Esempi in C# (CSharp) per AuthorizationHelpers.IsAuthorizedUser

Esempio n. 1

File: CommentsController.cs Progetto: AliCakirer/Blog-API

        public IActionResult Delete(string id)
        {
            //Get comment from table
            var comment = _commentRepository.GetById(id);

            //Check if such comment exists
            if (comment == null)
            {
                return(BadRequest(new Message("The comment with id: " + id + " doesn't exist.")));
            }

            var tokenUser = HttpContext.User;

            //If request is not sent by owner or by admin, finish here
            if (!AuthorizationHelpers.IsAuthorizedUser(tokenUser, comment.OwnerId) && !AuthorizationHelpers.IsAdmin(tokenUser))
            {
                return(Unauthorized(new Message("Unauthorized user.")));
            }

            //Update table
            if (_commentRepository.Delete(comment))
            {
                return(Ok(new Message("Comment with id: " + id + " deleted successfully")));
            }

            return(BadRequest(new Message("Error when deleting comment with id: " + id)));
        }

Esempio n. 2

        public IActionResult Delete(string id)
        {
            //Check if token is given by admin or authorized user
            var tokenUser = HttpContext.User;

            if (!AuthorizationHelpers.IsAdmin(tokenUser) && !AuthorizationHelpers.IsAuthorizedUser(tokenUser, id))
            {
                return(Unauthorized(new Message("Unauthorized user.")));
            }

            //Find user in table
            var user = _userRepository.Where(u => u.Id == id).Include(u => u.Posts).FirstOrDefault();

            //Check if such user exists
            if (user == null)
            {
                return(BadRequest(new Message("No such user with this id: " + id)));
            }

            if (_userRepository.Delete(user))
            {
                return(Ok(new Message("User with email: " + user.Email + ", id: " + id + " deleted successfully")));
            }

            return(BadRequest(new Message("Error when deleting user with id: " + id)));
        }

Esempio n. 3

File: CommentsController.cs Progetto: AliCakirer/Blog-API

        public ActionResult <CommentOutDto> Update(string id, [FromBody] CommentUpdateDto commentInDto)
        {
            var comment = _commentRepository.GetById(id);

            //Check if this comment exists
            if (comment == null)
            {
                return(BadRequest(new Message("The comment with id: " + id + " doesn't exist.")));
            }

            var tokenUser = HttpContext.User;

            //If request is not sent by owner, finish here
            if (!AuthorizationHelpers.IsAuthorizedUser(tokenUser, comment.OwnerId))
            {
                return(Unauthorized(new Message("Unauthorized user.")));
            }

            if (!string.IsNullOrEmpty(commentInDto.Content))
            {
                comment.Content = commentInDto.Content;
            }

            //Update table
            if (_commentRepository.Update(comment))
            {
                var commentOutDto = _mapper.Map <CommentOutDto>(comment);

                return(Ok(commentOutDto));
            }

            return(BadRequest(new Message("Error when updating comment with id: " + id)));
        }

Esempio n. 4

        public IActionResult Delete(string id)
        {
            var post = _postRepository.GetById(id);

            if (post == null)
            {
                return(NotFound(new Message("No such post with this id: " + id)));
            }

            //Check if post is being deleted by its owner or by admin
            var tokenUser = HttpContext.User;

            if (!AuthorizationHelpers.IsAdmin(tokenUser) && !AuthorizationHelpers.IsAuthorizedUser(tokenUser, post.OwnerId))
            {
                return(Unauthorized(new Message("Unauthorized user.")));
            }

            //Update table
            if (_postRepository.Delete(post))
            {
                return(Ok(new Message("Post with title: " + post.Title + " and with id: " + post.Id + " deleted Successfully")));
            }

            return(BadRequest(new Message("Error when updating post")));
        }

Esempio n. 5

        public IActionResult GetByOwnerId(string ownerId,
                                          [FromQuery] int limit,
                                          [FromQuery] bool oldest)
        {
            //Check if request is sent by owner of the posts or by admin
            var tokenUser = HttpContext.User;

            if (!AuthorizationHelpers.IsAdmin(tokenUser) && !AuthorizationHelpers.IsAuthorizedUser(tokenUser, ownerId))
            {
                return(Unauthorized(new Message("Unauthorized user.")));
            }

            //Create queryable object for limitations and order specifications
            var postsQueryable = _postRepository.Where(p => p.OwnerId == ownerId);

