public IActionResult Put([FromBody] RightsModel fromBodyRightsModel) { // List of messages to return to the client var messages = new List <Message>(); // Authentication var controllerHelper = new ControllerHelper(context); var authUserModel = controllerHelper.Authenticate(HttpContext.User.Identity as ClaimsIdentity); if (authUserModel == null) { return(Unauthorized()); } // Authorization if (!AuthorizationHelper.IsAuthorized(authUserModel, (long)SystemDatasetsEnum.Rights, RightsEnum.CRU)) { return(Forbid()); } #region VALIDATIONS // Received rights ApplicationId must be the same as of authorized user var sharedValidationHelper = new SharedValidationHelper(); messages = sharedValidationHelper.ValidateApplicationId(fromBodyRightsModel.ApplicationId, authUserModel.ApplicationId); if (messages.Count != 0) { return(BadRequest(messages)); } fromBodyRightsModel.Application = authUserModel.Application; // Rights must already exist in the database var rightsRepository = new RightsRepository(context); var rightsModel = rightsRepository.GetById(authUserModel.ApplicationId, fromBodyRightsModel.Id); if (rightsModel == null) { messages.Add(new Message(MessageTypeEnum.Error, 4003, new List <string>() { fromBodyRightsModel.Application.LoginApplicationName, fromBodyRightsModel.Id.ToString() })); Logger.LogMessagesToConsole(messages); return(BadRequest(messages)); } // If the rights name was changed, the new one must be unique if (rightsModel.Name != fromBodyRightsModel.Name) { var sameNameRights = rightsRepository.GetByApplicationIdAndName(authUserModel.ApplicationId, fromBodyRightsModel.Name); if (sameNameRights.Count() > 0) { messages.Add(new Message(MessageTypeEnum.Error, 4001, new List <string>() { fromBodyRightsModel.Name })); return(BadRequest(messages)); } } // Rights data validity and logic validity messages = sharedValidationHelper.ValidateRights(authUserModel.Application.ApplicationDescriptor, fromBodyRightsModel.DataDictionary); if (messages.Count != 0) { return(BadRequest(messages)); } #endregion rightsRepository.SetNameAndData(rightsModel, fromBodyRightsModel.Name, fromBodyRightsModel.DataDictionary); messages.Add(new Message(MessageTypeEnum.Info, 4007, new List <string>() { fromBodyRightsModel.Name })); return(Ok(messages)); }
public IActionResult PasswordChange([FromBody] PasswordChangeStructure passwords) { // List of messages to return to the client var messages = new List <Message>(); // Authentication var controllerHelper = new ControllerHelper(context); var authUserModel = controllerHelper.Authenticate(HttpContext.User.Identity as ClaimsIdentity); if (authUserModel == null) { return(Unauthorized()); } // Authorization - none, because every logged user is authorized to change an own password. #region VALIDATIONS // All passwords must not be null or empty strings if (String.IsNullOrEmpty(passwords.OldPassword) || String.IsNullOrEmpty(passwords.NewPassword) || String.IsNullOrEmpty(passwords.NewPasswordCopy)) { messages.Add(new Message(MessageTypeEnum.Error, 5001, new List <string>())); return(BadRequest(messages)); } // Both new passwords must be equal if (passwords.NewPassword != passwords.NewPasswordCopy) { messages.Add(new Message(MessageTypeEnum.Error, 5002, new List <string>())); return(BadRequest(messages)); } // Old password must be correct if (authUserModel.PasswordHash != PasswordHelper.ComputeHash(authUserModel.PasswordSalt + passwords.OldPassword)) { messages.Add(new Message(MessageTypeEnum.Error, 5003, new List <string>())); return(BadRequest(messages)); } // If passwords are required to be safer by application descriptor if (authUserModel.Application.ApplicationDescriptor.SystemDatasets.UsersDatasetDescriptor.PasswordAttribute.Safer == true) { var sharedValidationHelper = new SharedValidationHelper(); if (!sharedValidationHelper.IsPasswordSafer(passwords.NewPassword)) { messages.Add(new Message(MessageTypeEnum.Error, 5004, new List <string>())); return(BadRequest(messages)); } } // If minimal password length is set var minPasswordLength = authUserModel.Application.ApplicationDescriptor.SystemDatasets.UsersDatasetDescriptor.PasswordAttribute.Min; if (minPasswordLength != null) { if (passwords.NewPassword.Length < minPasswordLength) { messages.Add(new Message(MessageTypeEnum.Error, 5006, new List <string>() { minPasswordLength.ToString(), passwords.NewPassword.Length.ToString() })); return(BadRequest(messages)); } } #endregion // Setting new password var userRepository = new UserRepository(context); userRepository.SetPassword(authUserModel, passwords.NewPassword); messages.Add(new Message(MessageTypeEnum.Info, 5005, new List <string>())); return(Ok(messages)); }
