admin/sockeye
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c5d1350b6b7c5dcdb14392787f57f81a7eeb983e
sockeye/server/Controllers/UserController.cs
John Cardinal effd96143f
2022-12-16 06:01:23 +00:00

385 lines
16 KiB
C#
Raw Blame History

using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Routing;
using Microsoft.AspNetCore.Authorization;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Logging;
using Sockeye.Models;
using Sockeye.Api.ControllerHelpers;
using Sockeye.Biz;
namespace Sockeye.Api.Controllers
{
/// <summary>
/// User
/// </summary>
[ApiController]
[ApiVersion("8.0")]
[Route("api/v{version:apiVersion}/user")]
[Produces("application/json")]
[Authorize]
public class UserController : ControllerBase
{
private readonly AyContext ct;
private readonly ILogger<UserController> log;
private readonly ApiServerState serverState;
/// <summary>
/// ctor
/// </summary>
/// <param name="dbcontext"></param>
/// <param name="logger"></param>
/// <param name="apiServerState"></param>
public UserController(AyContext dbcontext, ILogger<UserController> logger, ApiServerState apiServerState)
{
ct = dbcontext;
log = logger;
serverState = apiServerState;
}
/// <summary>
/// Get User
/// </summary>
/// <param name="id"></param>
/// <returns>A single User</returns>
[HttpGet("{id}")]
public async Task<IActionResult> GetUser([FromRoute] long id)
{
if (!serverState.IsOpen && UserIdFromContext.Id(HttpContext.Items) != 1)//bypass for superuser to fix fundamental problems
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
//Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
//Also used for Contacts (customer type user or ho type user)
//by users with no User right so further biz rule required depending on usertype
//this is just phase 1
bool AllowedOutsideUser = Authorized.HasReadFullRole(HttpContext.Items, SockType.Customer);
bool AllowedInsideUser = Authorized.HasReadFullRole(HttpContext.Items, SockType.User);
if (!AllowedOutsideUser && !AllowedInsideUser)
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
var o = await biz.GetForPublicAsync(id);
if (o == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
if (o.IsOutsideUser && !AllowedOutsideUser)
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!o.IsOutsideUser && !AllowedInsideUser)
return StatusCode(403, new ApiNotAuthorizedResponse());
return Ok(ApiOkResponse.Response(o));
}
/// <summary>
/// Update User
/// (Login and / or Password are not changed if set to null / omitted)
/// </summary>
/// <param name="updatedObject"></param>
/// <returns></returns>
[HttpPut]
public async Task<IActionResult> PutUser([FromBody] User updatedObject)
{
if (!serverState.IsOpen && UserIdFromContext.Id(HttpContext.Items) != 1)//bypass for superuser to fix fundamental problems
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
//Also used for Contacts (customer type user or ho type user)
//by users with no User right so further biz rule required depending on usertype
//this is just phase 1
if (!Authorized.HasModifyRole(HttpContext.Items, SockType.User) && !Authorized.HasModifyRole(HttpContext.Items, SockType.Customer))
return StatusCode(403, new ApiNotAuthorizedResponse());
var o = await biz.PutAsync(updatedObject);
if (o == null)
{
if (biz.Errors.Exists(z => z.Code == ApiErrorCode.CONCURRENCY_CONFLICT))
return StatusCode(409, new ApiErrorResponse(biz.Errors));
else
return BadRequest(new ApiErrorResponse(biz.Errors));
}
return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency })); ;
}
/// <summary>
/// Create User
/// </summary>
/// <param name="inObj"></param>
/// <param name="apiVersion">From route path</param>
/// <returns></returns>
[HttpPost]
public async Task<IActionResult> PostUser([FromBody] User inObj, ApiVersion apiVersion)
{
if (!serverState.IsOpen)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
//Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
//Also used for Contacts (customer type user or ho type user)
