Merge pull request #1276 from traPtitech/fix/openapi-questionnaire_draft

impl: add IsPublished in questionnaires

controller/questionnaire.go

@@ -111,7 +111,7 @@ func (q Questionnaire) PostQuestionnaire(c echo.Context, userID string, params o
 	questionnaireID := 0
 
 	err := q.ITransaction.Do(c.Request().Context(), nil, func(ctx context.Context) error {
-		questionnaireID, err := q.InsertQuestionnaire(ctx, params.Title, params.Description, responseDueDateTime, convertResponseViewableBy(params.ResponseViewableBy))
+		questionnaireID, err := q.InsertQuestionnaire(ctx, params.Title, params.Description, responseDueDateTime, convertResponseViewableBy(params.ResponseViewableBy), params.IsPublished)
 		if err != nil {
 			c.Logger().Errorf("failed to insert questionnaire: %+v", err)
 			return err
@@ -302,7 +302,7 @@ func (q Questionnaire) EditQuestionnaire(c echo.Context, questionnaireID int, pa
 		responseDueDateTime.Time = *params.ResponseDueDateTime
 	}
 	err := q.ITransaction.Do(c.Request().Context(), nil, func(ctx context.Context) error {
-		err := q.UpdateQuestionnaire(ctx, params.Title, params.Description, responseDueDateTime, string(params.ResponseViewableBy), questionnaireID)
+		err := q.UpdateQuestionnaire(ctx, params.Title, params.Description, responseDueDateTime, string(params.ResponseViewableBy), questionnaireID, params.IsPublished)
 		if err != nil && !errors.Is(err, model.ErrNoRecordUpdated) {
 			c.Logger().Errorf("failed to update questionnaire: %+v", err)
 			return err

docs/db_schema.md

@@ -50,6 +50,7 @@
 | res_shared_to  | char(30)  | NO   |     | administrators    |                | アンケートの結果を, 運営は見られる ("administrators"), 回答済みの人は見られる ("respondents") 誰でも見られる ("public") |
 | created_at     | timestamp | NO   |     | CURRENT_TIMESTAMP |                | アンケートが作成された日時                                                                                              |
 | modified_at    | timestamp | NO   |     | CURRENT_TIMESTAMP |                | アンケートが更新された日時                                                                                              |
+| is_published   | bookean   | NO   |     | false             |                | アンケートが公開かどうか
 
 ### respondents
 

handler/middleware.go

@@ -91,6 +91,62 @@ func TrapRateLimitMiddlewareFunc() echo.MiddlewareFunc {
 	return middleware.RateLimiterWithConfig(config)
 }
 
+// QuestionnaireReadAuthenticate アンケートの閲覧権限があるかの認証
+func QuestionnaireReadAuthenticate(next echo.HandlerFunc) echo.HandlerFunc {
+	return func(c echo.Context) error {
+		m := NewMiddleware()
+
+		userID, err := getUserID(c)
+		if err != nil {
+			c.Logger().Errorf("failed to get userID: %+v", err)
+			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Errorf("failed to get userID: %w", err))
+		}
+
+		strQuestionnaireID := c.Param("questionnaireID")
+		questionnaireID, err := strconv.Atoi(strQuestionnaireID)
+		if err != nil {
+			c.Logger().Infof("failed to convert questionnaireID to int: %+v", err)
+			return echo.NewHTTPError(http.StatusBadRequest, fmt.Errorf("invalid questionnaireID:%s(error: %w)", strQuestionnaireID, err))
+		}
+
+		// 管理者ならOK
+		for _, adminID := range adminUserIDs {
+			if userID == adminID {
+				c.Set(questionnaireIDKey, questionnaireID)
+
+				return next(c)
+			}
+		}
+		isAdmin, err := m.CheckQuestionnaireAdmin(c.Request().Context(), userID, questionnaireID)
+		if err != nil {
+			c.Logger().Errorf("failed to check questionnaire admin: %+v", err)
+			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Errorf("failed to check if you are administrator: %w", err))
+		}
+		if isAdmin {
+			c.Set(questionnaireIDKey, questionnaireID)
+			return next(c)
+		}
+
+		// 公開されたらOK
+		questionnaire, _, _, _, _, _, err := m.GetQuestionnaireInfo(c.Request().Context(), questionnaireID)
+		if errors.Is(err, model.ErrRecordNotFound) {
+			c.Logger().Infof("questionnaire not found: %+v", err)
+			return echo.NewHTTPError(http.StatusNotFound, fmt.Errorf("questionnaire not found:%d", questionnaireID))
+		}
+		if err != nil {
+			c.Logger().Errorf("failed to get questionnaire read privilege info: %+v", err)
+			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Errorf("failed to get questionnaire read privilege info: %w", err))
+		}
+		if !questionnaire.IsPublished {
+			return c.String(http.StatusForbidden, "The questionnaire is not published.")
+		}
+
+		c.Set(questionnaireIDKey, questionnaireID)
+
+		return next(c)
+	}
+}
+
 // QuestionnaireAdministratorAuthenticate アンケートの管理者かどうかの認証
 func QuestionnaireAdministratorAuthenticate(next echo.HandlerFunc) echo.HandlerFunc {
 	return func(c echo.Context) error {

main.go

@@ -71,6 +71,7 @@ func main() {
 	mws.AddGroupConfig("", handler.TraPMemberAuthenticate)
 