public IActionResult Put([FromBody] UserModel fromBodyUserModel) { // List of messages to return to the client var messages = new List <Message>(); // Authentication var controllerHelper = new ControllerHelper(context); var authUserModel = controllerHelper.Authenticate(HttpContext.User.Identity as ClaimsIdentity); if (authUserModel == null) { return(Unauthorized()); } // Authorization if (!AuthorizationHelper.IsAuthorized(authUserModel, (long)SystemDatasetsEnum.Users, RightsEnum.CRU)) { return(Forbid()); } #region VALIDATIONS // Received user ApplicationId must be the same as of authorized user var sharedValidationHelper = new SharedValidationHelper(); messages = sharedValidationHelper.ValidateApplicationId(fromBodyUserModel.ApplicationId, authUserModel.ApplicationId); if (messages.Count != 0) { return(BadRequest(messages)); } fromBodyUserModel.Application = authUserModel.Application; // User must already exist in the database var userRepository = new UserRepository(context); var userModel = userRepository.GetById(authUserModel.ApplicationId, fromBodyUserModel.Id); if (userModel == null) { messages.Add(new Message(MessageTypeEnum.Error, 3004, new List <string>() { fromBodyUserModel.Application.LoginApplicationName, fromBodyUserModel.Id.ToString() })); Logger.LogMessagesToConsole(messages); return(BadRequest(messages)); } // New username must be nonempty if (string.IsNullOrEmpty(fromBodyUserModel.GetUsername())) { messages.Add(new Message(MessageTypeEnum.Error, 3001, new List <string>())); return(BadRequest(messages)); } // If the username was changed, the new one must be unique if (userModel.GetUsername() != fromBodyUserModel.GetUsername()) { var sameNameUser = userRepository.GetByApplicationIdAndUsername(authUserModel.ApplicationId, fromBodyUserModel.GetUsername()); if (sameNameUser != null) { messages.Add(new Message(MessageTypeEnum.Error, 3002, new List <string>() { fromBodyUserModel.GetUsername() })); return(BadRequest(messages)); } } // Input data validations var validReferencesIdsDictionary = controllerHelper.GetAllReferencesIdsDictionary(authUserModel.Application); messages = sharedValidationHelper.ValidateDataByApplicationDescriptor(authUserModel.Application.ApplicationDescriptor.SystemDatasets.UsersDatasetDescriptor, fromBodyUserModel.DataDictionary, validReferencesIdsDictionary); if (messages.Count != 0) { return(BadRequest(messages)); } #endregion userRepository.SetRightsIdAndData(userModel, fromBodyUserModel.RightsId, fromBodyUserModel.DataDictionary); messages.Add(new Message(MessageTypeEnum.Info, 3007, new List <string>() { fromBodyUserModel.GetUsername() })); return(Ok(messages)); }
public IActionResult Create([FromBody] UserModel fromBodyUserModel) { // List of messages to return to the client var messages = new List <Message>(); // Authentication var controllerHelper = new ControllerHelper(context); var authUserModel = controllerHelper.Authenticate(HttpContext.User.Identity as ClaimsIdentity); if (authUserModel == null) { return(Unauthorized()); } // Authorization if (!AuthorizationHelper.IsAuthorized(authUserModel, (long)SystemDatasetsEnum.Users, RightsEnum.CR)) { return(Forbid()); } #region VALIDATIONS // New user ApplicationId must be the same as of authorized user var sharedValidationHelper = new SharedValidationHelper(); messages = sharedValidationHelper.ValidateApplicationId(fromBodyUserModel.ApplicationId, authUserModel.ApplicationId); if (messages.Count != 0) { return(BadRequest(messages)); } fromBodyUserModel.Application = authUserModel.Application; // New username must be nonempty if (String.IsNullOrEmpty(fromBodyUserModel.GetUsername())) { messages.Add(new Message(MessageTypeEnum.Error, 3001, new List <string>())); return(BadRequest(messages)); } // New username must be unique var userRepository = new UserRepository(context); var sameNameUser = userRepository.GetByApplicationIdAndUsername(authUserModel.ApplicationId, fromBodyUserModel.GetUsername()); if (sameNameUser != null) { messages.Add(new Message(MessageTypeEnum.Error, 3002, new List <string>() { fromBodyUserModel.GetUsername() })); return(BadRequest(messages)); } // Input data validations var validReferencesIdsDictionary = controllerHelper.GetAllReferencesIdsDictionary(authUserModel.Application); messages = sharedValidationHelper.ValidateDataByApplicationDescriptor(authUserModel.Application.ApplicationDescriptor.SystemDatasets.UsersDatasetDescriptor, fromBodyUserModel.DataDictionary, validReferencesIdsDictionary); if (messages.Count != 0) { return(BadRequest(messages)); } #endregion // Reset password to default userRepository.ResetPassword(fromBodyUserModel); // Set defalut language from application fromBodyUserModel.Language = fromBodyUserModel.Application.ApplicationDescriptor.DefaultLanguage; userRepository.Add(fromBodyUserModel); messages.Add(new Message(MessageTypeEnum.Info, 3003, new List <string>() { fromBodyUserModel.GetUsername() })); return(Ok(messages)); }
