merge with dev

.env-template

@@ -0,0 +1,13 @@
+client-secret=<your-client-secret>
+client-id=<your-client-id>
+tenant-id=<your-tenant-id>
+PGU=<your-postgres-user>
+PGP=<your-postgres-password>
+POSTGRES_USER=${PGU}
+URI=<your-uri>
+EXPRESS_SESSION_SECRET=<your-express-session-secret>
+PORT=<your-port>
+ENVIRONMENT=<your-environment>
+DB_HOST=<your-db-host>
+DB_PORT=<your-db-port>
+DB_NAME=<your-db-name>

.gitignore

@@ -1,3 +1,5 @@
+backend/web-bff/App/.env.dev
+
 HELP.md
 .gradle
 build/
@@ -48,3 +50,5 @@ docker.env
 ./startBackend.sh
 startBackend.sh
 
+/.env
+backend/web-bff/App/.env

backend/app/src/main/java/com/ugent/pidgeon/GlobalErrorHandler.java

@@ -51,6 +51,15 @@ public ResponseEntity<ApiErrorReponse> handleNoHandlerFoundException(HttpServlet
         "Resource/endpoint doesn't exist", path));
   }
 
+  @ExceptionHandler(NoResourceFoundException.class)
+  public ResponseEntity<ApiErrorReponse> handleNoResourceFoundException(HttpServletRequest request, Exception ex) {
+    logError(ex);
+    String path = request.getRequestURI();
+    HttpStatus status = HttpStatus.NOT_FOUND;
+    return ResponseEntity.status(status).body(new ApiErrorReponse(OffsetDateTime.now(), status.value(), status.getReasonPhrase(),
+        "Resource/endpoint doesn't exist", path));
+  }
+
   /* Gets thrown when the method is not allowed */
   @ExceptionHandler(HttpRequestMethodNotSupportedException.class)
   public ResponseEntity<ApiErrorReponse> handleMethodNotSupportedException(HttpServletRequest request, Exception ex) {

backend/app/src/main/java/com/ugent/pidgeon/auth/JwtAuthenticationFilter.java

@@ -83,6 +83,7 @@ public void doFilterInternal(HttpServletRequest request, HttpServletResponse res
                 String lastName;
                 String email;
                 String oid;
+                String studentnumber;
 
                 String version = jwt.getClaim("ver").asString();
 
@@ -92,21 +93,21 @@ public void doFilterInternal(HttpServletRequest request, HttpServletResponse res
                     lastName = jwt.getClaim("family_name").asString();
                     email = jwt.getClaim("unique_name").asString();
                     oid = jwt.getClaim("oid").asString();
+                    studentnumber = jwt.getClaim("ugentStudentID").asString();
                 } else if (version.startsWith("2.0")) {
                     displayName = jwt.getClaim("name").asString();
                     lastName = jwt.getClaim("surname").asString();
                     firstName = displayName.replace(lastName, "").strip();
                     email = jwt.getClaim("mail").asString();
                     oid = jwt.getClaim("oid").asString();
+                    studentnumber = jwt.getClaim("ugentStudentID").asString();
                 } else {
                     throw new JwkException("Invalid OAuth version");
                 }
                 // print full object
-                // logger.info(jwt.getClaims());
+                logger.info(jwt.getClaims());
 
-
-
-                User user = new User(displayName, firstName,lastName, email, oid);
+                User user = new User(displayName, firstName,lastName, email, oid, studentnumber);
 
