From 30334c63cb98abe21cc85cebf8d88e146ca5c377 Mon Sep 17 00:00:00 2001
From: luevard <lucas.evard@etu.uca.fr>
Date: Thu, 6 Jun 2024 10:13:33 +0200
Subject: [PATCH] :sparkles: [no_ci] Allow users to get only authorized bets

---
 .../main/kotlin/allin/data/BetDataSource.kt   |  4 +-
 .../allin/data/mock/MockBetDataSource.kt      |  7 +-
 .../data/postgres/PostgresBetDataSource.kt    | 21 ++++--
 .../allin/data/postgres/entities/BetEntity.kt |  2 +-
 .../main/kotlin/allin/routing/betRouter.kt    | 65 ++++++++++---------
 5 files changed, 59 insertions(+), 40 deletions(-)

diff --git a/Sources/src/main/kotlin/allin/data/BetDataSource.kt b/Sources/src/main/kotlin/allin/data/BetDataSource.kt
index d29c5ba..bcffd62 100644
--- a/Sources/src/main/kotlin/allin/data/BetDataSource.kt
+++ b/Sources/src/main/kotlin/allin/data/BetDataSource.kt
@@ -1,10 +1,11 @@
 package allin.data
 
+import allin.dto.UserDTO
 import allin.model.*
 import java.time.ZonedDateTime
 
 interface BetDataSource {
-    fun getAllBets(filters: List<BetFilter>): List<Bet>
+    fun getAllBets(filters: List<BetFilter>, userDTO: UserDTO): List<Bet>
     fun getBetById(id: String): Bet?
     fun getBetDetailById(id: String, username: String): BetDetail?
     fun getBetsNotFinished(): List<Bet>
@@ -20,4 +21,5 @@ interface BetDataSource {
     fun getMostPopularBet(): Bet?
     fun updatePopularityScore(betId: String)
     fun addPrivateBet(bet: Bet)
+    fun isInvited(betid: String, userId: String): Boolean
 }
\ No newline at end of file
diff --git a/Sources/src/main/kotlin/allin/data/mock/MockBetDataSource.kt b/Sources/src/main/kotlin/allin/data/mock/MockBetDataSource.kt
index 753d3eb..c9831dd 100644
--- a/Sources/src/main/kotlin/allin/data/mock/MockBetDataSource.kt
+++ b/Sources/src/main/kotlin/allin/data/mock/MockBetDataSource.kt
@@ -1,6 +1,7 @@
 package allin.data.mock
 
 import allin.data.BetDataSource
+import allin.dto.UserDTO
 import allin.model.*
 import allin.model.BetStatus.*
 import java.time.ZonedDateTime
@@ -15,7 +16,7 @@ class MockBetDataSource(private val mockData: MockDataSource.MockData) : BetData
     private val betInfos get() = mockData.betInfos
     private val answerInfos get() = mockData.answerInfos
 
-    override fun getAllBets(filters: List<BetFilter>): List<Bet> {
+    override fun getAllBets(filters: List<BetFilter>, userDTO: UserDTO): List<Bet> {
         return when {
             filters.isEmpty() -> bets
 
@@ -237,4 +238,8 @@ class MockBetDataSource(private val mockData: MockDataSource.MockData) : BetData
         TODO()
     }
 
+    override fun isInvited(betid: String, userId: String): Boolean {
+        TODO("Not yet implemented")
+    }
+
 }
diff --git a/Sources/src/main/kotlin/allin/data/postgres/PostgresBetDataSource.kt b/Sources/src/main/kotlin/allin/data/postgres/PostgresBetDataSource.kt
index 0309a47..103ace9 100644
--- a/Sources/src/main/kotlin/allin/data/postgres/PostgresBetDataSource.kt
+++ b/Sources/src/main/kotlin/allin/data/postgres/PostgresBetDataSource.kt
@@ -2,6 +2,7 @@ package allin.data.postgres
 
 import allin.data.BetDataSource
 import allin.data.postgres.entities.*
+import allin.dto.UserDTO
 import allin.model.*
 import org.ktorm.database.Database
 import org.ktorm.dsl.*
@@ -13,9 +14,10 @@ import kotlin.math.roundToInt
 
