Add checks for the number of bookmarks and prevent removal of owned searches.

Change 1: Limit number of bookmarks

We already have a limit for the number of saved searches a user can own.

This code adds a new configuration for the number of bookmarks they can have.

In addition to the 25 saved searches they can own, they also can bookmark 25 other saved searches that they don't own.

Change 2: Prevent bookmark removal of owned searches

When a user creates a saved search, they are automatically bookmarked (Similar to [issue tracker](https://developers.google.com/issue-tracker/guides/work-with-hotlist#:~:text=Hotlists%20that%20you%20own%20are%20starred%20automatically)).

And in Issue Tracker, you can't remove the star if you are the admin. This change adds the same type of check.

Author: jcscottiii

lib/gcpspanner/client.go

@@ -121,10 +121,14 @@ func (w LocalBatchWriter) BatchWriteMutations(
 
 // searchConfig holds the application configuation for the saved search feature.
 type searchConfig struct {
+	// Max number saved searches per user.
 	maxOwnedSearchesPerUser uint32
+	// Max number of bookmarks per user (excluding the saved searches they own)
+	maxBookmarksPerUser uint32
 }
 
 const defaultMaxOwnedSearchesPerUser = 25
+const defaultMaxBookmarksPerUser = 25
 const defaultBatchSize = 10000
 const defaultBatchWriters = 8
 
@@ -193,7 +197,10 @@ func NewSpannerClient(projectID string, instanceID string, name string) (*Client
 		client,
 		GCPFeatureSearchBaseQuery{},
 		GCPMissingOneImplementationQuery{},
-		searchConfig{maxOwnedSearchesPerUser: defaultMaxOwnedSearchesPerUser},
+		searchConfig{
+			maxOwnedSearchesPerUser: defaultMaxOwnedSearchesPerUser,
+			maxBookmarksPerUser:     defaultMaxBookmarksPerUser,
+		},
 		bw,
 		defaultBatchSize,
 		defaultBatchWriters,
@@ -730,6 +737,7 @@ type entityRemover[
 }
 
 // remove performs an delete operation on an entity.
+// nolint: unused // TODO: Remove nolint directive once the method is used.
 func (c *entityRemover[M, ExternalStruct, SpannerStruct, ExternalKey]) remove(ctx context.Context,
 	input ExternalStruct) error {
 	_, err := c.ReadWriteTransaction(ctx, func(ctx context.Context, txn *spanner.ReadWriteTransaction) error {

lib/gcpspanner/user_search_bookmarks.go

@@ -16,6 +16,7 @@ package gcpspanner
 
 import (
 	"context"
+	"errors"
 	"fmt"
 
 	"cloud.google.com/go/spanner"
@@ -74,10 +75,111 @@ func (m userSavedSearchBookmarkMapper) DeleteKey(key userSavedSearchBookmarkKey)
 	return spanner.Key{key.UserID, key.SavedSearchID}
 }
 
+var (
+	// ErrUserSearchBookmarkLimitExceeded indicates that the user already has
+	// reached the limit of saved searches that a given user can bookmark.
+	ErrUserSearchBookmarkLimitExceeded = errors.New("user bookmark limit reached")
+	// ErrOwnerCannotDeleteBookmark indicates that the user is the owner of the
+	// saved search and cannot delete the bookmark.
+	ErrOwnerCannotDeleteBookmark = errors.New("user is the owner of the saved search and cannot delete the bookmark")
+)
+
 func (c *Client) AddUserSearchBookmark(ctx context.Context, req UserSavedSearchBookmark) error {
-	return newEntityWriter[userSavedSearchBookmarkMapper](c).upsert(ctx, req)
+	_, err := c.ReadWriteTransaction(ctx, func(ctx context.Context, txn *spanner.ReadWriteTransaction) error {
+		// 1. Check if search id exists for this user
+		_, err := newEntityReader[
+			authenticatedUserSavedSearchMapper,
+			UserSavedSearch,
+			authenticatedUserSavedSearchMapperKey,
+		](c).readRowByKeyWithTransaction(ctx, authenticatedUserSavedSearchMapperKey{
+			UserID: req.UserID,
+			ID:     req.SavedSearchID,
+		}, txn)
+		if err != nil {
+			return err
+		}
+
+		// 2. Read the current count of bookmarks where the user is not the owner
+		var count int64
+		stmt := spanner.Statement{
+			SQL: fmt.Sprintf(`
+			SELECT COUNT(us.SavedSearchID)
+			FROM %s us
+			LEFT JOIN %s sr ON us.SavedSearchID = sr.SavedSearchID AND us.UserID = sr.UserID
+			WHERE us.UserID = @UserID AND (sr.UserRole != @Role OR sr.UserRole IS NULL);
+		`, userSavedSearchBookmarksTable, savedSearchUserRolesTable),
+			Params: map[string]interface{}{
+				"UserID": req.UserID,
+				"Role":   SavedSearchOwner,
+			},
+		}
+		row, err := txn.Query(ctx, stmt).Next()
+		if err != nil {
+			return err
+		}
+		if err := row.Columns(&count); err != nil {
+			return err
+		}
+
+		// 3. Check against the limit
+		if count >= int64(c.searchCfg.maxBookmarksPerUser) {
+			return ErrUserSearchBookmarkLimitExceeded
+		}
+
+		// 4. Insert the bookmark
+		return newEntityWriter[userSavedSearchBookmarkMapper](c).upsertWithTransaction(ctx, txn, req)
+	})
+
+	return err
 }
 
