[feat-1057] добавлена проверка прав в сервисах прогресса урока и программы #1078
Open
Textile86 wants to merge 1 commit intohexlet-volunteers:mainfrom
Open
[feat-1057] добавлена проверка прав в сервисах прогресса урока и программы #1078Textile86 wants to merge 1 commit intohexlet-volunteers:mainfrom
Textile86 wants to merge 1 commit intohexlet-volunteers:mainfrom
Conversation
ann-p-1320
reviewed
Apr 14, 2026
| return commonHandle(errors, request, redirectAttributes, HttpStatus.UNAUTHORIZED); | ||
| } | ||
|
|
||
| @ExceptionHandler(AccessDeniedException.class) |
There was a problem hiding this comment.
Спринг же вроде бы по дефолту преобразует AccessDeniedException в 403?
ann-p-1320
reviewed
Apr 14, 2026
|
|
||
| @Transactional | ||
| public void completeLesson(Long progressId) { | ||
| public void completeLesson(Long progressId, Long userId) { |
There was a problem hiding this comment.
Лучше не менять сигнатуру метода, а получать залогиненного пользователя внутри этого метода
ann-p-1320
reviewed
Apr 14, 2026
| .orElseThrow(() -> new ResourceNotFoundException("lesson.progress.not.found" + progressId)); | ||
|
|
||
| if (!progress.getUser().getId().equals(userId)) { | ||
| throw new AccessDeniedException("Access denied"); |
There was a problem hiding this comment.
Предлагаю изменить текст ошибки, например так: "User cannot access this lesson", иначе тавтология
ann-p-1320
reviewed
Apr 14, 2026
| } | ||
|
|
||
| @Test | ||
| void completeLessonByAnotherUserReturnsForbidden() throws Exception { |
There was a problem hiding this comment.
Порефактори, плз, все тесты в этом классе так, чтобы они были изолированными друг от друга (для этого нужно не использовать методы setUp и cleanUp), а также проверь тесты на соблюдение паттерна ААА добавь комментарии
//given
//when
//then
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #1057
UserLessonProgressService.completeLesson()добавлена проверка:progress.getUser().getId().equals(userId)UserProgramProgressService.completeProgram()добавлена аналогичная проверкаuser.getId()из контекста безопасности