From 5393ae24cbb62b0d9dbabea48c9aa51f49fd795c Mon Sep 17 00:00:00 2001
From: Ludy <Ludy87@users.noreply.github.com>
Date: Sat, 14 Jun 2025 22:00:24 +0200
Subject: [PATCH] =?UTF-8?q?Fix:=20Assign=20Internal=20API=20User=20to=20In?=
 =?UTF-8?q?ternal=20Team=20and=20Eager-Load=20User=E2=80=99s=20Team=20Asso?=
 =?UTF-8?q?ciation=20(#3698)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

# Description of Changes

- **What was changed**
- Added logic in `InitialSecuritySetup` to assign the
`INTERNAL_API_USER` to a dedicated “internal” team both during initial
creation and on subsequent startups.
- Enhanced `assignUsersToDefaultTeamIfMissing()` to route the internal
API user to the `internalTeam`, while all other users go to the default
team.
- Switched the JPA mapping of `User.team` from `LAZY` to `EAGER` fetch
to ensure the team association is always loaded with the user.
- Introduced a new `UserService.changeUserTeam(User, Team)` method to
handle moving an existing user to a different team and persist the
change.
- Imported `java.util.Optional` to safely handle lookups of the internal
API user.

- **Why the change was made**
- To guarantee that the special internal API user is always part of the
“internal” team and never left on the default team, preventing
permission and routing issues.
- Eagerly loading the `team` association avoids lazy-init exceptions in
contexts where the user’s team is needed immediately (e.g., security
checks).

---

## Checklist

### General

- [x] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [x] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md)
(if applicable)
- [x] I have performed a self-review of my own code
- [x] My changes generate no new warnings

### Documentation

- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)

### UI Changes (if applicable)

- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)

### Testing (if applicable)

- [ ] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing)
for more details.
---
 .../security/InitialSecuritySetup.java        | 22 ++++++++++++++++++-
 .../proprietary/security/model/User.java      |  2 +-
 .../security/service/UserService.java         | 10 +++++++++
 .../static/js/pages/edit-table-of-contents.js |  6 ++---
 .../controller/api/MergeControllerTest.java   |  2 +-
 5 files changed, 36 insertions(+), 6 deletions(-)

diff --git a/proprietary/src/main/java/stirling/software/proprietary/security/InitialSecuritySetup.java b/proprietary/src/main/java/stirling/software/proprietary/security/InitialSecuritySetup.java
index d36d891bc..23f1100e6 100644
--- a/proprietary/src/main/java/stirling/software/proprietary/security/InitialSecuritySetup.java
+++ b/proprietary/src/main/java/stirling/software/proprietary/security/InitialSecuritySetup.java
@@ -2,6 +2,7 @@ package stirling.software.proprietary.security;
 
 import java.sql.SQLException;
 import java.util.List;
+import java.util.Optional;
 import java.util.UUID;
 
 import org.springframework.stereotype.Component;
@@ -53,10 +54,15 @@ public class InitialSecuritySetup {
 
     private void assignUsersToDefaultTeamIfMissing() {
         Team defaultTeam = teamService.getOrCreateDefaultTeam();
+        Team internalTeam = teamService.getOrCreateInternalTeam();
         List<User> usersWithoutTeam = userService.getUsersWithoutTeam();
 
         for (User user : usersWithoutTeam) {
-            user.setTeam(defaultTeam);
+            if (user.getUsername().equalsIgnoreCase(Role.INTERNAL_API_USER.getRoleId())) {
+                user.setTeam(internalTeam);
+            } else {
+                user.setTeam(defaultTeam);
+            }
         }
 