 	mws.AddRouteConfig("/questionnaires", http.MethodGet, handler.TrapRateLimitMiddlewareFunc())
+	mws.AddRouteConfig("/questionnaires/:questionnaireID", http.MethodGet, handler.QuestionnaireReadAuthenticate)
 	mws.AddRouteConfig("/questionnaires/:questionnaireID", http.MethodPatch, handler.QuestionnaireAdministratorAuthenticate)
 	mws.AddRouteConfig("/questionnaires/:questionnaireID", http.MethodDelete, handler.QuestionnaireAdministratorAuthenticate)
 

model/current.go

@@ -6,7 +6,9 @@ import (
 
 // Migrations is all db migrations
 func Migrations() []*gormigrate.Migration {
-	return []*gormigrate.Migration{}
+	return []*gormigrate.Migration{
+		v3(),
+	}
 }
 
 func AllTables() []interface{} {

model/questionnaires.go

@@ -10,8 +10,8 @@ import (
 
 // IQuestionnaire QuestionnaireのRepository
 type IQuestionnaire interface {
-	InsertQuestionnaire(ctx context.Context, title string, description string, resTimeLimit null.Time, resSharedTo string) (int, error)
-	UpdateQuestionnaire(ctx context.Context, title string, description string, resTimeLimit null.Time, resSharedTo string, questionnaireID int) error
+	InsertQuestionnaire(ctx context.Context, title string, description string, resTimeLimit null.Time, resSharedTo string, isPublished bool) (int, error)
+	UpdateQuestionnaire(ctx context.Context, title string, description string, resTimeLimit null.Time, resSharedTo string, questionnaireID int, isPublished bool) error
 	DeleteQuestionnaire(ctx context.Context, questionnaireID int) error
 	GetQuestionnaires(ctx context.Context, userID string, sort string, search string, pageNum int, onlyTargetingMe bool, onlyAdministratedByMe bool) ([]QuestionnaireInfo, int, error)
 	GetAdminQuestionnaires(ctx context.Context, userID string) ([]Questionnaires, error)

model/questionnaires_impl.go

@@ -35,6 +35,7 @@ type Questionnaires struct {
 	TargetGroups   []TargetGroups   `json:"-" gorm:"foreignKey:QuestionnaireID"`
 	Questions      []Questions      `json:"-"  gorm:"foreignKey:QuestionnaireID"`
 	Respondents    []Respondents    `json:"-"  gorm:"foreignKey:QuestionnaireID"`
+	IsPublished    bool             `json:"is_published" gorm:"type:boolean;default:false"`
 }
 
 // BeforeCreate Update時に自動でmodified_atを現在時刻に
@@ -81,7 +82,7 @@ type ResponseReadPrivilegeInfo struct {
 }
 
 // InsertQuestionnaire アンケートの追加
-func (*Questionnaire) InsertQuestionnaire(ctx context.Context, title string, description string, resTimeLimit null.Time, resSharedTo string) (int, error) {
+func (*Questionnaire) InsertQuestionnaire(ctx context.Context, title string, description string, resTimeLimit null.Time, resSharedTo string, isPublished bool) (int, error) {
 	db, err := getTx(ctx)
 	if err != nil {
 		return 0, fmt.Errorf("failed to get tx: %w", err)
@@ -93,13 +94,15 @@ func (*Questionnaire) InsertQuestionnaire(ctx context.Context, title string, des
 			Title:       title,
 			Description: description,
 			ResSharedTo: resSharedTo,
+			IsPublished: isPublished,
 		}
 	} else {
 		questionnaire = Questionnaires{
 			Title:        title,
 			Description:  description,
 			ResTimeLimit: resTimeLimit,
 			ResSharedTo:  resSharedTo,
+			IsPublished:  isPublished,
 		}
 	}
 
@@ -112,7 +115,7 @@ func (*Questionnaire) InsertQuestionnaire(ctx context.Context, title string, des
 }
 
 // UpdateQuestionnaire アンケートの更新
-func (*Questionnaire) UpdateQuestionnaire(ctx context.Context, title string, description string, resTimeLimit null.Time, resSharedTo string, questionnaireID int) error {
+func (*Questionnaire) UpdateQuestionnaire(ctx context.Context, title string, description string, resTimeLimit null.Time, resSharedTo string, questionnaireID int, isPublished bool) error {
 	db, err := getTx(ctx)
 	if err != nil {
 		return fmt.Errorf("failed to get tx: %w", err)
@@ -125,13 +128,15 @@ func (*Questionnaire) UpdateQuestionnaire(ctx context.Context, title string, des
 			Description:  description,
 			ResTimeLimit: resTimeLimit,
 			ResSharedTo:  resSharedTo,
+			IsPublished:  isPublished,
 		}
 	} else {
 		questionnaire = map[string]interface{}{
 			"title":          title,
 			"description":    description,
 			"res_time_limit": gorm.Expr("NULL"),
 			"res_shared_to":  resSharedTo,
+			"is_published":   isPublished,
 		}
 	}
 
@@ -186,7 +191,7 @@ func (*Questionnaire) GetQuestionnaires(ctx context.Context, userID string, sort
 
 	query := db.
 		Table("questionnaires").
-		Where("deleted_at IS NULL").
+		Where("deleted_at IS NULL AND is_published IS TRUE").
 		Joins("LEFT OUTER JOIN targets ON questionnaires.id = targets.questionnaire_id")
 
 	query, err = setQuestionnairesOrder(query, sort)