feat: add preliminary support for hidden images.

Fix #1356

Author: php-coder

NEWS.txt

@@ -1,6 +1,7 @@
 0.x (upcoming release)
 - (feature) a series can be marked as a similar to another one
 - (feature) series images can be replaced
+- (feature) add preliminary support for hidden images
 
 0.4.3
 - (feature)        add support for Ukrainian hryvnia

src/main/java/ru/mystamps/web/feature/image/ImageDao.java

@@ -24,5 +24,5 @@ public interface ImageDao {
 	void replace(Integer id, String type, String filename);
 	void addToSeries(Integer seriesId, Integer imageId);
 	ImageInfoDto findById(Integer imageId);
-	List<Integer> findBySeriesId(Integer seriesId);
+	List<Integer> findBySeriesId(Integer seriesId, boolean hidden);
 }

src/main/java/ru/mystamps/web/feature/image/ImageService.java

@@ -27,6 +27,6 @@ public interface ImageService {
 	ImageDto get(Integer imageId);
 	ImageDto getOrCreatePreview(Integer imageId);
 	void addToSeries(Integer seriesId, Integer imageId);
-	List<Integer> findBySeriesId(Integer seriesId);
+	List<Integer> findBySeriesId(Integer seriesId, boolean hidden);
 	void removeIfPossible(ImageInfoDto imageInfo);
 }

src/main/java/ru/mystamps/web/feature/image/ImageServiceImpl.java

@@ -184,10 +184,10 @@ public void addToSeries(Integer seriesId, Integer imageId) {
 
 	@Override
 	@Transactional(readOnly = true)
-	public List<Integer> findBySeriesId(Integer seriesId) {
+	public List<Integer> findBySeriesId(Integer seriesId, boolean hidden) {
 		Validate.isTrue(seriesId != null, "Series id must be non null");
 
-		return imageDao.findBySeriesId(seriesId);
+		return imageDao.findBySeriesId(seriesId, hidden);
 	}
 
 	@Override

src/main/java/ru/mystamps/web/feature/image/JdbcImageDao.java

@@ -115,10 +115,14 @@ public ImageInfoDto findById(Integer imageId) {
 	}
 
 	@Override
-	public List<Integer> findBySeriesId(Integer seriesId) {
+	public List<Integer> findBySeriesId(Integer seriesId, boolean hidden) {
+		Map<String, Object> params = new HashMap<>();
+		params.put("series_id", seriesId);
+		params.put("hidden", hidden);
+		
 		return jdbcTemplate.queryForList(
 			findBySeriesIdSql,
-			Collections.singletonMap("series_id", seriesId),
+			params,
 			Integer.class
 		);
 	}

src/main/java/ru/mystamps/web/feature/series/SeriesController.java

@@ -214,7 +214,10 @@ public String showInfo(
 		}
 
 		String lang = LocaleUtils.getLanguageOrNull(userLocale);
-		SeriesDto series = seriesService.findFullInfoById(seriesId, lang);
+		boolean userCanSeeHiddenImages = SecurityContextUtils.hasAuthority(
+			Authority.VIEW_HIDDEN_IMAGES
+		);
+		SeriesDto series = seriesService.findFullInfoById(seriesId, lang, userCanSeeHiddenImages);
 		if (series == null) {
 			response.sendError(HttpServletResponse.SC_NOT_FOUND);
 			return null;
@@ -363,7 +366,10 @@ public String processImage(
 		}
 
 		String lang = LocaleUtils.getLanguageOrNull(userLocale);
-		SeriesDto series = seriesService.findFullInfoById(seriesId, lang);
+		boolean userCanSeeHiddenImages = SecurityContextUtils.hasAuthority(
+			Authority.VIEW_HIDDEN_IMAGES
+		);
+		SeriesDto series = seriesService.findFullInfoById(seriesId, lang, userCanSeeHiddenImages);
 		if (series == null) {
 			response.sendError(HttpServletResponse.SC_NOT_FOUND);
 			return null;
@@ -434,7 +440,14 @@ public String addToCollection(
 
 		if (result.hasErrors()) {
 			String lang = LocaleUtils.getLanguageOrNull(userLocale);
-			SeriesDto series = seriesService.findFullInfoById(seriesId, lang);
+			boolean userCanSeeHiddenImages = SecurityContextUtils.hasAuthority(
+				Authority.VIEW_HIDDEN_IMAGES
+			);
+			SeriesDto series = seriesService.findFullInfoById(
+				seriesId,
+				lang,
+				userCanSeeHiddenImages
+			);
 			if (series == null) {
 				response.sendError(HttpServletResponse.SC_NOT_FOUND);
 				return null;
@@ -511,7 +524,10 @@ public String processAskForm(
 		}
 