                 Auth authUser = new Auth(user, new ArrayList<>());
                 SecurityContextHolder.getContext().setAuthentication(authUser);

backend/app/src/main/java/com/ugent/pidgeon/auth/RolesInterceptor.java

@@ -61,7 +61,7 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons
 
                 if(userEntity == null) {
                     System.out.println("User does not exist, creating new one. user_id: " + auth.getOid());
-                    userEntity = new UserEntity(auth.getUser().firstName,auth.getUser().lastName, auth.getEmail(), UserRole.student, auth.getOid());
+                    userEntity = new UserEntity(auth.getUser().firstName,auth.getUser().lastName, auth.getEmail(), UserRole.student, auth.getOid(), auth.getStudentNumber());
                     OffsetDateTime now = OffsetDateTime.now();
                     userEntity.setCreatedAt(now);
                     userEntity = userRepository.save(userEntity);

backend/app/src/main/java/com/ugent/pidgeon/config/WebConfig.java

@@ -23,7 +23,9 @@ public void addCorsMappings(CorsRegistry registry) {
         registry.addMapping("/**")
                 .allowedMethods("*")
                 .allowedOrigins("*")
+                .exposedHeaders("Content-Disposition")
                 .allowedHeaders("*");
+
     }
 
 

backend/app/src/main/java/com/ugent/pidgeon/controllers/ClusterController.java

@@ -65,10 +65,15 @@ public ResponseEntity<?> getClustersForCourse(@PathVariable("courseid") Long cou
         if (checkResult.getStatus() != HttpStatus.OK) {
             return ResponseEntity.status(checkResult.getStatus()).body(checkResult.getMessage());
         }
+
+        CourseRelation courseRelation = checkResult.getData().getSecond();
+        boolean hideStudentNumber = courseRelation.equals(CourseRelation.enrolled);
+
         // Get the clusters for the course
         List<GroupClusterEntity> clusters = groupClusterRepository.findClustersWithoutInvidualByCourseId(courseid);
         List<GroupClusterJson> clusterJsons = clusters.stream().map(
-                entityToJsonConverter::clusterEntityToClusterJson).toList();
+            g -> entityToJsonConverter.clusterEntityToClusterJson(g, hideStudentNumber)
+        ).toList();
         // Return the clusters
         return ResponseEntity.ok(clusterJsons);
     }
@@ -107,20 +112,21 @@ public ResponseEntity<?> createClusterForCourse(@PathVariable("courseid") Long c
                 clusterJson.groupCount()
         );
         cluster.setCreatedAt(OffsetDateTime.now());
+        cluster.setLockGroupsAfter(clusterJson.lockGroupsAfter());
         GroupClusterEntity clusterEntity = groupClusterRepository.save(cluster);
 
         for (int i = 0; i < clusterJson.groupCount(); i++) {
             groupRepository.save(new GroupEntity("Group " + (i + 1), cluster.getId()));
         }
 
-        GroupClusterJson clusterJsonResponse = entityToJsonConverter.clusterEntityToClusterJson(clusterEntity);
+        GroupClusterJson clusterJsonResponse = entityToJsonConverter.clusterEntityToClusterJson(clusterEntity, false);
 
         // Return the cluster
         return ResponseEntity.status(HttpStatus.CREATED).body(clusterJsonResponse);
     }
 
     /**
-     * Returns all groups for a cluster
+     * Get cluster by ID
      *
      * @param clusterid identifier of a cluster
      * @param auth authentication object of the requesting user
@@ -138,8 +144,11 @@ public ResponseEntity<?> getCluster(@PathVariable("clusterid") Long clusterid, A
             return ResponseEntity.status(checkResult.getStatus()).body(checkResult.getMessage());
         }
         GroupClusterEntity cluster = checkResult.getData();
+
+        CheckResult<CourseEntity> courseAdmin = courseUtil.getCourseIfAdmin(cluster.getCourseId(), auth.getUserEntity());
+        boolean hideStudentNumber = !courseAdmin.getStatus().equals(HttpStatus.OK);
         // Return the cluster
-        return ResponseEntity.ok(entityToJsonConverter.clusterEntityToClusterJson(cluster));
+        return ResponseEntity.ok(entityToJsonConverter.clusterEntityToClusterJson(cluster, hideStudentNumber));
     }
 
