Feature 2645/feedback request add ability to request feedback from external source

build.gradle

@@ -4,8 +4,10 @@ plugins {
 
 tasks.named("sonarqube") {
     dependsOn ":web-ui:yarn_run_coverage", ":server:jacocoTestReport"
+    dependsOn ":web-ui-external-feedback:yarn_run_coverage", ":server:jacocoTestReport"
 }
 
 tasks.named("sonar") {
     dependsOn ":web-ui:yarn_run_coverage", ":server:jacocoTestReport"
+    dependsOn ":web-ui-external-feedback:yarn_run_coverage", ":server:jacocoTestReport"
 }

server/build.gradle

@@ -53,11 +53,18 @@ graalvmNative {
 }
 
 configurations {
-    yarnBuildElements {
+    webUi {
         canBeResolved = true
         canBeConsumed = false
         attributes {
-            attribute(Usage.USAGE_ATTRIBUTE, project.objects.named(Usage, "yarnBuild-elements"))
+            attribute(Usage.USAGE_ATTRIBUTE, project.objects.named(Usage, "web-ui"))
+        }
+    }
+    webUiExternalFeedback {
+        canBeResolved = true
+        canBeConsumed = false
+        attributes {
+            attribute(Usage.USAGE_ATTRIBUTE, project.objects.named(Usage, "web-ui-external-feedback"))
         }
     }
 }
@@ -77,7 +84,8 @@ dependencies {
     annotationProcessor("io.micronaut.openapi:micronaut-openapi")
     annotationProcessor("io.micronaut.security:micronaut-security-annotations")
 
-    yarnBuildElements(project(":web-ui"))
+    webUi(project(":web-ui"))
+    webUiExternalFeedback(project(":web-ui-external-feedback"))
 
     implementation("net.steppschuh.markdowngenerator:markdowngenerator:1.3.1.1")
     implementation("io.micronaut:micronaut-jackson-databind")
@@ -174,7 +182,12 @@ tasks.withType(JavaCompile).configureEach {
 if(System.getenv("SKIP_WEB_UI") == null || System.getenv("SKIP_WEB_UI") == "false") {
     processResources {
         into('public') {
-            from configurations.named('yarnBuildElements')
+            from configurations.named('webUi')
+        }
+    }
+    processResources {
+        into('public-external-feedback') {
+            from configurations.named('webUiExternalFeedback')
         }
     }
 }

server/src/main/java/com/objectcomputing/checkins/logging/RequestLoggingInterceptor.java

@@ -39,15 +39,14 @@ public int getOrder() {
     void intercept(HttpRequest<?> request, @Body @Nullable String body) {
         Optional<Authentication> auth = request.getAttribute(SecurityFilter.AUTHENTICATION, Authentication.class);
         request.getAttribute(HttpAttributes.ROUTE_INFO, MethodBasedRouteInfo.class).ifPresent(routeBuilder -> {
-            String username = auth.map(Principal::getName).map(n -> n.isBlank() ? null : n).orElse("not authenticated");
+            String username = auth.map(Principal::getName).map(n -> n.isBlank() ? null : n).orElse("(Un-authenticated user)");
             String requestVerb = request.getMethodName();
             ExecutableMethod<?, ?> targetMethod = routeBuilder.getTargetMethod().getExecutableMethod();
             String params = request.getParameters().asMap().entrySet().stream()
                     .map(e -> e.getKey() + ":" + e.getValue())
                     .collect(Collectors.joining(","));
             String requestBody = body == null ? "empty" : body;
-            LOG.info(
-                    "User {} {} request to {} with body {} and parameters {} being handled by {}.{}",
+            LOG.info("User: {} - {} request to {} with body {} and parameters {} being handled by {}.{}",
                     username,
                     requestVerb,
                     request.getUri().getPath(),

server/src/main/java/com/objectcomputing/checkins/security/HomeController.java

@@ -1,13 +1,15 @@
 package com.objectcomputing.checkins.security;
 
