CourseStaffController.java

package edu.ucsb.cs156.frontiers.controllers;

import com.fasterxml.jackson.core.JsonProcessingException;
import edu.ucsb.cs156.frontiers.entities.*;
import edu.ucsb.cs156.frontiers.enums.OrgStatus;
import edu.ucsb.cs156.frontiers.errors.EntityNotFoundException;
import edu.ucsb.cs156.frontiers.repositories.CourseRepository;
import edu.ucsb.cs156.frontiers.repositories.CourseStaffRepository;
import edu.ucsb.cs156.frontiers.services.*;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.tags.Tag;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.*;

@Tag(name = "CourseStaff")
@RequestMapping("/api/coursestaff")
@RestController
@Slf4j
public class CourseStaffController extends ApiController {

  @Autowired private OrganizationMemberService organizationMemberService;

  @Autowired private CourseStaffRepository courseStaffRepository;

  @Autowired private CourseRepository courseRepository;

  @Autowired private UpdateUserService updateUserService;

  @Autowired private CurrentUserService currentUserService;

  /**
   * This method creates a new CourseStaff.
   *
   * @return the created CourseStaff
   */
  @Operation(summary = "Add a staff member to a course")
  @PreAuthorize("@CourseSecurity.hasInstructorPermissions(#root, #courseId)")
  @PostMapping("/post")
  public CourseStaff postCourseStaff(
      @Parameter(name = "firstName") @RequestParam String firstName,
      @Parameter(name = "lastName") @RequestParam String lastName,
      @Parameter(name = "email") @RequestParam String email,
      @Parameter(name = "courseId") @RequestParam Long courseId)
      throws EntityNotFoundException {

    // Get Course or else throw an error

    Course course =
        courseRepository
            .findById(courseId)
            .orElseThrow(() -> new EntityNotFoundException(Course.class, courseId));

    CourseStaff courseStaff =
        CourseStaff.builder()
            .firstName(firstName)
            .lastName(lastName)
            .email(email)
            .course(course)
            .build();

    if (course.getInstallationId() != null) {
      courseStaff.setOrgStatus(OrgStatus.JOINCOURSE);
    } else {
      courseStaff.setOrgStatus(OrgStatus.PENDING);
    }

    CourseStaff savedCourseStaff = courseStaffRepository.save(courseStaff);

    updateUserService.attachUserToCourseStaff(savedCourseStaff);

    return savedCourseStaff;
  }

  /**
   * This method returns a list of course staff for a given course.
   *
   * @return a list of all courses.
   */
  @Operation(summary = "List all course staff members for a course")
  @PreAuthorize("@CourseSecurity.hasManagePermissions(#root, #courseId)")
  @GetMapping("/course")
  public Iterable<CourseStaff> courseStaffForCourse(
      @Parameter(name = "courseId") @RequestParam Long courseId) throws EntityNotFoundException {
    courseRepository
        .findById(courseId)
        .orElseThrow(() -> new EntityNotFoundException(Course.class, courseId));
    Iterable<CourseStaff> courseStaffs = courseStaffRepository.findByCourseId(courseId);
    return courseStaffs;
  }

  @Operation(
      summary =
          "Allow staff member to join a course by generating an invitation to the linked Github Org")
  @PreAuthorize("hasRole('ROLE_USER')")
  @PutMapping("/joinCourse")
  public ResponseEntity<String> joinCourseOnGitHub(
      @Parameter(name = "courseStaffId", description = "Staff Member joining a course on GitHub")
          @RequestParam
          Long courseStaffId)
      throws NoSuchAlgorithmException, InvalidKeySpecException, JsonProcessingException {