 func (c *Client) DeleteUserSearchBookmark(ctx context.Context, req UserSavedSearchBookmark) error {
-	return newEntityRemover[userSavedSearchBookmarkMapper, UserSavedSearchBookmark](c).remove(ctx, req)
+	_, err := c.ReadWriteTransaction(ctx, func(ctx context.Context, txn *spanner.ReadWriteTransaction) error {
+		// 1. Check if search id exists for this user
+		_, err := newEntityReader[
+			authenticatedUserSavedSearchMapper,
+			UserSavedSearch,
+			authenticatedUserSavedSearchMapperKey,
+		](c).readRowByKeyWithTransaction(ctx, authenticatedUserSavedSearchMapperKey{
+			UserID: req.UserID,
+			ID:     req.SavedSearchID,
+		}, txn)
+		if err != nil {
+			return err
+		}
+
+		// 2. Check if the user is the owner of the saved search
+		var isOwner bool
+		stmt := spanner.Statement{
+			SQL: fmt.Sprintf(`
+				SELECT EXISTS(
+					SELECT 1
+					FROM %s
+					WHERE UserID = @UserID AND SavedSearchID = @SavedSearchID AND UserRole = @Role
+				)
+			`, savedSearchUserRolesTable),
+			Params: map[string]interface{}{
+				"UserID":        req.UserID,
+				"SavedSearchID": req.SavedSearchID,
+				"Role":          SavedSearchOwner,
+			},
+		}
+		row, err := txn.Query(ctx, stmt).Next()
+		if err != nil {
+			return err
+		}
+		if err := row.Columns(&isOwner); err != nil {
+			return err
+		}
+
+		if isOwner {
+			return ErrOwnerCannotDeleteBookmark
+		}
+
+		// 3. Delete the bookmark
+		return newEntityRemover[userSavedSearchBookmarkMapper, UserSavedSearchBookmark](c).
+			removeWithTransaction(ctx, txn, req)
+	})
+
+	return err
 }

lib/gcpspanner/user_search_bookmarks_test.go

@@ -16,15 +16,30 @@ package gcpspanner
 
 import (
 	"context"
+	"errors"
 	"testing"
 
 	"cloud.google.com/go/spanner"
 )
 
+func assertUserSearchSearchWithBookmarkStatus(
+	ctx context.Context, t *testing.T, expectedSavedSearch *UserSavedSearch, savedSearchID *string, userID string) {
+	actual, err := spannerClient.GetUserSavedSearch(ctx, *savedSearchID, valuePtr(userID))
+	if err != nil {
+		t.Errorf("expected nil error. received %s", err)
+	}
+	if !userSavedSearchEquality(expectedSavedSearch, actual) {
+		t.Errorf("different saved searches\nexpected: %+v\nreceived: %v", expectedSavedSearch, actual)
+	}
+}
+
 func TestUserSearchBookmark(t *testing.T) {
 	restartDatabaseContainer(t)
 	ctx := context.Background()
 
