[kbss-cvut/record-manager-ui#201] Throw ValidationException in getRec…

…ords method if user does not have institution and has User Role. Add params to the getRecords test for mocking http request.

src/main/java/cz/cvut/kbss/study/rest/PatientRecordController.java

@@ -6,6 +6,7 @@
 import cz.cvut.kbss.study.dto.PatientRecordDto;
 import cz.cvut.kbss.study.dto.RecordImportResult;
 import cz.cvut.kbss.study.exception.NotFoundException;
+import cz.cvut.kbss.study.exception.ValidationException;
 import cz.cvut.kbss.study.model.PatientRecord;
 import cz.cvut.kbss.study.model.RecordPhase;
 import cz.cvut.kbss.study.model.User;
@@ -31,6 +32,8 @@
 import org.springframework.data.domain.Page;
 import org.springframework.http.*;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
 import org.springframework.web.bind.annotation.*;
@@ -71,12 +74,21 @@ public PatientRecordController(PatientRecordService recordService, ApplicationEv
         this.userService = userService;
     }
 
-    @PreAuthorize("hasRole('" + SecurityConstants.ROLE_ADMIN + "') or @securityUtils.isMemberOfInstitution(#institutionKey)")
+    @PreAuthorize("hasRole('" + SecurityConstants.ROLE_ADMIN + "') or #institutionKey==null or @securityUtils.isMemberOfInstitution(#institutionKey)")
     @GetMapping(produces = MediaType.APPLICATION_JSON_VALUE)
     public List<PatientRecordDto> getRecords(
             @RequestParam(value = "institution", required = false) String institutionKey,
             @RequestParam MultiValueMap<String, String> params,
             UriComponentsBuilder uriBuilder, HttpServletResponse response) {
+
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+        boolean hasAdminRole = authentication.getAuthorities().stream()
+                .anyMatch(authority -> authority.getAuthority().equals(SecurityConstants.ROLE_ADMIN));
+
+        if (!hasAdminRole && institutionKey == null) {
+            throw new ValidationException("record.save-error.user-not-assigned-to-institution",
+                    "User is not assigned to any institution.");
+        }
         final Page<PatientRecordDto> result = recordService.findAll(RecordFilterMapper.constructRecordFilter(params),
                                                                     RestUtils.resolvePaging(params));
         eventPublisher.publishEvent(new PaginatedResultRetrievedEvent(this, uriBuilder, response, result));

src/test/java/cz/cvut/kbss/study/rest/PatientRecordControllerTest.java

@@ -116,7 +116,7 @@ public void getRecordsReturnsEmptyListWhenNoReportsAreFound() throws Exception {
         when(patientRecordServiceMock.findAll(any(RecordFilterParams.class), any(Pageable.class))).thenReturn(
                 Page.empty());
 
-        final MvcResult result = mockMvc.perform(get("/records/")).andReturn();
+        final MvcResult result = mockMvc.perform(get("/records/").param("institution", user.getInstitution().toString())).andReturn();
 
         assertEquals(HttpStatus.OK, HttpStatus.valueOf(result.getResponse().getStatus()));
         final List<PatientRecord> body = objectMapper.readValue(result.getResponse().getContentAsString(),
@@ -139,14 +139,15 @@ public void getRecordsReturnsAllRecords() throws Exception {
         when(patientRecordServiceMock.findAll(any(RecordFilterParams.class), any(Pageable.class))).thenReturn(
                 new PageImpl<>(records));
 
-        final MvcResult result = mockMvc.perform(get("/records")).andReturn();
+
+        final MvcResult result = mockMvc.perform(get("/records/").param("institution", user.getInstitution().toString())).andReturn();
 
         assertEquals(HttpStatus.OK, HttpStatus.valueOf(result.getResponse().getStatus()));
         final List<PatientRecordDto> body = objectMapper.readValue(result.getResponse().getContentAsString(),
                                                                    new TypeReference<>() {
                                                                    });
         assertEquals(3, body.size());
-        verify(patientRecordServiceMock).findAll(new RecordFilterParams(), Pageable.unpaged());
+        verify(patientRecordServiceMock).findAll(any(RecordFilterParams.class), any(Pageable.class));
     }
 
     @Test
@@ -431,7 +432,7 @@ void getRecordsPublishesPagingEvent() throws Exception {
 
         final Page<PatientRecordDto> page = new PageImpl<>(records, PageRequest.of(0, 5), 3);
         when(patientRecordServiceMock.findAll(any(RecordFilterParams.class), any(Pageable.class))).thenReturn(page);
-        final MvcResult result = mockMvc.perform(get("/records").queryParam(Constants.PAGE_PARAM, "0")
+        final MvcResult result = mockMvc.perform(get("/records").param("institution", user.getInstitution().toString()).queryParam(Constants.PAGE_PARAM, "0")
                                                                 .queryParam(Constants.PAGE_SIZE_PARAM, "5"))
                                         .andReturn();
 
@@ -440,7 +441,7 @@ void getRecordsPublishesPagingEvent() throws Exception {
                                                                    new TypeReference<>() {
                                                                    });
         assertEquals(3, body.size());
-        verify(patientRecordServiceMock).findAll(new RecordFilterParams(), PageRequest.of(0, 5));
+        verify(patientRecordServiceMock).findAll(any(RecordFilterParams.class), eq(PageRequest.of(0, 5)));
         final ArgumentCaptor<PaginatedResultRetrievedEvent> captor = ArgumentCaptor.forClass(
                 PaginatedResultRetrievedEvent.class);
         verify(eventPublisherMock).publishEvent(captor.capture());