 
@@ -174,18 +183,19 @@ public ResponseEntity<?> doGroupClusterUpdate(GroupClusterEntity clusterEntity,
         }
         clusterEntity.setMaxSize(clusterJson.getCapacity());
         clusterEntity.setName(clusterJson.getName());
+        clusterEntity.setLockGroupsAfter(clusterJson.getLockGroupsAfter());
         clusterEntity = groupClusterRepository.save(clusterEntity);
-        return ResponseEntity.ok(entityToJsonConverter.clusterEntityToClusterJson(clusterEntity));
+    return ResponseEntity.ok(entityToJsonConverter.clusterEntityToClusterJson(clusterEntity, false));
     }
 
     /**
      * Fills up the groups in a cluster by providing a map of groupids with lists of userids
      *
      * @param clusterid  identifier of a cluster
      * @param auth authentication object of the requesting user
-     * @param clusterFillMap Map object containing a map of all groups and their
-     *                        members of that cluster
+     * @param clusterFillMap Map object containing a map of all groups and their members of that cluster
      * @return ResponseEntity<?>
+     * @ApiDog <a href="https://apidog.com/apidoc/project-467959/api-7431004">apiDog documentation</a>
      * @HttpMethod PUT
      * @ApiPath /api/clusters/{clusterid}/fill
      * @AllowedRoles student, teacher
@@ -226,14 +236,25 @@ public ResponseEntity<?> fillCluster(@PathVariable("clusterid") Long clusterid,
 
             groupCluster.setGroupAmount(clusterFillJson.getClusterGroupMembers().size());
             groupClusterRepository.save(groupCluster);
-            return ResponseEntity.status(HttpStatus.OK).body(entityToJsonConverter.clusterEntityToClusterJson(groupCluster));
+            return ResponseEntity.status(HttpStatus.OK).body(entityToJsonConverter.clusterEntityToClusterJson(groupCluster, false));
         } catch (Exception e) {
             Logger.getGlobal().severe(e.getMessage());
             return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("Something went wrong");
         }
     }
 
-
+    /**
+     * Updates a cluster
+     *
+     * @param clusterid  identifier of a cluster
+     * @param auth authentication object of the requesting user
+     * @param clusterJson ClusterJson object containing the cluster data
+     * @return ResponseEntity<?>
+     * @ApiDog <a href="https://apidog.com/apidoc/project-467959/api-5883519">apiDog documentation</a>
+     * @HttpMethod PATCH
+     * @ApiPath /api/clusters/{clusterid}
+     * @AllowedRoles student, teacher
+     */
     @PatchMapping(ApiRoutes.CLUSTER_BASE_PATH + "/{clusterid}")
     @Roles({UserRole.teacher, UserRole.student})
     public ResponseEntity<?> patchCluster(@PathVariable("clusterid") Long clusterid, Auth auth, @RequestBody GroupClusterUpdateJson clusterJson) {
@@ -253,6 +274,10 @@ public ResponseEntity<?> patchCluster(@PathVariable("clusterid") Long clusterid,
             clusterJson.setName(cluster.getName());
         }
 
+        if (clusterJson.getLockGroupsAfter() == null) {
+            clusterJson.setLockGroupsAfter(cluster.getLockGroupsAfter());
+        }
+
         return doGroupClusterUpdate(cluster, clusterJson);
     }
 
@@ -317,6 +342,6 @@ public ResponseEntity<?> createGroupForCluster(@PathVariable("clusterid") Long c
 
         cluster.setGroupAmount(cluster.getGroupAmount() + 1);
         groupClusterRepository.save(cluster);
-        return ResponseEntity.status(HttpStatus.CREATED).body(entityToJsonConverter.groupEntityToJson(group));
+        return ResponseEntity.status(HttpStatus.CREATED).body(entityToJsonConverter.groupEntityToJson(group, false));
     }
 }

backend/app/src/main/java/com/ugent/pidgeon/controllers/CourseController.java

@@ -185,6 +185,18 @@ public ResponseEntity<?> updateCourse(@RequestBody CourseJson courseJson, @PathV
         }
     }
 