 		String lang = LocaleUtils.getLanguageOrNull(userLocale);
-		SeriesDto series = seriesService.findFullInfoById(seriesId, lang);
+		boolean userCanSeeHiddenImages = SecurityContextUtils.hasAuthority(
+			Authority.VIEW_HIDDEN_IMAGES
+		);
+		SeriesDto series = seriesService.findFullInfoById(seriesId, lang, userCanSeeHiddenImages);
 		if (series == null) {
 			response.sendError(HttpServletResponse.SC_NOT_FOUND);
 			return null;

src/main/java/ru/mystamps/web/feature/series/SeriesDto.java

@@ -46,6 +46,9 @@ public class SeriesDto {
 	@Getter
 	private final List<Integer> imageIds;
 
+	@Getter
+	private final List<Integer> hiddenImageIds;
+	
 	@SuppressWarnings({ "checkstyle:parameternumber", "PMD.ExcessiveParameterList" })
 	public SeriesDto(
 		SeriesFullInfoDto info,
@@ -55,7 +58,8 @@ public SeriesDto(
 		List<String> gibbonsNumbers,
 		List<String> solovyovNumbers,
 		List<String> zagorskiNumbers,
-		List<Integer> imageIds) {
+		List<Integer> imageIds,
+		List<Integer> hiddenImageIds) {
 
 		this.info     = info;
 		this.michel   = new CatalogInfoDto(michelNumbers, info.getMichelPrice());
@@ -65,6 +69,7 @@ public SeriesDto(
 		this.solovyov = new CatalogInfoDto(solovyovNumbers, info.getSolovyovPrice());
 		this.zagorski = new CatalogInfoDto(zagorskiNumbers, info.getZagorskiPrice());
 		this.imageIds = imageIds;
+		this.hiddenImageIds = hiddenImageIds;
 	}
 
 	public Integer getId() {

src/main/java/ru/mystamps/web/feature/series/SeriesService.java

@@ -33,7 +33,7 @@ public interface SeriesService {
 	boolean isSeriesExist(Integer seriesId);
 	Integer findQuantityById(Integer seriesId);
 
-	SeriesDto findFullInfoById(Integer seriesId, String lang);
+	SeriesDto findFullInfoById(Integer seriesId, String lang, boolean userCanSeeHiddenImages);
 
 	List<SeriesInfoDto> findByMichelNumber(String michelNumberCode, String lang);
 	List<SeriesInfoDto> findByScottNumber(String scottNumberCode, String lang);

src/main/java/ru/mystamps/web/feature/series/SeriesServiceImpl.java

@@ -200,7 +200,11 @@ public Integer findQuantityById(Integer seriesId) {
 
 	@Override
 	@Transactional(readOnly = true)
-	public SeriesDto findFullInfoById(Integer seriesId, String lang) {
+	public SeriesDto findFullInfoById(
+		Integer seriesId,
+		String lang,
+		boolean userCanSeeHiddenImages) {
+		
 		Validate.isTrue(seriesId != null, "Series id must be non null");
 
 		SeriesFullInfoDto seriesBaseInfo = seriesDao.findByIdAsSeriesFullInfo(seriesId, lang);
@@ -215,7 +219,13 @@ public SeriesDto findFullInfoById(Integer seriesId, String lang) {
 		List<String> solovyovNumbers = solovyovCatalogService.findBySeriesId(seriesId);
 		List<String> zagorskiNumbers = zagorskiCatalogService.findBySeriesId(seriesId);
 
-		List<Integer> imageIds = imageService.findBySeriesId(seriesId);
+		List<Integer> imageIds = imageService.findBySeriesId(seriesId, false);
+		
+		// @todo #1356 SeriesServiceImpl.findFullInfoById(): add unit test for hidden images
+		List<Integer> hiddenImageIds = Collections.emptyList();
+		if (userCanSeeHiddenImages) {
+			hiddenImageIds = imageService.findBySeriesId(seriesId, true);
+		}
 
 		return new SeriesDto(
 			seriesBaseInfo,
@@ -225,7 +235,8 @@ public SeriesDto findFullInfoById(Integer seriesId, String lang) {
 			gibbonsNumbers,
 			solovyovNumbers,
 			zagorskiNumbers,
-			imageIds
+			imageIds,
+			hiddenImageIds
 		);
 	}
 

