fix(component): accept comment in requestBody

Signed-off-by: Bibhuti Dash <[email protected]>,
               Gaurav Mishra <[email protected]>

Author: bibhuti230185

libraries/datahandler/src/main/thrift/components.thrift

@@ -407,6 +407,9 @@ struct ComponentDTO {
     51: optional string mailinglist,
     52: optional string wiki,
     53: optional string blog,
+
+    // Moderation comment passed during PATCH request (not persisted on Component)
+    90: optional string comment,
 }
 
 struct ReleaseLink{

rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/component/ComponentController.java

@@ -72,6 +72,7 @@
 import org.springframework.data.domain.Pageable;
 import org.springframework.data.rest.webmvc.BasePathAwareController;
 import org.springframework.data.rest.webmvc.RepositoryLinksResource;
+import org.springframework.data.rest.webmvc.ResourceNotFoundException;
 import org.springframework.hateoas.*;
 import org.springframework.hateoas.server.RepresentationModelProcessor;
 import org.springframework.http.HttpStatus;
@@ -80,7 +81,6 @@
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
-import org.springframework.web.client.HttpClientErrorException;
 import org.springframework.web.multipart.MultipartFile;
 import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
 
@@ -386,36 +386,85 @@ public ResponseEntity<CollectionModel<EntityModel<Component>>> searchByExternalI
     @PreAuthorize("hasAuthority('WRITE')")
     @Operation(
             summary = "Update an existing component.",
-            description = "Update an existing component by its id.",
-            tags = {"Components"}
+            description = "Partially update an existing component. Only provided fields will be updated. " +
+                         "If the user lacks direct write access, a moderation request will be created. " +
+                         "Include a 'comment' field in the request body when submitting moderation requests.",
+            tags = {"Components"},
+            responses = {
+                    @ApiResponse(responseCode = "200", description = "Component updated successfully"),
+                    @ApiResponse(responseCode = "202", description = "Moderation request created"),
+                    @ApiResponse(responseCode = "400", description = "Invalid input or missing required fields"),
+                    @ApiResponse(responseCode = "401", description = "Unauthorized"),
+                    @ApiResponse(responseCode = "403", description = "Write access forbidden"),
+                    @ApiResponse(responseCode = "404", description = "Component not found")
+            }
     )
     @RequestMapping(value = COMPONENTS_URL + "/{id}", method = RequestMethod.PATCH)
     public ResponseEntity<EntityModel<Component>> patchComponent(
             @Parameter(description = "The id of the component to be updated.")
             @PathVariable("id") String id,
-            @Parameter(description = "The component with updated fields.")
-            @RequestBody ComponentDTO updateComponentDto,
-            @Parameter(description = "Comment message.")
-            @RequestParam(value = "comment", required = false) String comment
+            @Parameter(description = "Updated component fields. Add 'comment' field in body for moderation request.")
+            @RequestBody ComponentDTO updateComponentDto
     ) throws TException {
-        User user = restControllerHelper.getSw360UserFromAuthentication();
-        Component sw360Component = componentService.getComponentForUserById(id, user);
-        user.setCommentMadeDuringModerationRequest(comment);
+        final User user = restControllerHelper.getSw360UserFromAuthentication();
+        restControllerHelper.throwIfSecurityUser(user);
+        Component sw360Component = validateAndGetComponent(id, updateComponentDto, user);
+        String comment = extractModerationComment(updateComponentDto);
         if (!restControllerHelper.isWriteActionAllowed(sw360Component, user)
                 && (comment == null || comment.isBlank())) {
             throw new BadRequestClientException(RESPONSE_BODY_FOR_MODERATION_REQUEST_WITH_COMMIT.toString());
         }
-        if (updateComponentDto.getAttachments() != null) {
-            updateComponentDto.getAttachments().forEach(attachment -> wrapSW360Exception(
-                    () -> this.attachmentService.fillCheckedAttachmentData(attachment, user)));
+        user.setCommentMadeDuringModerationRequest(comment);
+
+        if (updateComponentDto.getAttachments() != null && !updateComponentDto.getAttachments().isEmpty()) {
+            updateComponentDto.getAttachments().forEach(attachment ->
+                wrapSW360Exception(() -> attachmentService.fillCheckedAttachmentData(attachment, user))
+            );
         }
-        sw360Component = this.restControllerHelper.updateComponent(sw360Component, updateComponentDto);
+
+        sw360Component = restControllerHelper.updateComponent(sw360Component, updateComponentDto);
         RequestStatus updateComponentStatus = componentService.updateComponent(sw360Component, user);
-        HalResource<Component> userHalResource = createHalComponent(sw360Component, user);
+
         if (updateComponentStatus == RequestStatus.SENT_TO_MODERATOR) {
             return new ResponseEntity(RESPONSE_BODY_FOR_MODERATION_REQUEST, HttpStatus.ACCEPTED);
         }
-        return new ResponseEntity<>(userHalResource, HttpStatus.OK);
+
+        HalResource<Component> halResource = createHalComponent(sw360Component, user);
+        return ResponseEntity.ok(halResource);
+    }
+
+    private String extractModerationComment(ComponentDTO updateComponentDto) {
+        try {
+            String comment = updateComponentDto.getComment();
+            return (comment != null && !comment.isBlank()) ? comment.trim() : null;
+        } catch (Exception e) {
+            log.debug("Comment field not available in ComponentDTO: {}", e.getMessage());
+            return null;
+        }
+    }
+
+
+    private Component validateAndGetComponent(String id, ComponentDTO updateComponentDto, User user) {
+        if (isNullOrEmpty(id)) {
+            throw new BadRequestClientException("Component ID cannot be null or empty");
+        }
+
+        Component sw360Component;
+        try {
+            sw360Component = componentService.getComponentForUserById(id, user);
+        } catch (Exception e) {
+            throw new ResourceNotFoundException("Component not found with ID: " + id);
+        }
+
+        if (sw360Component == null) {
+            throw new ResourceNotFoundException("Component not found with ID: " + id);
+        }
+
+        if (updateComponentDto == null) {
+            throw new BadRequestClientException("Component data cannot be null");
+        }
+
+        return sw360Component;
     }
 