//by users with no User right so further biz rule required depending on usertype
//this is just phase 1
if (!Authorized.HasCreateRole(HttpContext.Items, SockType.User) && !Authorized.HasCreateRole(HttpContext.Items, SockType.Customer))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
//Create and validate
dtUser o = await biz.CreateAsync(inObj);
if (o == null)
return BadRequest(new ApiErrorResponse(biz.Errors));
else
{
//return success and link
//NOTE: this is a USER object so we don't want to return some key fields for security reasons
//which is why the object is "cleaned" before return
return CreatedAtAction(nameof(UserController.GetUser), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
}
}
// /// <summary>
// /// Duplicate User
// /// (Wiki and Attachments are not duplicated)
// /// </summary>
// /// <param name="id">Source object id</param>
// /// <param name="apiVersion">From route path</param>
// /// <returns>User</returns>
// [HttpPost("duplicate/{id}")]
// public async Task<IActionResult> DuplicateUser([FromRoute] long id, ApiVersion apiVersion)
// {
// if (!serverState.IsOpen)
// return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
// UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
// //Also used for Contacts (customer type user or ho type user)
// //by users with no User right so further biz rule required depending on usertype
// //this is just phase 1
// if (!Authorized.HasCreateRole(HttpContext.Items, SockType.User) && !Authorized.HasCreateRole(HttpContext.Items, SockType.Customer))
// return StatusCode(403, new ApiNotAuthorizedResponse());
// if (!ModelState.IsValid)
// return BadRequest(new ApiErrorResponse(ModelState));
// User o = await biz.DuplicateAsync(id);
// if (o == null)
// return BadRequest(new ApiErrorResponse(biz.Errors));
// else
// return CreatedAtAction(nameof(UserController.GetUser), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
// }
/// <summary>
/// Delete User
/// </summary>
/// <param name="id"></param>
/// <returns>NoContent</returns>
[HttpDelete("{id}")]
public async Task<IActionResult> DeleteUser([FromRoute] long id)
{
if (!serverState.IsOpen && UserIdFromContext.Id(HttpContext.Items) != 1)//bypass for superuser to fix fundamental problems
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
//Also used for Contacts (customer type user or ho type user)
//by users with no User right so further biz rule required depending on usertype
//this is just phase 1
if (!Authorized.HasDeleteRole(HttpContext.Items, SockType.User) && !Authorized.HasDeleteRole(HttpContext.Items, SockType.Customer))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!await biz.DeleteAsync(id))
return BadRequest(new ApiErrorResponse(biz.Errors));
return NoContent();
}
/// <summary>
/// Get list of Users
/// (rights to User object required)
/// </summary>
/// <returns>All "inside" Users (except Customer and HeadOffice type)</returns>
[HttpGet("list")]
public async Task<IActionResult> GetInsideUserList()
{
if (!serverState.IsOpen && UserIdFromContext.Id(HttpContext.Items) != 1)//bypass for superuser to fix fundamental problems
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
if (!Authorized.HasReadFullRole(HttpContext.Items, SockType.User))
return StatusCode(403, new ApiNotAuthorizedResponse());
var ret = await ct.User.Where(z => z.UserType != UserType.Customer && z.UserType != UserType.HeadOffice).Select(z => new dtUser
{
Id = z.Id,
Active = z.Active,
Name = z.Name,
Roles = z.Roles,
UserType = z.UserType,
EmployeeNumber = z.EmployeeNumber,
LastLogin = z.LastLogin
}).ToListAsync();
return Ok(ApiOkResponse.Response(ret));
}
// /// <summary>
// /// Get list of Customer / Head office Users
// /// (Rights to Customer object required)
// /// </summary>
// /// <returns>All "outside" Users (No staff or contractors)</returns>
// [HttpGet("outlist")]
// public async Task<IActionResult> GetOutsideUserList()
// {
// if (!serverState.IsOpen)
// return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
