public async Task <IActionResult> UpdateUserById([FromRoute] string id, [FromBody] JsonPatchDocument <UserDto> patch)
{
var authHelper = new AuthHelperBuilder()
.AllowSystem()
.AllowId(id)
.RequirePermissions("users.update_others")
.Build();
if (!authHelper.Authorize(_identityService))
{
return(Unauthorized());
}
// TODO - refactor
var testDto = UserDto.ValidationUser;
patch.ApplyTo(testDto, ModelState);
TryValidateModel(testDto);
//TryValidateModel(testDto.Profile);
if (!ModelState.IsValid)
{
return(BadRequest(new ErrorResponse(ModelState)));
}
await _mediator.Publish(new UpdateUserCommand(id, patch));
return(NoContent());
}
public async Task <IActionResult> GetChats(QueryDto query)
{
var authHelper = new AuthHelperBuilder()
.AllowSystem()
.RequirePermissions("users.view_others")
.Build();
if (!authHelper.Authorize(_identityService))
{
return(Unauthorized());
}
if (!ModelState.IsValid)
{
return(BadRequest(new ErrorResponse(ModelState)));
}
var userId = _identityService.GetUserIdentity();
var(chats, total) = userId == AuthorizationConstants.System ?
await _chatQueries.GetChats(new ChatSpecification(query)) :
await _chatQueries.GetChatsForOwnerOrMemberAsync(new ChatSpecification(query), userId);
return(Ok(new ArrayResponse <ChatDto>(chats, total)));
}
public void RequirePermissions_ShouldReturnFalse_IfUserDoesNotHavePermissions()
{
var authHelper = new AuthHelperBuilder()
.RequirePermissions("foo", "bar")
.AllowId("baz")
.Build();
var mock = new Mock <IIdentityService>();
mock.Setup(idS => idS.GetPermissions()).Returns(new[] { "foo", "gibberish1", "gibberish2" });
mock.Setup(idS => idS.GetUserIdentity()).Returns("baz");
var authorized = authHelper.Authorize(mock.Object);
Assert.False(authorized);
}
public async Task <IActionResult> DeleteFriendshipByFriendId(string userId, [FromQuery] string friendId)
{
var authHelper = new AuthHelperBuilder()
.AllowSystem()
.RequirePermissions("users.view_others")
.Build();
if (!authHelper.Authorize(_identityService))
{
return(Unauthorized());
}
await _mediator.Publish(new DeleteFriendshipByFriendIdCommand(userId, friendId));
return(NoContent());
}
public async Task <IActionResult> GetFriendshipsByUserId(string userId, QueryDto queryDto)
{
var authHelper = new AuthHelperBuilder()
.AllowSystem()
.RequirePermissions("users.view_others")
.Build();
if (!authHelper.Authorize(_identityService))
{
return(Unauthorized());
}
var(friendships, count) = await _friendshipQueries.GetFriendshipsByUserId(userId, queryDto.Pagination);
return(Ok(new ArrayResponse <FriendshipDto>(friendships, count)));
}
public void RequirePermissions_ShouldDefer_IfUserHasPermissions()
{
var authHelper = new AuthHelperBuilder()
.RequirePermissions("foo", "bar")
.AllowId("baz")
.Build();
var mock = new Mock <IIdentityService>();
mock.Setup(idS => idS.GetPermissions()).Returns(new[] { "foo", "bar" });
mock.Setup(idS => idS.GetUserIdentity()).Returns("baz");
var authorized = authHelper.Authorize(mock.Object);
Assert.True(authorized);
}
public async Task <IActionResult> GetUserById([FromRoute] string id)
{
var authHelper = new AuthHelperBuilder()
.AllowSystem()
.AllowId(id)
.RequirePermissions("users.view_others")
.Build();
if (!authHelper.Authorize(_identityService))
{
return(Unauthorized());
}
var user = await _userQueries.GetUserByIdAsync(id);
return(Ok(user));
}
public void AllowSystem_ShouldReturnTrue_IfUserIsSystem()
{
var authHelper = new AuthHelperBuilder()
.AllowSystem()
.AllowId("gibberish")
.RequirePermissions("gibberish1", "gibberish2")
.Build();
var mock = new Mock <IIdentityService>();
mock.Setup(idS => idS.GetPermissions()).Returns(new[] { "foo", "bar " });
mock.Setup(idS => idS.GetUserIdentity()).Returns(AuthorizationConstants.System);
var authorized = authHelper.Authorize(mock.Object);
Assert.True(authorized);
}
public async Task <IActionResult> GetMe()
{
var myId = _identityService.GetUserIdentity();
var authHelper = new AuthHelperBuilder()
.AllowId(myId)
.Build();
if (!authHelper.Authorize(_identityService))
{
return(Unauthorized());
}
var user = await _userQueries.GetUserByIdAsync(myId);
return(Ok(user));
}
public async Task <IActionResult> CreateFriendshipRequestsByRequesterId(string requesterId, [FromForm] string requesteeId)
{
var authHelper = new AuthHelperBuilder()
.AllowSystem()
.RequirePermissions("users.view_others")
