public object Delete(string productId) { if (Request.Headers.TryGetValue("Authorization", out Microsoft.Extensions.Primitives.StringValues value) && value.ToString().Contains("Bearer ")) { MySQLObject mySQL = new MySQLObject(); mySQL.Select($@"select case when `id_uzytkownika` = {StaticMethods.GetUserId(value.ToString().Substring(7))} then 'true' else 'false' end as `check` from `oceny` where `id` = {productId}"); if (mySQL.Data.Rows.Count > 0 && mySQL.Data.Rows[0]["check"].ToString() == "true") { mySQL.Delete($@"delete from `oceny` where `id` = {productId}"); mySQL.Select($@"select `id` from `oceny` where `id` = {productId}"); if (mySQL.Data.Rows.Count > 0) { return(StatusCode(500, @"{""Result"" : ""Something went terribly wrong""}")); } else { return(StatusCode(200, @"{""Result"" : ""Product deleted sucessfully""}")); } } else { return(StatusCode(403, @"{""Result"": ""Unauthorized""}")); } } else { return(StatusCode(403, @"{""Result"":""Unauthorized""}")); } }
public object Create([FromBody] Category category) { if (Request.Headers.TryGetValue("Authorization", out Microsoft.Extensions.Primitives.StringValues value) && value.ToString().Contains("Bearer ")) { MySQLObject mySQL = new MySQLObject(); var data = mySQL.Select($@"select t1.`id_uprawnienia` from `projekt_mysql`.`tokeny_logowania` t0 inner join `projekt_mysql`.`uzytkownicy` t1 on t0.`id_uzytkownika` = t1.`id_uzytkownika` where t0.`token` = '{value.ToString().Replace("Bearer ", "")}' and t0.`aktywny` = 1 and NOW() < t0.`data_wygasniecia`"); if (data.Rows.Count > 0 && new int[] { 3, 4 }.Contains(Convert.ToInt32(data.Rows[0]["id_uprawnienia"]))) { if (category.Name != null) { string isNull = category.ParentId == null ? "null" : category.ParentId.ToString(); try { mySQL.Insert($@"insert into `projekt_mysql`.`kategoria`(`nazwa`,`id_parent`) values('{category.Name}',{isNull})"); data = mySQL.Select($@"select max(`id`) as `value` from `projekt_mysql`.`kategoria` where `nazwa` = '{category.Name}'"); if (data.Rows.Count > 0) { category.Id = Convert.ToInt32(data.Rows[0]["value"]); return(StatusCode(200, category)); } else { return(StatusCode(500, "Something went terribly wrong")); } } catch (Exception exc) { if (exc is MySqlException) { return(StatusCode(400, "Category with that name already exists")); } else { return(StatusCode(500, "Something went terribly wrong")); } } } else { return(StatusCode(400, "Wrong request")); } } else { return(StatusCode(403, "Method requires administrative privileges or your token is invalid")); } } else { return(StatusCode(400, "Wrong request")); } }
public object Create([FromBody] Review review) { if (Request.Headers.TryGetValue("Authorization", out Microsoft.Extensions.Primitives.StringValues value) && value.ToString().Contains("Bearer ") && review != null && review.productId != null && review.rating != null && review.review != null && review.rating >= 0 && review.rating <= 5) { int?userId = StaticMethods.GetUserId(value.ToString().Substring(7)); if (userId != null) { MySQLObject mySQL = new MySQLObject(); review.userId = userId; mySQL.Select($@"select `id` from `oceny` where `id_uzytkownika` = {userId} and `id_przedmiotu` = {review.productId}"); string reviewId = "default"; if (mySQL.Data.Rows.Count > 0) { reviewId = mySQL.Data.Rows[0]["id"].ToString(); } mySQL.Replace($@"REPLACE INTO `oceny` values ({reviewId}, {userId}, {review.productId}, '{review.review.Replace("'", "")}',{review.rating})"); if (reviewId != "default") { review.id = Convert.ToInt32(reviewId); return(StatusCode(200, review)); } else { try { mySQL.Select($@"select `id` from `oceny` where `id_uzytkownika` = {userId} and `id_przedmiotu` = {review.productId}"); review.id = Convert.ToInt32(mySQL.Data.Rows[0]["id"].ToString()); return(StatusCode(200, review)); } catch { return(StatusCode(500, @"{""Result"":""Something went terribly wrong""}")); } } } else { return(StatusCode(403, @"{""Result"":""Token is invalid""}")); } } else { return(StatusCode(400)); } }
