Implemented endpoint to get supplies by user

Author: viktorKhan

CLAUDE.md

@@ -118,3 +118,5 @@ With the app running:
 - Code should be self-explanatory with comments when additional explanation is needed
 - All new code must have automated tests
 - Architecture tests are enforced via ArchUnit (see `src/test/java/org/lucoenergia/conluz/architecture/`)
+- when injecting beans, always use the interface. This also applies to integration tests
+- when creating tests over services that has an interface, always use the name of the interface + "Test" for naming them

src/main/java/org/lucoenergia/conluz/domain/admin/supply/get/GetSupplyRepository.java

@@ -3,6 +3,7 @@
 import org.lucoenergia.conluz.domain.admin.supply.Supply;
 import org.lucoenergia.conluz.domain.shared.SupplyCode;
 import org.lucoenergia.conluz.domain.shared.SupplyId;
+import org.lucoenergia.conluz.domain.shared.UserId;
 import org.lucoenergia.conluz.domain.shared.pagination.PagedRequest;
 import org.lucoenergia.conluz.domain.shared.pagination.PagedResult;
 
@@ -20,4 +21,6 @@ public interface GetSupplyRepository {
 
     PagedResult<Supply> findAll(PagedRequest pagedRequest);
     List<Supply> findAll();
+
+    List<Supply> findByUserId(UserId userId);
 }

src/main/java/org/lucoenergia/conluz/domain/admin/supply/get/GetSupplyService.java

@@ -2,12 +2,25 @@
 
 import org.lucoenergia.conluz.domain.admin.supply.Supply;
 import org.lucoenergia.conluz.domain.shared.SupplyId;
+import org.lucoenergia.conluz.domain.shared.UserId;
 import org.lucoenergia.conluz.domain.shared.pagination.PagedRequest;
 import org.lucoenergia.conluz.domain.shared.pagination.PagedResult;
 
+import java.util.List;
+
 public interface GetSupplyService {
 
     PagedResult<Supply> findAll(PagedRequest pagedRequest);
 
     Supply getById(SupplyId id);
+
+    /**
+     * Retrieves a list of supplies associated with a specified user.
+     *
+     * @param userId the identifier of the user whose supplies are to be retrieved
+     * @param requestingUserId the identifier of the user making the request
+     * @param isAdmin a flag indicating if the requesting user has administrative privileges
+     * @return a list of supplies associated with the specified user
+     */
+    List<Supply> getByUserId(UserId userId, UserId requestingUserId, boolean isAdmin);
 }

src/main/java/org/lucoenergia/conluz/infrastructure/admin/supply/SupplyRepository.java

@@ -2,6 +2,7 @@
 
 import org.springframework.data.jpa.repository.JpaRepository;
 
+import java.util.List;
 import java.util.Optional;
 import java.util.UUID;
 
@@ -10,4 +11,6 @@ public interface SupplyRepository extends JpaRepository<SupplyEntity, UUID> {
     Optional<SupplyEntity> findByCode(String code);
 
     int countByCode(String code);
+
+    List<SupplyEntity> findByUserId(UUID userId);
 }

src/main/java/org/lucoenergia/conluz/infrastructure/admin/supply/get/GetSupplyRepositoryDatabase.java

@@ -4,6 +4,7 @@
 import org.lucoenergia.conluz.domain.admin.supply.Supply;
 import org.lucoenergia.conluz.domain.shared.SupplyCode;
 import org.lucoenergia.conluz.domain.shared.SupplyId;
+import org.lucoenergia.conluz.domain.shared.UserId;
 import org.lucoenergia.conluz.domain.shared.pagination.PagedRequest;
 import org.lucoenergia.conluz.domain.shared.pagination.PagedResult;
 import org.lucoenergia.conluz.infrastructure.admin.supply.SupplyEntity;
@@ -79,4 +80,10 @@ public List<Supply> findAll() {
 
         return allSupplies.getItems();
     }
+
+    @Override
+    public List<Supply> findByUserId(UserId userId) {
+        List<SupplyEntity> supplyEntities = supplyRepository.findByUserId(userId.getId());
+        return supplyEntityMapper.mapList(supplyEntities);
+    }
 }

src/main/java/org/lucoenergia/conluz/infrastructure/admin/supply/get/GetSupplyServiceImpl.java

@@ -8,12 +8,14 @@
 import org.lucoenergia.conluz.domain.admin.user.User;
 import org.lucoenergia.conluz.domain.admin.user.auth.AuthService;
 import org.lucoenergia.conluz.domain.shared.SupplyId;
+import org.lucoenergia.conluz.domain.shared.UserId;
 import org.lucoenergia.conluz.domain.shared.pagination.PagedRequest;
 import org.lucoenergia.conluz.domain.shared.pagination.PagedResult;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
+import java.util.List;
 import java.util.Optional;
 
