Implemented possibility to delete submitted assignments

Author: Plugrol

EEDU-Backend/src/main/java/de/gaz/eedu/course/appointment/AppointmentController.java

@@ -49,40 +49,45 @@ public class AppointmentController extends EntityController<Long, AppointmentSer
                 appointments,
                 course);
 
-        Set<InternalFrequentAppointmentCreateModel> internal = toInternalCreateModel(course, appointments).collect(
-                Collectors.toUnmodifiableSet());
+        Set<InternalFrequentAppointmentCreateModel> internal = toInternalCreateModel(course, appointments).collect(Collectors.toUnmodifiableSet());
         Stream<FrequentAppointmentEntity> entities = getService().createEntity(internal).stream();
         return ResponseEntity.ok(entities.map(FrequentAppointmentEntity::toModel).toArray(FrequentAppointmentModel[]::new));
     }
 
     @PreAuthorize("hasRole('teacher')")
-    @GetMapping("/submit/assignment/{appointment}/status/all")
+    @GetMapping("/assignment/{appointment}/status/all")
     public @NotNull ResponseEntity<AssignmentInsightModel[]> submitStatus(@PathVariable long appointment)
     {
         return ResponseEntity.ok(getService().getInsight(appointment).toArray(AssignmentInsightModel[]::new));
     }
 
     @PreAuthorize("hasRole('teacher')")
-    @GetMapping("/submit/assignment/{appointment}/status/{user}")
+    @GetMapping("/assignment/{appointment}/status/{user}")
     public @NotNull ResponseEntity<AssignmentInsightModel> submitStatus(@PathVariable long appointment, @PathVariable long user)
     {
         ResponseEntity<AssignmentInsightModel> notFound = ResponseEntity.notFound().build();
         return getService().getInsight(appointment, user).map(ResponseEntity::ok).orElse(notFound);
     }
 
     @PreAuthorize("hasRole('student')")
-    @GetMapping("/submit/assignment/{appointment}/status")
+    @GetMapping("/assignment/{appointment}/status")
     public @NotNull ResponseEntity<AssignmentInsightModel> ownSubmitStatus(@AuthenticationPrincipal long userId, @PathVariable long appointment)
     {
         ResponseEntity<AssignmentInsightModel> notFound = ResponseEntity.notFound().build();
         return getService().getInsight(appointment, userId).map(ResponseEntity::ok).orElse(notFound);
     }
 
-    @PostMapping("/submit/assignment/{appointment}")
+    @DeleteMapping("/assignment/{appointment}/delete/{files}")
+    public @NotNull ResponseEntity<Void> deleteAssignment(@AuthenticationPrincipal long userId, @PathVariable long appointment, @PathVariable @NotNull String[] files)
+    {
+        return empty(getService().deleteAssignment(userId, appointment, files) ? HttpStatus.OK : HttpStatus.INTERNAL_SERVER_ERROR);
+    }
+
+    @PostMapping("/assignment/{appointment}/submit")
     public @NotNull ResponseEntity<Void> submitAssignment(@AuthenticationPrincipal long userId, @PathVariable long appointment, @NotNull @RequestPart("file") MultipartFile[] files)
     {
         getService().submitAssignment(userId, appointment, files);
-        return empty(HttpStatus.OK);
+        return empty(HttpStatus.CREATED);
     }
 
     @PostMapping("/update/standalone/{appointment}") @PreAuthorize("hasRole('teacher') or hasRole('administrator')")

EEDU-Backend/src/main/java/de/gaz/eedu/course/appointment/AppointmentService.java

@@ -198,16 +198,23 @@ public boolean unscheduleFrequent(long courseId, @NotNull Long... entities)
 
     public void submitAssignment(long user, long assignment, @NotNull MultipartFile[] files)
     {
-        Optional<AppointmentEntryEntity> entryReference = getEntryRepository().findById(assignment);
-        AppointmentEntryEntity entry = entryReference.orElseThrow(entityUnknown(assignment));
-        entry.submitAssignment(user, files);
+        getAppointmentEntry(assignment).submitAssignment(user, files);
+    }
+
+    public boolean deleteAssignment(long user, long assignment, @NotNull String[] files)
+    {
+        return getAppointmentEntry(assignment).deleteAssignment(user, files);
     }
 
     public void hasSubmitted(long user, long assignment, @NotNull MultipartFile[] files)
     {
-        Optional<AppointmentEntryEntity> entryReference = getEntryRepository().findById(assignment);
-        AppointmentEntryEntity entry = entryReference.orElseThrow(entityUnknown(assignment));
-        entry.submitAssignment(user, files);
+        getAppointmentEntry(assignment).submitAssignment(user, files);
+    }
+
+    private AppointmentEntryEntity getAppointmentEntry(long id) throws EntityUnknownException
+    {
+        Optional<AppointmentEntryEntity> entryReference = getEntryRepository().findById(id);
+        return entryReference.orElseThrow(entityUnknown(id));
     }
 
     /**

EEDU-Backend/src/main/java/de/gaz/eedu/course/appointment/entry/AppointmentEntryEntity.java

