fix: considering header field if-unmodified-since for different patch requests

src/attachments/attachments.v4.controller.ts

@@ -14,7 +14,7 @@
   NotFoundException,
   Patch,
   Put,
-  HttpCode,
+  HttpCode, Headers, HttpException,
 } from "@nestjs/common";
 import {
   ApiBearerAuth,
@@ -365,8 +365,15 @@
   async findOneAndUpdate(
     @Req() request: Request,
     @Param("aid") aid: string,
+    @Headers() headers: Record<string, string>,
     @Body() updateAttachmentDto: PartialUpdateAttachmentV4Dto,
   ): Promise<OutputAttachmentV4Dto | null> {
+
+    const headerDateString = headers['if-unmodified-since'];
+    const headerDate = headerDateString && !isNaN(new Date(headerDateString).getTime())
+      ? new Date(headerDateString)
+      : null;
+
     const foundAattachment = await this.checkPermissionsForAttachment(
       request,
       aid,
@@ -376,10 +383,16 @@
       request.headers["content-type"] === "application/merge-patch+json"
         ? jmp.apply(foundAattachment, updateAttachmentDto)
         : updateAttachmentDto;
-    return this.attachmentsService.findOneAndUpdate(
-      { _id: aid },
-      updateAttachmentDtoForservice,
-    );
+
+
+    if (!headerDate || headerDate > foundAattachment.updatedAt) {
+      return this.attachmentsService.findOneAndUpdate(
+        {_id: aid},
+        updateAttachmentDtoForservice,
+      );
+    } else {
+      throw new HttpException("Precondition Failed", HttpStatus.PRECONDITION_FAILED);
+    }
   }
 
   // PUT /attachments/:aid

src/datasets/datasets.controller.ts

@@ -1397,11 +1397,18 @@
     @Req() request: Request,
     @Param("pid") pid: string,
     @Body()
+    @Headers() headers: Record<string, string>,
     updateDatasetObsoleteDto:
       | PartialUpdateRawDatasetObsoleteDto
       | PartialUpdateDerivedDatasetObsoleteDto
       | PartialUpdateDatasetDto,
   ): Promise<OutputDatasetObsoleteDto | null> {
+
+    const headerDateString = headers['if-unmodified-since'];
+    const headerDate = headerDateString && !isNaN(new Date(headerDateString).getTime())
+      ? new Date(headerDateString)
+      : null;
+
     const foundDataset = await this.datasetsService.findOne({
       where: { pid },
     });
@@ -1410,52 +1417,57 @@
       throw new NotFoundException();
     }
 
-    // NOTE: Default validation pipe does not validate union types. So we need custom validation.
-    let dtoType;
-    switch (foundDataset.type) {
-      case DatasetType.Raw:
-        dtoType = PartialUpdateRawDatasetObsoleteDto;
-        break;
-      case DatasetType.Derived:
-        dtoType = PartialUpdateDerivedDatasetObsoleteDto;
-        break;
-      default:
-        dtoType = PartialUpdateDatasetDto;
-        break;
-    }
-    const validatedUpdateDatasetObsoleteDto =
-      (await this.validateDatasetObsolete(
-        updateDatasetObsoleteDto,
-        dtoType,
-      )) as
-        | PartialUpdateRawDatasetObsoleteDto
-        | PartialUpdateDerivedDatasetObsoleteDto
-        | PartialUpdateDatasetDto;
-
-    // NOTE: We need DatasetClass instance because casl module can not recognize the type from dataset mongo database model. If other fields are needed can be added later.
-    const datasetInstance =
-      await this.generateDatasetInstanceForPermissions(foundDataset);
+    if (!headerDate || headerDate > foundDataset.updatedAt) {
+
+      // NOTE: Default validation pipe does not validate union types. So we need custom validation.
+      let dtoType;
+      switch (foundDataset.type) {
+        case DatasetType.Raw:
+          dtoType = PartialUpdateRawDatasetObsoleteDto;
+          break;
+        case DatasetType.Derived:
+          dtoType = PartialUpdateDerivedDatasetObsoleteDto;
+          break;
+        default:
+          dtoType = PartialUpdateDatasetDto;
+          break;
+      }
+      const validatedUpdateDatasetObsoleteDto =
+        (await this.validateDatasetObsolete(
+          updateDatasetObsoleteDto,
+          dtoType,
+        )) as
+          | PartialUpdateRawDatasetObsoleteDto
+          | PartialUpdateDerivedDatasetObsoleteDto
+          | PartialUpdateDatasetDto;
+
+      // NOTE: We need DatasetClass instance because casl module can not recognize the type from dataset mongo database model. If other fields are needed can be added later.
+      const datasetInstance =
+        await this.generateDatasetInstanceForPermissions(foundDataset);
+
+      // instantiate the casl matrix for the user
+      const user: JWTUser = request.user as JWTUser;
+      const ability = this.caslAbilityFactory.datasetInstanceAccess(user);
+      // check if he/she can create this dataset
+      const canUpdate =
+        ability.can(Action.DatasetUpdateAny, DatasetClass) ||
+        ability.can(Action.DatasetUpdateOwner, datasetInstance);
+
+      if (!canUpdate) {
+        throw new ForbiddenException("Unauthorized to update this dataset");
+      }
 
