Very unfinished wip for controllers and services for rating, criteria and project

Author: sezanzeb

backend/src/controllers/project-controller.ts

@@ -0,0 +1,31 @@
+import { Authorized, Delete, JsonController, NotFoundError } from "routing-controllers";
+import { Inject } from "typedi";
+import { UserRole } from "../entities/user-role";
+import { IProjectService, ProjectServiceToken } from "../services/project-service";
+
+// TODO for every team, add a new project automatically with the correct teamId
+
+@JsonController("/projects")
+export class ProjectController {
+  public constructor(
+    @Inject(ProjectServiceToken) private readonly _projects: IProjectService,
+  ) {}
+
+  /**
+   * Update a project (mvp: create one project per team)
+   */
+  @Put("/project/:id")
+  @Authorized(UserRole.User)
+  public async updateProject(
+    @Param("id") projectId: number,
+    @Body() { data: projectDTO }: { data: ProjectDTO },
+  ): Promise<TeamDTO> {
+    // TODO ProjectUpdateDTO?
+    const project = convertBetweenEntityAndDTO(projectDTO, Project);
+
+    // TODO how to make actual not found errors for incorrect ids?
+
+    const updateProject = await this._ratings.updateProject(project, user);
+    return convertBetweenEntityAndDTO(updateProject, ProjectDTO);
+  }
+}

backend/src/controllers/rating-controller.ts

@@ -0,0 +1,98 @@
+import { Authorized, Delete, JsonController, ForbiddenError } from "routing-controllers";
+import { Inject } from "typedi";
+import { UserRole } from "../entities/user-role";
+import { SettingsServiceToken } from "../services/settings-service";
+import { SettingsServiceToken } from "../services/settings-service";
+
+// The RatingController and RatingService group stuff concerning ratings and critiera
+// together. Feel free to separate, if you think that would be better.
+
+@JsonController("/ratings")
+export class RatingController {
+  public constructor(
+    @Inject(SettingsServiceToken) private readonly _settings: ISettingsService,
+    @Inject(RatingServiceToken) private readonly _ratings: IRatingService,
+  ) {}
+
+  /**
+   * Allow users to rate a specific project (if ratings are enabled in the application
+   * settings).
+   *
+   * By using the application setting, admins can prepare the projects that can be
+   * rated, and then allow all of them at the same time. And when the rating is closed,
+   * disable all of them at the same time. This is done in the settings-controller.
+   *
+   * TODO probably move to the project controller, allow changing this setting only
+   *  if an admin
+   *
+   * TODO write test that the attribute cannot be changed by the project put endpoint
+   *  by regular users
+   */
+  @Post("/make-project-ratable")
+  @Authorized(UserRole.Root)
+  public async enableRatingForProject(): Promise<void> {
+    // TODO set allowRating of project
+  }
+
+  /**
+   * Rate a project
+   *
+   * TODO mvp: no update and delete, a created rating is a commitment to it.
+   *  If there is time, add an update mechanism though.
+   */
+  @Post("/rate")
+  @Authorized(UserRole.User)
+  public async createRating(
+    @Body() { data: RatingDTO }: { data: RatingDTO },
+    @CurrentUser() user: User,
+  ): Promise<readonly RatingDTO[]> {
+    const rating = convertBetweenEntityAndDTO(RatingDTO, Rating);
+    const createdRating = await this._ratings.createRating(rating);
+    return convertBetweenEntityAndDTO(createdRating, RatingDTO);
+  }
+
+  /**
+   * Create criteria.
+   */
+  @Post("/criteria")
+  @Authorized(UserRole.Root)
+  public async createCriteria(
+    @Body() { data: criteriaDTO }: { data: CriteriaDTO },
+  ): Promise<readonly CriteriaDTO[]> {
+    const criteria = convertBetweenEntityAndDTO(criteriaDTO, Criteria);
+    const createdCriteria = await this._ratings.createCriteria();
+    return convertBetweenEntityAndDTO(createdCriteria, CriteriaDTO);
+  }
+
+  /**
+   * Update criteria.
+   */
+  @Put("/criteria/:id")
+  @Authorized(UserRole.Root)
+  public async updateCriteria(
+    @Param("id") teamId: number,
+    @Body() { data: criteriaDTO }: { data: CriteriaDTO },
+  ): Promise<TeamDTO> {
+    // TODO There is a TeamUpdateDTO. CriteriaUpdateDTO?
+    const team = convertBetweenEntityAndDTO(criteriaDTO, Criteria);
+    const updateTeam = await this._ratings.updateCriteria(team, user);
+    return convertBetweenEntityAndDTO(updateCriteria, CriteriaDTO);
+  }
+
+  /**
+   * Delete criteria.
+   */
+  @Delete("/criteria/:id")
+  @Authorized(UserRole.Root)
+  public async deleteCriteria(
+    @Param("id") criteriaId: number,
+    @CurrentUser() user: User,
+  ): Promise<SuccessResponseDTO> {
+    await this._ratings.deleteCriteriaByID(criteriaId, user);
+    const response = new SuccessResponseDTO();
+    response.success = true;
+    return response;
+  }
+
+  // TODO write test that all the root endpoints are not accessible by users
+}

