allow non super users to view skill requests & filter out skill reque…

…sts not generated by non super users (#153)

* allow non super users to create endorsements

* filter out skill requests if the user is not superuser

skill-tree/src/main/java/com/RDS/skilltree/apis/SkillsApi.java

@@ -25,7 +25,6 @@
 @RestController
 @RequiredArgsConstructor
 @RequestMapping("v1/skills")
-@AuthorizedRoles({UserRoleEnum.USER, UserRoleEnum.SUPERUSER})
 public class SkillsApi {
     private final SkillService skillService;
     private final EndorsementService endorsementService;
@@ -36,7 +35,6 @@ public ResponseEntity<List<SkillViewModel>> getAll() {
     }
 
     @GetMapping("/requests")
-    @AuthorizedRoles({UserRoleEnum.SUPERUSER})
     public ResponseEntity<SkillRequestsDto> getAllRequests(
             @RequestParam(value = "status", required = false) UserSkillStatusEnum status) {
         if (status != null) {

skill-tree/src/main/java/com/RDS/skilltree/repositories/UserSkillRepository.java

@@ -4,9 +4,17 @@
 import com.RDS.skilltree.models.UserSkills;
 import java.util.List;
 import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
 
 public interface UserSkillRepository extends JpaRepository<UserSkills, Integer> {
     List<UserSkills> findByStatus(UserSkillStatusEnum status);
 
     List<UserSkills> findByUserIdAndSkillId(String userId, Integer skillId);
+
+    @Query(
+            "SELECT us FROM UserSkills us "
+                    + "JOIN Endorsement e ON us.userId = e.endorseId "
+                    + "WHERE e.endorserId = :endorserId")
+    List<UserSkills> findUserSkillsByEndorserId(@Param("endorserId") String endorserId);
 }

skill-tree/src/main/java/com/RDS/skilltree/services/SkillServiceImplementation.java

@@ -3,6 +3,7 @@
 import com.RDS.skilltree.dtos.RdsGetUserDetailsResDto;
 import com.RDS.skilltree.dtos.SkillRequestsDto;
 import com.RDS.skilltree.enums.UserSkillStatusEnum;
+import com.RDS.skilltree.exceptions.InternalServerErrorException;
 import com.RDS.skilltree.exceptions.NoEntityException;
 import com.RDS.skilltree.exceptions.SkillAlreadyExistsException;
 import com.RDS.skilltree.models.Endorsement;
@@ -54,7 +55,25 @@ public List<SkillViewModel> getAll() {
 
     @Override
     public SkillRequestsDto getAllRequests() {
-        List<UserSkills> skillRequests = userSkillRepository.findAll();
+        JwtUser jwtDetails =
+                (JwtUser) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
+
+        RdsGetUserDetailsResDto userDetails = rdsService.getUserDetails(jwtDetails.getRdsUserId());
+        RdsUserViewModel.Roles userRole = userDetails.getUser().getRoles();
+        String userId = userDetails.getUser().getId();
+
+        List<UserSkills> skillRequests = null;
+
+        if (userRole.isSuper_user()) {
+            skillRequests = userSkillRepository.findAll();
+        } else {
+            skillRequests = userSkillRepository.findUserSkillsByEndorserId(userId);
+        }
+
+        if (skillRequests == null) {
+            throw new InternalServerErrorException("Unable to fetch skill requests");
+        }
+
         SkillRequestsWithUserDetailsViewModel skillRequestsWithUserDetails =
                 toSkillRequestsWithUserDetailsViewModel(skillRequests);
 

skill-tree/src/main/java/com/RDS/skilltree/viewmodels/RdsUserViewModel.java

@@ -37,6 +37,7 @@ public static class Roles {
         private boolean archived;
         private boolean in_discord;
         private boolean member;
+        private boolean super_user;
     }
 
     @Getter