diff --git a/src/it/java/teammates/it/ui/webapi/DeleteFeedbackResponseCommentActionIT.java b/src/it/java/teammates/it/ui/webapi/DeleteFeedbackResponseCommentActionIT.java index d5a23c96277e..639dd803fed3 100644 --- a/src/it/java/teammates/it/ui/webapi/DeleteFeedbackResponseCommentActionIT.java +++ b/src/it/java/teammates/it/ui/webapi/DeleteFeedbackResponseCommentActionIT.java @@ -64,7 +64,7 @@ protected void testAccessControl() throws Exception { }; Instructor instructorWhoGiveComment = typicalBundle.instructors.get("instructor1OfCourse1"); - assertEquals(instructorWhoGiveComment.getEmail(), frc.getGiver()); + assertEquals(instructorWhoGiveComment.getEmail(), frc.getGiver().getEmail()); loginAsInstructor(instructorWhoGiveComment.getGoogleId()); verifyCanAccess(submissionParams); diff --git a/src/main/java/teammates/storage/sqlapi/FeedbackResponsesDb.java b/src/main/java/teammates/storage/sqlapi/FeedbackResponsesDb.java index be497ae28264..c80cea3e6fc1 100644 --- a/src/main/java/teammates/storage/sqlapi/FeedbackResponsesDb.java +++ b/src/main/java/teammates/storage/sqlapi/FeedbackResponsesDb.java @@ -16,6 +16,7 @@ import teammates.storage.sqlentity.FeedbackResponse; import teammates.storage.sqlentity.FeedbackSession; import teammates.storage.sqlentity.Section; +import teammates.storage.sqlentity.User; import jakarta.persistence.criteria.CriteriaBuilder; import jakarta.persistence.criteria.CriteriaDelete; @@ -130,10 +131,11 @@ public List getFeedbackResponsesFromGiverForQuestion( CriteriaQuery cq = cb.createQuery(FeedbackResponse.class); Root root = cq.from(FeedbackResponse.class); Join frJoin = root.join("feedbackQuestion"); + Join uJoin = root.join("giver"); cq.select(root) .where(cb.and( cb.equal(frJoin.get("id"), feedbackQuestionId), - cb.equal(root.get("giver"), giverEmail))); + cb.equal(uJoin.get("email"), giverEmail))); return HibernateUtil.createQuery(cq).getResultList(); } @@ -183,6 +185,11 @@ public List getResponsesForQuestion(UUID questionId) { /** * Checks whether a user has responses in a session. + * + * @param giver the email of the giver. + * @param feedbackSessionName the name of the feedback session. + * @param courseId the identifier of the course. + * @return a boolean if there are responses from the given giver in this feedback session. */ public boolean hasResponsesFromGiverInSession( String giver, String feedbackSessionName, String courseId) { @@ -192,10 +199,11 @@ public boolean hasResponsesFromGiverInSession( Join fqJoin = root.join("feedbackQuestion"); Join fsJoin = fqJoin.join("feedbackSession"); Join courseJoin = fsJoin.join("course"); + Join uJoin = root.join("giver"); cq.select(root) .where(cb.and( - cb.equal(root.get("giver"), giver), + cb.equal(uJoin.get("email"), giver), cb.equal(fsJoin.get("name"), feedbackSessionName), cb.equal(courseJoin.get("id"), courseId))); diff --git a/src/main/java/teammates/storage/sqlentity/FeedbackResponse.java b/src/main/java/teammates/storage/sqlentity/FeedbackResponse.java index 0fc187c29693..94cd6528d5ee 100644 --- a/src/main/java/teammates/storage/sqlentity/FeedbackResponse.java +++ b/src/main/java/teammates/storage/sqlentity/FeedbackResponse.java @@ -48,7 +48,7 @@ public abstract class FeedbackResponse extends BaseEntity { @OneToMany(mappedBy = "feedbackResponse", cascade = CascadeType.REMOVE) private List feedbackResponseComments = new ArrayList<>(); - @ManyToOne + @ManyToOne(cascade = {CascadeType.MERGE, CascadeType.REMOVE}) @OnDelete(action = OnDeleteAction.CASCADE) @JoinColumn(name = "giverId", nullable = false) private User giver; @@ -57,7 +57,7 @@ public abstract class FeedbackResponse extends BaseEntity { @JoinColumn(name = "giverSectionId") private Section giverSection; - @ManyToOne + @ManyToOne(cascade = {CascadeType.MERGE, CascadeType.REMOVE}) @OnDelete(action = OnDeleteAction.CASCADE) @JoinColumn(name = "recipientId", nullable = false) private User recipient; diff --git a/src/main/java/teammates/ui/webapi/DeleteFeedbackResponseCommentAction.java b/src/main/java/teammates/ui/webapi/DeleteFeedbackResponseCommentAction.java index 5ca18c8f2528..926eedbd8e8e 100644 --- a/src/main/java/teammates/ui/webapi/DeleteFeedbackResponseCommentAction.java +++ b/src/main/java/teammates/ui/webapi/DeleteFeedbackResponseCommentAction.java @@ -133,7 +133,7 @@ void checkSpecificAccessControl() throws UnauthorizedAccessException { if (instructor == null) { throw new UnauthorizedAccessException("Trying to access system using a non-existent instructor entity"); } - if (comment.getGiver().equals(instructor.getEmail())) { // giver, allowed by default + if (comment.getGiver().getEmail().equals(instructor.getEmail())) { // giver, allowed by default return; } diff --git a/src/main/java/teammates/ui/webapi/GateKeeper.java b/src/main/java/teammates/ui/webapi/GateKeeper.java index 75b73feefe07..33af78ad2ab1 100644 --- a/src/main/java/teammates/ui/webapi/GateKeeper.java +++ b/src/main/java/teammates/ui/webapi/GateKeeper.java @@ -466,10 +466,10 @@ void verifyOwnership(FeedbackResponseCommentAttributes frc, String feedbackParti void verifyOwnership(FeedbackResponseComment frc, String feedbackParticipant) throws UnauthorizedAccessException { verifyNotNull(frc, "feedback response comment"); - verifyNotNull(frc.getGiver(), "feedback response comment giver"); + verifyNotNull(frc.getGiver().getEmail(), "feedback response comment giver"); verifyNotNull(feedbackParticipant, "comment giver"); - if (!frc.getGiver().equals(feedbackParticipant)) { + if (!frc.getGiver().getEmail().equals(feedbackParticipant)) { throw new UnauthorizedAccessException("Comment [" + frc.getId() + "] is not accessible to " + feedbackParticipant); }