Enhance Exception Handling and Implement Global Exception Handler for UserNotFoundException

[a-n-u-p-01]

Global Exception Handling for UserNotFoundException

Overview

This implementation enhances the exception handling mechanism within the application by defining a custom exception, UserNotFoundException, and implementing a global exception handler to manage this exception effectively. The goal is to centralize exception handling, improving code maintainability and consistency.

Tasks

1. Define UserNotFoundException

• Objective: Create a custom exception class named UserNotFoundException.
• Steps:
  • Create a new class UserNotFoundException in the exception package.
  • Ensure that UserNotFoundException extends RuntimeException.

2. Implement Global Exception Handler

• Objective: Implement a global exception handler to manage the UserNotFoundException.
• Steps:
  • Create a new class GlobalExceptionHandler in the exception package.
  • Annotate the class with @ControllerAdvice to allow it to handle exceptions globally across all controllers.
  • Use the @ExceptionHandler annotation within this class to define a method that handles UserNotFoundException.
  • Ensure that the method returns an appropriate HTTP status code (e.g., 404 Not Found) and a meaningful error message.

3. Refactor Existing Code

• Objective: Refactor the existing controller code to remove local handling of UserNotFoundException.
• Steps:
  • Remove any try-catch blocks or local handling of UserNotFoundException within controller methods.
  • Ensure that the global exception handler is invoked when a user is not found.

[Guhapriya01]

Hi @a-n-u-p-01,

I’m currently working on this issue and noticed a scenario where an admin might try to delete their own account using the DELETE /user route. Currently, for both cases—user not existing and admin users—the DELETE /user route returns a "User Not Found" response.

For the DELETE /admin/{userName} route, a 403 Forbidden response is returned when an admin tries to delete another admin user or themselves.

I’d like to clarify a couple of points:

• Should the API allow admins to delete their own accounts via the DELETE /user route, or should this be restricted?
• If restricted, should we return a 403 Forbidden response for the DELETE /user route, similar to the DELETE /admin/{userName} route, or is there a different response you’d suggest?

I also noticed there's an open issue about handling the deletion of users with the "ADMIN" role. I want to ensure that my implementation aligns with the expected behavior for admin deletions. Please let me know your thoughts!

[a-n-u-p-01]

• Admin is created by first creating a regular user and then assigning the "ADMIN" role to that user in DB.
• Deletion of admin accounts is forbidden.

  Impliment

• Before an admin account can be deleted, the admin must transfer their role to another user. This ensures that there is always at least one admin available to manage the system.

Steps:

• Transfer Role**: Implement functionality to allow the current admin to transfer their admin role to another user.
• Account Deletion**: After the role transfer is complete, the admin can proceed to delete their account.
• Validation**: Ensure proper validation checks are in place to verify that the role transfer has occurred before allowing account deletion.

If you have any other ideas or methods in mind for implementing this process, feel free to share.

[Guhapriya01]

Thank you for the clarification. Based on your requirements, here’s how I plan to implement the admin role transfer and deletion process:

For the DELETE /admin/{username} Route:

• If an admin requests to delete their own account, I will first check if there are other admins available.
• If no other admins are present, the admin will be required to transfer their role to another user before proceeding with the deletion.
• If other admins are present, the deletion will proceed without the need for role transfer.

For the DELETE /user Route:

• Before deleting a user (admin), I will check if there are other admins.
• If the user to be deleted is the last admin, I will enforce role transfer to another user before proceeding with the deletion.
• If other admins are present, the deletion will proceed without requiring role transfer.

Please let me know if this approach aligns with your expectations or if there are any additional considerations I should keep in mind.