     @PreAuthorize("hasAuthority('WRITE')")

rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/core/JacksonCustomizations.java

@@ -652,6 +652,7 @@ static abstract class ComponentMixin extends Component {
                 "licenseIdsSize",
                 "licenseIdsIterator",
                 "createdBy",
+                "comment",
                 "setId",
                 "setRevision",
                 "setType",
@@ -672,6 +673,7 @@ static abstract class ComponentMixin extends Component {
                 "setVcs",
                 "setPackageManager",
                 "setRelease",
+                "setComment",
                 "createdByIsSet",
                 "createdOnIsSet",
                 "versionIsSet",
@@ -693,6 +695,7 @@ static abstract class ComponentMixin extends Component {
                 "homepageUrlIsSet",
                 "hashIsSet",
                 "packageManagerIsSet",
+                "commentIsSet",
                 "typeIsSet"
         })
         static abstract class PackageMixin extends Package {

rest/resource-server/src/test/java/org/eclipse/sw360/rest/resourceserver/integration/ComponentTest.java

@@ -308,7 +308,7 @@ public void should_update_component_invalid() throws IOException, TException {
                         HttpMethod.PATCH,
                         new HttpEntity<>(body, headers),
                         String.class);
-        assertEquals(HttpStatus.INTERNAL_SERVER_ERROR, response.getStatusCode());
+        assertEquals(HttpStatus.NOT_FOUND, response.getStatusCode());
     }
 
     @Test

rest/resource-server/src/test/java/org/eclipse/sw360/rest/resourceserver/restdocs/ComponentSpecTest.java

@@ -331,6 +331,7 @@ public void before() throws TException, IOException {
                 )
         );
         given(this.componentServiceMock.deleteComponent(eq(angularComponent.getId()), any())).willReturn(RequestStatus.SUCCESS);
+        given(this.componentServiceMock.updateComponent(any(), any())).willReturn(RequestStatus.SUCCESS);
         given(this.componentServiceMock.searchByExternalIds(eq(externalIds), any())).willReturn((new HashSet<>(componentList)));
         given(this.componentServiceMock.convertToEmbeddedWithExternalIds(eq(angularComponent))).willReturn(
                 new Component("Angular")