From 19d0a8d00ec1fa6fd3f51a41ba71ce806d95773f Mon Sep 17 00:00:00 2001
From: Felix Jordan <felix.jordan@buddy-app.de>
Date: Wed, 6 Jul 2022 19:16:34 +0200
Subject: [PATCH 1/2] feat: return whether a user is allowed to move
 requirement in API

---
 .../dbis/acis/bazaar/service/dal/entities/UserContext.java   | 5 +++++
 .../service/dal/repositories/RequirementRepositoryImpl.java  | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/reqbaz/src/main/java/de/rwth/dbis/acis/bazaar/service/dal/entities/UserContext.java b/reqbaz/src/main/java/de/rwth/dbis/acis/bazaar/service/dal/entities/UserContext.java
index e5bc98f2..c630d385 100644
--- a/reqbaz/src/main/java/de/rwth/dbis/acis/bazaar/service/dal/entities/UserContext.java
+++ b/reqbaz/src/main/java/de/rwth/dbis/acis/bazaar/service/dal/entities/UserContext.java
@@ -42,6 +42,11 @@ public class UserContext extends EntityBase {
     )
     private Boolean isContributor;
 
+    @ApiModelProperty(
+            value = "Whether the user has privilege to move the requirement. Only returned when requesting requirement resources."
+    )
+    private Boolean isMoveAllowed;
+
     @JsonIgnore
     @Override
     public int getId() {
diff --git a/reqbaz/src/main/java/de/rwth/dbis/acis/bazaar/service/dal/repositories/RequirementRepositoryImpl.java b/reqbaz/src/main/java/de/rwth/dbis/acis/bazaar/service/dal/repositories/RequirementRepositoryImpl.java
index 69dd832f..93322e82 100644
--- a/reqbaz/src/main/java/de/rwth/dbis/acis/bazaar/service/dal/repositories/RequirementRepositoryImpl.java
+++ b/reqbaz/src/main/java/de/rwth/dbis/acis/bazaar/service/dal/repositories/RequirementRepositoryImpl.java
@@ -33,6 +33,7 @@
 import de.rwth.dbis.acis.bazaar.service.exception.ErrorCode;
 import de.rwth.dbis.acis.bazaar.service.exception.ExceptionHandler;
 import de.rwth.dbis.acis.bazaar.service.exception.ExceptionLocation;
+import de.rwth.dbis.acis.bazaar.service.security.AuthorizationManager;
 import org.apache.commons.lang3.tuple.ImmutablePair;
 import org.jetbrains.annotations.NotNull;
 import org.jooq.Record;
@@ -311,6 +312,10 @@ private ImmutablePair<List<Requirement>, Integer> getFilteredRequirements(Collec
                 requirement.setAttachments(attachmentList);
             }
 
+            // TODO We should refactor here: the same authorization check is made in the RequirementResource#moveRequirement(..) method
+            boolean authorizedToModifyRequirement = new AuthorizationManager().isAuthorizedInContext(userId, PrivilegeEnum.Modify_REQUIREMENT, requirement.getProjectId(), dalFacade);
+            userContext.isMoveAllowed(authorizedToModifyRequirement);
+
             requirement.setContext(EntityContextFactory.create(pageable.getEmbed(), queryResult, dalFacade));
             requirement.setUserContext(userContext.build());
             requirements.add(requirement);

From 3e59b4d8d7f1e85d22b0803ed701c2484ac50ad8 Mon Sep 17 00:00:00 2001
From: Felix Jordan <felix.jordan@buddy-app.de>
Date: Wed, 6 Jul 2022 19:23:56 +0200
Subject: [PATCH 2/2] feat: return 'isDeleteAllowed' for requirements

---
 .../dbis/acis/bazaar/service/dal/entities/UserContext.java   | 5 +++++
 .../service/dal/repositories/RequirementRepositoryImpl.java  | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/reqbaz/src/main/java/de/rwth/dbis/acis/bazaar/service/dal/entities/UserContext.java b/reqbaz/src/main/java/de/rwth/dbis/acis/bazaar/service/dal/entities/UserContext.java
index c630d385..9c48fe03 100644
--- a/reqbaz/src/main/java/de/rwth/dbis/acis/bazaar/service/dal/entities/UserContext.java
+++ b/reqbaz/src/main/java/de/rwth/dbis/acis/bazaar/service/dal/entities/UserContext.java
@@ -47,6 +47,11 @@ public class UserContext extends EntityBase {
     )
     private Boolean isMoveAllowed;
 
+    @ApiModelProperty(
+            value = "Whether the user has privilege to delete the requirement, category, or project."
+    )
+    private Boolean isDeleteAllowed;
+
     @JsonIgnore
     @Override
     public int getId() {
diff --git a/reqbaz/src/main/java/de/rwth/dbis/acis/bazaar/service/dal/repositories/RequirementRepositoryImpl.java b/reqbaz/src/main/java/de/rwth/dbis/acis/bazaar/service/dal/repositories/RequirementRepositoryImpl.java
index 93322e82..21af73e8 100644
--- a/reqbaz/src/main/java/de/rwth/dbis/acis/bazaar/service/dal/repositories/RequirementRepositoryImpl.java
+++ b/reqbaz/src/main/java/de/rwth/dbis/acis/bazaar/service/dal/repositories/RequirementRepositoryImpl.java
@@ -316,6 +316,8 @@ private ImmutablePair<List<Requirement>, Integer> getFilteredRequirements(Collec
             boolean authorizedToModifyRequirement = new AuthorizationManager().isAuthorizedInContext(userId, PrivilegeEnum.Modify_REQUIREMENT, requirement.getProjectId(), dalFacade);
             userContext.isMoveAllowed(authorizedToModifyRequirement);
 
+            userContext.isDeleteAllowed(authorizedToModifyRequirement || requirement.isOwner(userId));
+
             requirement.setContext(EntityContextFactory.create(pageable.getEmbed(), queryResult, dalFacade));
             requirement.setUserContext(userContext.build());
             requirements.add(requirement);