review-api/src/main/java/com/guams/review/controller/PostController.java

package com.guams.review.controller;

import com.guams.review.exception.ForbiddenExecption;
import com.guams.review.exception.NotFoundException;
import com.guams.review.model.dao.Author;
import com.guams.review.model.dao.Comment;
import com.guams.review.model.dao.Post;
import com.guams.review.service.AuthorService;
import com.guams.review.service.PostService;
import lombok.RequiredArgsConstructor;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.Authentication;
import org.springframework.util.Assert;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;

import java.io.IOException;
import java.sql.Timestamp;
import java.time.Instant;
import java.util.ArrayList;
import java.util.List;

@RequiredArgsConstructor
@RestController
@RequestMapping("/api/posts")
public class PostController {

    private final PostService postService;
    private final AuthorService authorService;

    @GetMapping
    public List<Post> listPosts() {
        return postService.list();
    }

    @GetMapping("/{id}")
    public Post findPost(@PathVariable Long id) {
        return postService.findById(id).orElseThrow(() -> new NotFoundException("Post not found"));
    }

    @PutMapping("/{id}")
    public void updatePost(@PathVariable Long id, @RequestBody Post updatedPost, Authentication authentication) {
        if (authentication == null) {
            throw new ForbiddenExecption("You have to login to do that");
        }
        Author authenticatedAuthor = authorService.findByName(authentication.getName()).orElseThrow(() -> new NotFoundException("Author not found"));
        //Si l'user authent possède ce post
        if (authorService.listPublicationOfAuthor(authenticatedAuthor.getId()).stream().map(Post::getId).toList().contains(id)) {
            Post postToUpdate = postService.findById(id).orElseThrow(() -> new NotFoundException("Post not found"));
            postService.insert(updatedPost
                    .setId(postToUpdate.getId())
                    .setIllustration(postToUpdate.getIllustration())
                    .setPublicationDate(postToUpdate.getPublicationDate())
                    .setIsUpdated(true));
        } else {
            throw new ForbiddenExecption("You do not have permission to update this post");
        }
    }

    @PutMapping(value = "{id}/illustration", consumes = {MediaType.MULTIPART_FORM_DATA_VALUE})
    public void updateIllustration(@PathVariable Long id, @RequestPart("illustration") MultipartFile illustration, Authentication authentication) throws IOException {
        if (authentication == null) {
            throw new ForbiddenExecption("You have to login to do that");
        }
        Author authenticatedAuthor = authorService.findByName(authentication.getName()).orElseThrow(() -> new NotFoundException("Author not found"));
        if (authorService.listPublicationOfAuthor(authenticatedAuthor.getId()).stream().map(Post::getId).toList().contains(id)) {
            Post postToUpdate = postService.findById(id).orElseThrow(() -> new NotFoundException("Post not found"));
            postService.insert(postToUpdate.setIllustration(illustration.getBytes()));
        } else {
            throw new ForbiddenExecption("You do not have permission to update this post");
        }
    }

    @PostMapping
    public ResponseEntity<Post> addPost(@RequestBody Post postToCreate, Authentication authentication) {
        Assert.isNull(postToCreate.getId(), "Post id must be null");
        if (authentication == null) {
            throw new ForbiddenExecption("You have to login to do that");
        }
        return new ResponseEntity<>(postService.insert(postToCreate
                .setPublicationDate(Timestamp.from(Instant.now()))
                .setIsUpdated(false)), HttpStatus.CREATED);
    }

    @GetMapping("/{id}/comments")
    public List<Comment> listCommentsByPostId(@PathVariable Long id) {
        return new ArrayList<>();
    }

    @DeleteMapping("{id}")
    public void deletePost(@PathVariable Long id, Authentication authentication) {
        if (authentication == null) {
            throw new ForbiddenExecption("You have to login to do that");
        }
        Author authenticatedAuthor = authorService.findByName(authentication.getName()).orElseThrow(() -> new NotFoundException("Author not found"));
        if (authorService.listPublicationOfAuthor(authenticatedAuthor.getId()).stream().map(Post::getId).toList().contains(id)) {
            Post postToDelete = postService.findById(id).orElseThrow(() -> new NotFoundException("Post not found"));
            postService.delete(authenticatedAuthor.getId(), postToDelete.getId());
        } else {
            throw new ForbiddenExecption("You do not have permission to delete this post");
        }

    }

}