admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0be48bebb36edef51d4a84df0a16c47ce2016580
raven/server/AyaNova/Controllers/UserOptionsController.cs
John Cardinal 0be48bebb3
2019-04-30 19:25:22 +00:00

234 lines
7.7 KiB
C#
Raw Blame History

using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Routing;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.JsonPatch;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Logging;
using AyaNova.Models;
using AyaNova.Api.ControllerHelpers;
using AyaNova.Biz;
namespace AyaNova.Api.Controllers
{
/// <summary>
/// UserOptions
/// </summary>
[ApiVersion("8.0")]
[Route("api/v{version:apiVersion}/[controller]")]
[Produces("application/json")]
[Authorize]
public class UserOptionsController : Controller
{
private readonly AyContext ct;
private readonly ILogger<UserOptionsController> log;
private readonly ApiServerState serverState;
/// <summary>
/// ctor
/// </summary>
/// <param name="dbcontext"></param>
/// <param name="logger"></param>
/// <param name="apiServerState"></param>
public UserOptionsController(AyContext dbcontext, ILogger<UserOptionsController> logger, ApiServerState apiServerState)
{
ct = dbcontext;
log = logger;
serverState = apiServerState;
}
/// <summary>
/// Get full UserOptions object
///
/// Required roles:
/// BizAdminFull, BizAdminLimited or be users own record
/// </summary>
/// <param name="id">UserId</param>
/// <returns>A single UserOptions</returns>
[HttpGet("{id}")]
public async Task<IActionResult> GetUserOptions([FromRoute] long id)
{
if (serverState.IsClosed)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!ModelState.IsValid)
{
return BadRequest(new ApiErrorResponse(ModelState));
}
var UserId = UserIdFromContext.Id(HttpContext.Items);
//Different than normal here: a user is *always* allowed to retrieve their own user options object
if (id != UserId && !Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.UserOptions))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
//Instantiate the business object handler
UserOptionsBiz biz = new UserOptionsBiz(ct, UserId, UserRolesFromContext.Roles(HttpContext.Items));
var o = await biz.GetAsync(id);
if (o == null)
{
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
return Ok(new ApiOkResponse(o, !Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType)));
}
/// <summary>
/// Put (update) UserOptions
///
/// Required roles:
/// BizAdminFull or be users own record
///
/// </summary>
/// <param name="id">User id</param>
/// <param name="inObj"></param>
/// <returns></returns>
[HttpPut("{id}")]
public async Task<IActionResult> PutUserOptions([FromRoute] long id, [FromBody] UserOptions inObj)
{
if (!serverState.IsOpen)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!ModelState.IsValid)
{
return BadRequest(new ApiErrorResponse(ModelState));
}
var UserId = UserIdFromContext.Id(HttpContext.Items);
var o = await ct.UserOptions.SingleOrDefaultAsync(m => m.UserId == id);
if (o == null)
{
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
if (id != UserId && !Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.UserOptions, o.OwnerId))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
//Instantiate the business object handler
UserOptionsBiz biz = new UserOptionsBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items));
try
{
if (!biz.Put(o, inObj))
{
return BadRequest(new ApiErrorResponse(biz.Errors));
}
}
catch (DbUpdateConcurrencyException)
{
if (!UserOptionsExists(id))
{
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
else
{
//exists but was changed by another user
return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
}
}
return Ok(new ApiOkResponse(new { ConcurrencyToken = o.ConcurrencyToken }, true));
}
/// <summary>
/// Patch (update) UserOptions
///
/// Required roles:
/// BizAdminFull or be users own record
/// </summary>
/// <param name="id">UserId</param>
/// <param name="concurrencyToken"></param>
/// <param name="objectPatch"></param>
/// <returns></returns>
[HttpPatch("{id}/{concurrencyToken}")]
public async Task<IActionResult> PatchUserOptions([FromRoute] long id, [FromRoute] uint concurrencyToken, [FromBody]JsonPatchDocument<UserOptions> objectPatch)
{
if (!serverState.IsOpen)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!ModelState.IsValid)
{
return BadRequest(new ApiErrorResponse(ModelState));
}
var UserId = UserIdFromContext.Id(HttpContext.Items);
//Instantiate the business object handler
UserOptionsBiz biz = new UserOptionsBiz(ct, UserId, UserRolesFromContext.Roles(HttpContext.Items));
var o = await ct.UserOptions.SingleOrDefaultAsync(m => m.UserId == id);
if (o == null)
{
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
if (id != UserId && !Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.UserOptions, o.OwnerId))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
try
{
//patch and validate
if (!biz.Patch(o, objectPatch, concurrencyToken))
{
return BadRequest(new ApiErrorResponse(biz.Errors));
}
}
catch (DbUpdateConcurrencyException)
{
if (!UserOptionsExists(id))
{
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
else
{
return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
}
}
return Ok(new ApiOkResponse(new { ConcurrencyToken = o.ConcurrencyToken }, true));
}
private bool UserOptionsExists(long id)
{
//NOTE: checks by UserId, NOT by Id as in most other objects
return ct.UserOptions.Any(e => e.UserId == id);
}
//------------
}//eoc
}//eons
Reference in New Issue View Git Blame Copy Permalink