fix(#71,#73): remove class-level permission gate and add annotationId to notifications

- Remove @RequirePermission(READ_ALL) from NotificationController class level so authenticated users with any permission (or none) can access their own notifications - Add V19 migration, annotationId field to Notification entity and NotificationDTO - NotificationService now stores annotationId from comment on both REPLY and MENTION - Update controller tests: permission tests now expect 200, DTO constructor includes annotationId Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-28 11:44:17 +01:00
parent 23d0005514
commit d13422c65a
7 changed files with 47 additions and 13 deletions
--- a/backend/src/test/java/org/raddatz/familienarchiv/controller/NotificationControllerTest.java
+++ b/backend/src/test/java/org/raddatz/familienarchiv/controller/NotificationControllerTest.java
@@ -53,9 +53,14 @@ class NotificationControllerTest {

    @Test
    @WithMockUser(username = "testuser")
-    void getNotifications_returns403_whenUserLacksPermission() throws Exception {
+    void getNotifications_returns200_whenAuthenticatedWithNoPermissions() throws Exception {
+        AppUser user = AppUser.builder().id(USER_ID).username("testuser").build();
+        when(userService.findByUsername("testuser")).thenReturn(user);
+        when(notificationService.getNotifications(eq(USER_ID), any()))
+                .thenReturn(new PageImpl<>(List.of()));
+
        mockMvc.perform(get("/api/notifications"))
-                .andExpect(status().isForbidden());
+                .andExpect(status().isOk());
    }

    @Test
@@ -64,7 +69,7 @@ class NotificationControllerTest {
        AppUser user = AppUser.builder().id(USER_ID).username("testuser").build();
        NotificationDTO dto = new NotificationDTO(
                UUID.randomUUID(), NotificationType.REPLY, UUID.randomUUID(),
-                UUID.randomUUID(), false, LocalDateTime.now(), "Anna Smith");
+                UUID.randomUUID(), null, false, LocalDateTime.now(), "Anna Smith");

        when(userService.findByUsername("testuser")).thenReturn(user);
        when(notificationService.getNotifications(eq(USER_ID), any()))
@@ -185,9 +190,14 @@ class NotificationControllerTest {

    @Test
    @WithMockUser(username = "testuser", authorities = {"WRITE_ALL"})
-    void getNotifications_returns403_whenUserHasOnlyWriteAll() throws Exception {
+    void getNotifications_returns200_whenUserHasOnlyWriteAll() throws Exception {
+        AppUser user = AppUser.builder().id(USER_ID).username("testuser").build();
+        when(userService.findByUsername("testuser")).thenReturn(user);
+        when(notificationService.getNotifications(eq(USER_ID), any()))
+                .thenReturn(new PageImpl<>(List.of()));
+
        mockMvc.perform(get("/api/notifications"))
-                .andExpect(status().isForbidden());
+                .andExpect(status().isOk());
    }

    // ─── PUT /api/users/me/notification-preferences ──────────────────────────