chore: cleanup source pdf

Author: milljoniaer

client/src/pages/ActivityDetails.tsx

@@ -35,7 +35,7 @@ export const ActivityDetails: React.FC = () => {
 
   const documentApi = useApi();
   const fetchActivity = useCallback(async () => {
-    if (stateActivity) {
+    if (stateActivity && !isAdmin) {
       return stateActivity;
     }
 
@@ -48,7 +48,7 @@ export const ActivityDetails: React.FC = () => {
     }
 
     throw new Error("No activity ID provided");
-  }, [stateActivity, id]);
+  }, [stateActivity, id, isAdmin]);
 
   const {
     data: activity,
@@ -82,11 +82,9 @@ export const ActivityDetails: React.FC = () => {
     window.URL.revokeObjectURL(url);
   };
 
-  const handleOpenSourcePdf = async () => {
-    if (!activity?.id || !isAdmin) return;
-
+  const handleOpenDocument = async (documentId: string) => {
     await documentApi.call(async () => {
-      await openBlobInNewTab(() => apiService.getActivityPdf(activity.id));
+      await openBlobInNewTab(() => apiService.downloadDocument(documentId));
     });
   };
 
@@ -185,12 +183,9 @@ export const ActivityDetails: React.FC = () => {
     (activity.durationMinMinutes || 0) +
     (activity.prepTimeMinutes || 0) +
     (activity.cleanupTimeMinutes || 0);
-
-  const visibleDocuments =
-    activity.documents?.filter((doc) => isAdmin || doc.type !== "source_pdf") ||
-    [];
   const hasDownloads =
-    visibleDocuments.length > 0 || (activity.markdowns && activity.markdowns.length > 0);
+    (activity.documents && activity.documents.length > 0) ||
+    (activity.markdowns && activity.markdowns.length > 0);
 
   return (
     <div className="w-full py-6">
@@ -390,7 +385,7 @@ export const ActivityDetails: React.FC = () => {
                 </h3>
               </div>
 
-              {visibleDocuments.map((doc, index) => (
+              {activity.documents?.map((doc, index) => (
                 <div
                   key={doc.id}
                   className={`flex flex-col gap-4 px-4 py-4 sm:flex-row sm:items-center sm:justify-between${index > 0 ? " border-t border-border" : ""}`}
@@ -407,22 +402,20 @@ export const ActivityDetails: React.FC = () => {
                         : ""}
                     </p>
                   </div>
-                  {doc.type === "source_pdf" && (
-                    <div className="flex items-center gap-2 sm:shrink-0">
-                      <Button
-                        type="button"
-                        variant="outline"
-                        size="sm"
-                        disabled={documentApi.isLoading}
-                        onClick={handleOpenSourcePdf}
-                        title="Download as PDF"
-                        className="flex items-center gap-1.5"
-                      >
-                        <Download className="h-4 w-4 text-red-600" />
-                        <span>PDF</span>
-                      </Button>
-                    </div>
-                  )}
+                  <div className="flex items-center gap-2 sm:shrink-0">
+                    <Button
+                      type="button"
+                      variant="outline"
+                      size="sm"
+                      disabled={documentApi.isLoading}
+                      onClick={() => handleOpenDocument(doc.id)}
+                      title="Open document"
+                      className="flex items-center gap-1.5"
+                    >
+                      <Download className="h-4 w-4 text-red-600" />
+                      <span>PDF</span>
+                    </Button>
+                  </div>
                 </div>
               ))}
 

client/src/services/activityApiService.ts

@@ -122,11 +122,11 @@ export const ActivityApi = {
   },
 
   /**
-   * Get PDF by activity ID
+   * Download a stored document by document ID
    */
-  async getActivityPdf(activityId: string) {
+  async downloadDocument(documentId: string) {
     const response = await authService.makeAuthenticatedRequest(
-      `/api/activities/${activityId}/pdf`,
+      `/api/documents/${documentId}/download`,
     );
 
     if (!response.ok) {

client/src/services/apiService.ts

@@ -67,7 +67,7 @@ export class ApiService {
   static deleteActivity = ActivityApi.deleteActivity;
   static updateActivity = ActivityApi.updateActivity;
   static generateLessonPlan = ActivityApi.generateLessonPlan;
-  static getActivityPdf = ActivityApi.getActivityPdf;
+  static downloadDocument = ActivityApi.downloadDocument;
   static getMarkdownPdf = ActivityApi.getMarkdownPdf;
   static getMarkdownDocx = ActivityApi.getMarkdownDocx;
   static getFieldValues = ActivityApi.getFieldValues;
@@ -103,4 +103,3 @@ export class ApiService {
 