            //Order
            postsQueryable = oldest ? postsQueryable.OrderBy(p => p.SubmitTime) : postsQueryable.OrderByDescending(p => p.SubmitTime);

            //Limitation
            if (limit > 0)
            {
                postsQueryable = postsQueryable.Take(limit);
            }

            return(Ok(postsQueryable.Select(p => _mapper.Map <PostOutDto>(p))));
        }

Esempio n. 6

        public IActionResult UnlikePost(UserLikePostInDto userLikePostDto)
        {
            //Check if inputs are valid
            if (string.IsNullOrEmpty(userLikePostDto.UserId))
            {
                return(BadRequest(new Message("Please give valid user id.")));
            }

            if (string.IsNullOrEmpty(userLikePostDto.PostId))
            {
                return(BadRequest(new Message("Please give valid post id.")));
            }

            var userIn = _userRepository.GetById(userLikePostDto.UserId);

            //Check if user is deleted
            if (userIn == null)
            {
                return(BadRequest(new Message("User : "******" is no longer exists")));
            }

            var postIn = _postRepository.GetById(userLikePostDto.PostId);

            //Check if post is deleted
            if (postIn == null)
            {
                return(BadRequest(new Message("Post : " + userLikePostDto.PostId + " is no longer exists")));
            }

            //Check if token is given by authorized user
            var tokenUser = HttpContext.User;

            //If follower user is not authorized, finish here
            if (!AuthorizationHelpers.IsAuthorizedUser(tokenUser, userLikePostDto.UserId))
            {
                return(Unauthorized(new Message("Unauthorized user.")));
            }

            //Get the user like relation from table
            var userLikePost = _userLikePostRepository
                               .Where(ulp => ulp.UserId == userLikePostDto.UserId && ulp.PostId == userLikePostDto.PostId)
                               .FirstOrDefault();

            //Check if there exists such relation
            if (userLikePost == null)
            {
                return(BadRequest(new Message("User : "******" hasn't been liked the post : " +
                                              userLikePostDto.PostId)));
            }

            //Delete relation from table
            if (_userLikePostRepository.Delete(userLikePost))
            {
                return(Ok(new Message("User : "******" is not being liked the post : " +
                                      userLikePostDto.PostId + " anymore")));
            }

            return(BadRequest(new Message("Error when post unlike with user :"******" and post : " + userLikePostDto.PostId)));
        }

Esempio n. 7

        public ActionResult <UserOutDto> Get(string id,
                                             [FromQuery] bool posts,
                                             [FromQuery] bool likedPosts,
                                             [FromQuery] bool followings,
                                             [FromQuery] bool followers,
                                             [FromQuery] bool category)
        {
            //Check if token is given by admin or authorized user
            var tokenUser = HttpContext.User;

            if (!AuthorizationHelpers.IsAdmin(tokenUser) && !AuthorizationHelpers.IsAuthorizedUser(tokenUser, id))
            {
                return(Unauthorized(new Message("Unauthorized user.")));
            }

            //Initialize a queryable object for further include operations.
            var userQueryable = _userRepository.Where(u => u.Id == id);

            var rawUser = userQueryable.FirstOrDefault();

            //Check if there exists a user with given id
            if (rawUser == null)
            {
                return(NotFound(new Message("No such user with this id: " + id)));
            }

            if (posts)
            {
                userQueryable = userQueryable.Include(u => u.Posts);
            }

            if (likedPosts)
            {
                userQueryable = userQueryable.Include(u => u.LikedPosts).ThenInclude(lp => lp.Post);
            }

            if (followings)
            {
                userQueryable = userQueryable.Include(u => u.Followings).ThenInclude(uf => uf.Followed);
            }

            if (followers)
            {
                userQueryable = userQueryable.Include(u => u.Followers).ThenInclude(uf => uf.Follower);
            }

            if (category)
            {
                userQueryable = userQueryable.Include(u => u.InterestedCategories).ThenInclude(ic => ic.Category);
            }

            //Get the user object
            var user = userQueryable.FirstOrDefault();

            //Prepare dto object
            var userOutDto = _mapper.Map <UserOutDto>(user);

            return(userOutDto);
        }

Esempio n. 8

        public IActionResult RemoveUser([FromBody] UserCategoryInDto userCategoryDto)
        {
            //Check if inputs are valid
            if (string.IsNullOrEmpty(userCategoryDto.UserId))
            {
                return(BadRequest(new Message("Please give valid user id")));
            }

            if (string.IsNullOrEmpty(userCategoryDto.CategoryId))
            {
                return(BadRequest(new Message("Please give valid category id")));
            }