 import io.micronaut.context.env.Environment;
+import io.micronaut.http.HttpResponse;
+import io.micronaut.http.MediaType;
 import io.micronaut.http.annotation.Controller;
 import io.micronaut.http.annotation.Get;
+import io.micronaut.http.annotation.Produces;
 import io.micronaut.http.server.types.files.StreamedFile;
 import io.micronaut.security.annotation.Secured;
 import io.micronaut.security.rules.SecurityRule;
 import io.micronaut.views.View;
-
 import io.micronaut.core.annotation.Nullable;
 import java.security.Principal;
 import java.util.HashMap;
@@ -34,8 +36,10 @@ public Map<String, Object> forbidden(@Nullable Principal principal) {
      * Forwards any unmapped paths (except those containing a period) to the client {@code index.html}.
      * @return forward to client {@code index.html}.
      */
-    @Get("/{path:[^\\.]*}")
+    // 2024-10-29 - Note the path excludes "/externalFeedback", which is handled by HomeExternalRecipientController
+    @Get("/{path:^(?!externalFeedback)([^\\.]+)$}")
     public Optional<StreamedFile> forward(String path) {
         return environment.getResource("public/index.html").map(StreamedFile::new);
     }
+
 }

server/src/main/java/com/objectcomputing/checkins/security/HomeExternalRecipientController.java

@@ -0,0 +1,27 @@
+package com.objectcomputing.checkins.security;
+
+import io.micronaut.context.env.Environment;
+import io.micronaut.http.annotation.Controller;
+import io.micronaut.http.annotation.Get;
+import io.micronaut.http.annotation.Produces;
+import io.micronaut.http.server.types.files.StreamedFile;
+import io.micronaut.security.annotation.Secured;
+import io.micronaut.security.rules.SecurityRule;
+import java.util.Optional;
+
+@Controller
+@Secured(SecurityRule.IS_ANONYMOUS)
+public class HomeExternalRecipientController {
+
+    private final Environment environment;
+
+    public HomeExternalRecipientController(Environment environment) {
+        this.environment = environment;
+    }
+
+    @Get("/externalFeedback/{path:([^\\.]+)$}")
+    public Optional<StreamedFile> forward(String path) {
+        return environment.getResource("public-external-feedback/index.html").map(StreamedFile::new);
+    }
+
+}

server/src/main/java/com/objectcomputing/checkins/services/feedback_answer/FeedbackAnswerExternalRecipientController.java