 // Export singleton instance for backward compatibility
 export const apiService = ApiService;
-

server/src/main/java/com/learnhub/activitymanagement/controller/ActivityController.java

@@ -5,7 +5,6 @@
 import com.learnhub.activitymanagement.dto.request.LessonPlanRequest;
 import com.learnhub.activitymanagement.dto.request.RecommendationRequest;
 import com.learnhub.activitymanagement.dto.response.ActivityResponse;
-import com.learnhub.activitymanagement.dto.response.DocumentResponse;
 import com.learnhub.activitymanagement.dto.response.LessonPlanInfoResponse;
 import com.learnhub.activitymanagement.dto.response.MarkdownResponse;
 import com.learnhub.activitymanagement.service.ActivityService;
@@ -33,6 +32,7 @@
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 
@@ -68,15 +68,16 @@ public class ActivityController {
 	@GetMapping("/")
 	@PreAuthorize("permitAll()")
 	@Operation(summary = "Get activities", description = "Get a list of activities with optional filtering and pagination")
-	public ResponseEntity<?> getActivities(@ModelAttribute ActivityFilterRequest request) {
+	public ResponseEntity<?> getActivities(@ModelAttribute ActivityFilterRequest request, Authentication authentication) {
 		logger.info(
 				"GET /api/activities/ - Get activities called with filters: name={}, ageMin={}, ageMax={}, format={}, limit={}, offset={}",
 				request.name(), request.ageMin(), request.ageMax(), request.format(), request.limit(),
 				request.offset());
+		boolean includeSourcePdf = isAdmin(authentication);
 		List<ActivityResponse> activities = activityService.getActivitiesWithFilters(request.name(),
 				request.ageMin(), request.ageMax(), request.durationMin(), request.durationMax(), request.format(),
 				request.bloomLevel(), request.mentalLoad(), request.physicalEnergy(), request.resourcesNeeded(),
-				request.topics(), request.limit(), request.offset());
+				request.topics(), request.limit(), request.offset(), includeSourcePdf);
 		Map<String, Object> response = new HashMap<>();
 		response.put("total",
 				activityService.countActivitiesWithFilters(request.name(), request.ageMin(), request.ageMax(),
@@ -92,9 +93,9 @@ public ResponseEntity<?> getActivities(@ModelAttribute ActivityFilterRequest req
 	@GetMapping("/{id}")
 	@PreAuthorize("permitAll()")
 	@Operation(summary = "Get activity by ID", description = "Get a single activity by its ID")
-	public ResponseEntity<?> getActivity(@PathVariable UUID id) {
+	public ResponseEntity<?> getActivity(@PathVariable UUID id, Authentication authentication) {
 		logger.info("GET /api/activities/{} - Get activity by ID called", id);
-		ActivityResponse activity = activityService.getActivityById(id);
+		ActivityResponse activity = activityService.getActivityById(id, isAdmin(authentication));
 		return ResponseEntity.ok(activity);
 	}
 
@@ -135,22 +136,6 @@ public ResponseEntity<?> updateActivity(@PathVariable UUID id, @RequestBody Map<
 		return ResponseEntity.ok(updated);
 	}
 
-	@GetMapping("/{activityId}/pdf")
-	@PreAuthorize("permitAll()")
-	@Operation(summary = "Get activity PDF", description = "Get PDF file for a specific activity")
-	public ResponseEntity<?> getActivityPdf(@PathVariable UUID activityId) throws IOException {
-		logger.info("GET /api/activities/{}/pdf - Get activity PDF called", activityId);
-		ActivityResponse activity = activityService.getActivityById(activityId);
-		DocumentResponse sourcePdf = activity.getDocuments().stream().filter(d -> "source_pdf".equals(d.getType()))
-				.findFirst().orElse(null);
-		if (sourcePdf == null) {
-			throw new ResourceNotFoundException("PDF not found for this activity");
-		}
-
-		byte[] pdfContent = pdfService.getPdfContent(sourcePdf.getId());
-		return buildFileDownloadResponse(pdfContent, activity.getName(), ".pdf", MediaType.APPLICATION_PDF, "inline");
-	}
-
 	@GetMapping("/recommendations")
 	@PreAuthorize("permitAll()")
 	@Operation(summary = "Get activity recommendations", description = "Get personalized activity recommendations with scoring")
@@ -430,4 +415,9 @@ private String sanitizeDownloadFilename(String name) {
 		String sanitized = name.replaceAll("[^a-zA-Z0-9._\\- ]", "_").trim();
 		return sanitized.isEmpty() ? "activity" : sanitized;
 	}
+
+	private boolean isAdmin(Authentication authentication) {
+		return authentication != null && authentication.getAuthorities().stream()
+				.anyMatch(authority -> "ROLE_ADMIN".equals(authority.getAuthority()));
+	}
 }