            //Check if user is deleted
            var userIn = _userRepository.GetById(userCategoryDto.UserId);

            if (userIn == null)
            {
                return(BadRequest(new Message("User: "******" no longer exists")));
            }

            //Check if category is deleted
            var categoryIn = _categoryRepository.GetById(userCategoryDto.CategoryId);

            if (categoryIn == null)
            {
                return(BadRequest(new Message("Category: " + userCategoryDto.CategoryId + " no longer exists")));
            }

            var tokenUser = HttpContext.User;

            //Check if request is sent by user (follower of the category) .
            if (!AuthorizationHelpers.IsAuthorizedUser(tokenUser, userCategoryDto.UserId))
            {
                return(Unauthorized(new Message("Unauthorized user.")));
            }

            //Get user-category relation from table
            var userCategory = _userCategoryRepository
                               .Where(uc => uc.CategoryId == userCategoryDto.CategoryId && uc.UserId == userCategoryDto.UserId)
                               .FirstOrDefault();

            //If such relation doesn't exist
            if (userCategory == null)
            {
                return(BadRequest(new Message("User : "******" is not following Category : " + userCategoryDto.CategoryId)));
            }

            //Update table
            if (_userCategoryRepository.Delete(userCategory))
            {
                return(Ok(new Message("User : "******" is deleted from Category : " + userCategory.CategoryId)));
            }

            return(BadRequest(new Message("Error when deleting user-category relation")));
        }

Esempio n. 9

        public IActionResult UnFollow(UserDoFollowDto userFollowDto)
        {
            //Check if inputs are valid
            if (string.IsNullOrEmpty(userFollowDto.FollowerId))
            {
                return(BadRequest(new Message("Please give valid follower id.")));
            }

            if (string.IsNullOrEmpty(userFollowDto.FollowedId))
            {
                return(BadRequest(new Message("Please give valid followed id.")));
            }

            //Check if any of the users is deleted
            if (_userRepository.GetById(userFollowDto.FollowerId) == null)
            {
                return(BadRequest(new Message("Follower user : "******" is no longer exists")));
            }

            if (_userRepository.GetById(userFollowDto.FollowedId) == null)
            {
                return(BadRequest(new Message("Followed user : "******" is no longer exists")));
            }

            //Check if token is given by authorized user
            var tokenUser = HttpContext.User;

            //If follower user is not authorized, finish here
            if (!AuthorizationHelpers.IsAuthorizedUser(tokenUser, userFollowDto.FollowerId))
            {
                return(Unauthorized(new Message("Unauthorized user.")));
            }

            //Get follow relation from table
            var userFollow = _userFollowRepository.Where(uf =>
                                                         uf.FollowerId == userFollowDto.FollowerId && uf.FollowedId == userFollowDto.FollowedId)
                             .FirstOrDefault();

            //If such relation doesn't exist , finish here.
            if (userFollow == null)
            {
                return(BadRequest(new Message("User : "******" is not following user : "******"User : "******" is not following user : "******" anymore.")));
            }

            return(BadRequest(new Message("Error when unfollow, with follower :" + userFollowDto.FollowerId + " and followed : " + userFollowDto.FollowedId)));
        }

Esempio n. 10

        public ActionResult <PostOutDto> Update(string id, [FromBody] PostUpdateDto postInDto)
        {
            if (!ModelState.IsValid || postInDto == null)
            {
                return(BadRequest(new Message("Post not valid or null")));
            }

            //Check if there exist a post with {id}
            var post = _postRepository.GetById(id);

            if (post == null)
            {
                return(NotFound(new Message("No such post with this id: " + id)));
            }

            //Check if post is being updated by its owner
            var tokenUser = HttpContext.User;

            if (!AuthorizationHelpers.IsAuthorizedUser(tokenUser, post.OwnerId))
            {
                return(Unauthorized(new Message("Unauthorized user.")));
            }

            if (!string.IsNullOrWhiteSpace(postInDto.Title))
            {
                post.Title = postInDto.Title;
            }

            if (!string.IsNullOrWhiteSpace(postInDto.Content))
            {
                post.Content = postInDto.Content;
            }

            if (!string.IsNullOrWhiteSpace(postInDto.CategoryId))
            {
                post.Content = postInDto.CategoryId;
            }