@@ -0,0 +1,120 @@
+package com.objectcomputing.checkins.services.feedback_answer;
+
+import com.objectcomputing.checkins.exceptions.BadArgException;
+import com.objectcomputing.checkins.services.feedback_request.FeedbackRequest;
+import com.objectcomputing.checkins.services.feedback_request.FeedbackRequestServices;
+import com.objectcomputing.checkins.services.permissions.Permission;
+import com.objectcomputing.checkins.services.permissions.RequiredPermission;
+import io.micronaut.core.annotation.Nullable;
+import io.micronaut.http.HttpResponse;
+import io.micronaut.http.annotation.*;
+import io.micronaut.scheduling.TaskExecutors;
+import io.micronaut.scheduling.annotation.ExecuteOn;
+import io.micronaut.security.annotation.Secured;
+import io.micronaut.security.rules.SecurityRule;
+import jakarta.validation.Valid;
+import jakarta.validation.constraints.NotNull;
+
+import java.net.URI;
+import java.util.List;
+import java.util.UUID;
+
+@Controller("/services/feedback/answers/external/recipients")
+@ExecuteOn(TaskExecutors.BLOCKING)
+@Secured(SecurityRule.IS_ANONYMOUS)
+public class FeedbackAnswerExternalRecipientController {
+
+    private final FeedbackAnswerServices feedbackAnswerServices;
+    private final FeedbackRequestServices feedbackRequestServices;
+
+    public FeedbackAnswerExternalRecipientController(FeedbackAnswerServices feedbackAnswerServices, FeedbackRequestServices feedbackRequestServices) {
+        this.feedbackAnswerServices = feedbackAnswerServices;
+        this.feedbackRequestServices = feedbackRequestServices;
+    }
+
+    /**
+     * Create a feedback answer
+     *
+     * @param requestBody {@link FeedbackAnswerCreateDTO} New feedback answer to create
+     * @return {@link FeedbackAnswerResponseDTO}
+     */
+    @Post
+    public HttpResponse<FeedbackAnswerResponseDTO> save(@Body @Valid @NotNull FeedbackAnswerCreateDTO requestBody) {
+        FeedbackRequest feedbackRequest = this.feedbackRequestServices.getById(requestBody.getRequestId());
+        if (feedbackRequest.getExternalRecipientId() == null) {
+            throw new BadArgException("This feedback request is not for an external recipient");
+        }
+        FeedbackAnswer savedAnswer = feedbackAnswerServices.save(fromDTO(requestBody));
+        return HttpResponse.created(fromEntity(savedAnswer))
+                .headers(headers -> headers.location(URI.create("/feedback_answer/" + savedAnswer.getId())));
+    }
+
+    /**
+     * Update a feedback answer
+     *
+     * @param requestBody {@link FeedbackAnswerUpdateDTO} The updated feedback answer
+     * @return {@link FeedbackAnswerResponseDTO}
+     */
+    @Put
+    public HttpResponse<FeedbackAnswerResponseDTO> update(@Body @Valid @NotNull FeedbackAnswerUpdateDTO requestBody) {
+        FeedbackAnswer feedbackAnswerExistingRecord = this.feedbackAnswerServices.getById(requestBody.getId());
+        FeedbackRequest feedbackRequest = this.feedbackRequestServices.getById(feedbackAnswerExistingRecord.getRequestId());
+        if (feedbackRequest.getExternalRecipientId() == null) {
+            throw new BadArgException("This feedback request is not for an external recipient");
+        }
+        FeedbackAnswer savedAnswer = feedbackAnswerServices.update(fromDTO(requestBody));
+        return HttpResponse.ok(fromEntity(savedAnswer))
+                .headers(headers -> headers.location(URI.create("/feedback_answer/" + savedAnswer.getId())));
+    }
+
+    /**
+     * Get a feedback answer by ID
+     *
+     * @param id {@link UUID} ID of the feedback answer
+     * @return {@link FeedbackAnswerResponseDTO}
+     */
+    @Get("/{id}")
+    public HttpResponse<FeedbackAnswerResponseDTO> getById(UUID id) {
+        FeedbackAnswer savedAnswer = feedbackAnswerServices.getById(id);
+        FeedbackRequest feedbackRequest = this.feedbackRequestServices.getById(savedAnswer.getRequestId());
+        if (feedbackRequest.getExternalRecipientId() == null) {
+            throw new BadArgException("This feedback request is not for an external recipient");
+        }
+        return HttpResponse.ok(fromEntity(savedAnswer))
+                .headers(headers -> headers.location(URI.create("/feedback_answer/" + savedAnswer.getId())));
+    }
+
+    /**
+     * Search for all feedback requests that match the intersection of the provided values
+     * Any values that are null are not applied to the intersection
+     *
+     * @param questionId The attached {@link UUID} of the related question
+     * @param requestId  The attached {@link UUID} of the request that corresponds with the answer
+     * @return {@link FeedbackAnswerResponseDTO}
+     */
+    @Get("/{?questionId,requestId}")
+    public List<FeedbackAnswerResponseDTO> findByValues(@Nullable UUID questionId, @Nullable UUID requestId) {
+        return feedbackAnswerServices.findByValues(questionId, requestId)
+                .stream()
+                .map(this::fromEntity)
+                .toList();
+    }
+
+    private FeedbackAnswer fromDTO(FeedbackAnswerCreateDTO dto) {
+        return new FeedbackAnswer(dto.getAnswer(), dto.getQuestionId(), dto.getRequestId(), dto.getSentiment());
+    }
+
+    private FeedbackAnswer fromDTO(FeedbackAnswerUpdateDTO dto) {
+        return new FeedbackAnswer(dto.getId(), dto.getAnswer(), dto.getSentiment());
+    }
+
+    private FeedbackAnswerResponseDTO fromEntity(FeedbackAnswer feedbackAnswer) {
+        FeedbackAnswerResponseDTO dto = new FeedbackAnswerResponseDTO();
+        dto.setId(feedbackAnswer.getId());
+        dto.setAnswer(feedbackAnswer.getAnswer());
+        dto.setQuestionId(feedbackAnswer.getQuestionId());
+        dto.setRequestId(feedbackAnswer.getRequestId());
+        dto.setSentiment(feedbackAnswer.getSentiment());
+        return dto;
+    }
+}

server/src/main/java/com/objectcomputing/checkins/services/feedback_answer/FeedbackAnswerRepository.java

