From 7070ca6414421ef3f8b5c05c70507305527994fb Mon Sep 17 00:00:00 2001
From: Flor <flocorlop@alum.us.es>
Date: Wed, 31 Mar 2021 19:42:53 +0200
Subject: [PATCH] =?UTF-8?q?Version=202=20(abrir):=20solo=20puedes=20modifi?=
 =?UTF-8?q?car=20tu=20rese=C3=B1a=20aparece=20el=20username=20en=20la=20li?=
 =?UTF-8?q?sta?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../springframework/cheapy/model/Review.java  | 11 +++++++
 .../cheapy/repository/UserRepository.java     | 15 +++++++++
 .../cheapy/repository/UsuarioRepository.java  | 11 -------
 .../cheapy/service/UserService.java           | 29 +++++++++++++++++
 .../cheapy/web/ReviewController.java          | 31 +++++++++++++++++--
 .../resources/messages/messages_es.properties |  3 +-
 .../WEB-INF/jsp/reviews/reviewsList.jsp       |  4 +++
 7 files changed, 89 insertions(+), 15 deletions(-)
 create mode 100644 src/main/java/org/springframework/cheapy/repository/UserRepository.java
 delete mode 100644 src/main/java/org/springframework/cheapy/repository/UsuarioRepository.java
 create mode 100644 src/main/java/org/springframework/cheapy/service/UserService.java

diff --git a/src/main/java/org/springframework/cheapy/model/Review.java b/src/main/java/org/springframework/cheapy/model/Review.java
index 9bf152071..b8259eb20 100644
--- a/src/main/java/org/springframework/cheapy/model/Review.java
+++ b/src/main/java/org/springframework/cheapy/model/Review.java
@@ -23,7 +23,18 @@ public class Review extends BaseEntity{
 	@Range(min = 1, max = 5)
 	private Integer stars;
 
+	@ManyToOne
+	@JoinColumn(name = "username", referencedColumnName = "username")
+	private User escritor;
 	
+	public User getEscritor() {
+		return escritor;
+	}
+
+	public void setEscritor(User escritor) {
+		this.escritor = escritor;
+	}
+
 	public String getOpinion() {
 		return opinion;
 	}
diff --git a/src/main/java/org/springframework/cheapy/repository/UserRepository.java b/src/main/java/org/springframework/cheapy/repository/UserRepository.java
new file mode 100644
index 000000000..0c29a7bf6
--- /dev/null
+++ b/src/main/java/org/springframework/cheapy/repository/UserRepository.java
@@ -0,0 +1,15 @@
+
+package org.springframework.cheapy.repository;
+
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.CrudRepository;
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.cheapy.model.User;
+import org.springframework.cheapy.model.Usuario;
+
+public interface UserRepository extends CrudRepository<Usuario, String> {
+
+	@Query("SELECT u FROM User u WHERE username =:username")
+	@Transactional(readOnly = true)
+	User findByUsername(String username);
+}
diff --git a/src/main/java/org/springframework/cheapy/repository/UsuarioRepository.java b/src/main/java/org/springframework/cheapy/repository/UsuarioRepository.java
deleted file mode 100644
index 1bd7c8ee2..000000000
--- a/src/main/java/org/springframework/cheapy/repository/UsuarioRepository.java
+++ /dev/null
@@ -1,11 +0,0 @@
-
-package org.springframework.cheapy.repository;
-
-import org.springframework.data.repository.CrudRepository;
-import org.springframework.cheapy.model.Usuario;
-
-public interface UsuarioRepository extends CrudRepository<Usuario, String> {
-
-	//Usuario findByUsername(String currentPrincipalName);
-
-}
diff --git a/src/main/java/org/springframework/cheapy/service/UserService.java b/src/main/java/org/springframework/cheapy/service/UserService.java
new file mode 100644
index 000000000..92b896e7f
--- /dev/null
+++ b/src/main/java/org/springframework/cheapy/service/UserService.java
@@ -0,0 +1,29 @@
+package org.springframework.cheapy.service;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.cheapy.model.User;
+import org.springframework.cheapy.repository.UserRepository;
+import org.springframework.dao.DataAccessException;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+@Service
+public class UserService {
+
+	private UserRepository userRepository;
+	
+	@Autowired
+	public UserService(final UserRepository userRepository) {
+		this.userRepository = userRepository;
+	}
+
+	@Transactional
+	public User getCurrentUser() throws DataAccessException {
+		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+		String username = authentication.getName();
+		return this.userRepository.findByUsername(username);
+	}
+	
+}
diff --git a/src/main/java/org/springframework/cheapy/web/ReviewController.java b/src/main/java/org/springframework/cheapy/web/ReviewController.java
index d51b851e5..34ad021a5 100644
--- a/src/main/java/org/springframework/cheapy/web/ReviewController.java
+++ b/src/main/java/org/springframework/cheapy/web/ReviewController.java
@@ -6,8 +6,11 @@ import java.util.Map;
 
 import javax.validation.Valid;
 
