @@ export const ReadOnlyProject = ({ project }) => {
   React.useEffect(
     () => {
       api.getAllUsers().then((allUsers) => {
-        setAllUsers(allUsers)
+        setAllUsers(allUsers);
       });
 
       api.getAllCriteria().then((criteria) => {
-        setCriteria(criteria)
+        setCriteria(criteria);
       });
+
+      if (project) {
+        api.getUsersRatingsForProject(project).then((ratings) => {
+          setRatings(ratings);
+        });
+      }
     },
-    []
+    [project]
   );
 
   const {
@@ -105,7 +112,8 @@ export const ReadOnlyProject = ({ project }) => {
         <h2 style={{ "margin-top": "4rem" }}>Rate this Project</h2>
         Hover the criterion for more information.
         Rate criteria high, if you think the project did well in this regard.
-        {criteria.map(criterion => <CriterionRating
+        {criteria.map(criterion => <RatingForm
+          rating={ratings.find(r => r.criterion.id == criterion.id)}
           criterion={criterion}
           project={project}
         />)}