public EntityPermissionsController()
{
Get("/api/v1/entity/permissions/get", _ => {
var errors = ValidationProcessor.Process(Request, new IValidatorRule[] {
new ShouldHaveParameters(new[] { "entity_guid", "entity_type" }),
new ShouldBeCorrectEnumValue("entity_type", typeof(EntityType)),
new EntityShouldExist(),
}, true);
if (errors.Count > 0)
{
return(HttpResponse.Errors(errors));
}
var me = UserRepository.Find(CurrentRequest.UserId);
var entityType = (EntityType)GetRequestEnum("entity_type", typeof(EntityType));
var entityId = EntityUtils.GetEntityId(GetRequestStr("entity_guid"), entityType);
if (!PermissionUtils.HasEntityPermission(me, entityId, entityType))
{
return(HttpResponse.Item("permissions", new JArray()
{
}));
}
return(HttpResponse.Item("permissions", new JArray()
{
"read", "write"
}));
});
}
public HttpError Process(Request request)
{
if (!PermissionUtils.HasEntityPermission(_user, _entityId, _entityType))
{
return(new HttpError(HttpStatusCode.Forbidden, "You don't have edit permissions for this entity"));
}
return(null);
}
public void HasEntityPermission_Board_HasPermission()
{
var user = UserFaker.Create();
var board = BoardFaker.Create();
Assert.False(PermissionUtils.HasEntityPermission(user, board.id, EntityType.Board));
ProjectTeamMemberFaker.Create(board.Project(), user);
Assert.True(PermissionUtils.HasEntityPermission(user, board.id, EntityType.Board));
}
public void HasEntityPermission_Project_HasPermission()
{
var user = UserFaker.Create();
var project = ProjectFaker.Create();
Assert.False(PermissionUtils.HasEntityPermission(user, project.id, EntityType.Project));
ProjectTeamMemberFaker.Create(project, user);
Assert.True(PermissionUtils.HasEntityPermission(user, project.id, EntityType.Project));
}
public ProcessedRequest Process(ProcessedRequest request)
{
var me = UserRepository.Find(request.UserId);
var entityGuid = _forcedGuid ?? request.GetRequestStr(_entityGuidParam);
if (!EntityUtils.IsEntityExists(entityGuid, _entityType))
{
request.AddError(new HttpError(HttpStatusCode.NotFound, $"Target {_entityType} doesn't exist"));
}
if (!PermissionUtils.HasEntityPermission(me, entityGuid, _entityType))
{
request.AddError(
new HttpError(HttpStatusCode.Forbidden, "You don't have write permissions for this " + _entityType)
);
}
return(request);
}
public EntityDecisionCrudController()
{
// Options should be a valid json array ex. "['option 1', 'option2']"
Post("/api/v1/entity/decision/create", _ => {
var rules = new List <IValidatorRule>()
{
new ShouldHaveParameters(new[] {
"entity_guid", "entity_type", "title", "content", "deadline", "options"
}),
new MinLength("title", 3),
new MinLength("content", 10),
new ShouldBeCorrectEnumValue("entity_type", typeof(EntityType)),
new EntityShouldExist()
};
var errors = ValidationProcessor.Process(Request, rules, true);
if (errors.Count > 0)
{
return(HttpResponse.Errors(errors));
}
JArray options;
try {
options = JArray.Parse(GetRequestStr("options"));
}
catch (Exception e) {
return(HttpResponse.Error(
HttpStatusCode.UnprocessableEntity,
"For options please provide a valid JSON array"
));
}
var entityType = (EntityType)GetRequestEnum("entity_type", typeof(EntityType));
var entityId = EntityUtils.GetEntityId(GetRequestStr("entity_guid"), entityType);
if (entityType != EntityType.Project || entityType != EntityType.Board)
{
}
var deadline = DateTime.Parse(GetRequestStr("deadline"));
var minDeadline = DateTime.Now.AddDays(1);
if (deadline < minDeadline)
{
return(HttpResponse.Error(
HttpStatusCode.UnprocessableEntity,
"Deadline cannot be earlier than 1 day : " + minDeadline
));
}
var me = UserRepository.Find(CurrentRequest.UserId);
if (PermissionUtils.HasEntityPermission(me, entityId, entityType))
{
return(HttpResponse.Error(
HttpStatusCode.Unauthorized,
"You don't have decision edit access"
));
}
var decision = EntityDecisionRepository.Create(
me,
entityId,
entityType,
GetRequestStr("title"),
GetRequestStr("content"),
deadline
);
int optionOrder = 1;
foreach (var option in options)
{
EntityDecisionOptionRepository.Create(decision, option.Value <string>(), optionOrder);
optionOrder++;
if (optionOrder > 10)
{
break;
}
}
return(HttpResponse.Item(
"decision", new DecisionTransformer().Transform(decision), HttpStatusCode.Created
));
});
Patch("/api/v1/entity/decision/edit", _ => {
var rules = new List <IValidatorRule>()
{
new ShouldHaveParameters(new[] { "decision_guid" }),
new ExistsInTable("decision_guid", "entity_decisions", "guid")
};
var errors = ValidationProcessor.Process(Request, rules, true);
if (errors.Count > 0)
{
return(HttpResponse.Errors(errors));
}
var me = UserRepository.Find(CurrentRequest.UserId);
var decision = EntityDecisionRepository.FindByGuid(GetRequestStr("decision_guid"));
if (me.id != decision.creator_id)
{
return(HttpResponse.Error(HttpStatusCode.Unauthorized, "Only creator can update this decision"));
}
if (GetRequestStr("new_status") != "")
{
var newStatus = (DecisionStatus)GetRequestEnum("new_status", typeof(DecisionStatus));
switch (newStatus)
{
case DecisionStatus.Canceled:
decision.UpdateStatus(DecisionStatus.Canceled);
break;
case DecisionStatus.Open:
case DecisionStatus.Closed:
return(HttpResponse.Error(HttpStatusCode.Unauthorized, "You cannot set this status"));
}
}
decision = decision.Refresh();
return(HttpResponse.Item("decision", new DecisionTransformer().Transform(decision)));
});
Delete("/api/v1/entity/decision/delete", _ => {
var rules = new List <IValidatorRule>()
{
new ShouldHaveParameters(new[] { "decision_guid" }),
new ExistsInTable("decision_guid", "entity_decisions", "guid")
};
var errors = ValidationProcessor.Process(Request, rules, true);
if (errors.Count > 0)
{
return(HttpResponse.Errors(errors));
}
var me = UserRepository.Find(CurrentRequest.UserId);
var decision = EntityDecisionRepository.FindByGuid(GetRequestStr("decision_guid"));
if (me.id != decision.creator_id)
{
return(HttpResponse.Error(HttpStatusCode.Unauthorized, "Only creator can update this decision"));
}
decision.Delete();
return(HttpResponse.Item("decision", new DecisionTransformer().Transform(decision)));
});
}