refactor(api)!: re-implement DefaultUserPreferenceLimitService

fulleni · fulleni · commit 10ab7663255f · 2025-11-11T09:01:23.000+01:00
BREAKING CHANGE: The DefaultUserPreferenceLimitService has been completely rewritten to implement the new UserPreferenceLimitService interface.

The obsolete checkUpdatePreferences method has been removed.
The unused _permissionService field has been removed.
A new checkInterestLimits method is implemented to enforce all InterestConfig limits (total, pinned, and notification subscriptions) for a given user role.
A new checkUserContentPreferencesLimits method is implemented to enforce all UserPreferenceConfig limits (followed items and saved headlines).
diff --git a/lib/src/services/default_user_preference_limit_service.dart b/lib/src/services/default_user_preference_limit_service.dart
@@ -1,43 +1,197 @@
 import 'package:core/core.dart';
 import 'package:data_repository/data_repository.dart';
-import 'package:flutter_news_app_api_server_full_source_code/src/rbac/permission_service.dart';
 import 'package:flutter_news_app_api_server_full_source_code/src/services/user_preference_limit_service.dart';
 import 'package:logging/logging.dart';
 
 /// {@template default_user_preference_limit_service}
 /// Default implementation of [UserPreferenceLimitService] that enforces limits
-/// based on user role and the new `InterestConfig` within [RemoteConfig].
+/// based on user role and the `InterestConfig` and `UserPreferenceConfig`
+/// sections within the application's [RemoteConfig].
 /// {@endtemplate}
 class DefaultUserPreferenceLimitService implements UserPreferenceLimitService {
   /// {@macro default_user_preference_limit_service}
   const DefaultUserPreferenceLimitService({
     required DataRepository<RemoteConfig> remoteConfigRepository,
-    required PermissionService permissionService,
     required Logger log,
   }) : _remoteConfigRepository = remoteConfigRepository,
-       _permissionService = permissionService,
        _log = log;
 
   final DataRepository<RemoteConfig> _remoteConfigRepository;
-  final PermissionService _permissionService;
   final Logger _log;
 
   // Assuming a fixed ID for the RemoteConfig document
   static const String _remoteConfigId = kRemoteConfigId;
 