public IActionResult Put([FromBody] DataModel fromBodyDataModel) { // List of messages to return to the client var messages = new List <Message>(); // Authentication var controllerHelper = new ControllerHelper(context); var authUserModel = controllerHelper.Authenticate(HttpContext.User.Identity as ClaimsIdentity); if (authUserModel == null) { return(Unauthorized()); } // Dataset descriptor var datasetDescriptor = authUserModel.Application.ApplicationDescriptor.Datasets.FirstOrDefault(d => d.Id == fromBodyDataModel.DatasetId); if (datasetDescriptor == null) { messages.Add(new Message(MessageTypeEnum.Error, 2001, new List <string>() { fromBodyDataModel.DatasetId.ToString() })); Logger.LogMessagesToConsole(messages); return(BadRequest(messages)); } // Authorization if (!AuthorizationHelper.IsAuthorized(authUserModel, datasetDescriptor.Id, RightsEnum.CRU)) { return(Forbid()); } #region VALIDATIONS // Recieved data ApplicationId must be the same as of authorized user var sharedValidationHelper = new SharedValidationHelper(); messages = sharedValidationHelper.ValidateApplicationId(fromBodyDataModel.ApplicationId, authUserModel.ApplicationId); if (messages.Count != 0) { return(BadRequest(messages)); } fromBodyDataModel.Application = authUserModel.Application; // Data must already exist in the database var dataRepository = new DataRepository(context); var dataModel = dataRepository.GetById(fromBodyDataModel.ApplicationId, fromBodyDataModel.DatasetId, fromBodyDataModel.Id); if (dataModel == null) { messages.Add(new Message(MessageTypeEnum.Error, 2003, new List <string>() { fromBodyDataModel.Application.LoginApplicationName, datasetDescriptor.Name, fromBodyDataModel.Id.ToString() })); Logger.LogMessagesToConsole(messages); return(BadRequest(messages)); } // Input data validations var validReferencesIdsDictionary = controllerHelper.GetAllReferencesIdsDictionary(authUserModel.Application); messages = sharedValidationHelper.ValidateDataByApplicationDescriptor(datasetDescriptor, fromBodyDataModel.DataDictionary, validReferencesIdsDictionary); if (messages.Count != 0) { return(BadRequest(messages)); } #endregion dataRepository.SetData(dataModel, fromBodyDataModel.DataDictionary); messages.Add(new Message(MessageTypeEnum.Info, 2005, new List <string>() { datasetDescriptor.Name })); return(Ok(messages)); }
public IActionResult Create([FromBody] RightsModel fromBodyRightsModel) { // List of messages to return to the client var messages = new List <Message>(); // Authentication var controllerHelper = new ControllerHelper(context); var authUserModel = controllerHelper.Authenticate(HttpContext.User.Identity as ClaimsIdentity); if (authUserModel == null) { return(Unauthorized()); } // Authorization if (!AuthorizationHelper.IsAuthorized(authUserModel, (long)SystemDatasetsEnum.Rights, RightsEnum.CR)) { return(Forbid()); } #region VALIDATIONS // New rights ApplicationId must be the same as of authorized user var sharedValidationHelper = new SharedValidationHelper(); messages = sharedValidationHelper.ValidateApplicationId(fromBodyRightsModel.ApplicationId, authUserModel.ApplicationId); if (messages.Count != 0) { return(BadRequest(messages)); } fromBodyRightsModel.Application = authUserModel.Application; // New rights must have a unique name var rightsRepository = new RightsRepository(context); var sameNameRights = rightsRepository.GetByApplicationIdAndName(authUserModel.ApplicationId, fromBodyRightsModel.Name); if (sameNameRights.Count() > 0) { messages.Add(new Message(MessageTypeEnum.Error, 4001, new List <string>() { fromBodyRightsModel.Name })); return(BadRequest(messages)); } // Rights data validity and logic validity messages = sharedValidationHelper.ValidateRights(authUserModel.Application.ApplicationDescriptor, fromBodyRightsModel.DataDictionary); if (messages.Count != 0) { return(BadRequest(messages)); } #endregion rightsRepository.Add(fromBodyRightsModel); messages.Add(new Message(MessageTypeEnum.Info, 4002, new List <string>() { fromBodyRightsModel.Name })); return(Ok(messages)); }