@@ -23,7 +23,8 @@ public interface FeedbackAnswerRepository extends CrudRepository<FeedbackAnswer,
     @Override
     <S extends FeedbackAnswer> S update(@NotNull @Valid S entity);
 
-    @Query("SELECT id, PGP_SYM_DECRYPT(cast(answer as bytea), '${aes.key}') as answer, question_id, request_id, sentiment FROM feedback_answers WHERE (:questionId IS NULL OR question_id = :questionId) AND (request_id = :requestId)")
+    @Query("SELECT id, PGP_SYM_DECRYPT(cast(answer as bytea), '${aes.key}') as answer, question_id, request_id, sentiment " +
+            "FROM feedback_answers WHERE (:questionId IS NULL OR question_id = :questionId) AND (request_id = :requestId)")
     List<FeedbackAnswer> getByQuestionIdAndRequestId(@Nullable String questionId, @Nullable String requestId);
 
 }

server/src/main/java/com/objectcomputing/checkins/services/feedback_answer/FeedbackAnswerServicesImpl.java

@@ -5,6 +5,7 @@
 import com.objectcomputing.checkins.exceptions.PermissionException;
 import com.objectcomputing.checkins.services.feedback_request.FeedbackRequest;
 import com.objectcomputing.checkins.services.feedback_request.FeedbackRequestServices;
+import com.objectcomputing.checkins.services.feedback_template.template_question.TemplateQuestion;
 import com.objectcomputing.checkins.services.feedback_template.template_question.TemplateQuestionServices;
 import com.objectcomputing.checkins.services.memberprofile.MemberProfile;
 import com.objectcomputing.checkins.services.memberprofile.MemberProfileServices;
@@ -43,9 +44,10 @@ public FeedbackAnswerServicesImpl(FeedbackAnswerRepository feedbackAnswerReposit
 
     @Override
     public FeedbackAnswer save(FeedbackAnswer feedbackAnswer) {
+        UUID questionId = feedbackAnswer.getQuestionId();
 
         // Ensure that related question exists
-        templateQuestionServices.getById(feedbackAnswer.getQuestionId());
+        TemplateQuestion templateQuestion = templateQuestionServices.getById(questionId);
 
         FeedbackRequest relatedFeedbackRequest = getRelatedFeedbackRequest(feedbackAnswer);
         if (!createIsPermitted(relatedFeedbackRequest)) {
@@ -101,7 +103,8 @@ public FeedbackAnswer getById(UUID id) {
     public List<FeedbackAnswer> findByValues(@Nullable UUID questionId, @Nullable UUID requestId) {
         List<FeedbackAnswer> response = new ArrayList<>();
         FeedbackRequest feedbackRequest;
-        UUID currentUserId = currentUserServices.getCurrentUser().getId();
+        final UUID currentUserId = currentUserServices.getCurrentUserId();
+
         try {
             feedbackRequest = feedbackRequestServices.getById(requestId);
         } catch (NotFoundException e) {
@@ -110,16 +113,18 @@ public List<FeedbackAnswer> findByValues(@Nullable UUID questionId, @Nullable UU
         final UUID requestCreatorId = feedbackRequest.getCreatorId();
         final UUID requesteeId = feedbackRequest.getRequesteeId();
         final UUID recipientId = feedbackRequest.getRecipientId();
-        boolean isRequesteesSupervisor = requesteeId != null ? memberProfileServices.getSupervisorsForId(requesteeId).stream().anyMatch(profile -> currentUserId.equals(profile.getId())) : false;
+        boolean isRequesteesSupervisor = requesteeId != null && currentUserId != null ? memberProfileServices.getSupervisorsForId(requesteeId).stream().anyMatch(profile -> currentUserId.equals(profile.getId())) : false;
         MemberProfile requestee = memberProfileServices.getById(requesteeId);
         final UUID requesteePDL = requestee.getPdlId();
-        if (currentUserServices.isAdmin() || currentUserId.equals(requesteePDL) || isRequesteesSupervisor || requestCreatorId.equals(currentUserId) || recipientId.equals(currentUserId) || feedbackRequestServices.selfRevieweeIsCurrentUserReviewee(feedbackRequest, currentUserId)) {
+        if (currentUserServices.isAdmin() || (currentUserId != null && currentUserId.equals(requesteePDL)) || isRequesteesSupervisor || requestCreatorId.equals(currentUserId) || (recipientId != null && recipientId.equals(currentUserId)) || (currentUserId != null && feedbackRequestServices.selfRevieweeIsCurrentUserReviewee(feedbackRequest, currentUserId))) {
+            response.addAll(feedbackAnswerRepository.getByQuestionIdAndRequestId(Util.nullSafeUUIDToString(questionId), Util.nullSafeUUIDToString(requestId)));
+            return response;
+        } else if (feedbackRequest.getExternalRecipientId() != null) {
             response.addAll(feedbackAnswerRepository.getByQuestionIdAndRequestId(Util.nullSafeUUIDToString(questionId), Util.nullSafeUUIDToString(requestId)));
             return response;
         }
 
