Merge remote-tracking branch 'origin/CONNECTA-179-fix-performance-iss…

…ue-by-introducing-caching' into CONNECTA-179-fix-performance-issue-by-introducing-caching

src/main/java/de/caritas/cob/userservice/api/service/session/SessionService.java

@@ -49,13 +49,15 @@
 import javax.ws.rs.BadRequestException;
 import lombok.NonNull;
 import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.lang.Nullable;
 import org.springframework.stereotype.Service;
 
 /** Service for sessions */
 @Service
 @RequiredArgsConstructor
+@Slf4j
 public class SessionService {
 
   private final @NonNull SessionRepository sessionRepository;
@@ -437,12 +439,18 @@ private List<AgencyDTO> fetchAgencies(List<Session> sessions) {
    * @param roles the roles of the given consultant
    * @return {@link ConsultantSessionResponseDTO}
    */
-  public List<ConsultantSessionResponseDTO> getSessionsByConsultantAndGroupOrFeedbackGroupIds(
-      Consultant consultant, Set<String> rcGroupIds, Set<String> roles) {
+  public List<ConsultantSessionResponseDTO>
+      getAllowedSessionsByConsultantAndGroupOrFeedbackGroupIds(
+          Consultant consultant, Set<String> rcGroupIds, Set<String> roles) {
     checkForUserOrConsultantRole(roles);
     var sessions = sessionRepository.findByGroupOrFeedbackGroupIds(rcGroupIds);
-    sessions.forEach(session -> checkConsultantAssignment(consultant, session));
-    return mapSessionsToConsultantSessionDto(sessions);
+
+    List<Session> allowedSessions =
+        sessions.stream()
+            .filter(session -> isConsultantPermittedToSession(consultant, session))
+            .collect(Collectors.toList());
+
+    return mapSessionsToConsultantSessionDto(allowedSessions);
   }
 
   /**
@@ -536,6 +544,16 @@ private void checkIfConsultantAndNotAssignedToSessionOrAgency(
     }
   }
 
+  private boolean isConsultantPermittedToSession(Consultant consultant, Session session) {
+    try {
+      checkConsultantAssignment(consultant, session);
+    } catch (ForbiddenException e) {
+      log.info(e.getMessage());
+      return false;
+    }
+    return true;
+  }
+
   private void checkConsultantAssignment(Consultant consultant, Session session) {
     if (session.isAdvisedBy(consultant)
         || isAllowedToAdvise(consultant, session)

src/main/java/de/caritas/cob/userservice/api/service/sessionlist/ConsultantSessionListService.java

@@ -45,7 +45,7 @@ public List<ConsultantSessionResponseDTO> retrieveSessionsForConsultantAndGroupI
       Consultant consultant, List<String> rcGroupIds, Set<String> roles) {
     var groupIds = new HashSet<>(rcGroupIds);
     var sessions =
-        sessionService.getSessionsByConsultantAndGroupOrFeedbackGroupIds(
+        sessionService.getAllowedSessionsByConsultantAndGroupOrFeedbackGroupIds(
             consultant, groupIds, roles);
     var chats = chatService.getChatSessionsForConsultantByGroupIds(groupIds);
 

src/test/java/de/caritas/cob/userservice/api/adapters/web/controller/UserControllerSessionE2EIT.java

@@ -99,6 +99,8 @@
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 import org.keycloak.admin.client.Keycloak;
 import org.keycloak.admin.client.resource.RealmResource;
 import org.keycloak.admin.client.resource.RoleMappingResource;
@@ -710,36 +712,19 @@ void getSessionsForGroupOrFeedbackGroupIdsShouldBeForbiddenIfUserDoesNotParticip
         .andExpect(status().isForbidden());
   }
 
-  @Test
+  @ParameterizedTest
   @WithMockUser(authorities = {AuthorityValue.CONSULTANT_DEFAULT})
+  @ValueSource(strings = {"QBv2xym9qQ2DoAxkR", "doesNotExist", "mzAdWzQEobJ2PkoxP"})
   void
-      getSessionsForGroupOrFeedbackGroupIdsShouldBeForbiddenIfConsultantDoesNotParticipateInSession()
-          throws Exception {
-    givenAConsultantWithSessions();
-    givenNoRocketChatSubscriptionUpdates();
-    givenNoRocketChatRoomUpdates();
-
-    mockMvc
-        .perform(
-            get("/users/sessions/room?rcGroupIds=QBv2xym9qQ2DoAxkR")
-                .cookie(CSRF_COOKIE)
-                .header(CSRF_HEADER, CSRF_VALUE)
-                .header(RC_TOKEN_HEADER_PARAMETER_NAME, RC_TOKEN)
-                .accept(MediaType.APPLICATION_JSON))
-        .andExpect(status().isForbidden());
-  }
-
-  @Test
-  @WithMockUser(authorities = {AuthorityValue.CONSULTANT_DEFAULT})
-  void getSessionsForGroupOrFeedbackGroupIdsShouldBeNoContentIfNoSessionsFoundForIds()
-      throws Exception {
+      getSessionsForGroupOrFeedbackGroupIdsShouldBeNoContentIfConsultantDoesNotParticipateInSessionOrNoSessionsFoundForIdsOrNewEnquiriesForConsultantsNotInAgency(
+          String rcGroupId) throws Exception {
     givenAConsultantWithSessions();
     givenNoRocketChatSubscriptionUpdates();
     givenNoRocketChatRoomUpdates();
 
     mockMvc
         .perform(
-            get("/users/sessions/room?rcGroupIds=doesNotExist")
+            get("/users/sessions/room?rcGroupIds=" + rcGroupId)
                 .cookie(CSRF_COOKIE)
                 .header(CSRF_HEADER, CSRF_VALUE)
                 .header(RC_TOKEN_HEADER_PARAMETER_NAME, RC_TOKEN)
@@ -768,25 +753,6 @@ void getSessionsForGroupOrFeedbackGroupIdsShouldBeNoContentIfNoSessionsFoundForI
         .andExpect(jsonPath("sessions", hasSize(1)));
   }
 
