Deduplicate logic across controllers, auth, and schema fixes

2026-01-28 23:03:48 +05:30
parent f8bdb8e759
commit 9b64b34ab9
26 changed files with 412 additions and 510 deletions
--- a/src/main/kotlin/com/android/trisolarisserver/controller/GuestDocuments.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/controller/GuestDocuments.kt
@@ -53,7 +53,7 @@ class GuestDocuments(
        @RequestParam("bookingId") bookingId: UUID,
        @RequestPart("file") file: MultipartFile
    ): GuestDocumentResponse {
-        val user = requireUser(principal)
+        val user = requireUser(appUserRepo, principal)
        propertyAccess.requireMember(propertyId, user.id!!)
        propertyAccess.requireAnyRole(propertyId, user.id!!, Role.ADMIN, Role.MANAGER)

@@ -65,15 +65,7 @@ class GuestDocuments(
            throw ResponseStatusException(HttpStatus.BAD_REQUEST, "Video files are not allowed")
        }

-        val property = propertyRepo.findById(propertyId).orElseThrow {
-            ResponseStatusException(HttpStatus.NOT_FOUND, "Property not found")
-        }
-        val guest = guestRepo.findById(guestId).orElseThrow {
-            ResponseStatusException(HttpStatus.NOT_FOUND, "Guest not found")
-        }
-        if (guest.property.id != property.id) {
-            throw ResponseStatusException(HttpStatus.BAD_REQUEST, "Guest not in property")
-        }
+        val (property, guest) = requirePropertyGuest(propertyRepo, guestRepo, propertyId, guestId)
        val booking = bookingRepo.findById(bookingId).orElseThrow {
            ResponseStatusException(HttpStatus.NOT_FOUND, "Booking not found")
        }
@@ -106,9 +98,7 @@ class GuestDocuments(
        @PathVariable guestId: UUID,
        @AuthenticationPrincipal principal: MyPrincipal?
    ): List<GuestDocumentResponse> {
-        requirePrincipal(principal)
-        propertyAccess.requireMember(propertyId, principal!!.userId)
-        propertyAccess.requireAnyRole(propertyId, principal.userId, Role.ADMIN, Role.MANAGER)
+        requireRole(propertyAccess, propertyId, principal, Role.ADMIN, Role.MANAGER)

        return guestDocumentRepo
            .findByPropertyIdAndGuestIdOrderByUploadedAtDesc(propertyId, guestId)
@@ -124,9 +114,7 @@ class GuestDocuments(
        @AuthenticationPrincipal principal: MyPrincipal?
    ): ResponseEntity<FileSystemResource> {
        if (token == null) {
-            requirePrincipal(principal)
-            propertyAccess.requireMember(propertyId, principal!!.userId)
-            propertyAccess.requireAnyRole(propertyId, principal.userId, Role.ADMIN, Role.MANAGER)
+            requireRole(propertyAccess, propertyId, principal, Role.ADMIN, Role.MANAGER)
        } else if (!tokenService.validateToken(token, documentId.toString())) {
            throw ResponseStatusException(HttpStatus.UNAUTHORIZED, "Invalid token")
        }
@@ -207,20 +195,6 @@ class GuestDocuments(
        }
    }

-    private fun requirePrincipal(principal: MyPrincipal?) {
-        if (principal == null) {
-            throw ResponseStatusException(HttpStatus.UNAUTHORIZED, "Missing principal")
-        }
-    }
-
-    private fun requireUser(principal: MyPrincipal?): com.android.trisolarisserver.models.property.AppUser {
-        if (principal == null) {
-            throw ResponseStatusException(HttpStatus.UNAUTHORIZED, "Missing principal")
-        }
-        return appUserRepo.findById(principal.userId).orElseThrow {
-            ResponseStatusException(HttpStatus.UNAUTHORIZED, "User not found")
-        }
-    }
 }

 data class GuestDocumentResponse(