.Build();
if (!authHelper.Authorize(_identityService))
{
return(Unauthorized());
}
var friendshipRequestDto = await _mediator.Send(new CreateFriendshipRequestCommand(requesterId, requesteeId));
var url = Url.Action(nameof(GetFriendshipRequestById), new { id = friendshipRequestDto.Id });
return(Created(url, friendshipRequestDto));
}
public async Task <IActionResult> GetFriendshipRequestsByRequesteeId(string requesteeId, QueryDto queryDto)
{
var authHelper = new AuthHelperBuilder()
.AllowSystem()
.RequirePermissions("users.view_others")
.Build();
if (!authHelper.Authorize(_identityService))
{
return(Unauthorized());
}
var spec = new FriendshipRequestSpecification(queryDto, requesteeId);
var(friendshipRequests, count) = await _friendshipRequestQueries.GetFriendshipRequests(spec);
return(Ok(new ArrayResponse <FriendshipRequestDto>(friendshipRequests, count)));
}
public async Task <IActionResult> GetFriendships(QueryDto query)
{
var authHelper = new AuthHelperBuilder()
.AllowSystem()
.RequirePermissions("users.manage")
.Build();
if (!authHelper.Authorize(_identityService))
{
return(Unauthorized());
}
var spec = new FriendshipSpecification(query);
var(friendships, count) = await _friendshipQueries.GetFriendships(spec);
return(Ok(new ArrayResponse <FriendshipDto>(friendships, count)));
}
public async Task <IActionResult> GetUsers(QueryDto query)
{
var authHelper = new AuthHelperBuilder()
.AllowSystem()
.RequirePermissions("users.view_others")
.Build();
if (!authHelper.Authorize(_identityService))
{
return(Unauthorized());
}
var myId = _identityService.GetUserIdentity();
var spec = myId == AuthorizationConstants.System ? new UserSpecification(query) : new UserSpecification(query, new[] { myId });
var(users, total) = await _userQueries.GetUsersAsync(spec);
return(Ok(new ArrayResponse <UserDto>(users, total)));
}
public async Task <IActionResult> GetFriendshipRequestById(string id)
{
var authHelper = new AuthHelperBuilder()
.AllowSystem()
.RequirePermissions("users.manage")
.Build();
if (!authHelper.Authorize(_identityService))
{
return(Unauthorized());
}
var friendshipRequest = await _friendshipRequestQueries.GetFriendshipRequestById(id);
if (friendshipRequest == default)
{
return(NotFound());
}
return(Ok(friendshipRequest));
}
public async Task <IActionResult> GetChatById(string id)
{
var authHelper = new AuthHelperBuilder()
.AllowSystem()
.RequirePermissions("chats.manage")
.Build();
if (!authHelper.Authorize(_identityService))
{
return(Unauthorized());
}
var chat = await _chatQueries.GetChatById(id);
if (chat == null)
{
return(NotFound());
}
return(Ok(chat));
}
public async Task <IActionResult> UpdateFriendshipRequestStatusById([FromRoute] string id, [FromBody] UpdateFriendshipRequestStatusCommand command)
{
var authHelper = new AuthHelperBuilder()
.AllowSystem()
.RequirePermissions("users.view_others")
.Build();
if (!authHelper.Authorize(_identityService))
{
return(Unauthorized());
}
if (!ModelState.IsValid)
{
return(BadRequest(new ErrorResponse(ModelState)));
}
command.Id = id;
await _mediator.Publish(command);
return(NoContent());
}
public async Task <IActionResult> CreateFriendshipRequest([FromBody] CreateFriendshipRequestCommand createFriendshipRequestCommand)
{
var authHelper = new AuthHelperBuilder()
.AllowSystem()
.AllowId(createFriendshipRequestCommand.RequesterId)
.RequirePermissions("users.view_others")
.Build();
if (!authHelper.Authorize(_identityService))
{
return(Unauthorized());
}
if (!ModelState.IsValid)
{
return(BadRequest(new ErrorResponse(ModelState)));
}
var friendshipRequestDto = await _mediator.Send(createFriendshipRequestCommand);
var url = Url.Action(nameof(GetFriendshipRequestById), new { id = friendshipRequestDto.Id });
return(Created(url, friendshipRequestDto));
}
public async Task <IActionResult> CreateChat([FromBody] CreateChatCommand createChatCommand)
{
var authHelper = new AuthHelperBuilder()
.AllowSystem()
.RequireId(createChatCommand.OwnerId)
.RequirePermissions("chats.create")
.Build();
if (!authHelper.Authorize(_identityService))
{
return(Unauthorized());
}
if (!ModelState.IsValid)
{
return(BadRequest(new ErrorResponse(ModelState)));
}
var chatDto = await _mediator.Send(createChatCommand);
var url = Url.Action(nameof(GetChatById), new { id = chatDto.Id });
return(Created(url, chatDto));
}