Add deleting Ticket to the controller (#546)

* Add deleting Ticket to the controller

* Fix small error(s)

* Update return type

* Add testing for removing a ticket

* Fixe small mixup

* Fixing small errors, but help needed

* Updating test framwork

* Adding a test to check if an Ticket which is in a order is not deleted

* Fixing not using the ticket itself

* Update testdeleteTicketAsAdminInOrder

* Creating a removeOrder() function

* Adding a test for removeOrder() function

* Update the test thanks to Sille and Martijn

* Updating testdeleteTicketAsAdminInOrder() based on comments

src/main/java/ch/wisv/areafiftylan/products/controller/OrderRestController.java

@@ -113,6 +113,13 @@ public Order getOrderById(@PathVariable Long orderId) {
         return orderService.getOrderById(orderId);
     }
 
+    @PreAuthorize("hasRole('ADMIN')")
+    @DeleteMapping("/{orderId}")
+    public ResponseEntity<?> deleteOrder(@PathVariable Long orderId) {
+        orderService.removeOrder(orderId);
+        return createResponseEntity(HttpStatus.OK, "Order successfully deleted.");
+    }
+
     /**
      * Adds a ticket to an existing Order. It's possible to buy serveral ticket at once. After the order has been
      * created, tickets can be added by POSTing more TicketDTOs to this location.

src/main/java/ch/wisv/areafiftylan/products/controller/TicketRestController.java

@@ -125,6 +125,13 @@ public Collection<Ticket> getAllTickets() {
         return ticketService.getAllTickets();
     }
 
+    @PreAuthorize("hasRole('ADMIN')")
+    @DeleteMapping("{ticketId}")
+    public ResponseEntity<?> deleteTicket(@PathVariable Long ticketId) {
+        ticketService.removeTicket(ticketId);
+        return createResponseEntity(HttpStatus.OK, "Ticket successfully deleted.");
+    }
+
     @PreAuthorize("hasRole('ADMIN')")
     @GetMapping("/transport")
     public Collection<Ticket> getAllTicketsWithTransport() {

src/main/java/ch/wisv/areafiftylan/products/service/OrderService.java

@@ -40,6 +40,11 @@ public interface OrderService {
      */
     Order create(String type, List<String> options);
 
+    /**
+     * Delete the Order with orderId
+     */
+    public Order removeOrder(Long orderId);
+
     /**
      * Add a ticket to an order. Checks if a ticket is available first
      */

src/main/java/ch/wisv/areafiftylan/products/service/OrderServiceImpl.java

@@ -123,6 +123,18 @@ public Order create(String type, List<String> options) {
         return orderRepository.save(order);
     }
 
+    @Override
+    public Order removeOrder(Long orderId) {
+        if (orderId == null) {
+            throw new IllegalArgumentException("No ID given for deleting the order.");
+        }
+
+        Order order = getOrderById(orderId);
+        orderRepository.delete(order);
+
+        return order;
+    }
+
     @Override
     public Order addTicketToOrder(Long orderId, String type, List<String> options) {
         Order order = getOrderById(orderId);

src/test/java/ch/wisv/areafiftylan/integration/OrderRestIntegrationTest.java

@@ -22,13 +22,17 @@
 import ch.wisv.areafiftylan.products.model.order.OrderStatus;
 import ch.wisv.areafiftylan.products.service.repository.OrderRepository;
 import ch.wisv.areafiftylan.products.service.repository.TicketRepository;
+import ch.wisv.areafiftylan.products.model.TicketType;
+import ch.wisv.areafiftylan.products.service.OrderService;
+import ch.wisv.areafiftylan.products.service.TicketService;
 import ch.wisv.areafiftylan.users.model.User;
 import io.restassured.http.ContentType;
 import org.apache.http.HttpStatus;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 
+import java.time.LocalDateTime;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
@@ -47,6 +51,12 @@ public class OrderRestIntegrationTest extends XAuthIntegrationTest {
     @Autowired
     private TicketRepository ticketRepository;
 
+    @Autowired
+    private OrderService orderService;
+
+    @Autowired
+    private TicketService ticketService;
+
     @Value("${a5l.ticketLimit}")
     private int TICKET_LIMIT;
 
@@ -161,6 +171,54 @@ public void testCreateOrderAsUser() {
         //@formatter:on
     }
 
