|
|
@@ -6,6 +6,7 @@ import com.danielbohry.stocks.domain.Quote;
|
|
|
import com.danielbohry.stocks.domain.Stock;
|
|
|
import com.danielbohry.stocks.exception.BadRequestException;
|
|
|
import com.danielbohry.stocks.exception.NotFoundException;
|
|
|
+import com.danielbohry.stocks.exception.UnauthorizedException;
|
|
|
import com.danielbohry.stocks.repository.PortfolioEntity;
|
|
|
import com.danielbohry.stocks.repository.PortfolioEntity.PortfolioStock;
|
|
|
import com.danielbohry.stocks.repository.PortfolioRepository;
|
|
|
@@ -19,6 +20,7 @@ import java.math.BigDecimal;
|
|
|
import java.math.RoundingMode;
|
|
|
import java.util.List;
|
|
|
import java.util.Map;
|
|
|
+import java.util.Objects;
|
|
|
import java.util.UUID;
|
|
|
|
|
|
import static com.danielbohry.stocks.domain.Portfolio.convert;
|
|
|
@@ -56,8 +58,7 @@ public class PortfolioService {
|
|
|
.orElseThrow(() -> new NotFoundException("No portfolio found with id: " + id));
|
|
|
|
|
|
String encrypted = entity.getEncryptedStocks();
|
|
|
-
|
|
|
- if (portfolioEncryptService.isEncrypted(entity)) {
|
|
|
+ if (encrypted != null) {
|
|
|
entity.setStocks(portfolioEncryptService.decryptStocks(encrypted));
|
|
|
}
|
|
|
|
|
|
@@ -105,6 +106,10 @@ public class PortfolioService {
|
|
|
log.info("Updating portfolio [{}]", id);
|
|
|
PortfolioEntity toUpdate = repository.findById(id).orElseThrow(() -> new NotFoundException("Failed to update portfolio with id: " + id));
|
|
|
|
|
|
+ if (!Objects.equals(toUpdate.getUsername(), UserContextHolder.get().getUsername())) {
|
|
|
+ throw new UnauthorizedException("You do not have permission to update portfolio");
|
|
|
+ }
|
|
|
+
|
|
|
validate(stocks);
|
|
|
|
|
|
toUpdate.setUpdatedAt(now());
|
