From 153ec836cf1efa40a8c1be354aae6aacbc28bcd7 Mon Sep 17 00:00:00 2001 From: Harkamal Randhawa Date: Sun, 5 Apr 2026 16:03:29 -0600 Subject: [PATCH] Restrict assignments to staff --- .../controller/DropdownController.java | 2 +- .../backend/service/AdoptionService.java | 2 +- .../backend/service/AppointmentService.java | 2 +- .../controller/DropdownControllerTest.java | 5 ++--- .../backend/service/AdoptionServiceTest.java | 17 +++++---------- .../service/AppointmentServiceTest.java | 21 +++++++------------ 6 files changed, 18 insertions(+), 31 deletions(-) diff --git a/backend/src/main/java/com/petshop/backend/controller/DropdownController.java b/backend/src/main/java/com/petshop/backend/controller/DropdownController.java index b307174c..2217b4e7 100644 --- a/backend/src/main/java/com/petshop/backend/controller/DropdownController.java +++ b/backend/src/main/java/com/petshop/backend/controller/DropdownController.java @@ -201,7 +201,7 @@ public class DropdownController { return false; } return userRepository.findById(userId) - .filter(user -> user.getRole() == User.Role.STAFF || user.getRole() == User.Role.ADMIN) + .filter(user -> user.getRole() == User.Role.STAFF) .filter(user -> Boolean.TRUE.equals(user.getActive())) .isPresent(); } diff --git a/backend/src/main/java/com/petshop/backend/service/AdoptionService.java b/backend/src/main/java/com/petshop/backend/service/AdoptionService.java index 9519b8c5..c6ff1c60 100644 --- a/backend/src/main/java/com/petshop/backend/service/AdoptionService.java +++ b/backend/src/main/java/com/petshop/backend/service/AdoptionService.java @@ -173,7 +173,7 @@ public class AdoptionService { return false; } return userRepository.findById(userId) - .filter(user -> user.getRole() == User.Role.STAFF || user.getRole() == User.Role.ADMIN) + .filter(user -> user.getRole() == User.Role.STAFF) .filter(user -> Boolean.TRUE.equals(user.getActive())) .isPresent(); } diff --git a/backend/src/main/java/com/petshop/backend/service/AppointmentService.java b/backend/src/main/java/com/petshop/backend/service/AppointmentService.java index 867a8c98..363cb3a0 100644 --- a/backend/src/main/java/com/petshop/backend/service/AppointmentService.java +++ b/backend/src/main/java/com/petshop/backend/service/AppointmentService.java @@ -337,7 +337,7 @@ public class AppointmentService { return false; } return userRepository.findById(userId) - .filter(user -> user.getRole() == User.Role.STAFF || user.getRole() == User.Role.ADMIN) + .filter(user -> user.getRole() == User.Role.STAFF) .filter(user -> Boolean.TRUE.equals(user.getActive())) .isPresent(); } diff --git a/backend/src/test/java/com/petshop/backend/controller/DropdownControllerTest.java b/backend/src/test/java/com/petshop/backend/controller/DropdownControllerTest.java index e0adc2b6..563e5d2f 100644 --- a/backend/src/test/java/com/petshop/backend/controller/DropdownControllerTest.java +++ b/backend/src/test/java/com/petshop/backend/controller/DropdownControllerTest.java @@ -86,7 +86,7 @@ class DropdownControllerTest { } @Test - void getStoreEmployeesReturnsBothStaffAndAdminLinkedEmployees() { + void getStoreEmployeesReturnsOnlyStaffLinkedEmployees() { StoreLocation store = new StoreLocation(); store.setStoreId(1L); @@ -121,9 +121,8 @@ class DropdownControllerTest { var response = controller.getStoreEmployees(1L); - assertEquals(2, response.getBody().size()); + assertEquals(1, response.getBody().size()); assertEquals(Long.valueOf(7L), response.getBody().get(0).getId()); - assertEquals(Long.valueOf(8L), response.getBody().get(1).getId()); } @Test diff --git a/backend/src/test/java/com/petshop/backend/service/AdoptionServiceTest.java b/backend/src/test/java/com/petshop/backend/service/AdoptionServiceTest.java index 0f3a47a1..1fef0e42 100644 --- a/backend/src/test/java/com/petshop/backend/service/AdoptionServiceTest.java +++ b/backend/src/test/java/com/petshop/backend/service/AdoptionServiceTest.java @@ -87,11 +87,11 @@ class AdoptionServiceTest { } @Test - void createAdoptionAutoAssignsFirstAssignableEmployee() { + void createAdoptionAutoAssignsFirstStaffEmployee() { when(petRepository.findById(1L)).thenReturn(Optional.of(pet)); when(customerRepository.findById(1L)).thenReturn(Optional.of(customer)); - // resolveAdoptionEmployee uses the first one from the list returned by repo - when(employeeRepository.findAllByIsActiveTrueOrderByEmployeeIdAsc()).thenReturn(List.of(staffEmployee, adminEmployee)); + // resolveAdoptionEmployee filters for staff + when(employeeRepository.findAllByIsActiveTrueOrderByEmployeeIdAsc()).thenReturn(List.of(adminEmployee, staffEmployee)); when(adoptionRepository.save(any(Adoption.class))).thenAnswer(invocation -> { Adoption adoption = invocation.getArgument(0); adoption.setAdoptionId(10L); @@ -111,15 +111,10 @@ class AdoptionServiceTest { } @Test - void createAdoptionAllowsAdminEmployeeSelection() { + void createAdoptionRejectsAdminEmployeeSelection() { when(petRepository.findById(1L)).thenReturn(Optional.of(pet)); when(customerRepository.findById(1L)).thenReturn(Optional.of(customer)); when(employeeRepository.findById(8L)).thenReturn(Optional.of(adminEmployee)); - when(adoptionRepository.save(any(Adoption.class))).thenAnswer(invocation -> { - Adoption adoption = invocation.getArgument(0); - adoption.setAdoptionId(10L); - return adoption; - }); AdoptionRequest request = new AdoptionRequest(); request.setPetId(1L); @@ -128,9 +123,7 @@ class AdoptionServiceTest { request.setAdoptionDate(LocalDate.now()); request.setAdoptionStatus("Pending"); - var response = adoptionService.createAdoption(request); - - assertEquals(8L, response.getEmployeeId()); + assertThrows(IllegalArgumentException.class, () -> adoptionService.createAdoption(request)); } @Test diff --git a/backend/src/test/java/com/petshop/backend/service/AppointmentServiceTest.java b/backend/src/test/java/com/petshop/backend/service/AppointmentServiceTest.java index 7146248c..d4892126 100644 --- a/backend/src/test/java/com/petshop/backend/service/AppointmentServiceTest.java +++ b/backend/src/test/java/com/petshop/backend/service/AppointmentServiceTest.java @@ -264,10 +264,13 @@ class AppointmentServiceTest { } @Test - void createAppointmentAllowsAdminEmployeeSelection() { - setAuthentication(7L, User.Role.STAFF); - when(employeeRepository.findByUserId(7L)).thenReturn(Optional.of(employee)); - when(employeeStoreRepository.findByEmployeeEmployeeId(7L)).thenReturn(Optional.of(new EmployeeStore(employee, store))); + void createAppointmentRejectsAdminEmployeeSelection() { + setAuthentication(99L, User.Role.ADMIN); + User adminUser = new User(); + adminUser.setId(99L); + adminUser.setRole(User.Role.ADMIN); + adminUser.setActive(true); + when(userRepository.findById(99L)).thenReturn(Optional.of(adminUser)); Employee adminEmployee = new Employee(); adminEmployee.setEmployeeId(8L); @@ -290,11 +293,6 @@ class AppointmentServiceTest { when(customerPetRepository.findById(11L)).thenReturn(Optional.of(customerPet)); when(employeeStoreRepository.findActiveByStoreStoreIdOrderByEmployeeEmployeeIdAsc(1L)) .thenReturn(List.of(new EmployeeStore(adminEmployee, store), new EmployeeStore(employee, store))); - when(appointmentRepository.save(any(Appointment.class))).thenAnswer(invocation -> { - Appointment appointment = invocation.getArgument(0); - appointment.setAppointmentId(102L); - return appointment; - }); var request = new com.petshop.backend.dto.appointment.AppointmentRequest(); request.setCustomerId(1L); @@ -306,10 +304,7 @@ class AppointmentServiceTest { request.setAppointmentStatus("Booked"); request.setCustomerPetIds(List.of(11L)); - var response = appointmentService.createAppointment(request); - - assertEquals(102L, response.getAppointmentId()); - assertEquals(8L, response.getEmployeeId()); + assertThrows(IllegalArgumentException.class, () -> appointmentService.createAppointment(request)); } @Test