 @Transactional(readOnly = true)
@@ -52,4 +54,19 @@ public Supply getById(SupplyId id) {
 
         throw new AccessDeniedException("You do not have permission to access this supply");
     }
+
+    @Override
+    public List<Supply> getByUserId(UserId userId, UserId requestingUserId, boolean isAdmin) {
+        // If user is ADMIN, return all supplies for the requested user
+        if (isAdmin) {
+            return repository.findByUserId(userId);
+        }
+
+        // Otherwise, only if the requesting user is the same as the requested user
+        if (userId.getId().equals(requestingUserId.getId())) {
+            return repository.findByUserId(userId);
+        }
+
+        throw new AccessDeniedException("You do not have permission to access supplies for this user");
+    }
 }

src/main/java/org/lucoenergia/conluz/infrastructure/admin/user/get/GetSuppliesByUserIdController.java

@@ -0,0 +1,87 @@
+package org.lucoenergia.conluz.infrastructure.admin.user.get;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.responses.ApiResponses;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import org.lucoenergia.conluz.domain.admin.supply.Supply;
+import org.lucoenergia.conluz.domain.admin.supply.get.GetSupplyService;
+import org.lucoenergia.conluz.domain.admin.user.Role;
+import org.lucoenergia.conluz.domain.admin.user.User;
+import org.lucoenergia.conluz.domain.admin.user.auth.AuthService;
+import org.lucoenergia.conluz.domain.shared.UserId;
+import org.lucoenergia.conluz.infrastructure.admin.supply.SupplyResponse;
+import org.lucoenergia.conluz.infrastructure.shared.web.apidocs.ApiTag;
+import org.lucoenergia.conluz.infrastructure.shared.web.apidocs.response.BadRequestErrorResponse;
+import org.lucoenergia.conluz.infrastructure.shared.web.apidocs.response.ForbiddenErrorResponse;
+import org.lucoenergia.conluz.infrastructure.shared.web.apidocs.response.InternalServerErrorResponse;
+import org.lucoenergia.conluz.infrastructure.shared.web.apidocs.response.NotFoundErrorResponse;
+import org.lucoenergia.conluz.infrastructure.shared.web.apidocs.response.UnauthorizedErrorResponse;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.List;
+import java.util.UUID;
+
+/**
+ * Get supplies for a specific user
+ */
+@RestController
+@RequestMapping(value = "/api/v1/users")
+public class GetSuppliesByUserIdController {
+
+    private final GetSupplyService supplyService;
+    private final AuthService authService;
+
+    public GetSuppliesByUserIdController(GetSupplyService supplyService, AuthService authService) {
+        this.supplyService = supplyService;
+        this.authService = authService;
+    }
+
+    @GetMapping("/{id}/supplies")
+    @Operation(
+            summary = "Retrieves all supplies for a specific user",
+            description = """
+                    This endpoint retrieves all supplies associated with a specific user by their unique identifier.
+
+                    **Authorization Rules:**
+                    - Users with role ADMIN can retrieve supplies for any user
+                    - Users with role PARTNER can only retrieve their own supplies
+
+                    Authentication is required using a Bearer token.
+                    """,
+            tags = ApiTag.USERS,
+            operationId = "getSuppliesByUserId",
+            security = @SecurityRequirement(name = "bearerToken")
+    )
+    @ApiResponses(value = {
+            @ApiResponse(
+                    responseCode = "200",
+                    description = "Supplies retrieved successfully",
+                    useReturnTypeSchema = true
+            )
+    })
+    @ForbiddenErrorResponse
+    @UnauthorizedErrorResponse
+    @BadRequestErrorResponse
+    @NotFoundErrorResponse
+    @InternalServerErrorResponse
+    @PreAuthorize("isAuthenticated()")
+    public List<SupplyResponse> getSuppliesByUserId(@PathVariable("id") UUID userId) {
+        User currentUser = authService.getCurrentUser()
+                .orElseThrow(() -> new IllegalStateException("User must be authenticated"));
+
+        UserId targetUserId = UserId.of(userId);
+        UserId requestingUserId = UserId.of(currentUser.getId());
+        boolean isAdmin = currentUser.getRole() == Role.ADMIN;
+
+        List<Supply> supplies = supplyService.getByUserId(targetUserId, requestingUserId, isAdmin);
+
+        return supplies.stream()
+                .map(SupplyResponse::new)
+                .toList();
+    }
+}

src/test/java/org/lucoenergia/conluz/infrastructure/admin/supply/get/GetSupplyServiceTest.java

