RosterStudentsController.java
package edu.ucsb.cs156.frontiers.controllers;
import com.fasterxml.jackson.core.JsonProcessingException;
import edu.ucsb.cs156.frontiers.entities.Course;
import edu.ucsb.cs156.frontiers.entities.Job;
import edu.ucsb.cs156.frontiers.entities.RosterStudent;
import edu.ucsb.cs156.frontiers.entities.User;
import edu.ucsb.cs156.frontiers.enums.InsertStatus;
import edu.ucsb.cs156.frontiers.enums.OrgStatus;
import edu.ucsb.cs156.frontiers.enums.RosterStatus;
import edu.ucsb.cs156.frontiers.errors.EntityNotFoundException;
import edu.ucsb.cs156.frontiers.errors.NoLinkedOrganizationException;
import edu.ucsb.cs156.frontiers.jobs.UpdateOrgMembershipJob;
import edu.ucsb.cs156.frontiers.models.RosterStudentDTO;
import edu.ucsb.cs156.frontiers.models.UpsertResponse;
import edu.ucsb.cs156.frontiers.repositories.CourseRepository;
import edu.ucsb.cs156.frontiers.repositories.RosterStudentRepository;
import edu.ucsb.cs156.frontiers.services.CurrentUserService;
import edu.ucsb.cs156.frontiers.services.OrganizationMemberService;
import edu.ucsb.cs156.frontiers.services.UpdateUserService;
import edu.ucsb.cs156.frontiers.services.jobs.JobService;
import edu.ucsb.cs156.frontiers.utilities.CanonicalFormConverter;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.tags.Tag;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Optional;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.server.ResponseStatusException;
@Tag(name = "RosterStudents")
@RequestMapping("/api/rosterstudents")
@RestController
@Slf4j
public class RosterStudentsController extends ApiController {
@Autowired private JobService jobService;
@Autowired private OrganizationMemberService organizationMemberService;
@Autowired private RosterStudentRepository rosterStudentRepository;
@Autowired private CourseRepository courseRepository;
@Autowired private UpdateUserService updateUserService;
@Autowired private CurrentUserService currentUserService;
/**
* This method creates a new RosterStudent. It is important to keep the code in this method
* consistent with the code for adding multiple roster students from a CSV
*
* @return the created RosterStudent
*/
@Operation(summary = "Create a new roster student")
@PreAuthorize("@CourseSecurity.hasManagePermissions(#root, #courseId)")
@PostMapping("/post")
public ResponseEntity<UpsertResponse> postRosterStudent(
@Parameter(name = "studentId") @RequestParam String studentId,
@Parameter(name = "firstName") @RequestParam String firstName,
@Parameter(name = "lastName") @RequestParam String lastName,
@Parameter(name = "email") @RequestParam String email,
@Parameter(name = "courseId") @RequestParam Long courseId)
throws EntityNotFoundException {
// Get Course or else throw an error
Course course =
courseRepository
.findById(courseId)
.orElseThrow(() -> new EntityNotFoundException(Course.class, courseId));
RosterStudent rosterStudent =
RosterStudent.builder()
.studentId(studentId)
.firstName(firstName)
.lastName(lastName)
.email(email)
.build();
UpsertResponse upsertResponse =
upsertStudent(
rosterStudentRepository, updateUserService, rosterStudent, course, RosterStatus.MANUAL);
if (upsertResponse.getInsertStatus() == InsertStatus.REJECTED) {
return ResponseEntity.status(HttpStatus.CONFLICT).body(upsertResponse);
} else {
return ResponseEntity.ok(upsertResponse);
}
}
/**
* This method returns a list of roster students for a given course.
*
* @return a list of all courses.