            //Save changes
            if (!_postRepository.Update(post))
            {
                return(BadRequest(new Message("Error when updating post")));
            }

            var postOutDto = _mapper.Map <PostOutDto>(post);

            return(postOutDto);
        }

Esempio n. 11

        public ActionResult <PostOutDto> Create([FromBody] PostCreateDto postInDto)
        {
            if (!ModelState.IsValid || postInDto == null)
            {
                return(BadRequest(new Message("Post not valid or null")));
            }

            if (string.IsNullOrEmpty(postInDto.OwnerId))
            {
                return(BadRequest(new Message("Please give valid owner Id")));
            }

            if (string.IsNullOrEmpty(postInDto.CategoryId))
            {
                return(BadRequest(new Message("Please give valid category Id")));
            }

            if (string.IsNullOrEmpty(postInDto.Content))
            {
                return(BadRequest(new Message("Please give valid content")));
            }

            if (string.IsNullOrEmpty(postInDto.Title))
            {
                return(BadRequest(new Message("Please give valid title")));
            }

            var postIn = _mapper.Map <Post>(postInDto);

            //Check if post is being created by its owner
            var tokenUser = HttpContext.User;

            if (!AuthorizationHelpers.IsAuthorizedUser(tokenUser, postInDto.OwnerId))
            {
                return(Unauthorized(new Message("Unauthorized user.")));
            }

            //Update previous post, current post and owner.
            if (!_postRepository.Add(postIn))
            {
                return(BadRequest(new Message("Error when adding post into table. Please check owner Id")));
            }

            var postOutDto = _mapper.Map <PostOutDto>(postIn);

            return(postOutDto);
        }

Esempio n. 12

File: CommentsController.cs Progetto: AliCakirer/Blog-API

        public ActionResult <CommentOutDto> Create([FromBody] CommentCreateDto commentInDto)
        {
            var tokenUser = HttpContext.User;

            //If request is not sent by owner, finish here
            if (!AuthorizationHelpers.IsAuthorizedUser(tokenUser, commentInDto.OwnerId))
            {
                return(Unauthorized(new Message("Unauthorized user.")));
            }

            var commentIn = _mapper.Map <Comment>(commentInDto);

            if (_commentRepository.Add(commentIn))
            {
                var commentOutDto = _mapper.Map <CommentOutDto>(commentIn);
                return(Ok(commentOutDto));
            }

            return(BadRequest(new Message("Error when creating comment")));
        }

Esempio n. 13

        public ActionResult <UserOutDto> Update(string id, [FromBody] UserUpdateDto userDto)
        {
            var userOld = _userRepository.GetById(id);

            if (userOld == null)
            {
                return(NotFound(new Message("No such user with this id: " + id)));
            }

            //Check if token is given by admin or authorized user
            var tokenUser = HttpContext.User;

            if (!AuthorizationHelpers.IsAdmin(tokenUser) && !AuthorizationHelpers.IsAuthorizedUser(tokenUser, id))
            {
                return(Unauthorized(new Message("Unauthorized user.")));
            }

            if (!string.IsNullOrWhiteSpace(userDto.BirthDate))
            {
                userOld.BirthDate = userDto.BirthDate;
            }

            if (!string.IsNullOrWhiteSpace(userDto.Description))
            {
                userOld.Description = userDto.Description;
            }

            if (!string.IsNullOrWhiteSpace(userDto.FacebookLink))
            {
                userOld.FacebookLink = userDto.FacebookLink;
            }

            if (!string.IsNullOrWhiteSpace(userDto.InstagramLink))
            {
                userOld.InstagramLink = userDto.InstagramLink;
            }

            if (!string.IsNullOrWhiteSpace(userDto.LinkedinLink))
            {
                userOld.LinkedinLink = userDto.LinkedinLink;
            }

            if (!string.IsNullOrWhiteSpace(userDto.Theme))
            {
                userOld.Theme = userDto.Theme;
            }

            if (!string.IsNullOrWhiteSpace(userDto.TwitterLink))
            {
                userOld.TwitterLink = userDto.TwitterLink;
            }

            if (!string.IsNullOrWhiteSpace(userDto.Password))
            {
                UserHelpers.CreatePasswordHash(userDto.Password, out var passwordHash, out var passwordSalt);
                userOld.PasswordHash = passwordHash;
                userOld.PasswordSalt = passwordSalt;
            }

            if (_userRepository.Update(userOld))
            {
                var userOutDto = _mapper.Map <UserOutDto>(userOld);

                return(userOutDto);
            }

            return(BadRequest(new Message("Error when updating user.")));
        }

Esempio n. 14

        public ActionResult <PostOutDto> Get(string id,
                                             [FromQuery] bool owner,
                                             [FromQuery] bool comment,
                                             [FromQuery] bool category,
                                             [FromQuery] bool like)
        {
            //Initialize a queryable object for further include operations.
            var postQueryable = _postRepository.Where(p => p.Id == id);

            var rawPost = postQueryable.FirstOrDefault();