 class PostgresBetDataSource(private val database: Database) : BetDataSource {
 
-    override fun getAllBets(filters: List<BetFilter>): List<Bet> {
+    override fun getAllBets(filters: List<BetFilter>, userDTO: UserDTO): List<Bet> {
         return when {
-            filters.isEmpty() -> database.bets.filter { it.isPrivate eq false  }.map { it.toBet(database) }
+            filters.isEmpty() -> database.bets.map { it.toBet(database) }
+                .filter { (!it.isPrivate) or (isInvited(it.id, userDTO.id)) or (it.createdBy == userDTO.id) }
 
             filters.size == 1 -> {
                 val filter = filters.first()
@@ -28,6 +30,7 @@ class PostgresBetDataSource(private val database: Database) : BetDataSource {
                         it.status inList listOf(BetStatus.IN_PROGRESS, BetStatus.WAITING, BetStatus.CLOSING)
                     }
                 }.map { it.toBet(database) }
+                    .filter { (!it.isPrivate) or (isInvited(it.id, userDTO.id)) or (it.createdBy == userDTO.id) }
             }
 
             else -> {
@@ -44,11 +47,11 @@ class PostgresBetDataSource(private val database: Database) : BetDataSource {
 
                     (public or invitation) and (finished or inProgress)
                 }.map { it.toBet(database) }
+                    .filter { (!it.isPrivate) or (isInvited(it.id, userDTO.id)) or (it.createdBy == userDTO.id) }
             }
         }
     }
 
-
     override fun getBetById(id: String): Bet? =
         database.bets.find { it.id eq id }?.toBet(database)
 
@@ -256,11 +259,15 @@ class PostgresBetDataSource(private val database: Database) : BetDataSource {
 
     override fun addPrivateBet(bet: Bet) {
         addBet(bet)
-        bet.userInvited?.forEach{
-            database.privatebets.add(PrivateBetEntity{
-                betId=bet.id
-                userId=it
+        bet.userInvited?.forEach {
+            database.privatebets.add(PrivateBetEntity {
+                betId = bet.id
+                userId = it
             })
         }
     }
+
+    override fun isInvited(betid: String, userId: String): Boolean {
+        return database.privatebets.filter { (it.betid eq betid) and (it.userId eq userId) }.isNotEmpty()
+    }
 }
\ No newline at end of file
diff --git a/Sources/src/main/kotlin/allin/data/postgres/entities/BetEntity.kt b/Sources/src/main/kotlin/allin/data/postgres/entities/BetEntity.kt
index 41990fa..4627f2f 100644
--- a/Sources/src/main/kotlin/allin/data/postgres/entities/BetEntity.kt
+++ b/Sources/src/main/kotlin/allin/data/postgres/entities/BetEntity.kt
@@ -41,7 +41,7 @@ interface BetEntity : Entity<BetEntity> {
             } else {
                 database.responses.filter { it.betId eq id }.map { it.response }
             },
-            createdBy = createdBy,
+            createdBy = database.users.first { it.id eq createdBy }.username,
             popularityscore = popularityscore,
             totalStakes = betInfo?.totalStakes ?: 0,
             totalParticipants = betInfo?.totalParticipants ?: 0
diff --git a/Sources/src/main/kotlin/allin/routing/betRouter.kt b/Sources/src/main/kotlin/allin/routing/betRouter.kt
index f736017..0170980 100644
--- a/Sources/src/main/kotlin/allin/routing/betRouter.kt
+++ b/Sources/src/main/kotlin/allin/routing/betRouter.kt
@@ -46,22 +46,22 @@ fun Application.betRouter() {
                     }
                 }
             }) {
-                logManager.log("Routing","POST /bets/add")
+                logManager.log("Routing", "POST /bets/add")
                 hasToken { principal ->
                     val bet = call.receive<Bet>()
                     val id = UUID.randomUUID().toString()
                     val username = tokenManagerBet.getUsernameFromToken(principal)
                     val user = userDataSource.getUserByUsername(username)
                     betDataSource.getBetById(id)?.let {
-                        logManager.log("Routing","${ApiMessage.BET_ALREADY_EXIST} /bets/add")
+                        logManager.log("Routing", "${ApiMessage.BET_ALREADY_EXIST} /bets/add")
                         call.respond(HttpStatusCode.Conflict, ApiMessage.BET_ALREADY_EXIST)
                     } ?: run {
-                        val betWithId = bet.copy(id = id, createdBy = user.first?.username.toString())
+                        val betWithId = bet.copy(id = id, createdBy = user.first?.id.toString())
 
