323 lines
12 KiB
C#
323 lines
12 KiB
C#
using System.Linq;
|
|
using System.Threading.Tasks;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.AspNetCore.Routing;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
|
|
using Microsoft.EntityFrameworkCore;
|
|
using Microsoft.Extensions.Logging;
|
|
|
|
using AyaNova.Models;
|
|
using AyaNova.Api.ControllerHelpers;
|
|
using AyaNova.Biz;
|
|
|
|
|
|
namespace AyaNova.Api.Controllers
|
|
{
|
|
|
|
/// <summary>
|
|
/// User
|
|
/// </summary>
|
|
[ApiController]
|
|
[ApiVersion("8.0")]
|
|
[Route("api/v{version:apiVersion}/user")]
|
|
[Produces("application/json")]
|
|
[Authorize]
|
|
public class UserController : ControllerBase
|
|
{
|
|
private readonly AyContext ct;
|
|
private readonly ILogger<UserController> log;
|
|
private readonly ApiServerState serverState;
|
|
|
|
|
|
/// <summary>
|
|
/// ctor
|
|
/// </summary>
|
|
/// <param name="dbcontext"></param>
|
|
/// <param name="logger"></param>
|
|
/// <param name="apiServerState"></param>
|
|
public UserController(AyContext dbcontext, ILogger<UserController> logger, ApiServerState apiServerState)
|
|
{
|
|
ct = dbcontext;
|
|
log = logger;
|
|
serverState = apiServerState;
|
|
}
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
/// Get User
|
|
/// </summary>
|
|
/// <param name="id"></param>
|
|
/// <returns>A single User</returns>
|
|
[HttpGet("{id}")]
|
|
public async Task<IActionResult> GetUser([FromRoute] long id)
|
|
{
|
|
if (!serverState.IsOpen)
|
|
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
|
|
|
//Instantiate the business object handler
|
|
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
|
|
|
|
if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
|
|
{
|
|
return StatusCode(403, new ApiNotAuthorizedResponse());
|
|
}
|
|
|
|
if (!ModelState.IsValid)
|
|
{
|
|
return BadRequest(new ApiErrorResponse(ModelState));
|
|
}
|
|
|
|
|
|
|
|
var o = await biz.GetAsync(id);
|
|
if (o == null)
|
|
{
|
|
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
|
|
}
|
|
|
|
return Ok(ApiOkResponse.Response(o));
|
|
}
|
|
|
|
|
|
/// <summary>
|
|
/// Put (update) User
|
|
/// (Login and / or Password are not changed if set to null / omitted)
|
|
/// </summary>
|
|
/// <param name="updatedObject"></param>
|
|
/// <returns></returns>
|
|
[HttpPut]
|
|
public async Task<IActionResult> PutUser([FromBody] User updatedObject)
|
|
{
|
|
if (!serverState.IsOpen)
|
|
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
|
if (!ModelState.IsValid)
|
|
return BadRequest(new ApiErrorResponse(ModelState));
|
|
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
|
|
if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
|
|
return StatusCode(403, new ApiNotAuthorizedResponse());
|
|
var o = await biz.PutAsync(updatedObject);//In future may need to return entire object, for now just concurrency token
|
|
if (o == null)
|
|
{
|
|
if (biz.Errors.Exists(z => z.Code == ApiErrorCode.CONCURRENCY_CONFLICT))
|
|
return StatusCode(409, new ApiErrorResponse(biz.Errors));
|
|
else
|
|
return BadRequest(new ApiErrorResponse(biz.Errors));
|
|
}
|
|
return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency })); ;
|
|
}
|
|
|
|
|
|
// /// <summary>
|
|
// /// Put (update) User
|
|
// /// (Login and / or Password are not changed if set to null / omitted)
|
|
// /// </summary>
|
|
// /// <param name="id"></param>
|
|
// /// <param name="inObj"></param>
|
|
// /// <returns></returns>
|
|
// [HttpPut("{id}")]
|
|
// public async Task<IActionResult> PutUser([FromRoute] long id, [FromBody] User inObj)
|
|
// {
|
|
// if (!serverState.IsOpen)
|
|
// return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
|
|
|
// if (!ModelState.IsValid)
|
|
// {
|
|
// return BadRequest(new ApiErrorResponse(ModelState));
|
|
// }
|
|
|
|
// var o = await ct.User.SingleOrDefaultAsync(z => z.Id == id);
|
|
|
|
// if (o == null)
|
|
// {
|
|
// return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
|
|
// }
|
|
|
|
// //Instantiate the business object handler
|
|
// UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
|
|
|
|
// if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
|
|
// {
|
|
// return StatusCode(403, new ApiNotAuthorizedResponse());
|
|
// }
|
|
|
|
|
|
|
|
// try
|
|
// {
|
|
// if (!await biz.PutAsync(o, inObj))
|
|
// return BadRequest(new ApiErrorResponse(biz.Errors));
|
|
// }
|
|
// catch (DbUpdateConcurrencyException)
|
|
// {
|
|
// if (!UserExists(id))
|
|
// {
|
|
// return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
|
|
// }
|
|
// else
|
|
// {
|
|
// //exists but was changed by another user
|
|
// //I considered returning new and old record, but where would it end?