public object Create([FromBody] Product product) { if (Request.Headers.TryGetValue("Authorization", out Microsoft.Extensions.Primitives.StringValues value) && value.ToString().Contains("Bearer ") && product.Name != null && product.CategoryId != null && product.Price != null) { MySQLObject mySQL = new MySQLObject(); var data = mySQL.Select($@"select t1.`id_uprawnienia` from `projekt_mysql`.`tokeny_logowania` t0 inner join `projekt_mysql`.`uzytkownicy` t1 on t0.`id_uzytkownika` = t1.`id_uzytkownika` where t0.`token` = '{value.ToString().Replace("Bearer ", "")}' and t0.`aktywny` = 1 and NOW() < t0.`data_wygasniecia`"); if (data.Rows.Count > 0 && new int[] { (int)Privileges.User, (int)Privileges.Administrator, (int)Privileges.Moderator }.Contains(Convert.ToInt32(data.Rows[0]["id_uprawnienia"]))) { try { mySQL.Insert($@"insert into `projekt_mysql`.`przedmiot`(`id_kategorii`,`id_uzytkownika`, `nazwa`,`cena`) values ({product.CategoryId},{StaticMethods.GetUserId(value.ToString().Replace("Bearer ", ""))},'{product.Name}',{product.Price.ToString().Replace(",", ".")})"); data = mySQL.Select($@"select max(`id_przedmiotu`) as `value` from `projekt_mysql`.`przedmiot` where `Id_kategorii` = {product.CategoryId} and `nazwa` = '{product.Name}' and `cena` = {product.Price.ToString().Replace(",", ".")}"); if (data.Rows.Count > 0) { product.Id = Convert.ToInt32(data.Rows[0]["value"]); product.UserId = StaticMethods.GetUserId(value.ToString().Replace("Bearer ", "")); return(product); } else { return(StatusCode(500, @"{""Result"" : ""Something went terribly wrong""}")); } } catch (Exception) { return(StatusCode(500, @"{""Result"" : ""Something went terribly wrong""}")); } } else { return(StatusCode(403, @"{""Result"" : ""Method requires administrative privileges or your token is invalid""}")); } } else { return(StatusCode(400, @"{""Result"" : ""Wrong request""}")); } }
public object Get(int CategoryId) { if (Request.Headers.TryGetValue("Authorization", out Microsoft.Extensions.Primitives.StringValues value) && value.ToString().Contains("Bearer ")) { MySQLObject mySQL = new MySQLObject(); var data = mySQL.Select($@"select t1.`id_uprawnienia` from `projekt_mysql`.`tokeny_logowania` t0 inner join `projekt_mysql`.`uzytkownicy` t1 on t0.`id_uzytkownika` = t1.`id_uzytkownika` where t0.`token` = '{value.ToString().Replace("Bearer ", "")}' and t0.`aktywny` = 1 and NOW() < t0.`data_wygasniecia`"); if (data.Rows.Count > 0 && new int[] { 3, 4 }.Contains(Convert.ToInt32(data.Rows[0]["id_uprawnienia"]))) { data = mySQL.Select($@"select `id`,`nazwa`,`id_parent` from `projekt_mysql`.`kategoria` where `id` = {CategoryId}"); if (data.Rows.Count > 0) { int?parentId = null; if (!(data.Rows[0]["id_parent"] is DBNull)) { parentId = Convert.ToInt32(data.Rows[0]["id_parent"]); } return(new Category() { Id = CategoryId, Name = data.Rows[0]["nazwa"].ToString(), ParentId = parentId }); } else { return(StatusCode(500, @"{""Result"" : ""Something went terribly wrong""}")); } } else { return(StatusCode(403, @"{""Result"" : ""Method requires administrative privileges or your token is invalid""}")); } } else { return(StatusCode(400, @"{""Result"" : ""Wrong request""}")); } }
public object ProductAverage(string productId) { MySQLObject mySQL = new MySQLObject(); mySQL.Select($@"select `id_przedmiotu`,avg(`ocena`) from `oceny` where `id` = {productId}"); if (mySQL.Data.Rows.Count > 0) { return(StatusCode(200, StaticMethods.ParseSelect(mySQL.Data))); } else { return(StatusCode(200, @"{""Result"" : ""No reviews""}")); } }
private object ProductReviews(string productId, int limit = 0, int offset = 0) { MySQLObject mySQL = new MySQLObject(); mySQL.Select($@"select * from `oceny` where `id` = {productId} limit {limit} offset {offset}"); if (mySQL.Data.Rows.Count > 0) { return(StatusCode(200, StaticMethods.ParseSelect(mySQL.Data))); } else { return(StatusCode(200, @"{""Result"" : ""No reviews or you went too far away""}")); } }
public object Login([FromBody] LoginAttempt login) { if (login.Login != "" && login.Password != "") { string token = ""; MySQLObject mySQL = new MySQLObject(Config.ConnectionString); mySQL.Select($@"SELECT `id_uzytkownika` FROM `projekt_mysql`.`uzytkownicy` WHERE `login` = '{login.Login}' AND `haslo` = '{login.Password}'"); if (mySQL.Data.Rows.Count > 0) { token = StaticMethods.GenerateToken(); mySQL.Update($@"UPDATE `projekt_mysql`.`tokeny_logowania` SET `token` = '{token}', `aktywny` = 1, `data_wygasniecia` = ADDTIME(NOW(),'02:00:00') WHERE `id_uzytkownika` = '{mySQL.Data.Rows[0]["id_uzytkownika"].ToString()}' "); return(StatusCode(200, token)); } else { return(StatusCode(403, @"{""Result"" : ""Wrong login or password""}")); } } else { return(StatusCode(400, @"{""Result"" : ""Wrong request""}")); } }