+    /**
+     * Function to update a course
+     *
+     * @param courseJson JSON object containing the course name and description
+     * @param courseId   ID of the course to update
+     * @param auth       authentication object of the requesting user
+     * @return ResponseEntity with the updated course entity
+     * @ApiDog <a href="https://apidog.com/apidoc/project-467959/api-6678309">apiDog documentation</a>
+     * @HttpMethod PATCH
+     * @AllowedRoles teacher, student
+     * @ApiPath /api/courses/{courseId}
+     */
     @PatchMapping(ApiRoutes.COURSE_BASE_PATH + "/{courseId}")
     @Roles({UserRole.teacher, UserRole.student})
     public ResponseEntity<?> patchCourse(@RequestBody CourseJson courseJson, @PathVariable long courseId, Auth auth) {
@@ -417,7 +429,7 @@ public ResponseEntity<?> joinCourse(Auth auth, @PathVariable Long courseId) {
      * @param auth     authentication object of the requesting user
      * @param courseId ID of the course to get the join key from
      * @return ResponseEntity with a statuscode and a JSON object containing the course information
-     * @ApiDog <a href="https://apidog.com/apidoc/project-467959/api-6698822">apiDog documentation</a>
+     * @ApiDog <a href="https://apidog.com/apidoc/project-467959/api-6768820">apiDog documentation</a>
      * @HttpMethod GET
      * @AllowedRoles teacher, student
      * @ApiPath /api/courses/{courseId}/join
@@ -496,7 +508,7 @@ private ResponseEntity<?> doRemoveFromCourse(
      * @param courseId ID of the course to add the user to
      * @param request  JSON object containing the user id and relation
      * @return ResponseEntity with a statuscode and no body
-     * @ApiDog <a href="https://apidog.com/apidoc/project-467959/api-5883723">apiDog documentation</a>
+     * @ApiDog <a href="https://apidog.com/apidoc/project-467959/api-6697093">apiDog documentation</a>
      * @HttpMethod POST
      * @AllowedRoles teacher, admin, student
      * @ApiPath /api/courses/{courseId}/members
@@ -591,14 +603,16 @@ public ResponseEntity<?> getCourseMembers(Auth auth, @PathVariable Long courseId
             return ResponseEntity.status(checkResult.getStatus()).body(checkResult.getMessage());
         }
 
+        boolean hideStudentNumber = checkResult.getData().getSecond().equals(CourseRelation.enrolled);
+
         List<CourseUserEntity> members = courseUserRepository.findAllMembers(courseId);
         List<UserReferenceWithRelation> memberJson = members.stream().
                 map(cue -> {
                     UserEntity user = userUtil.getUserIfExists(cue.getUserId());
                     if (user == null) {
                         return null;
                     }
-                    return entityToJsonConverter.userEntityToUserReferenceWithRelation(user, cue.getRelation());
+                    return entityToJsonConverter.userEntityToUserReferenceWithRelation(user, cue.getRelation(), hideStudentNumber);
                 }).
                 filter(Objects::nonNull).toList();
 
@@ -678,6 +692,17 @@ public ResponseEntity<String> deleteCourseKey(Auth auth, @PathVariable Long cour
         return ResponseEntity.ok("");
     }
 
+    /**
+     * Function to copy a course
+     *
+     * @param courseId ID of the course to copy
+     * @param auth     authentication object of the requesting user
+     * @return ResponseEntity with the copied course entity
+     * @ApiDog <a href="https://apidog.com/apidoc/project-467959/api-7254402">apiDog documentation</a>
+     * @HttpMethod POST
+     * @AllowedRoles teacher
+     * @ApiPath /api/courses/{courseId}/copy
+     */
     @PostMapping(ApiRoutes.COURSE_BASE_PATH + "/{courseId}/copy")
     @Roles({UserRole.teacher})
     @Transactional

backend/app/src/main/java/com/ugent/pidgeon/controllers/GroupController.java

@@ -9,7 +9,9 @@
 import com.ugent.pidgeon.postgre.models.types.UserRole;
 import com.ugent.pidgeon.postgre.repository.GroupRepository;
 import com.ugent.pidgeon.util.CheckResult;
+import com.ugent.pidgeon.util.ClusterUtil;
 import com.ugent.pidgeon.util.CommonDatabaseActions;
+import com.ugent.pidgeon.util.CourseUtil;
 import com.ugent.pidgeon.util.EntityToJsonConverter;
 import com.ugent.pidgeon.util.GroupUtil;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -28,13 +30,21 @@ public class GroupController {
     private EntityToJsonConverter entityToJsonConverter;
     @Autowired
     private CommonDatabaseActions commonDatabaseActions;
+  @Autowired
+  private ClusterUtil clusterUtil;
+  @Autowired
+  private CourseUtil courseUtil;
 
