Enhance event management with CRUD and organizer retrieval by PasinduOG · Pull Request #9 · PasinduOG/eventsphere

PasinduOG · 2026-04-14T18:59:50Z

This pull request adds comprehensive event management features to the backend, including support for event creation, updating, cancellation, deletion, and querying by organizer. It also refactors authentication to use the currently logged-in user (via Principal) for user-specific actions, improving security and code clarity.

Event management enhancements:

Added endpoints and service methods for updating, cancelling, soft deleting, and permanently deleting events, with corresponding repository methods and SQL implementations. [1] [2] [3] [4] [5]
Introduced endpoint and logic to find events by organizer email, allowing admins to query events based on the organizer. [1] [2] [3] [4] [5]

Authentication and security improvements:

Refactored controller methods to use Principal for retrieving the current user, removing reliance on passing userId as a request parameter and ensuring actions are performed on behalf of the authenticated user. [1] [2] [3]

Repository and service layer changes:

Updated repository and service interfaces to support new event operations, including validation to ensure only events with an organizer can be created or updated, and that operations fail gracefully if the event does not exist. [1] [2] [3] [4] [5]

Bug prevention and data integrity:

Added checks to prevent saving or updating events without an organizerId, and to exclude cancelled or unavailable events from queries. [1] [2]

Dependency and annotation fixes:

Changed EventServiceImpl annotation from @Repository to @Service to correctly indicate its role in the application context.

Copilot

Pull request overview

This PR expands the backend event domain to support full CRUD-style management (update/cancel/soft-delete/hard-delete) and adds an admin query to retrieve events by organizer email, while also refactoring several endpoints to use the authenticated user (Principal) instead of accepting userId as a request parameter.

Changes:

Added service/repository methods for updating, cancelling, soft deleting, and permanently deleting events.
Added admin endpoint + repository query to list events by organizer email.
Updated controller flows to derive the acting user from Principal (and set organizerId server-side for create/update).

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 9 comments.

Show a summary per file

File	Description
`src/main/java/dev/pasinduog/eventsphere/service/impl/EventServiceImpl.java`	Implements new event operations (update/cancel/soft/hard delete) and organizer-based retrieval.
`src/main/java/dev/pasinduog/eventsphere/service/EventService.java`	Extends service API with new event-management methods.
`src/main/java/dev/pasinduog/eventsphere/repository/impl/EventRepositoryImpl.java`	Adds SQL implementations for update/cancel/soft/hard delete and organizer-email query; adjusts `findById` filtering.
`src/main/java/dev/pasinduog/eventsphere/repository/EventRepository.java`	Extends repository API with new event-management methods.
`src/main/java/dev/pasinduog/eventsphere/controller/EventController.java`	Adds new endpoints and switches user-specific actions to use `Principal`.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot · 2026-04-14T19:06:16Z

+    boolean updateEvent(@PathVariable String eventId, @RequestBody Event event, Principal principal) {
+        User currentUser = userService.getUserEntityByEmail(principal.getName());
+        event.setOrganizerId(currentUser.getId());
+        return eventService.updateEvent(event, eventId);


In updateEvent, the controller sets event.organizerId to the current user, and the repository update writes organizer_id = ?. This means any ORGANIZER can update any event ID and effectively transfer ownership; admins editing would also unintentionally become the organizer. The update flow should preserve the existing organizer_id and/or verify the current user owns the event unless the caller is ADMIN.

Copilot · 2026-04-14T19:06:16Z

+        if (event.getId() == null || event.getId().isEmpty()) {
+            event.setId(eventId);
+        }


updateEvent only assigns eventId into event.id when the request body omits an ID. If the client supplies a different non-empty event.id, the service will still proceed and EventRepositoryImpl.update() will update by event.getId(), not the path eventId. Make the path ID authoritative (always set event.id = eventId or reject mismatches).

Suggested change

if (event.getId() == null || event.getId().isEmpty()) {

event.setId(eventId);

}

event.setId(eventId);

Copilot · 2026-04-14T19:06:17Z

+    @Override
+    public boolean delete(String eventId) {
+        if (eventRepository.findById(eventId).isEmpty())
+            throw new EventNotFoundException("Update failed. Event not found");


The exception message in delete says "Update failed..." which is misleading for a hard delete operation. Consider changing it to operation-specific wording (e.g., "Delete failed. Event not found") or a generic "Event not found".

Suggested change

throw new EventNotFoundException("Update failed. Event not found");

throw new EventNotFoundException("Delete failed. Event not found");

… handling and new endpoints

PasinduOG added 2 commits April 15, 2026 00:08

feat: enhance event management with CRUD operations and user association

0e86711

feat: add functionality to retrieve events by organizer's email

c84bc8a

PasinduOG self-assigned this Apr 14, 2026

PasinduOG added the enhancement New feature or request label Apr 14, 2026

PasinduOG requested a review from Copilot April 14, 2026 18:59

Copilot started reviewing on behalf of PasinduOG April 14, 2026 19:00 View session

Copilot AI reviewed Apr 14, 2026

View reviewed changes

PasinduOG added 2 commits April 19, 2026 13:17

feat: enhance authentication and event management with improved error…

ab86fc6

… handling and new endpoints

feat: restrict event cancellation and deletion to ADMIN role only

eef3863

Copilot started work on behalf of PasinduOG April 19, 2026 07:56 View session

Copilot finished work on behalf of PasinduOG April 19, 2026 07:57

fix: update event retrieval query to include all statuses

bad01c9

Copilot started work on behalf of PasinduOG April 19, 2026 08:00 View session

Copilot finished work on behalf of PasinduOG April 19, 2026 08:01

fix: improve error messages for event cancellation and deletion

32123f4

Copilot started work on behalf of PasinduOG April 19, 2026 08:03 View session

Copilot finished work on behalf of PasinduOG April 19, 2026 08:04

PasinduOG merged commit 68e5939 into dev Apr 19, 2026
1 check passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enhance event management with CRUD and organizer retrieval#9

Enhance event management with CRUD and organizer retrieval#9
PasinduOG merged 6 commits intodevfrom
feature/events

PasinduOG commented Apr 14, 2026

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Copilot AI Apr 14, 2026

Uh oh!

Copilot AI Apr 14, 2026

Uh oh!

Uh oh!

Uh oh!

Copilot AI Apr 14, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

	throw new EventNotFoundException("Update failed. Event not found");
	throw new EventNotFoundException("Delete failed. Event not found");

Conversation

PasinduOG commented Apr 14, 2026

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Copilot AI Apr 14, 2026

Choose a reason for hiding this comment

Uh oh!

Copilot AI Apr 14, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Copilot AI Apr 14, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants