diff --git a/backend/app/src/main/java/com/ugent/pidgeon/controllers/FilesubmissiontestController.java b/backend/app/src/main/java/com/ugent/pidgeon/controllers/FilesubmissiontestController.java index f15b9598..0b7c396b 100644 --- a/backend/app/src/main/java/com/ugent/pidgeon/controllers/FilesubmissiontestController.java +++ b/backend/app/src/main/java/com/ugent/pidgeon/controllers/FilesubmissiontestController.java @@ -4,6 +4,7 @@ import com.ugent.pidgeon.postgre.models.SubmissionEntity; import com.ugent.pidgeon.postgre.repository.FileRepository; import com.ugent.pidgeon.postgre.repository.GroupRepository; +import com.ugent.pidgeon.postgre.repository.ProjectRepository; import com.ugent.pidgeon.postgre.repository.SubmissionRepository; import com.ugent.pidgeon.util.Filehandler; import org.springframework.beans.factory.annotation.Autowired; @@ -31,12 +32,17 @@ public class FilesubmissiontestController { private FileRepository fileRepository; @Autowired private SubmissionRepository submissionRepository; + @Autowired + private ProjectRepository projectRepository; @PostMapping("/project/{projectid}/submit") //Route to submit a file, it accepts a multiform with the file and submissionTime public ResponseEntity submitFile(@RequestParam("file") MultipartFile file, @RequestParam("submissionTime") Timestamp time, @PathVariable("projectid") long projectid) { long userId = 1L; //TODO: replace with id of current user Long groupId = groupRepository.groupIdByProjectAndUser(projectid, userId); + if (!projectRepository.userPartOfProject(projectid, userId)) { + return ResponseEntity.status(HttpStatus.FORBIDDEN).body("You aren't part of this project"); + } //TODO: executes the tests onces these are implemented try { //Save the file entry in the database to get the id diff --git a/backend/app/src/main/java/com/ugent/pidgeon/postgre/repository/ProjectRepository.java b/backend/app/src/main/java/com/ugent/pidgeon/postgre/repository/ProjectRepository.java index 7cacecb3..afe0675b 100644 --- a/backend/app/src/main/java/com/ugent/pidgeon/postgre/repository/ProjectRepository.java +++ b/backend/app/src/main/java/com/ugent/pidgeon/postgre/repository/ProjectRepository.java @@ -2,9 +2,21 @@ import com.ugent.pidgeon.postgre.models.ProjectEntity; import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.data.jpa.repository.Query; import java.util.List; public interface ProjectRepository extends JpaRepository { List findByCourseId(long courseId); + + @Query(value = """ + SELECT CASE WHEN EXISTS ( + SELECT gu + FROM GroupUserEntity gu + INNER JOIN GroupEntity g ON gu.groupId = g.id + INNER JOIN GroupClusterEntity gc ON g.clusterId = gc.id + INNER JOIN ProjectEntity p ON p.groupClusterId = gc.id + WHERE gu.userId = ?1 and p.id = ?2 + ) THEN true ELSE false END""") + Boolean userPartOfProject(long projectId, long userId); }