         throw new PermissionException(NOT_AUTHORIZED_MSG);
-
     }
 
     public FeedbackRequest getRelatedFeedbackRequest(FeedbackAnswer feedbackAnswer) {
@@ -136,45 +141,43 @@ public FeedbackRequest getRelatedFeedbackRequest(FeedbackAnswer feedbackAnswer)
 
     public boolean createIsPermitted(FeedbackRequest feedbackRequest) {
         final UUID recipientId = feedbackRequest.getRecipientId();
-        final UUID currentUserId = currentUserServices.getCurrentUser().getId();
-        return recipientId.equals(currentUserId);
+        return (recipientId != null && recipientId.equals(currentUserServices.getCurrentUserId())) || (feedbackRequest.getExternalRecipientId() != null);
     }
 
     public boolean updateIsPermitted(FeedbackRequest feedbackRequest) {
         return createIsPermitted(feedbackRequest);
     }
 
     public boolean getIsPermitted(FeedbackRequest feedbackRequest) {
+        final UUID currentUserId = currentUserServices.getCurrentUserId();
+
         // Admins can always get questions and answers.
-        if (currentUserServices.isAdmin()) {
+        if (currentUserId != null && currentUserServices.isAdmin()) {
             return true;
         }
 
+        final UUID requestCreatorId = feedbackRequest.getCreatorId();
+        if (requestCreatorId.equals(currentUserId)) return true;
+
+        UUID requesteeId = feedbackRequest.getRequesteeId();
+        MemberProfile requestee = memberProfileServices.getById(requesteeId);
+        final UUID recipientId = feedbackRequest.getRecipientId();
+        if ((recipientId != null && recipientId.equals(currentUserId))) return true;
+
         // See if the current user is the requestee's supervisor.
-        final UUID requesteeId = feedbackRequest.getRequesteeId();
-        final UUID currentUserId = currentUserServices.getCurrentUser().getId();
-        if (requesteeId != null &&
-            memberProfileServices.getSupervisorsForId(requesteeId).stream().anyMatch(profile -> currentUserId.equals(profile.getId()))) {
-            return true;
+        if  (requesteeId != null && currentUserId != null) {
+            boolean isRequesteesSupervisor = memberProfileServices.getSupervisorsForId(requesteeId).stream().anyMatch(profile -> currentUserId.equals(profile.getId()));
+            if (isRequesteesSupervisor) return true;
         }
 
         // See if the current user is the requestee's PDL.
-        final MemberProfile requestee = memberProfileServices.getById(requesteeId);
-        if (currentUserId.equals(requestee.getPdlId())) {
-            return true;
-        }
+        final UUID requesteePDL = requestee.getPdlId();
+        if (currentUserId != null && currentUserId.equals(requesteePDL)) return true;
 
-        // See if the current user is the request creator or the recipient of
-        // the request.
-        final UUID requestCreatorId = feedbackRequest.getCreatorId();
-        final UUID recipientId = feedbackRequest.getRecipientId();
-        if (requestCreatorId.equals(currentUserId) ||
-            recipientId.equals(currentUserId)) {
-            return true;
-        }
+        if (feedbackRequest.getExternalRecipientId()!= null) return true;
 
+        if (feedbackRequestServices.selfRevieweeIsCurrentUserReviewee(feedbackRequest, currentUserId)) return true;
 
-        return feedbackRequestServices.selfRevieweeIsCurrentUserReviewee(
-                   feedbackRequest, currentUserId);
+        return  false;
     }
 }