-                        if(bet.isPrivate && bet.userInvited?.isNotEmpty() == true){
+                        if (bet.isPrivate && bet.userInvited?.isNotEmpty() == true) {
                             betDataSource.addPrivateBet(betWithId)
                         } else betDataSource.addBet(betWithId)
-                        logManager.log("Routing","CREATED /bets/add\t${betWithId}")
+                        logManager.log("Routing", "CREATED /bets/add\t${betWithId}")
                         call.respond(HttpStatusCode.Created, betWithId)
                     }
                 }
@@ -85,15 +85,15 @@ fun Application.betRouter() {
                     }
                 }
             }) {
-                logManager.log("Routing","POST /bets/gets")
+                logManager.log("Routing", "POST /bets/gets")
                 hasToken { principal ->
-                    verifyUserFromToken(userDataSource, principal) { user , _ ->
+                    verifyUserFromToken(userDataSource, principal) { user, _ ->
                         val filtersRequest =
                             kotlin.runCatching { call.receiveNullable<BetFiltersRequest>() }.getOrNull()
                         val filters =
                             filtersRequest?.filters ?: emptyList() // Use provided filters or empty list if null
-                        logManager.log("Routing","ACCEPTED /bets/gets\t${filters}")
-                        call.respond(HttpStatusCode.Accepted, betDataSource.getAllBets(filters))
+                        logManager.log("Routing", "ACCEPTED /bets/gets\t${filters}")
+                        call.respond(HttpStatusCode.Accepted, betDataSource.getAllBets(filters, user))
                     }
                 }
             }
@@ -114,15 +114,15 @@ fun Application.betRouter() {
                     }
                 }
             }) {
-                logManager.log("Routing","GET /bets/popular")
+                logManager.log("Routing", "GET /bets/popular")
                 hasToken { principal ->
                     verifyUserFromToken(userDataSource, principal) { _, _ ->
                         val bet = betDataSource.getMostPopularBet()
                         if (bet != null) {
-                            logManager.log("Routing","ACCEPTED /bets/popular\t${bet}")
+                            logManager.log("Routing", "ACCEPTED /bets/popular\t${bet}")
                             call.respond(HttpStatusCode.Accepted, bet)
                         }
-                        logManager.log("Routing","${ApiMessage.BET_NOT_FOUND} /bets/popular")
+                        logManager.log("Routing", "${ApiMessage.BET_NOT_FOUND} /bets/popular")
                         call.respond(HttpStatusCode.NotFound, ApiMessage.BET_NOT_FOUND)
                     }
                 }
@@ -147,13 +147,12 @@ fun Application.betRouter() {
                 }
             }
         }) {
-            logManager.log("Routing","GET /bets/get/{id}")
+            logManager.log("Routing", "GET /bets/get/{id}")
             val id = call.parameters["id"] ?: ""
             betDataSource.getBetById(id)?.let { bet ->
-                logManager.log("Routing","ACCEPTED /bets/get/{id}\t ${bet}")
+                logManager.log("Routing", "ACCEPTED /bets/get/{id}\t ${bet}")
                 call.respond(HttpStatusCode.Accepted, bet)
-            } ?:
-            logManager.log("Routing","${ApiMessage.BET_NOT_FOUND} /bets/get/{id}")
+            } ?: logManager.log("Routing", "${ApiMessage.BET_NOT_FOUND} /bets/get/{id}")
             call.respond(HttpStatusCode.NotFound, ApiMessage.BET_NOT_FOUND)
         }
 