*/
@Operation(summary = "List all roster students for a course")
@PreAuthorize("@CourseSecurity.hasManagePermissions(#root, #courseId)")
@GetMapping("/course/{courseId}")
public Iterable<RosterStudentDTO> rosterStudentForCourse(
@Parameter(name = "courseId") @PathVariable Long courseId) throws EntityNotFoundException {
courseRepository
.findById(courseId)
.orElseThrow(() -> new EntityNotFoundException(Course.class, courseId));
Iterable<RosterStudent> rosterStudents = rosterStudentRepository.findByCourseId(courseId);
Iterable<RosterStudentDTO> rosterStudentDTOs =
() ->
java.util.stream.StreamSupport.stream(rosterStudents.spliterator(), false)
.map(RosterStudentDTO::new)
.iterator();
return rosterStudentDTOs;
}
public static UpsertResponse upsertStudent(
RosterStudentRepository rosterStudentRepository,
UpdateUserService updateUserService,
RosterStudent student,
Course course,
RosterStatus rosterStatus) {
String convertedEmail = CanonicalFormConverter.convertToValidEmail(student.getEmail());
Optional<RosterStudent> existingStudent =
rosterStudentRepository.findByCourseIdAndStudentId(course.getId(), student.getStudentId());
Optional<RosterStudent> existingStudentByEmail =
rosterStudentRepository.findByCourseIdAndEmail(course.getId(), convertedEmail);
if (existingStudent.isPresent() && existingStudentByEmail.isPresent()) {
if (existingStudent.get().getId().equals(existingStudentByEmail.get().getId())) {
RosterStudent existingStudentObj = existingStudent.get();
existingStudentObj.setRosterStatus(rosterStatus);
existingStudentObj.setFirstName(student.getFirstName());
existingStudentObj.setLastName(student.getLastName());
rosterStudentRepository.save(existingStudentObj);
return new UpsertResponse(InsertStatus.UPDATED, existingStudentObj);
} else {
return new UpsertResponse(InsertStatus.REJECTED, student);
}
} else if (existingStudent.isPresent() || existingStudentByEmail.isPresent()) {
RosterStudent existingStudentObj =
existingStudent.isPresent() ? existingStudent.get() : existingStudentByEmail.get();
existingStudentObj.setRosterStatus(rosterStatus);
existingStudentObj.setFirstName(student.getFirstName());
existingStudentObj.setLastName(student.getLastName());
existingStudentObj.setEmail(convertedEmail);
existingStudentObj.setStudentId(student.getStudentId());
existingStudentObj = rosterStudentRepository.save(existingStudentObj);
updateUserService.attachUserToRosterStudent(existingStudentObj);
return new UpsertResponse(InsertStatus.UPDATED, existingStudentObj);
} else {
student.setCourse(course);
student.setEmail(convertedEmail);
student.setRosterStatus(rosterStatus);
// if an installationID exists, orgStatus should be set to JOINCOURSE. if it doesn't exist
// (null), set orgStatus to PENDING.
if (course.getInstallationId() != null) {
student.setOrgStatus(OrgStatus.JOINCOURSE);
} else {
student.setOrgStatus(OrgStatus.PENDING);
}
student = rosterStudentRepository.save(student);
updateUserService.attachUserToRosterStudent(student);
return new UpsertResponse(InsertStatus.INSERTED, student);
}
}
@PreAuthorize("@CourseSecurity.hasManagePermissions(#root, #courseId)")
@PostMapping("/updateCourseMembership")
public Job updateCourseMembership(
@Parameter(name = "courseId", description = "Course ID") @RequestParam Long courseId)
throws NoSuchAlgorithmException, InvalidKeySpecException, JsonProcessingException {
Course course =
courseRepository
.findById(courseId)
.orElseThrow(() -> new EntityNotFoundException(Course.class, courseId));
if (course.getInstallationId() == null || course.getOrgName() == null) {
throw new NoLinkedOrganizationException(course.getCourseName());
} else {
UpdateOrgMembershipJob job =
UpdateOrgMembershipJob.builder()
.rosterStudentRepository(rosterStudentRepository)
.organizationMemberService(organizationMemberService)
.course(course)
.build();
return jobService.runAsJob(job);
}
}
@Operation(
summary =
"Allow roster student to join a course by generating an invitation to the linked Github Org")
@PreAuthorize("hasRole('ROLE_USER')")
@PutMapping("/joinCourse")
public ResponseEntity<String> joinCourseOnGitHub(
@Parameter(
name = "rosterStudentId",
description = "Roster Student joining a course on GitHub")
@RequestParam
Long rosterStudentId)
throws NoSuchAlgorithmException, InvalidKeySpecException, JsonProcessingException {
User currentUser = currentUserService.getUser();
RosterStudent rosterStudent =
rosterStudentRepository
.findById(rosterStudentId)
.orElseThrow(() -> new EntityNotFoundException(RosterStudent.class, rosterStudentId));
if (rosterStudent.getUser() == null || currentUser.getId() != rosterStudent.getUser().getId()) {
throw new AccessDeniedException("User not authorized join the course as this roster student");
}
if (rosterStudent.getGithubId() != null
