From 15c88c49432bf0364a63bf199b6bd9b9042a79dc Mon Sep 17 00:00:00 2001
From: Thibaut Valentin <thibaut.valentin@epita.fr>
Date: Tue, 11 Mar 2025 10:52:24 +0100
Subject: [PATCH 1/2] fix(comp): rm permission and empty poule list on rm

---
 .../ffsaf/domain/service/CompetitionService.java   | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/main/java/fr/titionfire/ffsaf/domain/service/CompetitionService.java b/src/main/java/fr/titionfire/ffsaf/domain/service/CompetitionService.java
index c5852db..cae9c9f 100644
--- a/src/main/java/fr/titionfire/ffsaf/domain/service/CompetitionService.java
+++ b/src/main/java/fr/titionfire/ffsaf/domain/service/CompetitionService.java
@@ -256,16 +256,16 @@ public class CompetitionService {
 
     public Uni<?> delete(SecurityCtx securityCtx, Long id) {
         return repository.findById(id).invoke(Unchecked.consumer(c -> {
-                    if (!securityCtx.getSubject().equals(c.getOwner()) || securityCtx.roleHas("federation_admin"))
+                    if (!(securityCtx.getSubject().equals(c.getOwner()) || securityCtx.roleHas("federation_admin")))
                         throw new DForbiddenException();
                 }))
                 .call(competitionModel -> pouleRepository.list("compet = ?1", competitionModel)
-                        .call(pouleModels -> Uni.join()
-                                .all(pouleModels.stream()
-                                        .map(pouleModel -> Panache.withTransaction(
-                                                () -> matchRepository.delete("poule = ?1", pouleModel.getId())))
-                                        .toList())
-                                .andCollectFailures()))
+                        .call(pouleModels -> pouleModels.isEmpty() ? Uni.createFrom().nullItem() :
+                                Uni.join().all(pouleModels.stream()
+                                                .map(pouleModel -> Panache.withTransaction(
+                                                        () -> matchRepository.delete("poule = ?1", pouleModel.getId())))
+                                                .toList())
+                                        .andCollectFailures()))
                 .call(competitionModel -> Panache.withTransaction(
                         () -> pouleRepository.delete("compet = ?1", competitionModel)))
                 .chain(model -> Panache.withTransaction(() -> repository.delete("id", model.getId())))

From fbbfef37ba8d82c49eacc00f1d30fd4e52db87d3 Mon Sep 17 00:00:00 2001
From: Thibaut Valentin <thibaut.valentin@epita.fr>
Date: Tue, 11 Mar 2025 11:07:56 +0100
Subject: [PATCH 2/2] feat(comp): check perm for creation

---
 .../domain/service/CompetitionService.java    | 19 ++++++++++++++-----
 .../src/pages/competition/CompetitionEdit.jsx | 13 +++++++------
 2 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/src/main/java/fr/titionfire/ffsaf/domain/service/CompetitionService.java b/src/main/java/fr/titionfire/ffsaf/domain/service/CompetitionService.java
index cae9c9f..c0a61a9 100644
--- a/src/main/java/fr/titionfire/ffsaf/domain/service/CompetitionService.java
+++ b/src/main/java/fr/titionfire/ffsaf/domain/service/CompetitionService.java
@@ -2,7 +2,10 @@ package fr.titionfire.ffsaf.domain.service;
 
 import fr.titionfire.ffsaf.data.model.CompetitionModel;
 import fr.titionfire.ffsaf.data.model.MembreModel;
-import fr.titionfire.ffsaf.data.repository.*;
+import fr.titionfire.ffsaf.data.repository.CombRepository;
+import fr.titionfire.ffsaf.data.repository.CompetitionRepository;
+import fr.titionfire.ffsaf.data.repository.MatchRepository;
+import fr.titionfire.ffsaf.data.repository.PouleRepository;
 import fr.titionfire.ffsaf.net2.ServerCustom;
 import fr.titionfire.ffsaf.net2.data.SimpleCompet;
 import fr.titionfire.ffsaf.net2.request.SReqCompet;
@@ -13,6 +16,7 @@ import fr.titionfire.ffsaf.rest.data.SimpleCompetData;
 import fr.titionfire.ffsaf.rest.data.SimpleRegisterComb;
 import fr.titionfire.ffsaf.rest.exception.DBadRequestException;
 import fr.titionfire.ffsaf.rest.exception.DForbiddenException;
+import fr.titionfire.ffsaf.rest.exception.DNotFoundException;
 import fr.titionfire.ffsaf.utils.CompetitionSystem;
 import fr.titionfire.ffsaf.utils.RegisterEmbeddable;
 import fr.titionfire.ffsaf.utils.SecurityCtx;
@@ -138,10 +142,15 @@ public class CompetitionService {
 
     public Uni<CompetitionData> addOrUpdate(SecurityCtx securityCtx, CompetitionData data) {
         if (data.getId() == null) {
-            return new ClubRepository().findById(data.getClub()).invoke(Unchecked.consumer(clubModel -> {
-                        if (!securityCtx.isInClubGroup(clubModel.getId()))
-                            throw new DForbiddenException();
-                    })) // TODO check if user can create competition
+            return combRepository.find("userId = ?1", securityCtx.getSubject()).firstResult()
+                    .invoke(Unchecked.consumer(combModel -> {
+                        if (combModel == null)
+                            throw new DNotFoundException("Profile non trouvé");
+                        if (data.getSystem() == CompetitionSystem.SAFCA)
+                            if (!securityCtx.getRoles().contains("safca_create_compet"))
+                                throw new DForbiddenException("Vous ne pouvez pas créer de compétition SAFCA");
+                    }))
+                    .map(MembreModel::getClub)
                     .chain(clubModel -> {
                         CompetitionModel model = new CompetitionModel();
 
diff --git a/src/main/webapp/src/pages/competition/CompetitionEdit.jsx b/src/main/webapp/src/pages/competition/CompetitionEdit.jsx
index 27e24b3..f11d4db 100644
--- a/src/main/webapp/src/pages/competition/CompetitionEdit.jsx
+++ b/src/main/webapp/src/pages/competition/CompetitionEdit.jsx
@@ -46,8 +46,8 @@ export function CompetitionEdit() {
 
                     <Content data={data} refresh={refresh}/>
 
-                    {data.id !== null &&  <button style={{marginBottom: "1.5em", width: "100%"}} className="btn btn-primary"
-                    onClick={_ => navigate(`/competition/${data.id}/register`)}>Voir/Modifier les participants</button>}
+                    {data.id !== null && <button style={{marginBottom: "1.5em", width: "100%"}} className="btn btn-primary"
+                                                 onClick={_ => navigate(`/competition/${data.id}/register`)}>Voir/Modifier les participants</button>}
 
                     {data.id !== null && <ContentSAFCA data2={data}/>}
 
@@ -259,10 +259,11 @@ function Content({data}) {
 
                 <OptionField name="system" text="System" value={data.system} values={{SAFCA: 'SAFCA'}} disabled={data.id !== null}/>
 
-                <div className="row">
-                    <ClubSelect defaultValue={data.club} name="club" na={false} disabled={data.id !== null}/>
-                </div>
-
+                {data.id !== null &&
+                    <div className="row">
+                        <ClubSelect defaultValue={data.club} name="club" na={false} disabled={true}/>
+                    </div>
+                }
             </div>
 
             <div className="row mb-3">