@@ -33,6 +33,10 @@
 import org.springframework.web.server.ResponseStatusException;
 
 import java.io.File;
+import java.io.IOException;
+import java.nio.file.LinkOption;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.time.Duration;
 import java.time.Instant;
 import java.util.Arrays;
@@ -49,19 +53,17 @@ public class AppointmentEntryEntity implements EntityModelRelation<Long, Appoint
     @Setter(AccessLevel.NONE) @Id private Long id;
     private Duration duration;
     private Instant publish;
-    @Column(name = "description", length = 1000)
-    private String description;
+    @Column(name = "description", length = 1000) private String description;
 
-    @ManyToOne @JoinColumn(name = "course_appointment_id", nullable = false) @JsonBackReference @Cascade(CascadeType.ALL)
-    private CourseEntity course;
+    @ManyToOne @JoinColumn(name = "course_appointment_id", nullable = false) @JsonBackReference
+    @Cascade(CascadeType.ALL) private CourseEntity course;
     @ManyToOne @JoinColumn(name = "frequent_appointment_id") @JsonBackReference
     private @Nullable FrequentAppointmentEntity frequentAppointment;
 
     // must be set through extra method to validate integrity
-    @Getter(AccessLevel.PROTECTED) @Setter(AccessLevel.NONE)
-    @Nullable private String assignmentDescription;
-    @Getter(AccessLevel.PROTECTED) @Setter(AccessLevel.NONE)
-    @Nullable private Instant publishAssignment, submitAssignmentUntil;
+    @Getter(AccessLevel.PROTECTED) @Setter(AccessLevel.NONE) @Nullable private String assignmentDescription;
+    @Getter(AccessLevel.PROTECTED) @Setter(AccessLevel.NONE) @Nullable
+    private Instant publishAssignment, submitAssignmentUntil;
 
     @ManyToOne @JsonManagedReference @JoinColumn(name = "room_id", referencedColumnName = "id")
     private @Nullable RoomEntity room;
@@ -80,6 +82,42 @@ public AppointmentEntryEntity(long id)
         this.id = id;
     }
 
+    private static @NotNull File loadFileSave(@NotNull String uploadPath, @NotNull String fileName)
+    {
+        if (fileName.contains("..") || fileName.contains("/") || fileName.contains("\\"))
+        {
+            String errorMessage = String.format("Invalid file name: %s contains illegal path characters.", fileName);
+            throw new ResponseStatusException(HttpStatus.BAD_REQUEST, errorMessage);
+        }
+
+        Path filePath = Paths.get(uploadPath, fileName);
+
+        try
+        {
+            Path normalizedPath = filePath.toRealPath(LinkOption.NOFOLLOW_LINKS);
+
+            // some security is crucial
+            if (!normalizedPath.startsWith(uploadPath))
+            {
+                String errorMessage = String.format("File %s is outside the allowed directory.", fileName);
+                throw new ResponseStatusException(HttpStatus.FORBIDDEN, errorMessage);
+            }
+
+            File file = normalizedPath.toFile();
+            if (!file.exists())
+            {
+                String errorMessage = String.format("File %s does not exist.", fileName);
+                throw new ResponseStatusException(HttpStatus.NOT_FOUND, errorMessage);
+            }
+
+            return file;
+        } catch (IOException e)
+        {
+            String errorMessage = String.format("Error processing file path for %s.", fileName);
+            throw new ResponseStatusException(HttpStatus.INTERNAL_SERVER_ERROR, errorMessage, e);
+        }
+    }
+
     public @NotNull Optional<RoomEntity> getRoom()
     {
         FrequentAppointmentEntity frequentAppointment = getFrequentAppointment();
@@ -92,8 +130,7 @@ public AppointmentEntryEntity(long id)
 
     public @NotNull AssignmentInsightModel getInsight(@NotNull UserEntity user)
     {
-        FileEntity repository = getCourse().getRepository();
-        String uploadPath = repository.getFilePath(uploadPath(user.getId()));
+        String uploadPath = getUploadPath(user.getId());
         File file = new File(uploadPath);
         File[] files = file.listFiles();
         if (!hasSubmitted(user) || !file.isDirectory() || Objects.isNull(files) || files.length == 0)
@@ -115,8 +152,41 @@ public void submitAssignment(long user, @NotNull MultipartFile... files) throws
             throw new ResponseStatusException(HttpStatus.UNPROCESSABLE_ENTITY);
         }
 