@@ -174,13 +173,13 @@ fun Application.betRouter() {
                 }
             }
         }) {
-            logManager.log("Routing","POST /bets/delete")
+            logManager.log("Routing", "POST /bets/delete")
             val id = call.receive<Map<String, String>>()["id"] ?: ""
             if (betDataSource.removeBet(id)) {
-                logManager.log("Routing","ACCEPTED /bets/delete")
+                logManager.log("Routing", "ACCEPTED /bets/delete")
                 call.respond(HttpStatusCode.Accepted)
             } else {
-                logManager.log("Routing","${ApiMessage.BET_NOT_FOUND} /bets/delete")
+                logManager.log("Routing", "${ApiMessage.BET_NOT_FOUND} /bets/delete")
                 call.respond(HttpStatusCode.NotFound, ApiMessage.BET_NOT_FOUND)
             }
         }
@@ -202,13 +201,13 @@ fun Application.betRouter() {
                 }
             }
         }) {
-            logManager.log("Routing","POST /bets/update")
+            logManager.log("Routing", "POST /bets/update")
             val updatedBetData = call.receive<UpdatedBetData>()
             if (betDataSource.updateBet(updatedBetData)) {
-                logManager.log("Routing","ACCEPTED /bets/delete")
+                logManager.log("Routing", "ACCEPTED /bets/delete")
                 call.respond(HttpStatusCode.Accepted)
             } else {
-                logManager.log("Routing","${ApiMessage.BET_NOT_FOUND} /bets/delete")
+                logManager.log("Routing", "${ApiMessage.BET_NOT_FOUND} /bets/delete")
                 call.respond(HttpStatusCode.NotFound, ApiMessage.BET_NOT_FOUND)
             }
         }
@@ -228,11 +227,11 @@ fun Application.betRouter() {
                     }
                 }
             }) {
-                logManager.log("Routing","GET /bets/toConfirm")
+                logManager.log("Routing", "GET /bets/toConfirm")
                 hasToken { principal ->
                     verifyUserFromToken(userDataSource, principal) { user, _ ->
                         val response = betDataSource.getToConfirm(user.username)
-                        logManager.log("Routing","ACCEPTED /bets/toConfirm\t${response}")
+                        logManager.log("Routing", "ACCEPTED /bets/toConfirm\t${response}")
                         call.respond(HttpStatusCode.Accepted, response)
                     }
                 }
@@ -254,10 +253,10 @@ fun Application.betRouter() {
                     }
                 }
             }) {
-                logManager.log("Routing","GET /bets/getWon")
+                logManager.log("Routing", "GET /bets/getWon")
                 hasToken { principal ->
                     verifyUserFromToken(userDataSource, principal) { user, _ ->
-                        logManager.log("Routing","ACCEPTED /bets/getWon")
+                        logManager.log("Routing", "ACCEPTED /bets/getWon")
                         call.respond(HttpStatusCode.Accepted, betDataSource.getWonNotifications(user.username))
                     }
                 }
@@ -279,10 +278,13 @@ fun Application.betRouter() {
                     }
                 }
             }) {
-                logManager.log("Routing","GET /bets/history")
+                logManager.log("Routing", "GET /bets/history")
                 hasToken { principal ->
                     verifyUserFromToken(userDataSource, principal) { user, _ ->
-                        logManager.log("Routing","ACCEPTED /bets/toConfirm\t${betDataSource.getHistory(user.username)}")
+                        logManager.log(
+                            "Routing",
+                            "ACCEPTED /bets/toConfirm\t${betDataSource.getHistory(user.username)}"
+                        )
                         call.respond(HttpStatusCode.Accepted, betDataSource.getHistory(user.username))
                     }
                 }
@@ -304,10 +306,13 @@ fun Application.betRouter() {
                     }
                 }
             }) {
-                logManager.log("Routing","GET /bets/current")
+                logManager.log("Routing", "GET /bets/current")
                 hasToken { principal ->
                     verifyUserFromToken(userDataSource, principal) { user, _ ->
-                        logManager.log("Routing","ACCEPTED /bets/toConfirm\t${betDataSource.getCurrent(user.username)}")
+                        logManager.log(
+                            "Routing",
+                            "ACCEPTED /bets/toConfirm\t${betDataSource.getCurrent(user.username)}"
+                        )
                         call.respond(HttpStatusCode.Accepted, betDataSource.getCurrent(user.username))
                     }
                 }