server/src/main/java/com/learnhub/activitymanagement/service/ActivityService.java

@@ -55,14 +55,23 @@ public long countActivitiesWithFilters(String name, Integer ageMin, Integer ageM
 	public List<ActivityResponse> getActivitiesWithFilters(String name, Integer ageMin, Integer ageMax,
 			Integer durationMin, Integer durationMax, List<String> formats, List<String> bloomLevels, String mentalLoad,
 			String physicalEnergy, List<String> resourcesNeeded, List<String> topics, Integer limit, Integer offset) {
+		return getActivitiesWithFilters(name, ageMin, ageMax, durationMin, durationMax, formats, bloomLevels,
+				mentalLoad, physicalEnergy, resourcesNeeded, topics, limit, offset, false);
+	}
+
+	public List<ActivityResponse> getActivitiesWithFilters(String name, Integer ageMin, Integer ageMax,
+			Integer durationMin, Integer durationMax, List<String> formats, List<String> bloomLevels, String mentalLoad,
+			String physicalEnergy, List<String> resourcesNeeded, List<String> topics, Integer limit, Integer offset,
+			boolean includeSourcePdf) {
 		List<Activity> allMatching = getFilteredActivities(name, ageMin, ageMax, durationMin, durationMax, formats,
 				bloomLevels, mentalLoad, physicalEnergy, resourcesNeeded, topics);
 
 		int start = Math.min((offset != null && offset > 0) ? offset : 0, allMatching.size());
 		int pageSize = (limit != null && limit > 0) ? limit : allMatching.size();
 		int end = Math.min(start + pageSize, allMatching.size());
 
-		return allMatching.subList(start, end).stream().map(this::mapToResponse).collect(Collectors.toList());
+		return allMatching.subList(start, end).stream().map(activity -> mapToResponse(activity, includeSourcePdf))
+				.collect(Collectors.toList());
 	}
 
 	private List<Activity> getFilteredActivities(String name, Integer ageMin, Integer ageMax, Integer durationMin,
@@ -147,17 +156,21 @@ private EnergyLevel convertStringToEnergyLevel(String value) {
 	}
 
 	public ActivityResponse getActivityById(UUID id) {
+		return getActivityById(id, false);
+	}
+
+	public ActivityResponse getActivityById(UUID id, boolean includeSourcePdf) {
 		logger.debug("Fetching activity by id={}", id);
 		Activity activity = activityRepository.findById(id)
 				.orElseThrow(() -> new ResourceNotFoundException("Activity not found"));
-		return mapToResponse(activity);
+		return mapToResponse(activity, includeSourcePdf);
 	}
 
 	public ActivityResponse createActivity(Activity activity) {
 		logger.debug("Saving new activity: name={}", activity.getName());
 		Activity saved = activityRepository.save(activity);
 		logger.debug("Activity saved with id={}", saved.getId());
-		return mapToResponse(saved);
+		return mapToResponse(saved, false);
 	}
 
 	public ActivityResponse updateActivity(UUID id, Activity activityUpdate) {
@@ -187,7 +200,7 @@ public ActivityResponse updateActivity(UUID id, Activity activityUpdate) {
 		updateMarkdownByType(activity, activityUpdate, MarkdownType.HINTERGRUNDWISSEN);
 
 		Activity saved = activityRepository.save(activity);
-		return mapToResponse(saved);
+		return mapToResponse(saved, false);
 	}
 
 	private void updateMarkdownByType(Activity activity, Activity activityUpdate, MarkdownType type) {
@@ -328,10 +341,14 @@ public Activity createActivityFromMap(Map<String, Object> data) {
 	}
 
 	public ActivityResponse convertToResponse(Activity activity) {
-		return mapToResponse(activity);
+		return convertToResponse(activity, false);
+	}
+
+	public ActivityResponse convertToResponse(Activity activity, boolean includeSourcePdf) {
+		return mapToResponse(activity, includeSourcePdf);
 	}
 