+	// Reset the max bookmarks to 1.
+	spannerClient.searchCfg.maxBookmarksPerUser = 1
+
 	savedSearchID, err := spannerClient.CreateNewUserSavedSearch(ctx, CreateUserSavedSearchRequest{
 		Name:        "my little search",
 		Query:       "group:css",
@@ -38,35 +53,24 @@ func TestUserSearchBookmark(t *testing.T) {
 		t.Fatal("expected non-nil id.")
 	}
 
-	const testUser = "test-user"
-
-	// user initially does not have a bookmark
-	expectedSavedSearch := &UserSavedSearch{
-		IsBookmarked: valuePtr(false),
-		Role:         nil,
-		SavedSearch: SavedSearch{
-			ID:          *savedSearchID,
-			Name:        "my little search",
-			Query:       "group:css",
-			Scope:       "USER_PUBLIC",
-			AuthorID:    "userID1",
-			Description: nil,
-			// Don't actually compare the last two values.
-			CreatedAt: spanner.CommitTimestamp,
-			UpdatedAt: spanner.CommitTimestamp,
-		},
-	}
-	actual, err := spannerClient.GetUserSavedSearch(ctx, *savedSearchID, valuePtr(testUser))
+	savedSearchID2, err := spannerClient.CreateNewUserSavedSearch(ctx, CreateUserSavedSearchRequest{
+		Name:        "my big search",
+		Query:       "group:html",
+		OwnerUserID: "userID1",
+		Description: nil,
+	})
 	if err != nil {
 		t.Errorf("expected nil error. received %s", err)
 	}
-	if !userSavedSearchEquality(expectedSavedSearch, actual) {
-		t.Errorf("different saved searches\nexpected: %+v\nreceived: %v", expectedSavedSearch, actual)
+	if savedSearchID2 == nil {
+		t.Fatal("expected non-nil id.")
 	}
 
-	// user can successfully have a bookmark added
-	expectedSavedSearchAfter := &UserSavedSearch{
-		IsBookmarked: valuePtr(true),
+	var testUserSavedSearchID *string
+	const testUser = "test-user"
+	// user initially does not have a bookmark
+	expectedSavedSearchBeforeBookmark := &UserSavedSearch{
+		IsBookmarked: valuePtr(false),
 		Role:         nil,
 		SavedSearch: SavedSearch{
 			ID:          *savedSearchID,
@@ -80,35 +84,106 @@ func TestUserSearchBookmark(t *testing.T) {
 			UpdatedAt: spanner.CommitTimestamp,
 		},
 	}
-	err = spannerClient.AddUserSearchBookmark(ctx, UserSavedSearchBookmark{
-		UserID:        testUser,
-		SavedSearchID: *savedSearchID,
+	t.Run("the test user can see they don't have bookmark status", func(t *testing.T) {
+		assertUserSearchSearchWithBookmarkStatus(ctx, t, expectedSavedSearchBeforeBookmark, savedSearchID, testUser)
 	})
-	if err != nil {
-		t.Errorf("expected nil error. received %s", err)
-	}
-	actual, err = spannerClient.GetUserSavedSearch(ctx, *savedSearchID, valuePtr(testUser))
-	if err != nil {
-		t.Errorf("expected nil error. received %s", err)
-	}
-	if !userSavedSearchEquality(expectedSavedSearchAfter, actual) {
-		t.Errorf("different saved searches\nexpected: %+v\nreceived: %v", expectedSavedSearchAfter, actual)
-	}
 