+import org.springframework.cheapy.model.Client;
 import org.springframework.cheapy.model.Review;
+import org.springframework.cheapy.model.User;
 import org.springframework.cheapy.service.ReviewService;
+import org.springframework.cheapy.service.UserService;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.ModelMap;
 import org.springframework.validation.BindingResult;
@@ -21,9 +24,21 @@ public class ReviewController {
 
 	private static final String VIEWS_REVIEWS_CREATE_OR_UPDATE_FORM = "reviews/createOrUpdateReviewForm";
 	private final ReviewService reviewService;
+	private final UserService userService;
 
-	public ReviewController(final ReviewService reviewService) {
+	public ReviewController(final ReviewService reviewService, final UserService userService) {
 		this.reviewService = reviewService;
+		this.userService = userService;
+	}
+	private boolean checkIdentity(final int reviewId) {
+		boolean res = false;
+		User user = this.userService.getCurrentUser();
+		Review review = this.reviewService.findReviewById(reviewId);
+		User reviewsAuthor = review.getEscritor();
+		if (user.equals(reviewsAuthor)) {
+			res = true;
+		}
+		return res;
 	}
 	@GetMapping("/reviews")
 	public String processFindForm( Map<String, Object> model) {
@@ -47,6 +62,9 @@ public class ReviewController {
 		if (result.hasErrors()) {
 			return VIEWS_REVIEWS_CREATE_OR_UPDATE_FORM;
 		} else {
+			User escritor = this.userService.getCurrentUser();
+			review.setEscritor(escritor);
+			
 			this.reviewService.saveReview(review);
 			return "redirect:/reviews/" + review.getId();
 		}
@@ -68,7 +86,9 @@ public class ReviewController {
 
 	@GetMapping(value = "/reviews/{reviewId}/edit")
 	public String updateReview(@PathVariable("reviewId") final int reviewId, final ModelMap model) {
-		
+		if (!this.checkIdentity(reviewId)) {
+			return "error";
+		}
 
 		Review review = this.reviewService.findReviewById(reviewId);
 		model.addAttribute("review", review);
@@ -77,12 +97,17 @@ public class ReviewController {
 
 	@PostMapping(value = "/reviews/{reviewId}/edit")
 	public String updateReview(@Valid final Review reviewEdit, final BindingResult result, final ModelMap model) {
-		
+		if (!this.checkIdentity(reviewEdit.getId())) {
+			return "error";
+		}
 		if (result.hasErrors()) {
 			model.addAttribute("review", reviewEdit);
 			return ReviewController.VIEWS_REVIEWS_CREATE_OR_UPDATE_FORM;
 
 		} else {
+			User escritor = this.userService.getCurrentUser();
+			reviewEdit.setEscritor(escritor);
+			
 			this.reviewService.saveReview(reviewEdit);
 			return "redirect:/reviews/" + reviewEdit.getId();
 		}
diff --git a/src/main/resources/messages/messages_es.properties b/src/main/resources/messages/messages_es.properties
index ccf24729e..6a54b70ec 100644
--- a/src/main/resources/messages/messages_es.properties
+++ b/src/main/resources/messages/messages_es.properties
@@ -35,4 +35,5 @@ typeMismatch.birthDate=Fecha invÃ¡lida
 review= Reseña
 reviews= Reseñas
 stars= Estrellas
-opinion= Opinión
\ No newline at end of file
+opinion= Opinión
+user = Nombre de usuario
\ No newline at end of file
diff --git a/src/main/webapp/WEB-INF/jsp/reviews/reviewsList.jsp b/src/main/webapp/WEB-INF/jsp/reviews/reviewsList.jsp
index 2bd848cd9..3f91077ca 100644
--- a/src/main/webapp/WEB-INF/jsp/reviews/reviewsList.jsp
+++ b/src/main/webapp/WEB-INF/jsp/reviews/reviewsList.jsp
@@ -13,6 +13,7 @@
         <thead>
         <tr>
         	<!-- <th style="width: 150px;">Restaurante</th> -->
+        	<th><fmt:message key="user"/></th>
         	<th><fmt:message key="stars"/></th>
             <th><fmt:message key="opinion"/></th>
             <th> </th>
@@ -24,6 +25,9 @@
 <!--                 <td> -->
 <%--                     <c:out value="nombre por definir"/> <!-- ${review.usuario.nombre},${review.usuario.apellidos}  --> --%>
 <!--                 </td> -->
+                <td>
+                    <c:out value="${review.escritor.username}"/>
+                </td>
                 <td>
                     <c:out value="${review.stars}"/>
                 </td>