using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Routing;
using Microsoft.AspNetCore.Authorization;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Logging;
using Sockeye.Models;
using Sockeye.Api.ControllerHelpers;
using Sockeye.Biz;
namespace Sockeye.Api.Controllers
{
///
/// UserOptions
///
[ApiController]
[ApiVersion("8.0")]
[Route("api/v{version:apiVersion}/user-option")]
[Produces("application/json")]
[Authorize]
public class UserOptionsController : ControllerBase
{
private readonly AyContext ct;
private readonly ILogger log;
private readonly ApiServerState serverState;
///
/// ctor
///
///
///
///
public UserOptionsController(AyContext dbcontext, ILogger logger, ApiServerState apiServerState)
{
ct = dbcontext;
log = logger;
serverState = apiServerState;
}
///
/// Get full UserOptions object
///
/// UserId
/// A single UserOptions
[HttpGet("{id}")]
public async Task GetUserOptions([FromRoute] long id)
{
if (!serverState.IsOpen && UserIdFromContext.Id(HttpContext.Items) != 1)//bypass for superuser to fix fundamental problems
{
//Exception for SuperUser account to handle licensing issues
if (UserIdFromContext.Id(HttpContext.Items) != 1)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
}
if (!ModelState.IsValid)
{
return BadRequest(new ApiErrorResponse(ModelState));
}
var UserId = UserIdFromContext.Id(HttpContext.Items);
//Different than normal here: a user is *always* allowed to retrieve their own user options object
if (id != UserId)
{
//Not users own options so need to check just as for User object as could be a Contact
//Also used for Contacts (customer type user or ho type user)
//by users with no User right so further biz rule required depending on usertype
//this is just phase 1
bool AllowedOutsideUser = Authorized.HasReadFullRole(HttpContext.Items, SockType.Customer);
bool AllowedInsideUser = Authorized.HasReadFullRole(HttpContext.Items, SockType.User);
if (!AllowedOutsideUser && !AllowedInsideUser)
return StatusCode(403, new ApiNotAuthorizedResponse());
}
//Instantiate the business object handler
UserOptionsBiz biz = new UserOptionsBiz(ct, UserId, UserRolesFromContext.Roles(HttpContext.Items));
var o = await biz.GetAsync(id);
if (o == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
return Ok(ApiOkResponse.Response(o));
}
//Creating a user creates a user options so no need for create ever
// ///
// /// Create UserOptions
// ///
// ///
// /// From route path
// ///
// [HttpPost]
// public async Task PostUserOptions([FromBody] UserOptions newObject, ApiVersion apiVersion)
// {
// if (!serverState.IsOpen)
// return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
// // var UserId = UserIdFromContext.Id(HttpContext.Items);
// // //preclearance
// // //the biz object will further check
// // if (newObject.Id != UserId)
// // {
// // //Also used for Contacts (customer type user or ho type user)
// // //by users with no User right so further biz rule required depending on usertype
// // //this is just phase 1
// // if (!Authorized.HasCreateRole(HttpContext.Items, SockType.User) && !Authorized.HasCreateRole(HttpContext.Items, SockType.Customer))
// // return StatusCode(403, new ApiNotAuthorizedResponse());
// // }
// UserOptionsBiz biz = new UserOptionsBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items));
// if (!ModelState.IsValid)
// return BadRequest(new ApiErrorResponse(ModelState));
// UserOptions o = await biz.CreateAsync(newObject);
// if (o == null)
// return BadRequest(new ApiErrorResponse(biz.Errors));
// else
// return CreatedAtAction(nameof(UserOptionsController.GetUserOptions), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
// }
///
/// Update UserOptions
///
/// User id
///
///
[HttpPut("{id}")]
public async Task PutUserOptions([FromRoute] long id, [FromBody] UserOptions inObj)
{
if (serverState.IsClosed && UserIdFromContext.Id(HttpContext.Items) != 1)//bypass for superuser to fix fundamental problems
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
var UserId = UserIdFromContext.Id(HttpContext.Items);
var o = await ct.UserOptions.SingleOrDefaultAsync(z => z.UserId == id);
if (o == null)
{
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
//preclearance
//the biz object will further check
if (id != UserId)
{
//Also used for Contacts (customer type user or ho type user)
//by users with no User right so further biz rule required depending on usertype
//this is just phase 1
if (!Authorized.HasModifyRole(HttpContext.Items, SockType.User) && !Authorized.HasModifyRole(HttpContext.Items, SockType.Customer))
return StatusCode(403, new ApiNotAuthorizedResponse());
}
//Instantiate the business object handler
UserOptionsBiz biz = new UserOptionsBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items));
try
{
if (!await biz.PutAsync(o, inObj))
{
return BadRequest(new ApiErrorResponse(biz.Errors));
}
}
catch (DbUpdateConcurrencyException)
{
if (!UserOptionsExists(id))
{
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
else
{
//exists but was changed by another user
return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
}
}
return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency }));
}
private bool UserOptionsExists(long id)
{
//NOTE: checks by UserId, NOT by Id as in most other objects
return ct.UserOptions.Any(z => z.UserId == id);
}
//------------
}//eoc
}//eons