backend/src/services/project-service.ts

@@ -0,0 +1,122 @@
+import { Inject, Service, Token } from "typedi";
+import { Repository } from "typeorm";
+import { IService } from ".";
+import { DatabaseServiceToken, IDatabaseService } from "./database-service";
+import { Project } from "../entities/project";
+import {
+  ProjectResponseDTO,
+  convertBetweenEntityAndDTO,
+} from "../controllers/dto";
+import { User } from "../entities/user";
+
+/**
+ * An interface describing user handling.
+ */
+export interface IProjectService extends IService {
+  /**
+   * Get all projects
+   */
+  getAllProjects(): Promise<readonly Project[]>;
+  /**
+   * Create new project
+   */
+  createProject(project: Project): Promise<Project>;
+  /**
+   *  Update project
+   */
+  updateProject(project: Project, user: User): Promise<Project>;
+  /**
+   * Get project by id
+   */
+  getProjectByID(id: number): Promise<ProjectResponseDTO | undefined>;
+  /**
+   * Delete single project by id
+   */
+  deleteProjectByID(id: number, currentUserId: User): Promise<void>;
+}
+
+/**
+ * A token used to inject a concrete user service.
+ */
+export const ProjectServiceToken = new Token<IProjectService>();
+
+/**
+ * A service to handle users.
+ */
+@Service(ProjectServiceToken)
+export class ProjectService implements IProjectService {
+  private _projects!: Repository<Project>;
+  private _users!: Repository<User>;
+
+  public constructor(
+    @Inject(DatabaseServiceToken) private readonly _database: IDatabaseService,
+  ) {}
+
+  /**
+   * Sets up the user service.
+   */
+  public async bootstrap(): Promise<void> {
+    this._projects = this._database.getRepository(Project);
+    this._users = this._database.getRepository(User);
+  }
+
+  /**
+   * Gets all projects.
+   */
+  public async getAllProjects(): Promise<readonly Project[]> {
+    return this._database.getRepository(Project).find();
+  }
+
+  /**
+   * Updates a project.
+   * @param project The project to update
+   */
+  public async updateProject(project: Project, user: User): Promise<Project> {
+    // TODO
+    await this.checkPermission(project, user);
+    // TODO allow changing allowRating only if admin
+  }
+
+  /**
+   * Creates a project.
+   * @param project The project to create
+   */
+  public async createProject(project: Project): Promise<Project> {
+    // TODO
+  }
+
+  /**
+   * Gets a project by its id.
+   * @param id The id of the project
+   */
+  public async getProjectByID(id: number): Promise<ProjectResponseDTO | undefined> {
+    const project = await this._projects.findOneBy({ id });
+    return project || undefined;
+  }
+
+  /**
+   * Deletes a project by its id.
+   * @param id The id of the project
+   */
+  public async deleteProjectByID(id: number, currentUserId: User): Promise<void> {
+    const project = await this._projects.findOneBy({ id });
+
+    this.checkPermission(project, user);
+
+    await this._projects.delete(id);
+
+    return Promise.resolve();
+  }
+
+  /**
+   * Throw errors if the user is not allowed to modify/access the project.
+   */
+  private async checkPermission(project: Project, user: User): Promise<void> {
+    const team = await this._teams.getTeamById(project.teamId)
+    if (!team.users.inclues(user.id)) {
+      // Tried to access a project belonging to a different team, forbidden
+      // TODO test
+      throw new NotFoundError()
+    }
+  }
+}