+    @Test
+    public void testdeleteOrderAsAdmin() {
+        User admin = createAdmin();
+        TicketType type = new TicketType("testEditType1", "Type for edit test", 10, 0, LocalDateTime.now().plusDays(1), true);
+        type = ticketService.addTicketType(type);
+        Order order = orderService.create("testEditType1", null);
+
+        //@formatter:off
+            given().
+                header(getXAuthTokenHeaderForUser(admin)).
+            when().
+                delete(ORDER_ENDPOINT + order.getId()).
+            then().
+                statusCode(HttpStatus.SC_OK);
+        //@formatter:on
+    }
+
+    @Test
+    public void testdeleteOrderAsAnon() {
+        TicketType type = new TicketType("testEditType2", "Type for edit test", 10, 0, LocalDateTime.now().plusDays(1), true);
+        type = ticketService.addTicketType(type);
+        Order order = orderService.create("testEditType2", null);
+
+        //@formatter:off
+            when().
+                delete(ORDER_ENDPOINT + order.getId()).
+            then().
+                statusCode(HttpStatus.SC_FORBIDDEN);
+        //@formatter:on
+    }
+
+    @Test
+    public void testdeleteOrderAsUser() {
+        User user = createUser();
+        TicketType type = new TicketType("testEditType3", "Type for edit test", 10, 0, LocalDateTime.now().plusDays(1), true);
+        type = ticketService.addTicketType(type);
+        Order order = orderService.create("testEditType3", null);
+
+        //@formatter:off
+            given().
+                header(getXAuthTokenHeaderForUser(user)).
+            when().
+                delete(ORDER_ENDPOINT + order.getId()).
+            then().
+                statusCode(HttpStatus.SC_FORBIDDEN);
+        //@formatter:on
+    }
+
     @Test
     public void testAddTicketToAnonOrder() {
         Order order = insertAnonOrder();

src/test/java/ch/wisv/areafiftylan/integration/TicketRestIntegrationTest.java

@@ -22,9 +22,12 @@
 import ch.wisv.areafiftylan.exception.TicketNotFoundException;
 import ch.wisv.areafiftylan.extras.rfid.model.RFIDLink;
 import ch.wisv.areafiftylan.extras.rfid.service.RFIDLinkRepository;
+import ch.wisv.areafiftylan.products.model.order.Order;
 import ch.wisv.areafiftylan.products.model.Ticket;
+import ch.wisv.areafiftylan.products.model.TicketDTO;
 import ch.wisv.areafiftylan.products.model.TicketOption;
 import ch.wisv.areafiftylan.products.model.TicketType;
+import ch.wisv.areafiftylan.products.service.OrderService;
 import ch.wisv.areafiftylan.products.service.TicketService;
 import ch.wisv.areafiftylan.products.service.repository.TicketRepository;
 import ch.wisv.areafiftylan.security.token.TicketTransferToken;
@@ -65,6 +68,8 @@ public class TicketRestIntegrationTest extends XAuthIntegrationTest {
     private RFIDLinkRepository rfidLinkRepository;
     @Autowired
     private TicketService ticketService;
+    @Autowired
+    private OrderService orderService;
 
     @Test
     public void testGetAllTicketsAsAnon() {
@@ -104,6 +109,75 @@ public void testGetAllTicketsAsAdmin() {
         //@formatter:on
     }
 
+    @Test
+    public void testdeleteTicketAsAdmin() {
+        User admin = createAdmin();
+        User ticketOwner = createUser();
+        Ticket ticket = createTicketForUser(ticketOwner);
+
+        //@formatter:off
+            given().
+                header(getXAuthTokenHeaderForUser(admin)).
+            when().
+                delete(TICKETS_ENDPOINT + "/" + ticket.getId()).
+            then().
+                statusCode(HttpStatus.SC_OK);
+        //@formatter:on
+
+        assertThat(ticketService.getAllTickets()).doesNotContain(ticket);
+    }
+
+    @Test
+    public void testdeleteTicketAsAnon() {
+        User ticketOwner = createUser();
+        Ticket ticket = createTicketForUser(ticketOwner);
+
+        //@formatter:off
+            when().
+                delete(TICKETS_ENDPOINT + "/" + ticket.getId()).
+            then().
+                statusCode(HttpStatus.SC_FORBIDDEN);
+        //@formatter:on
+    }
+
+    @Test
+    public void testdeleteTicketAsUser() {
+        User user = createUser();
+        User ticketOwner = createUser();
+        Ticket ticket = createTicketForUser(ticketOwner);
+
+        //@formatter:off
+            given().
+                header(getXAuthTokenHeaderForUser(user)).
+            when().
+                delete(TICKETS_ENDPOINT + "/" + ticket.getId()).
+            then().
+                statusCode(HttpStatus.SC_FORBIDDEN);
+        //@formatter:on
+    }
+
+    @Test
+    public void testdeleteTicketAsAdminInOrder() {
+        User ticketOwner = createUser();
+        TicketType type =
+                new TicketType("testAddType", "Type for adding test", 10, 0, LocalDateTime.now().plusDays(1), false);
+        ticketService.addTicketType(type);
+
+        Order order = orderService.create("testAddType", null);
+        Ticket ticket = order.getTickets().stream().findFirst().orElseThrow();
+        User admin = createAdmin();
+
+        //@formatter:off
+            given().
+                header(getXAuthTokenHeaderForUser(admin)).
+            when().
+                delete(TICKETS_ENDPOINT + "/" + ticket.getId()).
+            then().
+                statusCode(HttpStatus.SC_CONFLICT);
+        //@formatter:on
+
+    }
+
     @Test
     public void testGetAvailableTickets() {
         Collection<TicketType> ticketTypes =