src/main/java/ru/mystamps/web/support/spring/security/Authority.java

@@ -40,6 +40,7 @@ public final class Authority {
 	public static final GrantedAuthority UPDATE_COLLECTION      = new SimpleGrantedAuthority(StringAuthority.UPDATE_COLLECTION);
 	public static final GrantedAuthority VIEW_ANY_ESTIMATION    = new SimpleGrantedAuthority(StringAuthority.VIEW_ANY_ESTIMATION);
 	public static final GrantedAuthority VIEW_DAILY_STATS       = new SimpleGrantedAuthority(StringAuthority.VIEW_DAILY_STATS);
+	public static final GrantedAuthority VIEW_HIDDEN_IMAGES     = new SimpleGrantedAuthority(StringAuthority.VIEW_HIDDEN_IMAGES);
 	public static final GrantedAuthority VIEW_SERIES_SALES      = new SimpleGrantedAuthority(StringAuthority.VIEW_SERIES_SALES);
 	public static final GrantedAuthority VIEW_SITE_EVENTS       = new SimpleGrantedAuthority(StringAuthority.VIEW_SITE_EVENTS);
 

src/main/java/ru/mystamps/web/support/spring/security/CustomUserDetailsService.java

@@ -84,6 +84,7 @@ private static Collection<? extends GrantedAuthority> getAuthorities(UserDetails
 			authorities.add(Authority.REPLACE_IMAGE);
 			authorities.add(Authority.VIEW_ANY_ESTIMATION);
 			authorities.add(Authority.VIEW_DAILY_STATS);
+			authorities.add(Authority.VIEW_HIDDEN_IMAGES);
 			authorities.add(Authority.VIEW_SERIES_SALES);
 			authorities.add(Authority.VIEW_SITE_EVENTS);
 

src/main/java/ru/mystamps/web/support/spring/security/StringAuthority.java

@@ -36,6 +36,7 @@ public final class StringAuthority {
 	public static final String UPDATE_COLLECTION      = "UPDATE_COLLECTION";
 	public static final String VIEW_ANY_ESTIMATION    = "VIEW_ANY_ESTIMATION";
 	public static final String VIEW_DAILY_STATS       = "VIEW_DAILY_STATS";
+	public static final String VIEW_HIDDEN_IMAGES     = "VIEW_HIDDEN_IMAGES";
 	public static final String VIEW_SERIES_SALES      = "VIEW_SERIES_SALES";
 	public static final String VIEW_SITE_EVENTS       = "VIEW_SITE_EVENTS";
 

src/main/resources/ru/mystamps/i18n/Messages.properties

@@ -143,6 +143,7 @@ t_add_to_collection = Add to collection
 t_remove_from_collection = Remove from collection
 t_need_authentication_to_add_series_to_collection = \
 In order to add this series to your collection you should <a href="{0}">register</a> or <a href="{1}">pass authentication</a>.
+t_hidden_images = Hidden images
 t_image_id = Image ID
 t_add_image = Add image
 t_replace_image = Replace image

src/main/resources/ru/mystamps/i18n/Messages_ru.properties

@@ -142,6 +142,7 @@ t_add_to_collection = Добавить в коллекцию
 t_remove_from_collection = Убрать из коллекции
 t_need_authentication_to_add_series_to_collection = \
 Для того, чтобы добавить эту серию в свою коллекцию вы должны <a href="{0}">зарегистрироваться</a> или <a href="{1}">пройти идентификацию</a>.
+t_hidden_images = Скрытые изображения
 t_image_id = ID изображения
 t_add_image = Добавить изображение
 t_replace_image = Заменить изображение

src/main/resources/sql/image_dao_queries.properties

@@ -15,7 +15,7 @@ series_image.find_by_series_id = \
 SELECT image_id \
   FROM series_images \
  WHERE series_id = :series_id \
-   AND hidden = FALSE
+   AND hidden = :hidden
 