-	private ActivityResponse mapToResponse(Activity activity) {
+	private ActivityResponse mapToResponse(Activity activity, boolean includeSourcePdf) {
 		ActivityResponse response = new ActivityResponse();
 		response.setId(activity.getId());
 		response.setName(activity.getName());
@@ -351,9 +368,10 @@ private ActivityResponse mapToResponse(Activity activity) {
 		response.setResourcesNeeded(activity.getResourcesNeeded());
 		response.setTopics(activity.getTopics());
 
-		// Map all documents to response list
-		List<DocumentResponse> docResponses = activity.getDocuments().stream().map(d -> new DocumentResponse(d.getId(),
-				d.getFilename(), d.getFileSize(), d.getType() != null ? d.getType().getValue() : null))
+		List<DocumentResponse> docResponses = activity.getDocuments().stream()
+				.filter(document -> includeSourcePdf || document.getType() != DocumentType.SOURCE_PDF)
+				.map(d -> new DocumentResponse(d.getId(), d.getFilename(), d.getFileSize(),
+						d.getType() != null ? d.getType().getValue() : null))
 				.collect(Collectors.toList());
 		response.setDocuments(docResponses);
 

server/src/main/java/com/learnhub/documentmanagement/controller/DocumentsController.java

@@ -1,18 +1,25 @@
 package com.learnhub.documentmanagement.controller;
 
+import com.learnhub.activitymanagement.entity.enums.DocumentType;
 import com.learnhub.documentmanagement.entity.PDFDocument;
 import com.learnhub.documentmanagement.service.PDFService;
 import com.learnhub.dto.response.ErrorResponse;
 import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import java.io.IOException;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.UUID;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.*;
 
 @RestController
@@ -47,4 +54,52 @@ public ResponseEntity<?> getDocumentInfo(@PathVariable UUID documentId) {
 			return ResponseEntity.status(404).body(ErrorResponse.of("Document not found: " + e.getMessage()));
 		}
 	}
+
+	@GetMapping("/{documentId}/download")
+	@PreAuthorize("permitAll()")
+	@Operation(summary = "Download document", description = "Download a stored document. SOURCE_PDF documents require admin rights.")
+	@SecurityRequirement(name = "BearerAuth")
+	public ResponseEntity<?> downloadDocument(@PathVariable UUID documentId, Authentication authentication)
+			throws IOException {
+		logger.info("GET /api/documents/{}/download - Download document called", documentId);
+		try {
+			PDFDocument document = pdfService.getPdfDocument(documentId);
+			enforceDownloadAccess(document, authentication);
+
+			byte[] pdfContent = pdfService.getPdfContent(documentId);
+			String filename = sanitizeFilename(document.getFilename());
+
+			HttpHeaders headers = new HttpHeaders();
+			headers.setContentType(MediaType.APPLICATION_PDF);
+			headers.setContentDispositionFormData("attachment", filename);
+			headers.setContentLength(pdfContent.length);
+
+			return ResponseEntity.ok().headers(headers).body(pdfContent);
+		} catch (AccessDeniedException e) {
+			throw e;
+		} catch (Exception e) {
+			logger.error("GET /api/documents/{}/download - Document not found: {}", documentId, e.getMessage());
+			return ResponseEntity.status(404).body(ErrorResponse.of("Document not found: " + e.getMessage()));
+		}
+	}
+
+	private void enforceDownloadAccess(PDFDocument document, Authentication authentication) {
+		if (document.getType() != DocumentType.SOURCE_PDF) {
+			return;
+		}
+
+		boolean isAdmin = authentication != null && authentication.getAuthorities().stream()
+				.anyMatch(authority -> "ROLE_ADMIN".equals(authority.getAuthority()));
+		if (!isAdmin) {
+			throw new AccessDeniedException("Admin rights required to download source PDFs");
+		}
+	}
+
+	private String sanitizeFilename(String name) {
+		if (name == null || name.isBlank()) {
+			return "document.pdf";
+		}
+		String sanitized = name.replaceAll("[^a-zA-Z0-9._\\- ]", "_").trim();
+		return sanitized.isEmpty() ? "document.pdf" : sanitized;
+	}
 }