    User currentUser = currentUserService.getUser();
    CourseStaff courseStaff =
        courseStaffRepository
            .findById(courseStaffId)
            .orElseThrow(() -> new EntityNotFoundException(CourseStaff.class, courseStaffId));

    if (courseStaff.getUser() == null || currentUser.getId() != courseStaff.getUser().getId()) {
      throw new IllegalArgumentException(
          String.format(
              "This operation is restricted to the user associated with staff member with id %d",
              courseStaff.getId()));
    }

    if (courseStaff.getGithubId() != null
        && courseStaff.getGithubLogin() != null
        && (courseStaff.getOrgStatus() == OrgStatus.MEMBER
            || courseStaff.getOrgStatus() == OrgStatus.OWNER)) {
      return ResponseEntity.badRequest()
          .body("You have already linked a Github account to this course.");
    }

    if (courseStaff.getCourse().getOrgName() == null
        || courseStaff.getCourse().getInstallationId() == null) {
      return ResponseEntity.badRequest()
          .body("Course has not been set up. Please ask your instructor for help.");
    }
    courseStaff.setGithubId(currentUser.getGithubId());
    courseStaff.setGithubLogin(currentUser.getGithubLogin());
    OrgStatus status = organizationMemberService.inviteOrganizationOwner(courseStaff);
    courseStaff.setOrgStatus(status);
    courseStaffRepository.save(courseStaff);
    if (status == OrgStatus.INVITED) {
      return ResponseEntity.accepted().body("Successfully invited staff member to Organization");
    } else if (status == OrgStatus.MEMBER || status == OrgStatus.OWNER) {
      return ResponseEntity.accepted()
          .body("Already in organization - set status to %s".formatted(status.toString()));
    } else {
      return ResponseEntity.internalServerError()
          .body("Could not invite staff member to Organization");
    }
  }

  @Operation(summary = "Update a staff member")
  @PreAuthorize("@CourseSecurity.hasInstructorPermissions(#root, #courseId)")
  @PutMapping("")
  public CourseStaff updateStaffMember(
      @Parameter(name = "courseId") @RequestParam Long courseId,
      @Parameter(name = "id") @RequestParam Long id,
      @Parameter(name = "firstName") @RequestParam String firstName,
      @Parameter(name = "lastName") @RequestParam String lastName)
      throws EntityNotFoundException {

    CourseStaff staffMember =
        courseStaffRepository
            .findById(id)
            .orElseThrow(() -> new EntityNotFoundException(CourseStaff.class, id));

    staffMember.setFirstName(firstName.trim());
    staffMember.setLastName(lastName.trim());
    return courseStaffRepository.save(staffMember);
  }

  @Operation(summary = "Delete a staff member")
  @PreAuthorize("@CourseSecurity.hasInstructorPermissions(#root, #courseId)")
  @DeleteMapping("/delete")
  @Transactional
  public ResponseEntity<String> deleteStaffMember(
      @Parameter(name = "id") @RequestParam Long id,
      @Parameter(name = "courseId") @RequestParam Long courseId)
      throws EntityNotFoundException {
    CourseStaff staffMember =
        courseStaffRepository
            .findById(id)
            .orElseThrow(() -> new EntityNotFoundException(CourseStaff.class, id));
    Course course = staffMember.getCourse();

    boolean orgRemovalAttempted = false;
    boolean orgRemovalSuccessful = false;
    String orgRemovalErrorMessage = null;

    // Try to remove the student from the organization if they have a GitHub login
    if (staffMember.getGithubLogin() != null
        && course.getOrgName() != null
        && course.getInstallationId() != null) {
      orgRemovalAttempted = true;
      try {
        organizationMemberService.removeOrganizationMember(staffMember);
        orgRemovalSuccessful = true;
      } catch (Exception e) {
        log.error("Error removing student from organization: {}", e.getMessage());
        orgRemovalErrorMessage = e.getMessage();
        // Continue with deletion even if organization removal fails
      }
    }

    course.getCourseStaff().remove(staffMember);
    staffMember.setCourse(null);
    courseStaffRepository.delete(staffMember);

    if (!orgRemovalAttempted) {
      return ResponseEntity.ok(
          "Successfully deleted staff member and removed them from the staff roster.");
    } else if (orgRemovalSuccessful) {
      return ResponseEntity.ok(
          "Successfully deleted staff member and removed them from the staff roster and organization.");
    } else {
      return ResponseEntity.ok(
          "Successfully deleted staff member but there was an error removing them from the course organization: "
              + orgRemovalErrorMessage);
    }
  }
}