AYS-308 | An active user has been deactivated (#366)

Co-authored-by: MenekseYuncu <baioretto66@gmail.com>

Author: ademk7604

src/main/java/org/ays/auth/controller/AysUserController.java

@@ -144,14 +144,32 @@ public AysResponse<Void> update(@PathVariable @UUID final String id,
      * @param id The UUID of the user to be activated.
      * @return An {@link AysResponse} indicating the success of the operation.
      */
-    @PatchMapping("user/{id}/activate")
+    @PatchMapping("/user/{id}/activate")
     @PreAuthorize("hasAnyAuthority('user:update')")
     public AysResponse<Void> activate(@PathVariable @UUID final String id) {
         userUpdateService.activate(id);
         return AysResponse.SUCCESS;
     }
 
 
+    /**
+     * PATCH /user/{id}/passivate : Passivates (deactivates) a user account with the given ID.
+     * <p>
+     * This endpoint is protected and requires the caller to have the authority
+     * 'user:update'. The user ID must be a valid UUID.
+     * </p>
+     *
+     * @param id The UUID of the user to be passivated.
+     * @return An {@link AysResponse} indicating the success of the operation.
+     */
+    @PatchMapping("/user/{id}/passivate")
+    @PreAuthorize("hasAnyAuthority('user:update')")
+    public AysResponse<Void> passivate(@PathVariable @UUID final String id) {
+        userUpdateService.passivate(id);
+        return AysResponse.SUCCESS;
+    }
+
+
     /**
      * DELETE /user/{id} : Deletes a user account with the given ID.
      * <p>

src/main/java/org/ays/auth/service/AysUserUpdateService.java

@@ -1,6 +1,7 @@
 package org.ays.auth.service;
 
 import org.ays.auth.model.request.AysUserUpdateRequest;
+import org.ays.auth.util.exception.AysUserNotActiveException;
 import org.ays.auth.util.exception.AysUserNotExistByIdException;
 import org.ays.auth.util.exception.AysUserNotPassiveException;
 
@@ -21,10 +22,19 @@ public interface AysUserUpdateService {
      *
      * @param id The unique identifier of the user to be activated.
      * @throws AysUserNotExistByIdException if a user with the given ID does not exist.
-     * @throws AysUserNotPassiveException if the user is not in a passive state.
+     * @throws AysUserNotPassiveException   if the user is not in a passive state.
      */
     void activate(String id);
 
+    /**
+     * Passivates (deactivates) a user by ID if the user is currently active.
+     *
+     * @param id The unique identifier of the user to be passivated.
+     * @throws AysUserNotExistByIdException if a user with the given ID does not exist.
+     * @throws AysUserNotActiveException    if the user is not in an active state.
+     */
+    void passivate(String id);
+
     /**
      * Deletes a user by its unique identifier.
      *

src/main/java/org/ays/auth/service/impl/AysUserUpdateServiceImpl.java

@@ -15,6 +15,7 @@
 import org.ays.auth.util.exception.AysUserAlreadyExistsByEmailAddressException;
 import org.ays.auth.util.exception.AysUserAlreadyExistsByPhoneNumberException;
 import org.ays.auth.util.exception.AysUserIsNotActiveOrPassiveException;
+import org.ays.auth.util.exception.AysUserNotActiveException;
 import org.ays.auth.util.exception.AysUserNotExistByIdException;
 import org.ays.auth.util.exception.AysUserNotPassiveException;
 import org.ays.common.model.AysPhoneNumber;
@@ -85,7 +86,7 @@ public void update(final String id,
      *
      * @param id The unique identifier of the user to be activated.
      * @throws AysUserNotExistByIdException if a user with the given ID does not exist.
-     * @throws AysUserNotPassiveException if the user is not in a passive state and cannot be activated.
+     * @throws AysUserNotPassiveException   if the user is not in a passive state and cannot be activated.
      */
     @Override
     public void activate(String id) {
@@ -102,6 +103,29 @@ public void activate(String id) {
         userSavePort.save(user);
     }
 
+    /**
+     * Passivates (deactivates) a user by ID if the user is currently active.
+     * This method retrieves the user by the provided ID and deactivates the user.
+     *
+     * @param id The unique identifier of the user to be passivated.
+     * @throws AysUserNotExistByIdException if a user with the given ID does not exist.
+     * @throws AysUserNotActiveException    if the user is not in an active state and cannot be passivated.
+     */
+    @Override
+    public void passivate(String id) {
+
+        final AysUser user = userReadPort.findById(id)
+                .filter(userFromDatabase -> identity.getInstitutionId().equals(userFromDatabase.getInstitution().getId()))
+                .orElseThrow(() -> new AysUserNotExistByIdException(id));
+
+        if (!user.isActive()) {
+            throw new AysUserNotActiveException(id);
+        }
+
+        user.passivate();
+        userSavePort.save(user);
+    }
+
 
     /**
      * Deletes a user account by its ID.

src/test/java/org/ays/auth/controller/AysUserControllerTest.java

@@ -798,4 +798,82 @@ void givenUserDelete_whenUserUnauthorized_thenReturnAccessDeniedException() thro
                 .delete(Mockito.anyString());
     }
 