         userService.saveAll(usersWithoutTeam); // batch save
@@ -108,6 +114,20 @@ public class InitialSecuritySetup {
                     false);
             userService.addApiKeyToUser(Role.INTERNAL_API_USER.getRoleId());
             log.info("Internal API user created: {}", Role.INTERNAL_API_USER.getRoleId());
+        } else {
+            Optional<User> internalApiUserOpt =
+                    userService.findByUsernameIgnoreCase(Role.INTERNAL_API_USER.getRoleId());
+            if (internalApiUserOpt.isPresent()) {
+                User internalApiUser = internalApiUserOpt.get();
+                // move to team internal API user
+                if (!internalApiUser.getTeam().getName().equals(TeamService.INTERNAL_TEAM_NAME)) {
+                    log.info(
+                            "Moving internal API user to team: {}", TeamService.INTERNAL_TEAM_NAME);
+                    Team internalTeam = teamService.getOrCreateInternalTeam();
+
+                    userService.changeUserTeam(internalApiUser, internalTeam);
+                }
+            }
         }
         userService.syncCustomApiUser(applicationProperties.getSecurity().getCustomGlobalAPIKey());
     }
diff --git a/proprietary/src/main/java/stirling/software/proprietary/security/model/User.java b/proprietary/src/main/java/stirling/software/proprietary/security/model/User.java
index c2461269a..d3e232f61 100644
--- a/proprietary/src/main/java/stirling/software/proprietary/security/model/User.java
+++ b/proprietary/src/main/java/stirling/software/proprietary/security/model/User.java
@@ -58,7 +58,7 @@ public class User implements Serializable {
     @OneToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL, mappedBy = "user")
     private Set<Authority> authorities = new HashSet<>();
 
-    @ManyToOne(fetch = FetchType.LAZY)
+    @ManyToOne(fetch = FetchType.EAGER)
     @JoinColumn(name = "team_id")
     private Team team;
 
diff --git a/proprietary/src/main/java/stirling/software/proprietary/security/service/UserService.java b/proprietary/src/main/java/stirling/software/proprietary/security/service/UserService.java
index 9d1ae6fc8..50c8027f6 100644
--- a/proprietary/src/main/java/stirling/software/proprietary/security/service/UserService.java
+++ b/proprietary/src/main/java/stirling/software/proprietary/security/service/UserService.java
@@ -371,6 +371,16 @@ public class UserService implements UserServiceInterface {
         databaseService.exportDatabase();
     }
 
+    public void changeUserTeam(User user, Team team)
+            throws SQLException, UnsupportedProviderException {
+        if (team == null) {
+            team = getDefaultTeam();
+        }
+        user.setTeam(team);
+        userRepository.save(user);
+        databaseService.exportDatabase();
+    }
+
     public boolean isPasswordCorrect(User user, String currentPassword) {
         return passwordEncoder.matches(currentPassword, user.getPassword());
     }
diff --git a/stirling-pdf/src/main/resources/static/js/pages/edit-table-of-contents.js b/stirling-pdf/src/main/resources/static/js/pages/edit-table-of-contents.js
index 5bd0001e6..de7fe30db 100644
--- a/stirling-pdf/src/main/resources/static/js/pages/edit-table-of-contents.js
+++ b/stirling-pdf/src/main/resources/static/js/pages/edit-table-of-contents.js
@@ -435,14 +435,14 @@ document.addEventListener('DOMContentLoaded', function() {
       e.preventDefault();
       e.stopPropagation();
 
-      if (confirm('Are you sure you want to remove this bookmark' + 
+      if (confirm('Are you sure you want to remove this bookmark' +
                   (bookmark.children.length > 0 ? ' and all its children?' : '?'))) {
         removeBookmark(bookmark.id);
       }
     });
 
     headerRight.appendChild(quickAddChildButton);
-    headerRight.appendChild(quickAddSiblingButton); 
+    headerRight.appendChild(quickAddSiblingButton);
     headerRight.appendChild(quickRemoveButton);
 
     // Assemble header
@@ -650,4 +650,4 @@ document.addEventListener('DOMContentLoaded', function() {
       });
     }
   });
-});
\ No newline at end of file
+});
diff --git a/stirling-pdf/src/test/java/stirling/software/SPDF/controller/api/MergeControllerTest.java b/stirling-pdf/src/test/java/stirling/software/SPDF/controller/api/MergeControllerTest.java
index 09f0fd92e..4b175b64e 100644
--- a/stirling-pdf/src/test/java/stirling/software/SPDF/controller/api/MergeControllerTest.java
+++ b/stirling-pdf/src/test/java/stirling/software/SPDF/controller/api/MergeControllerTest.java
@@ -276,4 +276,4 @@ class MergeControllerTest {
         verify(mockMergedDocument, never()).addPage(any(PDPage.class));
     }
 
-}
\ No newline at end of file
+}