upgrad-edu / course_4_assignment Goto Github PK

Currently, if you upload an image with the same exact title as a previously uploaded image, it will get uploaded. But then, if you try to navigate to one of the images with the same title, the image uploader will display an error.

Reproduction Step:
1. Create a new image with a title
2. Create a second image with the same title as the first image
3. You'll see a server error if you try to navigate to either the first or second image

The issue:
1. The ImageRepository class retrieves an image by its title in the ‘getImageByTitle()’ method. Please
see the following code in the ImageRepository class:

public Image getImageByTitle(String title) {
   EntityManager em = emf.createEntityManager();
   try {
       TypedQuery<Image> typedQuery = em.createQuery("SELECT i from Image i where i.title =:title", Image.class).setParameter("title", title);
       return typedQuery.getSingleResult();
   } catch (NoResultException nre) {
       return null;
   }
}

2. As you can see in the getImageByTitle() method, we are using a method called ‘getSingleResult()’
3. The ‘getSingleResult()’ method will throw an exception if there is more than one matching result.

Possible Solution:

1. Instead of retrieving an image by its title, we should retrieve an image by a more unique
   identifier, such as the image's table id. Implement this change in the whole code implementation
   wherever we are retrieving the image by its title.

2. In addition, we need to update the ImageController so that:
   a. An image's URL includes its unique identifier. The URL of the page showing the details of the
   particular image should be of type ‘/images/{imageId}/{title}’
   b. The image controller will then use that unique identifier to retrieve an image.

3. In addition, you need to update <a th:href="'/images/' +${i.title}"> in images.html’ file to
   <a th:href="'/images/' +${i.id} +'/' +${i.title}"> which redirects to a request handling method with request mapping of type ‘/images/{imageId}/{title}’, when you click on the title of the image to display the details of that particular image.

Currently, the user can edit/delete the image which has been uploaded by some other user.

Reproduction Step:

1. Get the details of the image which has been uploaded by some other user
2. Try to edit/delete the image
3. The image gets edited/deleted

The issue:
There is no check on the details of the user when the image is edited/deleted. Before editing/deleting the image, the owner of the image is not compared to the user, who is trying to edit/delete the image.

Possible Solution:

1. There must be a check on the user details who is trying to edit/delete the image. The details of the owner of the user can be compared to the details of the user who is trying to edit/delete the image.
2. If the non-owner tries to edit/delete the image, print the error message.

Hint
How to print the error message?
Let us know how to print the error message in case the non-owner of the image tries to edit the image,

1. Declare and initialize a string with the message in the Controller logic as shown below:
   String error = "Only the owner of the image can edit the image";

2. Add the string in the Model type object as shown below:
   model.addAttribute("editError", error);
   Note that the key is ‘editError’.

3. Since we are returning the ‘image.html’ file, you need to provide the instructions to print the message in this HTML file, but with an if condition that displays the message only when the non-owner of the image is trying to edit the image. Therefore, we will add this message in the ‘image.html’ file with an if condition.

4. Since you have added the error string in the Model type object with ‘editError’ as the key in case the non-owner of the image is trying to edit the image, you need to use this as the if condition. If the Model type object contains the ‘editError’ attribute, display the message ‘Only the owner of the image can edit the image’ as shown below:
   <div th:if="${editError}">Only the owner of the image can edit the image</div>
   Uncomment the above code in the ‘image.html’ file.

5. If the Model type object does not contain the ‘editError’ attribute, this message will not be displayed.

6. Note that the test cases are designed in such as way that you need to add the message "Only the owner of the image can edit the image" with the key as ‘editError’ for the test cases to pass.

7. Similarly, you need to restrict the deletion of the image by the non-owner of the image. The error message to be added in the Model type object when the non-owner of the image is trying to delete the image should be “Only the owner of the image can delete the image” and the key should be 'deleteError'.