 
     /**
      * Function to get a group by its identifier
-     * @param groupid
-     * @param auth
-     * @return
+     * @param groupid identifier of a group
+     * @param auth    authentication object of the requesting user
+     * @return ResponseEntity<GroupJson>
+     * @ApiDog <a href="https://apidog.com/apidoc/project-467959/api-5723981">apiDog documentation</a>
+     * @HttpMethod GET
+     * @AllowedRoles student, teacher
+     * @ApiPath /api/groups/{groupid}
      */
     @GetMapping(ApiRoutes.GROUP_BASE_PATH + "/{groupid}")
     @Roles({UserRole.student, UserRole.teacher})
@@ -50,8 +60,14 @@ public ResponseEntity<?> getGroupById(@PathVariable("groupid") Long groupid, Aut
             return ResponseEntity.status(checkResult1.getStatus()).body(checkResult1.getMessage());
         }
 
+        boolean hideStudentNumber = true;
+        CheckResult<Void> adminCheck = groupUtil.isAdminOfGroup(groupid, auth.getUserEntity());
+        if (adminCheck.getStatus().equals(HttpStatus.OK)) {
+            hideStudentNumber = false;
+        }
+
         // Return the group
-        GroupJson groupJson = entityToJsonConverter.groupEntityToJson(group);
+        GroupJson groupJson = entityToJsonConverter.groupEntityToJson(group, hideStudentNumber);
         return ResponseEntity.ok(groupJson);
     }
 
@@ -63,7 +79,7 @@ public ResponseEntity<?> getGroupById(@PathVariable("groupid") Long groupid, Aut
      * @param auth        authentication object of the requesting user
      * @return ResponseEntity<GroupJson>
      * @ApiDog <a href="https://apidog.com/apidoc/project-467959/api-5723995">apiDog documentation</a>
-     * @HttpMethod Put
+     * @HttpMethod PUT
      * @AllowedRoles teacher
      * @ApiPath /api/groups/{groupid}
      */
@@ -81,7 +97,7 @@ public ResponseEntity<?> updateGroupName(@PathVariable("groupid") Long groupid,
      * @param auth        authentication object of the requesting user
      * @return ResponseEntity<GroupJson>
      * @ApiDog <a href="https://apidog.com/apidoc/project-467959/api-5883691">apiDog documentation</a>
-     * @HttpMethod Patch
+     * @HttpMethod PATCH
      * @AllowedRoles teacher
      * @ApiPath /api/groups/{groupid}
      */
@@ -113,7 +129,7 @@ private ResponseEntity<?> doGroupNameUpdate(Long groupid, NameRequest nameReques
         groupRepository.save(group);
 
         // Return the updated group
-        GroupJson groupJson = entityToJsonConverter.groupEntityToJson(group);
+        GroupJson groupJson = entityToJsonConverter.groupEntityToJson(group, false);
         return ResponseEntity.ok(groupJson);
     }
 
@@ -124,7 +140,7 @@ private ResponseEntity<?> doGroupNameUpdate(Long groupid, NameRequest nameReques
      * @param auth    authentication object of the requesting user
      * @return ResponseEntity<Void>
      * @ApiDog <a href="https://apidog.com/apidoc/project-467959/api-5723998">apiDog documentation</a>
-     * @HttpMethod Delete
+     * @HttpMethod DELETE
      * @AllowedRoles teacher, student
      * @ApiPath /api/groups/{groupid}
      */