// if (!Authorized.HasReadFullRole(HttpContext.Items, SockType.Customer))
// return StatusCode(403, new ApiNotAuthorizedResponse());
// var ret = await ct.User.Include(c => c.Customer).Include(h => h.HeadOffice).Include(o => o.UserOptions).Where(z => z.UserType == UserType.Customer || z.UserType == UserType.HeadOffice).Select(z => new
// {
// Id = z.Id,
// Active = z.Active,
// Name = z.Name,
// UserType = z.UserType,
// LastLogin = z.LastLogin,
// EmailAddress = z.UserOptions.EmailAddress,
// Phone1 = z.UserOptions.Phone1,
// Phone2 = z.UserOptions.Phone2,
// Phone3 = z.UserOptions.Phone3,
// Organization = z.HeadOffice.Name ?? z.Customer.Name
// }).ToListAsync();
// return Ok(ApiOkResponse.Response(ret));
// }
/// <summary>
/// Get list of Customer Contact Users
/// (Rights to Customer object required)
/// </summary>
/// <returns>Customer contact users</returns>
[HttpGet("customer-contacts/{customerId}")]
public async Task<IActionResult> GetCustomerContactList(long customerId)
{
if (!serverState.IsOpen)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
if (!Authorized.HasReadFullRole(HttpContext.Items, SockType.Customer))
return StatusCode(403, new ApiNotAuthorizedResponse());
var ret = await ct.User.Include(o => o.UserOptions).Where(z => z.UserType == UserType.Customer && z.CustomerId == customerId).Select(z => new
{
Id = z.Id,
Active = z.Active,
Name = z.Name,
UserType = z.UserType,
LastLogin = z.LastLogin,
EmailAddress = z.UserOptions.EmailAddress,
Phone1 = z.UserOptions.Phone1,
Phone2 = z.UserOptions.Phone2,
Phone3 = z.UserOptions.Phone3
}).ToListAsync();
return Ok(ApiOkResponse.Response(ret));
}
/// <summary>
/// Get list of HeadOffice Contact Users
/// (Rights to HeadOffice object required)
/// </summary>
/// <returns>HeadOffice contact users</returns>
[HttpGet("head-office-contacts/{headofficeId}")]
public async Task<IActionResult> GetHeadOfficeContactList(long headofficeId)
{
if (!serverState.IsOpen)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
if (!Authorized.HasReadFullRole(HttpContext.Items, SockType.HeadOffice))
return StatusCode(403, new ApiNotAuthorizedResponse());
var ret = await ct.User.Include(o => o.UserOptions).Where(z => z.UserType == UserType.HeadOffice && z.HeadOfficeId == headofficeId).Select(z => new
{
Id = z.Id,
Active = z.Active,
Name = z.Name,
UserType = z.UserType,
LastLogin = z.LastLogin,
EmailAddress = z.UserOptions.EmailAddress,
Phone1 = z.UserOptions.Phone1,
Phone2 = z.UserOptions.Phone2,
Phone3 = z.UserOptions.Phone3
}).ToListAsync();
return Ok(ApiOkResponse.Response(ret));
}
/// <summary>
/// Fetch user type (inside meaning staff or subcontractor or outside meaning customer or headoffice type user)
///
/// </summary>
/// <returns>All "inside" Users (except Customer and HeadOffice type)</returns>
[HttpGet("inside-type/{id}")]
public async Task<IActionResult> GetInsideStatus(long id)
{
//This method is used by the Client UI to determine the correct edit form to show
if (serverState.IsClosed && UserIdFromContext.Id(HttpContext.Items) != 1)//bypass for superuser to fix fundamental problems
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
if (!Authorized.HasSelectRole(HttpContext.Items, SockType.User))
return StatusCode(403, new ApiNotAuthorizedResponse());
var u = await ct.User.FirstOrDefaultAsync(z => z.Id == id);
if (u == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
return Ok(ApiOkResponse.Response(u.UserType != UserType.Customer && u.UserType != UserType.HeadOffice));
}
/// <summary>
/// Fetch super user status
///
/// </summary>
/// <returns>true or false</returns>
[HttpGet("amsu")]
public ActionResult GetAMSU()
{
//This is used by v8 migrate so it doesn't need to decode web tokens
if (serverState.IsClosed)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
return Ok(ApiOkResponse.Response(UserIdFromContext.Id(HttpContext.Items)==1));
}
//------------
}//eoc
}//eons
Reference in New Issue View Git Blame Copy Permalink