2024-10-23 - feedback - external reviewer - server-side

server/src/main/java/com/objectcomputing/checkins/services/feedback_request/FeedbackRequestServicesImpl.java

@@ -198,6 +198,15 @@ public FeedbackRequest update(FeedbackRequestUpdateDTO feedbackRequestUpdateDTO)
         MemberProfile reviewerMemberProfile;
         FeedbackExternalRecipient reviewerExternalRecipient;
         String reviewerFirstName, reviewerEmail;
+        MemberProfile currentUser;
+        boolean currentUserEqualsRequestee = false;
+
+        try {
+            currentUser = currentUserServices.getCurrentUser();
+        } catch (NotFoundException notFoundException) {
+            currentUser = null;
+        }
+
 
         final FeedbackRequest feedbackRequest = this.getFromDTO(feedbackRequestUpdateDTO);
         FeedbackRequest originalFeedback = null;
@@ -210,6 +219,8 @@ public FeedbackRequest update(FeedbackRequestUpdateDTO feedbackRequestUpdateDTO)
             throw new BadArgException("Cannot update feedback request that does not exist");
         }
 
+        if (currentUser != null) currentUserEqualsRequestee = currentUser.getId().equals(originalFeedback.getRequesteeId());
+
         validateMembers(originalFeedback);
 
         Set<ReviewAssignment> reviewAssignmentsSet = Set.of();
@@ -227,7 +238,7 @@ public FeedbackRequest update(FeedbackRequestUpdateDTO feedbackRequestUpdateDTO)
         // If a status update is made to anything other than submitted by the requestee, throw an error.
         if (!"submitted".equals(feedbackRequest.getStatus())
                 && !Objects.equals(originalFeedback.getStatus(), feedbackRequest.getStatus())
-                && currentUserServices.getCurrentUser().getId().equals(originalFeedback.getRequesteeId())) {
+                &&  currentUserEqualsRequestee) {
             throw new PermissionException(NOT_AUTHORIZED_MSG);
         }
 
@@ -292,8 +303,9 @@ public FeedbackRequest update(FeedbackRequestUpdateDTO feedbackRequestUpdateDTO)
             sendNewRequestEmail(storedRequest);
         }
 
+        boolean currentUserSameAsRequestee = currentUser != null && currentUser.getId().equals(requestee.getId());
         // Send self-review completion email to supervisor and pdl if appropriate
-        if (currentUserServices.getCurrentUser().getId().equals(requestee.getId())) {
+        if (currentUserSameAsRequestee) {
             sendSelfReviewCompletionEmailToSupervisor(feedbackRequest);
         }
 

server/src/test/java/com/objectcomputing/checkins/services/feedback_request/FeedbackRequestControllerTest.java

@@ -1690,6 +1690,25 @@ void testUpdateStatusAndSubmitDateAuthorizedByRecipient() {
         assertResponseEqualsEntity(feedbackReq, response.getBody().get());
     }
 
+    @Test
+    void testUpdateStatusAndSubmitDateAuthorizedByExternalRecipient() {
+        MemberProfile pdlMemberProfile = createADefaultMemberProfile();
+        assignPdlRole(pdlMemberProfile);
+        MemberProfile employeeMemberProfile = createADefaultMemberProfileForPdl(pdlMemberProfile);
+        final FeedbackExternalRecipient externalRecipient01 = createADefaultFeedbackExternalRecipient();
+
+        final FeedbackRequest feedbackReq = saveFeedbackRequest(pdlMemberProfile, employeeMemberProfile, externalRecipient01);
+        feedbackReq.setStatus("complete");
+        final FeedbackRequestUpdateDTO dto = updateDTO(feedbackReq);
+
+        final HttpRequest<?> request = HttpRequest.PUT("", dto);
+        final HttpResponse<FeedbackRequestResponseDTO> response = clientExternalRecipient.toBlocking().exchange(request, FeedbackRequestResponseDTO.class);
+
+        assertEquals(HttpStatus.OK, response.getStatus());
+        assertTrue(response.getBody().isPresent());
+        assertResponseEqualsEntity(feedbackReq, response.getBody().get());
+    }
+
     @Test
     void testUpdateStatusAuthorizedByCreator() {
         MemberProfile pdlMemberProfile = createADefaultMemberProfile();