@@ -0,0 +1,112 @@
+package org.lucoenergia.conluz.infrastructure.admin.supply.get;
+
+import org.junit.jupiter.api.Test;
+import org.lucoenergia.conluz.domain.admin.supply.Supply;
+import org.lucoenergia.conluz.domain.admin.supply.get.GetSupplyRepository;
+import org.lucoenergia.conluz.domain.admin.supply.get.GetSupplyService;
+import org.lucoenergia.conluz.domain.admin.user.User;
+import org.lucoenergia.conluz.domain.admin.user.UserMother;
+import org.lucoenergia.conluz.domain.shared.UserId;
+import org.mockito.Mockito;
+import org.springframework.security.access.AccessDeniedException;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.UUID;
+
+import static org.junit.jupiter.api.Assertions.*;
+import static org.mockito.Mockito.*;
+
+class GetSupplyServiceTest {
+
+    private final GetSupplyRepository repository = Mockito.mock(GetSupplyRepository.class);
+    private final GetSupplyService service = new GetSupplyServiceImpl(repository, null);
+
+    @Test
+    void getByUserIdWithAuthorization_shouldReturnSuppliesWhenUserIsAdmin() {
+        // Given
+        UUID userId = UUID.randomUUID();
+        UUID requestingUserId = UUID.randomUUID();
+        UserId userIdValue = UserId.of(userId);
+        UserId requestingUserIdValue = UserId.of(requestingUserId);
+
+        User user = UserMother.randomUserWithId(userId);
+        Supply supply1 = new Supply.Builder()
+                .withId(UUID.randomUUID())
+                .withCode("ES001")
+                .withUser(user)
+                .withName("Supply 1")
+                .withAddress("Address 1")
+                .withPartitionCoefficient(1.0f)
+                .withEnabled(true)
+                .build();
+        Supply supply2 = new Supply.Builder()
+                .withId(UUID.randomUUID())
+                .withCode("ES002")
+                .withUser(user)
+                .withName("Supply 2")
+                .withAddress("Address 2")
+                .withPartitionCoefficient(1.0f)
+                .withEnabled(true)
+                .build();
+
+        List<Supply> expectedSupplies = Arrays.asList(supply1, supply2);
+        when(repository.findByUserId(userIdValue)).thenReturn(expectedSupplies);
+
+        // When
+        List<Supply> result = service.getByUserId(userIdValue, requestingUserIdValue, true);
+
+        // Then
+        assertNotNull(result);
+        assertEquals(2, result.size());
+        assertEquals(expectedSupplies, result);
+        verify(repository).findByUserId(userIdValue);
+    }
+
+    @Test
+    void getByUserIdWithAuthorization_shouldReturnSuppliesWhenUserRequestsOwnSupplies() {
+        // Given
+        UUID userId = UUID.randomUUID();
+        UserId userIdValue = UserId.of(userId);
+
+        User user = UserMother.randomUserWithId(userId);
+        Supply supply = new Supply.Builder()
+                .withId(UUID.randomUUID())
+                .withCode("ES001")
+                .withUser(user)
+                .withName("Supply 1")
+                .withAddress("Address 1")
+                .withPartitionCoefficient(1.0f)
+                .withEnabled(true)
+                .build();
+
+        List<Supply> expectedSupplies = Arrays.asList(supply);
+        when(repository.findByUserId(userIdValue)).thenReturn(expectedSupplies);
+
+        // When
+        List<Supply> result = service.getByUserId(userIdValue, userIdValue, false);
+
+        // Then
+        assertNotNull(result);
+        assertEquals(1, result.size());
+        assertEquals(expectedSupplies, result);
+        verify(repository).findByUserId(userIdValue);
+    }
+
+    @Test
+    void getByUserIdWithAuthorization_shouldThrowAccessDeniedWhenNonAdminRequestsOtherUserSupplies() {
+        // Given
+        UUID userId = UUID.randomUUID();
+        UUID requestingUserId = UUID.randomUUID();
+        UserId userIdValue = UserId.of(userId);
+        UserId requestingUserIdValue = UserId.of(requestingUserId);
+
+        // When & Then
+        AccessDeniedException exception = assertThrows(AccessDeniedException.class, () -> {
+            service.getByUserId(userIdValue, requestingUserIdValue, false);
+        });
+
+        assertEquals("You do not have permission to access supplies for this user", exception.getMessage());
+        verify(repository, never()).findByUserId(any());
+    }
+}