 image_data.find_by_image_id = \
 SELECT d.content AS data \

src/main/webapp/WEB-INF/views/series/info.html

@@ -167,7 +167,29 @@
 									</form>
 								</div>
 							</div>
-						
+							
+							<!--/* @todo #1356 Hidden images: add integration tests  */-->
+							<!--/* @todo #1356 Hidden images: allow to replace a hidden image  */-->
+							<!--/* @todo #1356 Hidden images: admin can hide an image  */-->
+							<!--/* @todo #1356 Hidden images: protect hidden images from direct access  */-->
+							<div class="row" th:if="${not #lists.isEmpty(series.hiddenImageIds)}" th:each="imageId,iter : ${series.hiddenImageIds}">
+								<div class="col-sm-12">
+									<h5 th:text="#{t_hidden_images}">Hidden images</h5>
+									<a id="series-hidden-image-link-1"
+										target="_blank"
+										href="../../../../resources/test/test.png"
+										th:id="|series-hidden-image-link-${iter.count}|"
+										th:href="@{${GET_IMAGE_PAGE}(id=${imageId})}">
+										
+										<img class="img-responsive series-images"
+											 id="series-hidden-image-1"
+											 src="../../../../resources/test/test.png"
+											 th:id="|series-hidden-image-${iter.count}|"
+											 th:src="@{${GET_IMAGE_PREVIEW_PAGE}(id=${imageId})}" />
+									</a>
+								</div>
+							</div>
+							
 						</div>
 
 						<div class="col-sm-4">

src/test/groovy/ru/mystamps/web/feature/image/ImageServiceImplTest.groovy

@@ -17,6 +17,8 @@
  */
 package ru.mystamps.web.feature.image
 
+import static io.qala.datagen.RandomShortApi.bool
+
 import org.slf4j.helpers.NOPLogger
 import org.springframework.web.multipart.MultipartFile
 import ru.mystamps.web.feature.image.ImageDb.Images
@@ -370,7 +372,7 @@ class ImageServiceImplTest extends Specification {
 
 	def "findBySeriesId() should throw exception when series id is null"() {
 		when:
-			service.findBySeriesId(null)
+			service.findBySeriesId(null, bool())
 		then:
 			IllegalArgumentException ex = thrown()
 			ex.message == 'Series id must be non null'
@@ -380,14 +382,18 @@ class ImageServiceImplTest extends Specification {
 	def "findBySeriesId() should invoke dao, pass argument and return result from dao"() {
 		given:
 			Integer expectedSeriesId = 14
+			boolean expectedHidden = bool()
 		and:
 			List<Integer> expectedResult = [ 1, 2 ]
 		when:
-			List<Integer> result = service.findBySeriesId(expectedSeriesId)
+			List<Integer> result = service.findBySeriesId(expectedSeriesId, expectedHidden)
 		then:
 			1 * imageDao.findBySeriesId({ Integer seriesId ->
 				assert seriesId == expectedSeriesId
 				return true
+			}, { boolean hidden ->
+				assert hidden == expectedHidden
+				return true
 			}) >> expectedResult
 		and:
 			result == expectedResult

src/test/groovy/ru/mystamps/web/feature/series/SeriesServiceImplTest.groovy

@@ -691,14 +691,14 @@ class SeriesServiceImplTest extends Specification {
 
 	def "findFullInfoById() should throw exception when series id is null"() {
 		when:
-			service.findFullInfoById(null, null)
+			service.findFullInfoById(null, null, bool())
 		then:
 			thrown(IllegalArgumentException)
 	}
 
 	def "findFullInfoById() should return null when series not found"() {
 		when:
-			SeriesDto result = service.findFullInfoById(Random.id(), Random.lang())
+			SeriesDto result = service.findFullInfoById(Random.id(), Random.lang(), bool())
 		then:
 			1 * seriesDao.findByIdAsSeriesFullInfo(_ as Integer, _ as String)
 		and:
@@ -725,7 +725,7 @@ class SeriesServiceImplTest extends Specification {
 			List<String> expectedSolovyovNumbers = Random.solovyovNumbers().toList()
 			List<Integer> expectedImageIds       = Random.listOfIntegers()
 		when:
-			SeriesDto result = service.findFullInfoById(expectedSeriesId, expectedLang)
+			SeriesDto result = service.findFullInfoById(expectedSeriesId, expectedLang, false)
 		then:
 			1 * seriesDao.findByIdAsSeriesFullInfo(expectedSeriesId, expectedLang) >> expectedInfo
 		and:
@@ -741,7 +741,7 @@ class SeriesServiceImplTest extends Specification {
 		and:
 			1 * zagorskiCatalogService.findBySeriesId(expectedSeriesId) >> expectedZagorskiNumbers
 		and:
-			1 * imageService.findBySeriesId(expectedSeriesId) >> expectedImageIds
+			1 * imageService.findBySeriesId(expectedSeriesId, false) >> expectedImageIds
 		and:
 			result != null
 			result.id           == expectedInfo.id