   @override
-  Future<void> checkUpdatePreferences(
-    User user,
-    UserContentPreferences updatedPreferences,
-  ) async {
-    // This method is now a placeholder. The new, granular limit checking
-    // is handled by custom creators/updaters in the DataOperationRegistry
-    // for the 'interest' model, which will call a more specific method.
-    // For now, this method does nothing to avoid incorrect validation
-    // on the full UserContentPreferences object.
+  Future<void> checkInterestLimits({
+    required User user,
+    required Interest interest,
+    required List<Interest> existingInterests,
+  }) async {
+    _log.info('Checking interest limits for user ${user.id}.');
+    final remoteConfig = await _remoteConfigRepository.read(
+      id: _remoteConfigId,
+    );
+    final limits = remoteConfig.interestConfig.limits[user.appRole];
+
+    if (limits == null) {
+      _log.severe(
+        'Interest limits not found for role ${user.appRole}. '
+        'Denying request by default.',
+      );
+      throw const ForbiddenException('Interest limits are not configured.');
+    }
+
+    // 1. Check total number of interests.
+    final newTotal = existingInterests.length + 1;
+    if (newTotal > limits.total) {
+      _log.warning(
+        'User ${user.id} exceeded total interest limit: '
+        '${limits.total} (attempted $newTotal).',
+      );
+      throw ForbiddenException(
+        'You have reached your limit of ${limits.total} saved interests.',
+      );
+    }
+
+    // 2. Check total number of pinned feed filters.
+    if (interest.isPinnedFeedFilter) {
+      final pinnedCount =
+          existingInterests.where((i) => i.isPinnedFeedFilter).length + 1;
+      if (pinnedCount > limits.pinnedFeedFilters) {
+        _log.warning(
+          'User ${user.id} exceeded pinned feed filter limit: '
+          '${limits.pinnedFeedFilters} (attempted $pinnedCount).',
+        );
+        throw ForbiddenException(
+          'You have reached your limit of ${limits.pinnedFeedFilters} '
+          'pinned feed filters.',
+        );
+      }
+    }
+
+    // 3. Check notification subscription limits for each type.
+    for (final deliveryType in interest.deliveryTypes) {
+      final notificationLimit = limits.notifications[deliveryType];
+      if (notificationLimit == null) {
+        _log.severe(
+          'Notification limit for type ${deliveryType.name} not found for '
+          'role ${user.appRole}. Denying request by default.',
+        );
+        throw ForbiddenException(
+          'Notification limits for ${deliveryType.name} are not configured.',
+        );
+      }
+
+      final subscriptionCount =
+          existingInterests
+              .where((i) => i.deliveryTypes.contains(deliveryType))
+              .length +
+          1;
+
+      if (subscriptionCount > notificationLimit) {
+        _log.warning(
+          'User ${user.id} exceeded notification limit for '
+          '${deliveryType.name}: $notificationLimit '
+          '(attempted $subscriptionCount).',
+        );
+        throw ForbiddenException(
+          'You have reached your limit of $notificationLimit '
+          '${deliveryType.name} notification subscriptions.',
+        );
+      }
+    }
+
+    _log.info('Interest limits check passed for user ${user.id}.');
+  }
+
+  @override
+  Future<void> checkUserContentPreferencesLimits({
+    required User user,
+    required UserContentPreferences updatedPreferences,
+  }) async {
+    _log.info('Checking user content preferences limits for user ${user.id}.');
+    final remoteConfig = await _remoteConfigRepository.read(
+      id: _remoteConfigId,
+    );
+    final limits = remoteConfig.userPreferenceConfig;
+
+    final (followedItemsLimit, savedHeadlinesLimit) = _getLimitsForRole(
+      user.appRole,
+      limits,
+    );
+
+    // Check followed countries
+    if (updatedPreferences.followedCountries.length > followedItemsLimit) {
+      _log.warning(
+        'User ${user.id} exceeded followed countries limit: '
+        '$followedItemsLimit (attempted '
+        '${updatedPreferences.followedCountries.length}).',
+      );
+      throw ForbiddenException(
+        'You have reached your limit of $followedItemsLimit followed countries.',
+      );
+    }
+
+    // Check followed sources
+    if (updatedPreferences.followedSources.length > followedItemsLimit) {
+      _log.warning(
+        'User ${user.id} exceeded followed sources limit: '
+        '$followedItemsLimit (attempted '
+        '${updatedPreferences.followedSources.length}).',
+      );
+      throw ForbiddenException(
+        'You have reached your limit of $followedItemsLimit followed sources.',
+      );
+    }
+
+    // Check followed topics
+    if (updatedPreferences.followedTopics.length > followedItemsLimit) {
+      _log.warning(
+        'User ${user.id} exceeded followed topics limit: '
+        '$followedItemsLimit (attempted '
+        '${updatedPreferences.followedTopics.length}).',
+      );
+      throw ForbiddenException(
+        'You have reached your limit of $followedItemsLimit followed topics.',
+      );
+    }
+
+    // Check saved headlines
+    if (updatedPreferences.savedHeadlines.length > savedHeadlinesLimit) {
+      _log.warning(
+        'User ${user.id} exceeded saved headlines limit: '
+        '$savedHeadlinesLimit (attempted '
+        '${updatedPreferences.savedHeadlines.length}).',
+      );
+      throw ForbiddenException(
+        'You have reached your limit of $savedHeadlinesLimit saved headlines.',
+      );
+    }
+
     _log.info(
-      'checkUpdatePreferences is a placeholder and performs no validation.',
+      'User content preferences limits check passed for user ${user.id}.',
     );
-    return Future.value();
+  }
+
+  /// Helper to get the correct limits based on the user's role.
+  (int, int) _getLimitsForRole(
+    AppUserRole role,
+    UserPreferenceConfig limits,
+  ) {
+    return switch (role) {
+      AppUserRole.guestUser => (
+        limits.guestFollowedItemsLimit,
+        limits.guestSavedHeadlinesLimit,
+      ),
+      AppUserRole.standardUser => (
+        limits.authenticatedFollowedItemsLimit,
+        limits.authenticatedSavedHeadlinesLimit,
+      ),
+      AppUserRole.premiumUser => (
+        limits.premiumFollowedItemsLimit,
+        limits.premiumSavedHeadlinesLimit,
+      ),
+    };
   }
 }
diff --git a/lib/src/services/user_preference_limit_service.dart b/lib/src/services/user_preference_limit_service.dart
@@ -1,42 +1,45 @@
 import 'package:core/core.dart';
 
