meals-made-easy-api/src/main/java/app/mealsmadeeasy/api/recipe/RecipeSecurityImpl.java

package app.mealsmadeeasy.api.recipe;

import app.mealsmadeeasy.api.user.User;
import org.jetbrains.annotations.Nullable;
import org.springframework.stereotype.Component;

import java.util.Objects;

@Component("recipeSecurity")
public class RecipeSecurityImpl implements RecipeSecurity {

    private final RecipeRepository recipeRepository;

    public RecipeSecurityImpl(RecipeRepository recipeRepository) {
        this.recipeRepository = recipeRepository;
    }

    @Override
    public boolean isOwner(Recipe recipe, User user) {
        return recipe.getOwner() != null && recipe.getOwner().getId().equals(user.getId());
    }

    @Override
    public boolean isOwner(long recipeId, User user) throws RecipeException {
        final Recipe recipe = this.recipeRepository.findById(recipeId).orElseThrow(() -> new RecipeException(
                RecipeException.Type.INVALID_ID,
                "No such Recipe with id " + recipeId
        ));
        return this.isOwner(recipe, user);
    }

    @Override
    public boolean isViewableBy(Recipe recipe, @Nullable User user) {
        if (recipe.isPublic()) {
            // public recipe
            return true;
        } else if (user == null) {
            // a non-public recipe with no principal
            return false;
        } else if (Objects.equals(recipe.getOwner().getId(), user.getId())) {
            // is owner
            return true;
        } else {
            // check if viewer
            final RecipeEntity withViewers = this.recipeRepository.getByIdWithViewers(recipe.getId());
            for (final User viewer : withViewers.getViewers()) {
                if (viewer.getId() != null && viewer.getId().equals(user.getId())) {
                    return true;
                }
            }
        }
        // non-public recipe and not viewer
        return false;
    }

    @Override
    public boolean isViewableBy(long recipeId, @Nullable User user) throws RecipeException {
        final Recipe recipe = this.recipeRepository.findById(recipeId).orElseThrow(() -> new RecipeException(
                RecipeException.Type.INVALID_ID,
                "No such Recipe with id " + recipeId
        ));
        return this.isViewableBy(recipe, user);
    }

}