From 42b38dd802816a4ad4ef943718cdcfccb16227bc Mon Sep 17 00:00:00 2001
From: Parpaillax <parpaillax@orange.fr>
Date: Thu, 25 Apr 2024 17:00:40 +0200
Subject: [PATCH] Seucrity on enchere

---
 .../controllers/EnchereController.java        | 28 +++++++++++++++++--
 src/main/resources/templates/article.html     |  4 +--
 2 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/src/main/java/fr/eni/enchere/controllers/EnchereController.java b/src/main/java/fr/eni/enchere/controllers/EnchereController.java
index 7589eb1..0359e26 100644
--- a/src/main/java/fr/eni/enchere/controllers/EnchereController.java
+++ b/src/main/java/fr/eni/enchere/controllers/EnchereController.java
@@ -1,7 +1,9 @@
 package fr.eni.enchere.controllers;
 
+import fr.eni.enchere.bll.ArticleService;
 import fr.eni.enchere.bll.EnchereService;
 import fr.eni.enchere.bll.UserService;
+import fr.eni.enchere.bo.Article;
 import fr.eni.enchere.bo.Enchere;
 import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -9,9 +11,12 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
+import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.Date;
+import java.util.List;
+import java.util.Optional;
 
 @Controller()
 @RequestMapping("/enchere")
@@ -20,19 +25,38 @@ public class EnchereController {
     @Autowired
     private EnchereService enchereService;
     private UserService userService;
+    private ArticleService articleService;
 
-    public EnchereController(EnchereService enchereService, UserService userService) {
+    public EnchereController(EnchereService enchereService, UserService userService, ArticleService articleService) {
         this.enchereService = enchereService;
         this.userService = userService;
+        this.articleService = articleService;
     }
 
     @PostMapping("/incEnchere")
-    public String incEnchere(@ModelAttribute("enchere") Enchere enchere, @RequestParam("articleId") int articleId) {
+    public String incEnchere(@ModelAttribute("enchere") Enchere enchere, @RequestParam("articleId") int articleId, BindingResult result) {
         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
         enchere.setNoArticle(articleId);
         enchere.setNoUtilisateur(this.userService.utilisateurByName(authentication.getName()).getId());
         enchere.setDateEnchere(new Date());
         enchere.setMontantEnchere(enchere.getMontantEnchere());
+
+        //Empeche une enchere inférieur au prix de base de l'article
+        Article article = this.articleService.findArticleById(articleId);
+        if (enchere.getMontantEnchere() < article.getPrixInitial()) {
+            result.rejectValue("montantEnchere", "error.enchere", "Vous ne pouvez pas enchérir un montant inférieur au prix initial");
+        }
+
+        //Empeche une enchere inférieur au prix de la dernière enchère sur l'article
+        List<Enchere> lastEnchere = this.enchereService.enchereByArticle(articleId);
+        Optional<Float> maxMontantEnchere = lastEnchere.stream()
+                .map(Enchere::getMontantEnchere) // Récupère seulement les montants d'enchère
+                .max(Float::compareTo);
+        System.out.println(maxMontantEnchere);
+        if (enchere.getMontantEnchere() < maxMontantEnchere.get()) {
+            result.rejectValue("montantEnchere", "error.enchere", "Vous ne pouvez pas enchérir un montant inférieur à la dernière enchère");
+        }
+
         this.enchereService.setEnchere(enchere);
         return "redirect:/article/show?id=" + articleId;
     }
diff --git a/src/main/resources/templates/article.html b/src/main/resources/templates/article.html
index a4a272c..be2dbe7 100644
--- a/src/main/resources/templates/article.html
+++ b/src/main/resources/templates/article.html
@@ -18,7 +18,7 @@
                                 </div>
                                 <div class="col-md-9 d-flex flex-column">
                                     <div class="mt-2 d-flex flex-column align-items-center">
-                                        <strong><span class="col-form-label" th:text="${article.nom}"></span></strong>
+                                        <h1 th:text="${article.nom}"></h1>
                                     </div>
                                     <div class="mt-2 d-flex flex-row align-items-end justify-content-between">
                                         <strong><label class="col-form-label">Description</label></strong>
@@ -49,7 +49,7 @@
                                     <form th:action="@{/enchere/incEnchere}" method="post" th:object="${enchere}" class="mt-2 d-flex flex-row align-items-end justify-content-between">
                                         <input type="hidden" id="articleId" name="articleId" th:value="${article.id}">
                                         <label for="montantEnchere">Montant</label>
-                                        <input type="number" th:field="*{montantEnchere}" id="montantEnchere">
+                                        <input type="number" th:field="*{montantEnchere}" id="montantEnchere" step="0.01" min="0">
                                         <button type="submit" class="btn btn-primary">Enchérir</button>
                                     </form>
                                 </div>