-    // instantiate the casl matrix for the user
-    const user: JWTUser = request.user as JWTUser;
-    const ability = this.caslAbilityFactory.datasetInstanceAccess(user);
-    // check if he/she can create this dataset
-    const canUpdate =
-      ability.can(Action.DatasetUpdateAny, DatasetClass) ||
-      ability.can(Action.DatasetUpdateOwner, datasetInstance);
+      const updateDatasetDto = this.convertObsoleteToCurrentSchema(
+        validatedUpdateDatasetObsoleteDto,
+      ) as UpdateDatasetDto;
 
-    if (!canUpdate) {
-      throw new ForbiddenException("Unauthorized to update this dataset");
+      const res = this.convertCurrentToObsoleteSchema(
+        await this.datasetsService.findByIdAndUpdate(pid, updateDatasetDto),
+      );
+      return res;
+    } else {
+      throw new HttpException("Precondition Failed", HttpStatus.PRECONDITION_FAILED);
     }
-
-    const updateDatasetDto = this.convertObsoleteToCurrentSchema(
-      validatedUpdateDatasetObsoleteDto,
-    ) as UpdateDatasetDto;
-
-    const res = this.convertCurrentToObsoleteSchema(
-      await this.datasetsService.findByIdAndUpdate(pid, updateDatasetDto),
-    );
-    return res;
   }
 
   // PUT /datasets/:id

src/datasets/datasets.v4.controller.ts

@@ -18,7 +18,7 @@ import {
   ForbiddenException,
   InternalServerErrorException,
   ConflictException,
-  UsePipes,
+  UsePipes, Headers, HttpException,
 } from "@nestjs/common";
 import {
   ApiBearerAuth,
@@ -780,11 +780,18 @@ Set \`content-type\` header to \`application/merge-patch+json\` if you would lik
   async findByIdAndUpdate(
     @Req() request: Request,
     @Param("pid") pid: string,
+    @Headers() headers: Record<string, string>,
     @Body()
-    updateDatasetDto: PartialUpdateDatasetDto,
+      updateDatasetDto: PartialUpdateDatasetDto,
   ): Promise<OutputDatasetDto | null> {
+
+    const headerDateString = headers['if-unmodified-since'];
+    const headerDate = headerDateString && !isNaN(new Date(headerDateString).getTime())
+      ? new Date(headerDateString)
+      : null;
+
     const foundDataset = await this.datasetsService.findOne({
-      where: { pid },
+      where: {pid},
     });
 
     await this.checkPermissionsForDatasetExtended(
@@ -809,15 +816,20 @@ Set \`content-type\` header to \`application/merge-patch+json\` if you would lik
       );
     }
 
-    const updateDatasetDtoForService =
-      request.headers["content-type"] === "application/merge-patch+json"
-        ? jmp.apply(foundDataset, updateDatasetDto)
-        : updateDatasetDto;
-    const updatedDataset = await this.datasetsService.findByIdAndUpdate(
-      pid,
-      updateDatasetDtoForService,
-    );
-    return updatedDataset;
+    if (!headerDate || headerDate > foundDataset.updatedAt) {
+
+      const updateDatasetDtoForService =
+        request.headers["content-type"] === "application/merge-patch+json"
+          ? jmp.apply(foundDataset, updateDatasetDto)
+          : updateDatasetDto;
+      const updatedDataset = await this.datasetsService.findByIdAndUpdate(
+        pid,
+        updateDatasetDtoForService,
+      );
+      return updatedDataset;
+    } else {
+      throw new HttpException("Precondition Failed", HttpStatus.PRECONDITION_FAILED);
+    }
   }
 