            //Check if there exists a post with given id
            if (rawPost == null)
            {
                return(NotFound(new Message("No such post with this id: " + id)));
            }

            //Check if token is given by admin or owner of the post
            var tokenUser = HttpContext.User;

            if (!AuthorizationHelpers.IsAdmin(tokenUser) && !AuthorizationHelpers.IsAuthorizedUser(tokenUser, rawPost.OwnerId))
            {
                return(Unauthorized(new Message("Unauthorized user.")));
            }

            if (owner)
            {
                postQueryable = postQueryable.Include(p => p.Owner);
            }

            if (comment)
            {
                postQueryable = postQueryable.Include(p => p.Comments);
            }

            if (category)
            {
                postQueryable = postQueryable.Include(p => p.Category);
            }

            if (like)
            {
                postQueryable = postQueryable.Include(p => p.LikedUsers).ThenInclude(lu => lu.User);
            }

            //Get the post object
            var post = postQueryable.FirstOrDefault();

            //Find previous post with submit date
            var prevPost = _postRepository.Where(p => p.OwnerId == post.OwnerId && p.SubmitTime < post.SubmitTime)
                           .FirstOrDefault();
            var prevPostOutDto = _mapper.Map <PostOutDto>(prevPost);

            //Find next post with submit date
            var nextPost = _postRepository.Where(p => p.OwnerId == post.OwnerId && p.SubmitTime > post.SubmitTime)
                           .FirstOrDefault();
            var nextPostOutDto = _mapper.Map <PostOutDto>(nextPost);

            //Prepare post dto
            var postOutDto = _mapper.Map <PostOutDto>(post);

            postOutDto.PreviousPost = prevPostOutDto;
            postOutDto.NextPost     = nextPostOutDto;

            return(postOutDto);
        }

Esempio n. 15

        public ActionResult <UserCategoryOutDto> AddUser([FromBody] UserCategoryInDto userCategoryDto)
        {
            //Check if inputs are valid
            if (string.IsNullOrEmpty(userCategoryDto.UserId))
            {
                return(BadRequest(new Message("Please give valid user id")));
            }

            if (string.IsNullOrEmpty(userCategoryDto.CategoryId))
            {
                return(BadRequest(new Message("Please give valid category id")));
            }

            //Check if user is deleted
            var userIn = _userRepository.GetById(userCategoryDto.UserId);

            if (userIn == null)
            {
                return(BadRequest(new Message("User: "******" no longer exists")));
            }

            //Check if category is deleted
            var categoryIn = _categoryRepository.GetById(userCategoryDto.CategoryId);

            if (categoryIn == null)
            {
                return(BadRequest(new Message("Category: " + userCategoryDto.CategoryId + " no longer exists")));
            }

            var tokenUser = HttpContext.User;

            //Check if request is sent by user (who is being follower of the category) .
            if (!AuthorizationHelpers.IsAuthorizedUser(tokenUser, userCategoryDto.UserId))
            {
                return(Unauthorized(new Message("Unauthorized user.")));
            }

            //Get user-category relation from table
            var userCategory = _userCategoryRepository
                               .Where(uc => uc.CategoryId == userCategoryDto.CategoryId && uc.UserId == userCategoryDto.UserId)
                               .FirstOrDefault();

            //If such relation exists
            if (userCategory != null)
            {
                return(BadRequest(new Message("User : "******" is already following Category : " + userCategoryDto.CategoryId)));
            }

            //Create new relation
            var userCategoryIn = new UserCategory(userCategoryDto.UserId, userCategoryDto.CategoryId);

            //Update table
            if (_userCategoryRepository.Add(userCategoryIn))
            {
                var userCategoryOutDto = _mapper.Map <UserCategoryOutDto>(userCategoryIn);

                return(Ok(userCategoryOutDto));
            }

            return(BadRequest(new Message("Error when adding user-category relation")));
        }