+
+    @Test
+    void givenValidId_whenPassivateUser_thenReturnSuccess() throws Exception {
+
+        // Given
+        String mockId = "894dcc5d-31cc-4704-9f0a-627ac7da517d";
+
+        // When
+        Mockito.doNothing()
+                .when(userUpdateService)
+                .passivate(Mockito.anyString());
+
+        // Then
+        String endpoint = BASE_PATH.concat("/user/").concat(mockId).concat("/passivate");
+        MockHttpServletRequestBuilder mockHttpServletRequestBuilder = AysMockMvcRequestBuilders
+                .patch(endpoint, mockAdminToken.getAccessToken());
+
+        AysResponse<Void> mockResponse = AysResponseBuilder.SUCCESS;
+
+        aysMockMvc.perform(mockHttpServletRequestBuilder, mockResponse)
+                .andExpect(AysMockResultMatchersBuilders.status()
+                        .isOk())
+                .andExpect(AysMockResultMatchersBuilders.response()
+                        .doesNotExist());
+
+        // Verify
+        Mockito.verify(userUpdateService, Mockito.times(1))
+                .passivate(Mockito.anyString());
+    }
+
+    @ParameterizedTest
+    @ValueSource(strings = {
+            "A",
+            "493268349068342"
+    })
+    void givenInvalidUserId_whenIdNotValid_thenReturnValidationErrorForPassivate(String invalidId) throws Exception {
+
+        // Then
+        String endpoint = BASE_PATH.concat("/user/").concat(invalidId).concat("/passivate");
+        MockHttpServletRequestBuilder mockHttpServletRequestBuilder = AysMockMvcRequestBuilders
+                .patch(endpoint, mockAdminToken.getAccessToken());
+
+        AysErrorResponse mockErrorResponse = AysErrorBuilder.VALIDATION_ERROR;
+
+        aysMockMvc.perform(mockHttpServletRequestBuilder, mockErrorResponse)
+                .andExpect(AysMockResultMatchersBuilders.status()
+                        .isBadRequest())
+                .andExpect(AysMockResultMatchersBuilders.subErrors()
+                        .isNotEmpty());
+
+        // Verify
+        Mockito.verify(userUpdateService, Mockito.never())
+                .passivate(Mockito.anyString());
+    }
+
+    @Test
+    void givenValidUserId_whenUserUnauthorized_thenReturnAccessDeniedException() throws Exception {
+
+        // Given
+        String mockId = "333aec72-ecd8-49fc-86f5-2b5458871edb";
+
+        // Then
+        String endpoint = BASE_PATH.concat("/user/").concat(mockId).concat("/passivate");
+        MockHttpServletRequestBuilder mockHttpServletRequestBuilder = AysMockMvcRequestBuilders
+                .patch(endpoint, mockUserToken.getAccessToken());
+
+        AysErrorResponse mockErrorResponse = AysErrorBuilder.FORBIDDEN;
+
+        aysMockMvc.perform(mockHttpServletRequestBuilder, mockErrorResponse)
+                .andExpect(AysMockResultMatchersBuilders.status()
+                        .isForbidden())
+                .andExpect(AysMockResultMatchersBuilders.response()
+                        .doesNotExist());
+
+        // Verify
+        Mockito.verify(userUpdateService, Mockito.never())
+                .passivate(Mockito.anyString());
+    }
 }

src/test/java/org/ays/auth/controller/AysUserEndToEndTest.java

@@ -373,6 +373,7 @@ void givenValidIdAndUserUpdateRequest_whenUserUpdated_thenReturnSuccess() throws
         Assertions.assertNotNull(userFromDatabase.get().getUpdatedAt());
     }
 
+
     @Test
     void givenValidId_whenActivateUser_thenReturnSuccess() throws Exception {
 
@@ -469,4 +470,49 @@ void givenValidId_whenUserDeleted_thenReturnSuccess() throws Exception {
         Assertions.assertEquals(AysUserStatus.DELETED, userFromDatabase.get().getStatus());
     }
 
+
+    @Test
+    void givenValidId_whenPassivateUser_thenReturnSuccess() throws Exception {
+
+        // Initialize
+        Institution institution = new InstitutionBuilder()
+                .withId(AysValidTestData.Admin.INSTITUTION_ID)
+                .build();
+
+        List<AysRole> roles = roleReadPort.findAllActivesByInstitutionId(institution.getId());
+
+        AysUser user = userSavePort.save(
+                new AysUserBuilder()
+                        .withId(AysRandomUtil.generateUUID())
+                        .withValidValues()
+                        .withRoles(roles)
+                        .withInstitution(institution)
+                        .withStatus(AysUserStatus.ACTIVE)
+                        .build()
+        );
+
+        // Given
+        String id = user.getId();
+
+        // Then
+        String endpoint = BASE_PATH.concat("/user/").concat(id).concat("/passivate");
+        MockHttpServletRequestBuilder mockHttpServletRequestBuilder = AysMockMvcRequestBuilders
+                .patch(endpoint, adminToken.getAccessToken());
+
+        AysResponse<Void> mockResponse = AysResponseBuilder.SUCCESS;
+
+        aysMockMvc.perform(mockHttpServletRequestBuilder, mockResponse)
+                .andExpect(AysMockResultMatchersBuilders.status()
+                        .isOk())
+                .andExpect(AysMockResultMatchersBuilders.response()
+                        .doesNotExist());
+
+        // Verify
+        Optional<AysUser> userFromDatabase = userReadPort.findById(user.getId());
+
+        Assertions.assertTrue(userFromDatabase.isPresent());
+        Assertions.assertEquals(userFromDatabase.get().getId(), user.getId());
+        Assertions.assertEquals(AysUserStatus.PASSIVE, userFromDatabase.get().getStatus());
+    }
+
 }