   // GET /datasets/:id/datasetlifecycle

src/instruments/instruments.controller.ts

@@ -1,41 +1,47 @@
 import {
+  Body,
+  ConflictException,
   Controller,
+  Delete,
   Get,
-  Post,
-  Body,
-  Patch,
+  Headers,
+  HttpException,
+  HttpStatus,
+  InternalServerErrorException,
+  NotFoundException,
   Param,
-  Delete,
-  UseGuards,
+  Patch,
+  Post,
   Query,
-  UseInterceptors,
-  InternalServerErrorException,
-  ConflictException,
+  UseGuards,
+  UseInterceptors
 } from "@nestjs/common";
-import { MongoError } from "mongodb";
-import { InstrumentsService } from "./instruments.service";
-import { CreateInstrumentDto } from "./dto/create-instrument.dto";
-import { PartialUpdateInstrumentDto } from "./dto/update-instrument.dto";
+import {MongoError} from "mongodb";
+import {InstrumentsService} from "./instruments.service";
+import {CreateInstrumentDto} from "./dto/create-instrument.dto";
+import {PartialUpdateInstrumentDto} from "./dto/update-instrument.dto";
 import {
   ApiBearerAuth,
   ApiOperation,
   ApiQuery,
   ApiResponse,
   ApiTags,
 } from "@nestjs/swagger";
-import { PoliciesGuard } from "src/casl/guards/policies.guard";
-import { CheckPolicies } from "src/casl/decorators/check-policies.decorator";
-import { AppAbility } from "src/casl/casl-ability.factory";
-import { Action } from "src/casl/action.enum";
-import { Instrument, InstrumentDocument } from "./schemas/instrument.schema";
-import { FormatPhysicalQuantitiesInterceptor } from "src/common/interceptors/format-physical-quantities.interceptor";
-import { IFilters } from "src/common/interfaces/common.interface";
+import {PoliciesGuard} from "src/casl/guards/policies.guard";
+import {CheckPolicies} from "src/casl/decorators/check-policies.decorator";
+import {AppAbility} from "src/casl/casl-ability.factory";
+import {Action} from "src/casl/action.enum";
+import {Instrument, InstrumentDocument} from "./schemas/instrument.schema";
+import {
+  FormatPhysicalQuantitiesInterceptor
+} from "src/common/interceptors/format-physical-quantities.interceptor";
+import {IFilters} from "src/common/interfaces/common.interface";
 import {
   filterDescription,
   filterExample,
   replaceLikeOperator,
 } from "src/common/utils";
-import { CountApiResponse } from "src/common/types";
+import {CountApiResponse} from "src/common/types";
 
 @ApiBearerAuth()
 @ApiTags("instruments")
@@ -157,26 +163,41 @@ export class InstrumentsController {
   async update(
     @Param("id") id: string,
     @Body() updateInstrumentDto: PartialUpdateInstrumentDto,
+    @Headers() headers: Record<string, string>,
   ): Promise<Instrument | null> {
-    try {
-      const instrument = await this.instrumentsService.update(
-        { _id: id },
-        updateInstrumentDto,
-      );
 
-      return instrument;
-    } catch (error) {
+
+    const headerDateString = headers['if-unmodified-since'];
+    const headerDate = headerDateString && !isNaN(new Date(headerDateString).getTime())
+      ? new Date(headerDateString)
+      : null;
+
+    return this.instrumentsService.findOne({where: {_id: id}}).then((instrument) => {
+      if (!instrument) {
+        throw new NotFoundException("Instrument not found");
+      }
+
+      // If header is missing, always update
+      if (!headerDate) {
+        return this.instrumentsService.update({_id: id}, updateInstrumentDto);
+      }
+
+      // If header is present, compare with updatedAt
+      if (!instrument.updatedAt || headerDate > instrument.updatedAt) {
+        return this.instrumentsService.update({_id: id}, updateInstrumentDto);
+      } else {
+        throw new HttpException("Precondition Failed", HttpStatus.PRECONDITION_FAILED);
+      }
+    }).then((updatedInstrument) => {
+      return updatedInstrument;
+    }).catch((error) => {
       if ((error as MongoError).code === 11000) {
-        throw new ConflictException(
-          "Instrument with the same unique name already exists",
-        );
+        throw new ConflictException("Instrument with the same unique name already exists");
       } else {
-        throw new InternalServerErrorException(
-          "Something went wrong. Please try again later.",
-          { cause: error },
-        );
+        throw error; // rethrow other errors (e.g. PreconditionFailed, NotFound)
       }
-    }
+    });
+
   }
 
   @UseGuards(PoliciesGuard)

src/instruments/schemas/instrument.schema.ts

@@ -1,7 +1,7 @@
-import { Prop, Schema, SchemaFactory } from "@nestjs/mongoose";
-import { ApiProperty } from "@nestjs/swagger";
-import { Document } from "mongoose";
-import { v4 as uuidv4 } from "uuid";
+import {Prop, Schema, SchemaFactory} from "@nestjs/mongoose";
+import {ApiProperty} from "@nestjs/swagger";
+import {Document} from "mongoose";
+import {v4 as uuidv4} from "uuid";
 
 export type InstrumentDocument = Instrument & Document;
 
@@ -74,6 +74,10 @@ export class Instrument {
     default: {},
   })
   customMetadata: Record<string, unknown>;
+
+  createdAt?: Date;
+  updatedAt?: Date;
+
 }
 
 export const InstrumentSchema = SchemaFactory.createForClass(Instrument);