-        getCourse().getRepository().uploadBatch(uploadPath(user), files);
-        log.info("User {} has uploaded files to appointment entry {}", user, getId());
+        String uploadPath = getUploadPath(user);
+        File[] file = new File(uploadPath).listFiles();
+        if (file != null && (file.length + files.length) > 5)
+        {
+            throw new ResponseStatusException(HttpStatus.PAYLOAD_TOO_LARGE, "The maximum amount of files exceeded.");
+        }
+
+        getCourse().getRepository().uploadBatch(uploadPath, files);
+        log.info("User {} has uploaded files to appointment entry {}.", user, getId());
+    }
+
+    public boolean deleteAssignment(long user, String @NotNull ... files)
+    {
+        String uploadPath = uploadPath(user);
+        File[] toBeDeleted = new File[files.length];
+
+        for (int i = 0; i < files.length; i++) {toBeDeleted[i] = loadFileSave(uploadPath, files[i]);}
+
+        boolean allDeleted = true;
+        for (File file : toBeDeleted)
+        {
+            if (!file.delete())
+            {
+                allDeleted = false; // If any file fails to delete, mark as false
+            }
+        }
+        log.info("User {} has deleted files from appointment entry {}.", user, getId());
+
+        return allDeleted;
+    }
+
+    private @NotNull String getUploadPath(long user)
+    {
+        FileEntity repository = getCourse().getRepository();
+        return repository.getFilePath(uploadPath(user));
     }
 
     public boolean hasSubmitted(@NotNull UserEntity user)
@@ -149,16 +219,12 @@ public boolean hasSubmitted(@NotNull UserEntity user)
                 getRoom().map(RoomEntity::toModel).orElse(null),
                 this.getDuration().toMillis(),
                 this.getDescription(),
-                assignment
-        );
+                assignment);
     }
 
-    @Contract(pure = true, value = "-> new")
-    @Override public String toString()
+    @Contract(pure = true, value = "-> new") @Override public String toString()
     { // Automatically generated by IntelliJ
-        return "AppointmentEntryEntity{" +
-                "id=" + id +
-                '}';
+        return "AppointmentEntryEntity{" + "id=" + id + '}';
     }
 
     @Override public boolean equals(Object o)
@@ -285,14 +351,14 @@ protected long getTimeStamp()
      *                              without a null check.
      *                              Example usage:
      *                              <pre>
-     *                                                           {@code
-     *                                                           Optional<AssignmentModel> assignment = entity.getAssignment();
-     *                                                           assignment.ifPresent(a -> {
-     *                                                               System.out.println("Assignment Description: " + a.getDescription());
-     *                                                               System.out.println("Submission Deadline: " + a.getSubmitUntil());
-     *                                                           });
-     *                                                           }
-     *                                                           </pre>
+     *                                                                                        {@code
+     *                                                                                        Optional<AssignmentModel> assignment = entity.getAssignment();
+     *                                                                                        assignment.ifPresent(a -> {
+     *                                                                                            System.out.println("Assignment Description: " + a.getDescription());
+     *                                                                                            System.out.println("Submission Deadline: " + a.getSubmitUntil());
+     *                                                                                        });
+     *                                                                                        }
+     *                                                                                        </pre>
      */
     public @NotNull Optional<AssignmentModel> getAssignment()
     {

EEDU-Frontend/src/app/user/courses/appointment/appointment.service.ts

@@ -41,25 +41,30 @@ export class AppointmentService {
     }
 
     public fetchInsights(appointment: bigint): Observable<AssignmentInsightModel[]> {
-        const url: string = `${this.BACKEND_URL}/submit/assignment/${appointment}/status/all`;
+        const url: string = `${this.BACKEND_URL}/assignment/${appointment}/status/all`;
         return this.http.get<GenericAssignmentInsightModel[]>(url, {withCredentials: true}).pipe(map((response: GenericAssignmentInsightModel[]): AssignmentInsightModel[] => response.map((item: GenericAssignmentInsightModel): AssignmentInsightModel => AssignmentInsightModel.fromObject(item))));
     }
 
     public fetchInsight(appointment: bigint): Observable<AssignmentInsightModel> {
-        const url: string = `${this.BACKEND_URL}/submit/assignment/${appointment}/status`;
+        const url: string = `${this.BACKEND_URL}/assignment/${appointment}/status`;
         return this.http.get<GenericAssignmentInsightModel>(url, {withCredentials: true}).pipe(map((response: GenericAssignmentInsightModel): AssignmentInsightModel => AssignmentInsightModel.fromObject(response)));
     }
 
     public fetchUsersInsight(appointment: bigint, user: bigint): Observable<AssignmentInsightModel> {
-        const url: string = `${this.BACKEND_URL}/submit/assignment/${appointment}/status/${user}`;
+        const url: string = `${this.BACKEND_URL}/assignment/${appointment}/status/${user}`;
         return this.http.get<GenericAssignmentInsightModel>(url, {withCredentials: true}).pipe(map((response: GenericAssignmentInsightModel): AssignmentInsightModel => AssignmentInsightModel.fromObject(response)));
     }
 
     public submitAssignment(appointment: bigint, assignmentFiles: File[]): Observable<HttpEvent<any>> {
-        const url: string = `${this.BACKEND_URL}/submit/assignment/${appointment}`;
+        const url: string = `${this.BACKEND_URL}/assignment/${appointment}/submit`;
         return this._fileService.uploadFiles(url, assignmentFiles);
     }
 
+    public deleteAssignment(appointment: bigint, assignmentFiles: string[]): Observable<void> {
+        const url: string = `${this.BACKEND_URL}/assignment/${appointment}/delete/${assignmentFiles.toString()}`;
+        return this.http.delete<void>(url, {withCredentials: true});
+    }
+
     /**
      * Creates appointments for a specified course.
      *