From 2c7d154a93bf90ea47ec8233c62f3aeed6666bb1 Mon Sep 17 00:00:00 2001
From: Christoph Thelen <christoph.thelen@mni.thm.de>
Date: Tue, 2 Dec 2014 12:57:59 +0100
Subject: [PATCH] Fixed #12048: Allow answer deletion based on question variant

---
 .../LecturerQuestionController.java           | 11 +++++++-
 .../java/de/thm/arsnova/dao/CouchDBDao.java   | 16 ++++++++++++
 .../java/de/thm/arsnova/dao/IDatabaseDao.java |  4 +++
 .../arsnova/services/IQuestionService.java    |  4 +++
 .../thm/arsnova/services/QuestionService.java | 26 ++++++++++++-------
 .../de/thm/arsnova/dao/StubDatabaseDao.java   | 14 +++++++++-
 6 files changed, 63 insertions(+), 12 deletions(-)

diff --git a/src/main/java/de/thm/arsnova/controller/LecturerQuestionController.java b/src/main/java/de/thm/arsnova/controller/LecturerQuestionController.java
index e4c7e2d5..964f1005 100644
--- a/src/main/java/de/thm/arsnova/controller/LecturerQuestionController.java
+++ b/src/main/java/de/thm/arsnova/controller/LecturerQuestionController.java
@@ -38,6 +38,7 @@ import org.springframework.web.bind.annotation.RestController;
 import de.thm.arsnova.entities.Answer;
 import de.thm.arsnova.entities.Question;
 import de.thm.arsnova.exceptions.BadRequestException;
+import de.thm.arsnova.exceptions.ForbiddenException;
 import de.thm.arsnova.exceptions.NoContentException;
 import de.thm.arsnova.exceptions.NotFoundException;
 import de.thm.arsnova.services.IQuestionService;
@@ -332,9 +333,17 @@ public class LecturerQuestionController extends AbstractController {
 	@RequestMapping(value = "/answers", method = RequestMethod.DELETE)
 	public final void deleteAllQuestionsAnswers(
 			@RequestParam final String sessionkey,
+			@RequestParam(value = "lecturequestionsonly", defaultValue = "false") final boolean lectureQuestionsOnly,
+			@RequestParam(value = "preparationquestionsonly", defaultValue = "false") final boolean preparationQuestionsOnly,
 			final HttpServletResponse response
 			) {
-		questionService.deleteAllQuestionsAnswers(sessionkey);
+		if (lectureQuestionsOnly) {
+			questionService.deleteAllLectureAnswers(sessionkey);
+		} else if (preparationQuestionsOnly) {
+			questionService.deleteAllPreparationAnswers(sessionkey);
+		} else {
+			questionService.deleteAllQuestionsAnswers(sessionkey);
+		}
 	}
 
 	/**
diff --git a/src/main/java/de/thm/arsnova/dao/CouchDBDao.java b/src/main/java/de/thm/arsnova/dao/CouchDBDao.java
index fd1affb0..c80cd8d4 100644
--- a/src/main/java/de/thm/arsnova/dao/CouchDBDao.java
+++ b/src/main/java/de/thm/arsnova/dao/CouchDBDao.java
@@ -1461,6 +1461,22 @@ public class CouchDBDao implements IDatabaseDao {
 		}
 	}
 
+	@Override
+	public void deleteAllPreparationAnswers(final Session session) {
+		final List<Question> questions = getQuestions(new NovaView("skill_question/preparation_question_by_session"), session);
+		for (final Question q : questions) {
+			deleteAnswers(q);
+		}
+	}
+
+	@Override
+	public void deleteAllLectureAnswers(final Session session) {
+		final List<Question> questions = getQuestions(new NovaView("skill_question/lecture_question_by_session"), session);
+		for (final Question q : questions) {
+			deleteAnswers(q);
+		}
+	}
+
 	@Override
 	public int getLearningProgress(final Session session) {
 		// Note: we have to use this many views because our CouchDB version does not support
diff --git a/src/main/java/de/thm/arsnova/dao/IDatabaseDao.java b/src/main/java/de/thm/arsnova/dao/IDatabaseDao.java
index 37e1a211..7a1c205f 100644
--- a/src/main/java/de/thm/arsnova/dao/IDatabaseDao.java
+++ b/src/main/java/de/thm/arsnova/dao/IDatabaseDao.java
@@ -173,4 +173,8 @@ public interface IDatabaseDao {
 	List<SessionInfo> getMySessionsInfo(User user);
 