-  @Test
-  @WithMockUser(authorities = {AuthorityValue.CONSULTANT_DEFAULT})
-  void
-      getSessionsForGroupOrFeedbackGroupIdsShouldReturnForbiddenForNewEnquiriesForConsultantsNotInAgency()
-          throws Exception {
-    givenAConsultantWithSessions();
-    givenNoRocketChatSubscriptionUpdates();
-    givenNoRocketChatRoomUpdates();
-
-    mockMvc
-        .perform(
-            get("/users/sessions/room?rcGroupIds=mzAdWzQEobJ2PkoxP")
-                .cookie(CSRF_COOKIE)
-                .header(CSRF_HEADER, CSRF_VALUE)
-                .header(RC_TOKEN_HEADER_PARAMETER_NAME, RC_TOKEN)
-                .accept(MediaType.APPLICATION_JSON))
-        .andExpect(status().isForbidden());
-  }
-
   @Test
   @WithMockUser(authorities = {AuthorityValue.USER_DEFAULT})
   void getSessionForIdShouldFindSessionsBySessionId() throws Exception {

src/test/java/de/caritas/cob/userservice/api/service/session/SessionServiceTest.java

@@ -26,6 +26,7 @@
 import static java.util.Collections.singleton;
 import static java.util.Collections.singletonList;
 import static liquibase.util.BooleanUtils.isTrue;
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.CoreMatchers.everyItem;
 import static org.hamcrest.CoreMatchers.instanceOf;
 import static org.hamcrest.MatcherAssert.assertThat;
@@ -783,7 +784,7 @@ void initializeSession_Should_initializePeerChat_When_consultingTypeSettingsHasP
 
   @Test
   void
-      getSessionsByConsultantAndGroupOrFeedbackGroupIds_should_find_new_anonymous_enquiry_if_consultant_may_advise_consulting_type() {
+      getAllowedSessionsByConsultantAndGroupOrFeedbackGroupIds_should_find_new_anonymous_enquiry_if_consultant_may_advise_consulting_type() {
     Session anonymousEnquiry =
         createAnonymousNewEnquiryWithConsultingType(AGENCY_DTO_SUCHT.getConsultingType());
     when(sessionRepository.findByGroupOrFeedbackGroupIds(singleton("rcGroupId")))
@@ -794,12 +795,34 @@ void initializeSession_Should_initializePeerChat_When_consultingTypeSettingsHasP
     var consultant = createConsultantWithAgencies(agency);
 
     var sessionResponse =
-        sessionService.getSessionsByConsultantAndGroupOrFeedbackGroupIds(
+        sessionService.getAllowedSessionsByConsultantAndGroupOrFeedbackGroupIds(
             consultant, singleton("rcGroupId"), singleton(UserRole.CONSULTANT.getValue()));
 
     assertEquals(1, sessionResponse.size());
   }
 
+  @Test
+  void
+      getAllowedSessionsByConsultantAndGroupOrFeedbackGroupIds_should_only_return_the_sessions_the_consultant_can_see() {
+    // given
+    List<Session> sessions = new ArrayList<>();
+    ConsultantAgency agency = new ConsultantAgency();
+    agency.setAgencyId(4711L);
+    var consultant = createConsultantWithAgencies(agency);
+    var allowedSession = giveAllowedSessionWithID(1L, consultant);
+    sessions.add(giveAllowedSessionWithID(2L, null));
+    sessions.add(allowedSession);
+    when(sessionRepository.findByGroupOrFeedbackGroupIds(singleton("rcGroupId")))
+        .thenReturn(sessions);
+    // when
+    var sessionResponse =
+        sessionService.getAllowedSessionsByConsultantAndGroupOrFeedbackGroupIds(
+            consultant, singleton("rcGroupId"), singleton(UserRole.CONSULTANT.getValue()));
+    // then
+    assertThat(sessionResponse).hasSize(1);
+    assertThat(sessionResponse.get(0).getSession().getId()).isEqualTo(allowedSession.getId());
+  }
+
   @Test
   void
       getSessionsByIds_should_find_new_anonymous_enquiry_if_consultant_may_advise_consulting_type() {
@@ -882,6 +905,14 @@ private List<UserSessionResponseDTO> getSomeUserId(String someUserId, Session an
         someUserId, singleton(anonymousEnquiry.getId()), singleton(UserRole.ANONYMOUS.getValue()));
   }
 
+  private Session giveAllowedSessionWithID(Long id, Consultant consultant) {
+    Session allowedSession =
+        createAnonymousNewEnquiryWithConsultingType(AGENCY_DTO_SUCHT.getConsultingType());
+    allowedSession.setId(id);
+    allowedSession.setConsultant(consultant);
+    return allowedSession;
+  }
+
   private Session createAnonymousNewEnquiryWithConsultingType(int consultingTypeId) {
     var session = easyRandom.nextObject(Session.class);
     session.setAgencyId(null);