&& rosterStudent.getGithubLogin() != null
&& (rosterStudent.getOrgStatus() == OrgStatus.MEMBER
|| rosterStudent.getOrgStatus() == OrgStatus.OWNER)) {
return ResponseEntity.badRequest()
.body("This user has already linked a Github account to this course.");
}
if (rosterStudent.getCourse().getOrgName() == null
|| rosterStudent.getCourse().getInstallationId() == null) {
return ResponseEntity.badRequest()
.body("Course has not been set up. Please ask your instructor for help.");
}
rosterStudent.setGithubId(currentUser.getGithubId());
rosterStudent.setGithubLogin(currentUser.getGithubLogin());
OrgStatus status = organizationMemberService.inviteOrganizationMember(rosterStudent);
rosterStudent.setOrgStatus(status);
rosterStudentRepository.save(rosterStudent);
if (status == OrgStatus.INVITED) {
return ResponseEntity.accepted().body("Successfully invited student to Organization");
} else if (status == OrgStatus.MEMBER || status == OrgStatus.OWNER) {
return ResponseEntity.accepted()
.body("Already in organization - set status to %s".formatted(status.toString()));
} else {
return ResponseEntity.internalServerError().body("Could not invite student to Organization");
}
}
@Operation(summary = "Get Associated Roster Students with a User")
@PreAuthorize("hasRole('ROLE_USER')")
@GetMapping("/associatedRosterStudents")
public Iterable<RosterStudent> getAssociatedRosterStudents() {
User currentUser = currentUserService.getUser();
Iterable<RosterStudent> rosterStudents = rosterStudentRepository.findAllByUser((currentUser));
return rosterStudents;
}
@Operation(summary = "Update a roster student")
@PreAuthorize("@CourseSecurity.hasRosterStudentManagementPermissions(#root, #id)")
@PutMapping("/update")
public RosterStudent updateRosterStudent(
@Parameter(name = "id") @RequestParam Long id,
@Parameter(name = "firstName") @RequestParam(required = false) String firstName,
@Parameter(name = "lastName") @RequestParam(required = false) String lastName,
@Parameter(name = "studentId") @RequestParam(required = false) String studentId)
throws EntityNotFoundException {
if (firstName == null
|| lastName == null
|| studentId == null
|| firstName.trim().isEmpty()
|| lastName.trim().isEmpty()
|| studentId.trim().isEmpty()) {
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Required fields cannot be empty");
}
RosterStudent rosterStudent =
rosterStudentRepository
.findById(id)
.orElseThrow(() -> new EntityNotFoundException(RosterStudent.class, id));
if (!rosterStudent.getStudentId().trim().equals(studentId.trim())) {
Optional<RosterStudent> existingStudent =
rosterStudentRepository.findByCourseIdAndStudentId(
rosterStudent.getCourse().getId(), studentId.trim());
if (existingStudent.isPresent()) {
throw new ResponseStatusException(
HttpStatus.BAD_REQUEST, "Student ID already exists in this course");
}
}
rosterStudent.setFirstName(firstName.trim());
rosterStudent.setLastName(lastName.trim());
rosterStudent.setStudentId(studentId.trim());
return rosterStudentRepository.save(rosterStudent);
}
@Operation(summary = "Delete a roster student")
@PreAuthorize("@CourseSecurity.hasRosterStudentManagementPermissions(#root, #id)")
@DeleteMapping("/delete")
@Transactional
public ResponseEntity<String> deleteRosterStudent(@Parameter(name = "id") @RequestParam Long id)
throws EntityNotFoundException {
RosterStudent rosterStudent =
rosterStudentRepository
.findById(id)
.orElseThrow(() -> new EntityNotFoundException(RosterStudent.class, id));
Course course = rosterStudent.getCourse();
boolean orgRemovalAttempted = false;
boolean orgRemovalSuccessful = false;
String orgRemovalErrorMessage = null;
// Try to remove the student from the organization if they have a GitHub login
if (rosterStudent.getGithubLogin() != null
&& course.getOrgName() != null
&& course.getInstallationId() != null) {
orgRemovalAttempted = true;
try {
organizationMemberService.removeOrganizationMember(rosterStudent);
orgRemovalSuccessful = true;
} catch (Exception e) {
log.error("Error removing student from organization: {}", e.getMessage());
orgRemovalErrorMessage = e.getMessage();
// Continue with deletion even if organization removal fails
}
}
course.getRosterStudents().remove(rosterStudent);
rosterStudentRepository.delete(rosterStudent);
courseRepository.save(course);
if (!orgRemovalAttempted) {
return ResponseEntity.ok(
"Successfully deleted roster student and removed him/her from the course list");
} else if (orgRemovalSuccessful) {
return ResponseEntity.ok(
"Successfully deleted roster student and removed him/her from the course list and organization");
} else {
return ResponseEntity.ok(
"Successfully deleted roster student but there was an error removing them from the course organization: "
+ orgRemovalErrorMessage);
}
}
}