 	List<SessionInfo> getMyVisitedSessionsInfo(User currentUser);
+
+	void deleteAllPreparationAnswers(Session session);
+
+	void deleteAllLectureAnswers(Session session);
 }
diff --git a/src/main/java/de/thm/arsnova/services/IQuestionService.java b/src/main/java/de/thm/arsnova/services/IQuestionService.java
index a964c77e..633478fd 100644
--- a/src/main/java/de/thm/arsnova/services/IQuestionService.java
+++ b/src/main/java/de/thm/arsnova/services/IQuestionService.java
@@ -120,4 +120,8 @@ public interface IQuestionService {
 
 	void deleteAllQuestionsAnswers(String sessionkey);
 
+	void deleteAllPreparationAnswers(String sessionkey);
+
+	void deleteAllLectureAnswers(String sessionkey);
+
 }
diff --git a/src/main/java/de/thm/arsnova/services/QuestionService.java b/src/main/java/de/thm/arsnova/services/QuestionService.java
index 4c1b2c2d..94844500 100644
--- a/src/main/java/de/thm/arsnova/services/QuestionService.java
+++ b/src/main/java/de/thm/arsnova/services/QuestionService.java
@@ -214,21 +214,13 @@ public class QuestionService implements IQuestionService, ApplicationEventPublis
 	}
 
 	@Override
-	@PreAuthorize("isAuthenticated()")
+	@PreAuthorize("isAuthenticated() and hasPermission(#questionId, 'question', 'owner')")
 	public void deleteAnswers(final String questionId) {
 		final Question question = databaseDao.getQuestion(questionId);
-		if (question == null) {
-			throw new NotFoundException();
-		}
-
-		final User user = userService.getCurrentUser();
-		final Session session = databaseDao.getSession(question.getSessionKeyword());
-		if (user == null || session == null || !session.isCreator(user)) {
-			throw new UnauthorizedException();
-		}
 		databaseDao.deleteAnswers(question);
 	}
 
+
 	@Override
 	@PreAuthorize("isAuthenticated()")
 	public List<String> getUnAnsweredQuestionIds(final String sessionKey) {
@@ -609,6 +601,20 @@ public class QuestionService implements IQuestionService, ApplicationEventPublis
 		databaseDao.deleteAllQuestionsAnswers(session);
 	}
 
+	@Override
+	@PreAuthorize("isAuthenticated() and hasPermission(#sessionkey, 'session', 'owner')")
+	public void deleteAllPreparationAnswers(String sessionkey) {
+		final Session session = getSession(sessionkey);
+		databaseDao.deleteAllPreparationAnswers(session);
+	}
+
+	@Override
+	@PreAuthorize("isAuthenticated() and hasPermission(#sessionkey, 'session', 'owner')")
+	public void deleteAllLectureAnswers(String sessionkey) {
+		final Session session = getSession(sessionkey);
+		databaseDao.deleteAllLectureAnswers(session);
+	}
+
 	@Override
 	public void setApplicationEventPublisher(ApplicationEventPublisher publisher) {
 		this.publisher = publisher;
diff --git a/src/test/java/de/thm/arsnova/dao/StubDatabaseDao.java b/src/test/java/de/thm/arsnova/dao/StubDatabaseDao.java
index 4a48df93..956d4956 100644
--- a/src/test/java/de/thm/arsnova/dao/StubDatabaseDao.java
+++ b/src/test/java/de/thm/arsnova/dao/StubDatabaseDao.java
@@ -511,7 +511,7 @@ public class StubDatabaseDao implements IDatabaseDao {
 	@Override
 	public void deleteAllInterposedQuestions(Session session, User user) {
 		// TODO Auto-generated method stub
-		
+
 	}
 
 	@Override
@@ -531,4 +531,16 @@ public class StubDatabaseDao implements IDatabaseDao {
 		// TODO Auto-generated method stub
 		return null;
 	}
+
+	@Override
+	public void deleteAllPreparationAnswers(Session session) {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void deleteAllLectureAnswers(Session session) {
+		// TODO Auto-generated method stub
+
+	}
 }
-- 
GitLab