|
|
// //Better to let the client decide what to do than to send extra data that is not required
|
|
// return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
|
|
// }
|
|
// }
|
|
// return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency }));
|
|
// }
|
|
|
|
|
|
|
|
/// <summary>
|
|
/// Create User
|
|
/// </summary>
|
|
/// <param name="inObj"></param>
|
|
/// <param name="apiVersion">From route path</param>
|
|
/// <returns></returns>
|
|
[HttpPost]
|
|
public async Task<IActionResult> PostUser([FromBody] User inObj, ApiVersion apiVersion)
|
|
{
|
|
if (!serverState.IsOpen)
|
|
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
|
|
|
//Instantiate the business object handler
|
|
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
|
|
|
|
//If a user has change roles
|
|
if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
|
|
{
|
|
return StatusCode(403, new ApiNotAuthorizedResponse());
|
|
}
|
|
|
|
if (!ModelState.IsValid)
|
|
{
|
|
return BadRequest(new ApiErrorResponse(ModelState));
|
|
}
|
|
|
|
|
|
|
|
//Create and validate
|
|
dtUser o = await biz.CreateAsync(inObj);
|
|
|
|
if (o == null)
|
|
{
|
|
//error return
|
|
return BadRequest(new ApiErrorResponse(biz.Errors));
|
|
}
|
|
else
|
|
{
|
|
|
|
//return success and link
|
|
//NOTE: this is a USER object so we don't want to return some key fields for security reasons
|
|
//which is why the object is "cleaned" before return
|
|
return CreatedAtAction(nameof(UserController.GetUser), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
|
|
}
|
|
}
|
|
|
|
/// <summary>
|
|
/// Duplicate User
|
|
/// (Wiki and Attachments are not duplicated)
|
|
/// </summary>
|
|
/// <param name="id">Source object id</param>
|
|
/// <param name="apiVersion">From route path</param>
|
|
/// <returns>User</returns>
|
|
[HttpPost("duplicate/{id}")]
|
|
public async Task<IActionResult> DuplicateUser([FromRoute] long id, ApiVersion apiVersion)
|
|
{
|
|
if (!serverState.IsOpen)
|
|
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
|
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
|
|
if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
|
|
return StatusCode(403, new ApiNotAuthorizedResponse());
|
|
if (!ModelState.IsValid)
|
|
return BadRequest(new ApiErrorResponse(ModelState));
|
|
User o = await biz.DuplicateAsync(id);
|
|
if (o == null)
|
|
return BadRequest(new ApiErrorResponse(biz.Errors));
|
|
else
|
|
return CreatedAtAction(nameof(UserController.GetUser), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
|
|
}
|
|
|
|
|
|
/// <summary>
|
|
/// Delete User
|
|
/// </summary>
|
|
/// <param name="id"></param>
|
|
/// <returns>NoContent</returns>
|
|
[HttpDelete("{id}")]
|
|
public async Task<IActionResult> DeleteUser([FromRoute] long id)
|
|
{
|
|
if (!serverState.IsOpen)
|
|
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
|
if (!ModelState.IsValid)
|
|
return BadRequest(new ApiErrorResponse(ModelState));
|
|
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
|
|
if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
|
|
return StatusCode(403, new ApiNotAuthorizedResponse());
|
|
if (!await biz.DeleteAsync(id))
|
|
return BadRequest(new ApiErrorResponse(biz.Errors));
|
|
return NoContent();
|
|
}
|
|
|
|
|
|
/// <summary>
|
|
/// Get list of Users
|
|
/// (rights to User object required)
|
|
/// </summary>
|
|
/// <returns>All "inside" Users (except Customer and HeadOffice type)</returns>
|
|
[HttpGet("list")]
|
|
public async Task<IActionResult> GetInsideUserList()
|
|
{
|
|
if (serverState.IsClosed)
|
|
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
|
|
|
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.User))
|
|
return StatusCode(403, new ApiNotAuthorizedResponse());
|
|
|
|
|
|
var ret = await ct.User.Where(z => z.UserType != UserType.Customer && z.UserType != UserType.HeadOffice).Select(z => new dtUser
|
|
{
|
|
Id = z.Id,
|
|
Active = z.Active,
|
|
Name = z.Name,
|
|
Roles = z.Roles,
|
|
UserType = z.UserType,
|
|
EmployeeNumber = z.EmployeeNumber,
|
|
LastLogin = z.LastLogin
|
|
|
|
}).ToListAsync();
|
|
return Ok(ApiOkResponse.Response(ret));
|
|
}
|
|
|
|
/// <summary>
|
|
/// Get list of Customer / Head office Users
|
|
/// (Rights to Customer object required)
|
|
/// </summary>
|
|
/// <returns>All "outside" Users (No staff or contractors)</returns>
|
|
[HttpGet("outlist")]
|
|
public async Task<IActionResult> GetOutsideUserList()
|
|
{
|
|
if (serverState.IsClosed)
|
|
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
|
|
|
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.Customer))
|
|
return StatusCode(403, new ApiNotAuthorizedResponse());
|
|
|
|
var ret = await ct.User.Where(z => z.UserType == UserType.Customer || z.UserType == UserType.HeadOffice).Select(z => new dtUser
|
|
{
|
|
Id = z.Id,
|
|
Active = z.Active,
|
|
Name = z.Name,
|
|
UserType = z.UserType,
|
|
LastLogin = z.LastLogin
|
|
|
|
}).ToListAsync();
|
|
return Ok(ApiOkResponse.Response(ret));
|
|
}
|
|
|
|
//------------
|
|
|
|
}//eoc
|
|
}//eons |