 /// {@template user_preference_limit_service}
-/// Service responsible for enforcing user preference limits based on user role.
+/// A service responsible for enforcing all user preference limits based on
+/// the user's role and the application's remote configuration.
+///
+/// This service centralizes validation for both the `Interest` model and
+/// the `UserContentPreferences` model (e.g., followed items, saved headlines).
 /// {@endtemplate}
 abstract class UserPreferenceLimitService {
   /// {@macro user_preference_limit_service}
   const UserPreferenceLimitService();
 
-  /// Checks if the user is allowed to add a *single* item of the given type,
-  /// considering their current count of that item type and their role.
+  /// Validates a new or updated [Interest] against the user's role-based
+  /// limits defined in `InterestConfig`.
   ///
-  /// This method is typically used when a user performs an action that adds
-  /// one item, such as saving a single headline or following a single source.
+  /// This method checks multiple limits:
+  /// - The total number of interests.
+  /// - The number of interests marked as pinned feed filters.
+  /// - The number of subscriptions for each notification delivery type across
+  ///   all of the user's interests.
   ///
   /// - [user]: The authenticated user.
-  /// - [itemType]: The type of item being added (e.g., 'country', 'source',
-  ///   'category', 'headline').
-  /// - [currentCount]: The current number of items of this type the user has.
+  /// - [interest]: The `Interest` object being created or updated.
+  /// - [existingInterests]: A list of the user's other existing interests,
+  ///   used to calculate total counts.
   ///
-  /// Throws [ForbiddenException] if adding the item would exceed the user's
-  /// limit for their role.
-  Future<void> checkAddItem(User user, String itemType, int currentCount);
+  /// Throws a [ForbiddenException] if any limit is exceeded.
+  Future<void> checkInterestLimits({
+    required User user,
+    required Interest interest,
+    required List<Interest> existingInterests,
+  });
 
-  /// Checks if the proposed *entire state* of the user's preferences,
-  /// represented by [updatedPreferences], exceeds the limits based on their role.
+  /// Validates an updated [UserContentPreferences] object against the limits
+  /// defined in `UserPreferenceConfig`.
   ///
-  /// This method is typically used when the full [UserContentPreferences] object
-  /// is being updated, such as when a user saves changes from a preferences screen.
-  /// It validates the total counts across all relevant lists (followed countries,
-  /// sources, categories, and saved headlines).
-  ///
-  /// - [user]: The authenticated user.
-  /// - [updatedPreferences]: The proposed [UserContentPreferences] object.
-  ///
-  /// Throws [ForbiddenException] if any list within the preferences exceeds
-  /// the user's limit for their role.
-  Future<void> checkUpdatePreferences(
-    User user,
-    UserContentPreferences updatedPreferences,
-  );
+  /// This method checks the total counts for followed items (countries,
+  /// sources, topics) and saved headlines.
+  /// Throws a [ForbiddenException] if any limit is exceeded.
+  Future<void> checkUserContentPreferencesLimits({
+    required User user,
+    required UserContentPreferences updatedPreferences,
+  });
 }
