diff --git a/src/main/java/djmil/cashcard/CashCardController.java b/src/main/java/djmil/cashcard/CashCardController.java index f43de99..44c8b4c 100644 --- a/src/main/java/djmil/cashcard/CashCardController.java +++ b/src/main/java/djmil/cashcard/CashCardController.java @@ -5,6 +5,7 @@ import org.springframework.data.domain.PageRequest; import org.springframework.data.domain.Pageable; import org.springframework.data.domain.Sort; import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.PutMapping; @@ -88,4 +89,14 @@ public class CashCardController { cashCardRepository.save(updatedCashCard); return ResponseEntity.noContent().build(); } + + @DeleteMapping("/{id}") + private ResponseEntity deleteCashCard(@PathVariable Long id, Principal principal) { + if (cashCardRepository.existsByIdAndOwner(id, principal.getName())) { + cashCardRepository.deleteById(id); + return ResponseEntity.noContent().build(); + } + + return ResponseEntity.notFound().build(); + } } \ No newline at end of file diff --git a/src/main/java/djmil/cashcard/CashCardRepository.java b/src/main/java/djmil/cashcard/CashCardRepository.java index 8e5e602..3762377 100644 --- a/src/main/java/djmil/cashcard/CashCardRepository.java +++ b/src/main/java/djmil/cashcard/CashCardRepository.java @@ -13,4 +13,5 @@ extends { CashCard findByIdAndOwner(Long id, String owner); Page findByOwner(String owner, PageRequest amount); + boolean existsByIdAndOwner(Long id, String owner); } diff --git a/src/main/java/djmil/cashcard/SecurityConfig.java b/src/main/java/djmil/cashcard/SecurityConfig.java index 766d87a..38afb68 100644 --- a/src/main/java/djmil/cashcard/SecurityConfig.java +++ b/src/main/java/djmil/cashcard/SecurityConfig.java @@ -47,7 +47,13 @@ public class SecurityConfig { .password(passwordEncoder.encode("qrs456")) .roles("NON-OWNER") // new role .build(); + + UserDetails kumar = users + .username("kumar2") + .password(passwordEncoder.encode("xyz789")) + .roles("CARD-OWNER") // new role + .build(); - return new InMemoryUserDetailsManager(sarah, hankOwnsNoCards); + return new InMemoryUserDetailsManager(sarah, hankOwnsNoCards, kumar); } } \ No newline at end of file diff --git a/src/test/java/djmil/cashcard/CashcardApplicationTests.java b/src/test/java/djmil/cashcard/CashcardApplicationTests.java index 9dbbc9d..058a6bc 100644 --- a/src/test/java/djmil/cashcard/CashcardApplicationTests.java +++ b/src/test/java/djmil/cashcard/CashcardApplicationTests.java @@ -204,4 +204,41 @@ class CashcardApplicationTests { .exchange("/cashcards/99999", HttpMethod.PUT, request, Void.class); assertThat(response.getStatusCode()).isEqualTo(HttpStatus.NOT_FOUND); } + + @Test + @DirtiesContext + void shouldDeleteAnExistingCashCard() { + ResponseEntity response = restTemplate + .withBasicAuth("sarah1", "abc123") + .exchange("/cashcards/99", HttpMethod.DELETE, null, Void.class); + assertThat(response.getStatusCode()).isEqualTo(HttpStatus.NO_CONTENT); + + // Ensure that the resource was actually deleted: + ResponseEntity getResponse = restTemplate + .withBasicAuth("sarah1", "abc123") + .getForEntity("/cashcards/99", String.class); + assertThat(getResponse.getStatusCode()).isEqualTo(HttpStatus.NOT_FOUND); + } + + @Test + void shouldNotDeleteACashCardThatDoesNotExist() { + ResponseEntity deleteResponse = restTemplate + .withBasicAuth("sarah1", "abc123") + .exchange("/cashcards/99999", HttpMethod.DELETE, null, Void.class); + assertThat(deleteResponse.getStatusCode()).isEqualTo(HttpStatus.NOT_FOUND); + } + + @Test + void shouldNotAllowDeletionOfCashCardsTheyDoNotOwn() { + ResponseEntity deleteResponse = restTemplate + .withBasicAuth("sarah1", "abc123") + .exchange("/cashcards/102", HttpMethod.DELETE, null, Void.class); + assertThat(deleteResponse.getStatusCode()).isEqualTo(HttpStatus.NOT_FOUND); + + // Ensure that the record still exsists: + ResponseEntity getResponse = restTemplate + .withBasicAuth("kumar2", "xyz789") + .getForEntity("/cashcards/102", String.class); + assertThat(getResponse.getStatusCode()).isEqualTo(HttpStatus.OK); + } }