Delete endpoint

This commit is contained in:
djmil 2023-07-25 13:51:36 +02:00
parent 4287b96320
commit 9ae96650ec
4 changed files with 56 additions and 1 deletions

View File

@ -5,6 +5,7 @@ import org.springframework.data.domain.PageRequest;
import org.springframework.data.domain.Pageable;
import org.springframework.data.domain.Sort;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.PutMapping;
@ -88,4 +89,14 @@ public class CashCardController {
cashCardRepository.save(updatedCashCard);
return ResponseEntity.noContent().build();
}
@DeleteMapping("/{id}")
private ResponseEntity<Void> deleteCashCard(@PathVariable Long id, Principal principal) {
if (cashCardRepository.existsByIdAndOwner(id, principal.getName())) {
cashCardRepository.deleteById(id);
return ResponseEntity.noContent().build();
}
return ResponseEntity.notFound().build();
}
}

View File

@ -13,4 +13,5 @@ extends
{
CashCard findByIdAndOwner(Long id, String owner);
Page<CashCard> findByOwner(String owner, PageRequest amount);
boolean existsByIdAndOwner(Long id, String owner);
}

View File

@ -47,7 +47,13 @@ public class SecurityConfig {
.password(passwordEncoder.encode("qrs456"))
.roles("NON-OWNER") // new role
.build();
UserDetails kumar = users
.username("kumar2")
.password(passwordEncoder.encode("xyz789"))
.roles("CARD-OWNER") // new role
.build();
return new InMemoryUserDetailsManager(sarah, hankOwnsNoCards);
return new InMemoryUserDetailsManager(sarah, hankOwnsNoCards, kumar);
}
}

View File

@ -204,4 +204,41 @@ class CashcardApplicationTests {
.exchange("/cashcards/99999", HttpMethod.PUT, request, Void.class);
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.NOT_FOUND);
}
@Test
@DirtiesContext
void shouldDeleteAnExistingCashCard() {
ResponseEntity<Void> response = restTemplate
.withBasicAuth("sarah1", "abc123")
.exchange("/cashcards/99", HttpMethod.DELETE, null, Void.class);
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.NO_CONTENT);
// Ensure that the resource was actually deleted:
ResponseEntity<String> getResponse = restTemplate
.withBasicAuth("sarah1", "abc123")
.getForEntity("/cashcards/99", String.class);
assertThat(getResponse.getStatusCode()).isEqualTo(HttpStatus.NOT_FOUND);
}
@Test
void shouldNotDeleteACashCardThatDoesNotExist() {
ResponseEntity<Void> deleteResponse = restTemplate
.withBasicAuth("sarah1", "abc123")
.exchange("/cashcards/99999", HttpMethod.DELETE, null, Void.class);
assertThat(deleteResponse.getStatusCode()).isEqualTo(HttpStatus.NOT_FOUND);
}
@Test
void shouldNotAllowDeletionOfCashCardsTheyDoNotOwn() {
ResponseEntity<Void> deleteResponse = restTemplate
.withBasicAuth("sarah1", "abc123")
.exchange("/cashcards/102", HttpMethod.DELETE, null, Void.class);
assertThat(deleteResponse.getStatusCode()).isEqualTo(HttpStatus.NOT_FOUND);
// Ensure that the record still exsists:
ResponseEntity<String> getResponse = restTemplate
.withBasicAuth("kumar2", "xyz789")
.getForEntity("/cashcards/102", String.class);
assertThat(getResponse.getStatusCode()).isEqualTo(HttpStatus.OK);
}
}