backend/src/services/rating-service.ts

@@ -0,0 +1,144 @@
+import { Inject, Service, Token } from "typedi";
+import { Repository } from "typeorm";
+import { IService } from ".";
+import { DatabaseServiceToken, IDatabaseService } from "./database-service";
+import { Rating } from "../entities/rating";
+import {
+  RatingResponseDTO,
+  convertBetweenEntityAndDTO,
+} from "../controllers/dto";
+import { User } from "../entities/user";
+
+export interface IRatingService extends IService {
+  /**
+   * Get all ratings
+   */
+  getAllRatings(): Promise<readonly Rating[]>;
+  /**
+   * Create new rating
+   */
+  createRating(rating: Rating): Promise<Rating>;
+  /**
+   *  Update rating
+   */
+  updateRating(rating: Rating): Promise<Rating>;
+  /**
+   * Get rating by id
+   */
+  getRatingByID(id: number): Promise<RatingResponseDTO | undefined>;
+  /**
+   * Delete single rating by id
+   */
+  deleteRatingByID(id: number, currentUserId: User): Promise<void>;
+  /**
+   * Request to join a rating
+   */
+  requestToJoinRating(ratingId: number, user: User): Promise<void>;
+}
+
+/**
+ * A token used to inject a concrete user service.
+ */
+export const RatingServiceToken = new Token<IRatingService>();
+
+/**
+ * A service to handle users.
+ */
+@Service(RatingServiceToken)
+export class RatingService implements IRatingService {
+  private _ratings!: Repository<Rating>;
+  private _users!: Repository<User>;
+
+  public constructor(
+    @Inject(DatabaseServiceToken) private readonly _database: IDatabaseService,
+  ) {}
+
+  /**
+   * Sets up the user service.
+   */
+  public async bootstrap(): Promise<void> {
+    this._ratings = this._database.getRepository(Rating);
+    this._users = this._database.getRepository(User);
+  }
+
+  /**
+   * Gets all ratings.
+   */
+  public async getAllRatings(): Promise<readonly Rating[]> {
+    return this._database.getRepository(Rating).find();
+  }
+
+  /**
+   * Updates a rating.
+   * @param rating The rating to update
+   */
+  public async updateRating(rating: Rating, user: User): Promise<Rating> {
+    // TODO validate, throw Errors
+
+    const originRating = await this._ratings.findOneBy({ id: rating.id });
+
+    // TODO only if user matches
+    await this.checkPermission(rating, user);
+    const originRatingUser = originRating.users;
+    if (user.id != originRatingUser.id) {
+      throw new Error("")
+    }
+
+    return this._ratings.save(rating);
+  }
+
+  /**
+   * Creates a rating.
+   * @param rating The rating to create
+   */
+  public async createRating(rating: Rating): Promise<Rating> {
+    // TODO validate
+    this.checkPermission(rating, user);
+    return this._ratings.save(rating);
+  }
+
+  /**
+   * Gets a rating by its id.
+   * @param id The id of the rating
+   */
+  public async getRatingByID(id: number): Promise<RatingResponseDTO | undefined> {
+    const rating = await this._ratings.findOneBy({ id });
+    return rating || undefined;
+  }
+
+  /**
+   * Deletes a rating by its id.
+   * @param id The id of the rating
+   */
+  public async deleteRatingByID(id: number, currentUserId: User): Promise<void> {
+    const rating = await this._ratings.findOneBy({ id });
+
+    await this.checkPermission(rating, user);
+
+    await this._ratings.delete(id);
+
+    return Promise.resolve();
+  }
+
+  private async checkPermission(rating: Rating, user: User): Promise<void> {
+    // TODO use this._database.blabla instead of _settings and such
+
+    const settings = await this._settings.getSettings();
+    if (!settings.allowRating) {
+      // TODO test
+      throw new ForbiddenError("Cannot create rating due to application settings")
+    }
+
+    const project = await this._projects.getProject(data.id);
+    if (!project.allowRating) {
+      // TODO test
+      throw new ForbiddenError("Creating a rating for this project is not allowed")
+    }
+
+    const team = await this._teams.getTeamById(project.teamId)
+    if (team.users.inclues(user.id)) {
+      // TODO test
+      throw new ForbiddenError("You can't rate your own project")
+    }
+  }
+}