bugfix(recipe/controller): añadidas restricciones de autorización a…

bugfix(recipe/controller): añadidas restricciones de autorización a actualización y borrado de recetas

src/main/java/com/example/apprecetas/recipe/infrastructure/controller/DeleteRecipeController.java

 package com.example.apprecetas.recipe.infrastructure.controller;
 
 import com.example.apprecetas.recipe.application.DeleteRecipeUseCase;
+import com.example.apprecetas.recipe.application.ReadRecipeUseCase;
+import com.example.apprecetas.recipe.domain.entity.Recipe;
+import com.example.apprecetas.user.application.ReadUserUseCase;
+import com.example.apprecetas.user.domain.entity.User;
 import lombok.RequiredArgsConstructor;
+import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -15,8 +21,20 @@ public class DeleteRecipeController {
 
     private final DeleteRecipeUseCase service;
 
+    private final ReadRecipeUseCase readRecipeUseCase;
+
+    private final ReadUserUseCase readUserUseCase;
+
     @DeleteMapping("/{id}")
     public ResponseEntity<String> delete(@PathVariable String id) {
+        Recipe recipe = readRecipeUseCase.readById(id);
+
+        String email = SecurityContextHolder.getContext().getAuthentication().getName();
+        User user = readUserUseCase.readByEmail(email);
+
+        if (!recipe.getUserId().equals(user.getId()))
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+
         service.delete(id);
         return ResponseEntity.ok().body("La receta con id " + id + " se ha eliminado correctamente.");
     }

src/main/java/com/example/apprecetas/recipe/infrastructure/controller/UpdateRecipeController.java

 package com.example.apprecetas.recipe.infrastructure.controller;
 
 import com.example.apprecetas.exception.UnprocessableEntityException;
+import com.example.apprecetas.recipe.application.ReadRecipeUseCase;
 import com.example.apprecetas.recipe.application.UpdateRecipeUseCase;
+import com.example.apprecetas.recipe.domain.entity.Recipe;
 import com.example.apprecetas.recipe.infrastructure.controller.dto.input.RecipeInputDto;
 import com.example.apprecetas.recipe.infrastructure.controller.dto.output.RecipeOutputDto;
 import com.example.apprecetas.recipe.infrastructure.mapper.RecipeMapper;
+import com.example.apprecetas.user.application.ReadUserUseCase;
+import com.example.apprecetas.user.domain.entity.User;
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import org.mapstruct.factory.Mappers;
+import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.*;
 
@@ -21,6 +27,10 @@ public class UpdateRecipeController {
 
     private final UpdateRecipeUseCase service;
 
+    private final ReadRecipeUseCase readRecipeUseCase;
+
+    private final ReadUserUseCase readUserUseCase;
+
     private final RecipeMapper mapper = Mappers.getMapper(RecipeMapper.class);
 
     @PutMapping("/{id}")
@@ -31,6 +41,15 @@ public class UpdateRecipeController {
                     .collect(Collectors.joining(";"));
             throw new UnprocessableEntityException(errorMsg);
         }
+
+        Recipe recipe = readRecipeUseCase.readById(id);
+
+        String email = SecurityContextHolder.getContext().getAuthentication().getName();
+        User user = readUserUseCase.readByEmail(email);
+
+        if (!recipe.getUserId().equals(user.getId()))
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+
         return ResponseEntity.ok().body(mapper.map(service.update(id, mapper.map(recipeInputDto))));
     }
 }