-	// user can successfully have a bookmark removed
-	err = spannerClient.DeleteUserSearchBookmark(ctx, UserSavedSearchBookmark{
-		UserID:        testUser,
-		SavedSearchID: *savedSearchID,
+	t.Run("the test user can bookmark it", func(t *testing.T) {
+		// user can successfully have a bookmark added
+		expectedSavedSearchAfter := &UserSavedSearch{
+			IsBookmarked: valuePtr(true),
+			Role:         nil,
+			SavedSearch: SavedSearch{
+				ID:          *savedSearchID,
+				Name:        "my little search",
+				Query:       "group:css",
+				Scope:       "USER_PUBLIC",
+				AuthorID:    "userID1",
+				Description: nil,
+				// Don't actually compare the last two values.
+				CreatedAt: spanner.CommitTimestamp,
+				UpdatedAt: spanner.CommitTimestamp,
+			},
+		}
+		err = spannerClient.AddUserSearchBookmark(ctx, UserSavedSearchBookmark{
+			UserID:        testUser,
+			SavedSearchID: *savedSearchID,
+		})
+		if err != nil {
+			t.Errorf("expected nil error. received %s", err)
+		}
+
+		assertUserSearchSearchWithBookmarkStatus(ctx, t, expectedSavedSearchAfter, savedSearchID, testUser)
 	})
-	if err != nil {
-		t.Errorf("expected nil error. received %s", err)
-	}
-	actual, err = spannerClient.GetUserSavedSearch(ctx, *savedSearchID, valuePtr(testUser))
-	if err != nil {
-		t.Errorf("expected nil error. received %s", err)
-	}
-	if !userSavedSearchEquality(expectedSavedSearch, actual) {
-		t.Errorf("different saved searches\nexpected: %+v\nreceived: %v", expectedSavedSearch, actual)
-	}
 
+	t.Run("the test user gets a limit error once it tries to bookmark too many", func(t *testing.T) {
+		err = spannerClient.AddUserSearchBookmark(ctx, UserSavedSearchBookmark{
+			UserID:        testUser,
+			SavedSearchID: *savedSearchID2,
+		})
+		if !errors.Is(err, ErrUserSearchBookmarkLimitExceeded) {
+			t.Errorf("expected ErrUserSearchBookmarkLimitExceeded error. received %s", err)
+		}
+	})
+
+	// Assuming they have not hit the saved search limit. (That is tested in create_user_saved_search_test.go)
+	t.Run("the test user can still make saved searches even after hitting the bookmark limit", func(t *testing.T) {
+		var err error
+		testUserSavedSearchID, err = spannerClient.CreateNewUserSavedSearch(ctx, CreateUserSavedSearchRequest{
+			Name:        "my really big search",
+			Query:       "group:html OR group:css",
+			OwnerUserID: testUser,
+			Description: nil,
+		})
+		if err != nil {
+			t.Errorf("expected nil error. received %s", err)
+		}
+		if testUserSavedSearchID == nil {
+			t.Fatal("expected non-nil id.")
+		}
+	})
+
+	t.Run("the test user can remove a bookmark for a saved search they don't own", func(t *testing.T) {
+		err = spannerClient.DeleteUserSearchBookmark(ctx, UserSavedSearchBookmark{
+			UserID:        testUser,
+			SavedSearchID: *savedSearchID,
+		})
+		if err != nil {
+			t.Errorf("expected nil error. received %s", err)
+		}
+
+		assertUserSearchSearchWithBookmarkStatus(ctx, t, expectedSavedSearchBeforeBookmark, savedSearchID, testUser)
+	})
+
+	t.Run("the test user gets ErrQueryReturnedNoResults when trying to remove bookmark that does not exist (anymore)",
+		func(t *testing.T) {
+			err = spannerClient.DeleteUserSearchBookmark(ctx, UserSavedSearchBookmark{
+				UserID:        testUser,
+				SavedSearchID: *savedSearchID,
+			})
+			if !errors.Is(err, ErrQueryReturnedNoResults) {
+				t.Errorf("expected ErrQueryReturnedNoResults error. received %s", err)
+			}
+		})
+
+	t.Run("the test user gets ErrQueryReturnedNoResults when trying to add a bookmark for search that does not exist",
+		func(t *testing.T) {
+			err = spannerClient.AddUserSearchBookmark(ctx, UserSavedSearchBookmark{
+				UserID:        testUser,
+				SavedSearchID: "fake-uuid",
+			})
+			if !errors.Is(err, ErrQueryReturnedNoResults) {
+				t.Errorf("expected ErrQueryReturnedNoResults error. received %s", err)
+			}
+		})
+
+	t.Run("the test user cannot remove a bookmark for a saved search they own", func(t *testing.T) {
+		err = spannerClient.DeleteUserSearchBookmark(ctx, UserSavedSearchBookmark{
+			UserID:        testUser,
+			SavedSearchID: *testUserSavedSearchID,
+		})
+		if !errors.Is(err, ErrOwnerCannotDeleteBookmark) {
+			t.Errorf("expected ErrOwnerCannotDeleteBookmark error. received %s", err)
+		}
+	})
 }