public async Task <Response <IEnumerable <WeekTemplateNameDTO> > > GetWeekTemplates()
{
var user = await _giraf.LoadBasicUserDataAsync(HttpContext.User);
if (!await _authentication.HasTemplateAccess(user))
{
return(new ErrorResponse <IEnumerable <WeekTemplateNameDTO> >(ErrorCode.NotAuthorized));
}
var result = _giraf._context.WeekTemplates
.Where(t => t.DepartmentKey == user.DepartmentKey)
.Select(w => new WeekTemplateNameDTO(w.Name, w.Id)).ToArray();
if (result.Length < 1)
{
return(new ErrorResponse <IEnumerable <WeekTemplateNameDTO> >(ErrorCode.NoWeekTemplateFound));
}
else
{
return(new Response <IEnumerable <WeekTemplateNameDTO> >(result));
}
}
public async Task <Response <WeekPictogramDTO> > ReadPictogram(long id)
{
try
{
//Fetch the pictogram and check that it actually exists
var pictogram = await _giraf._context.Pictograms
.Where(p => p.Id == id)
.FirstOrDefaultAsync();
if (pictogram == null)
{
return(new ErrorResponse <WeekPictogramDTO>(ErrorCode.PictogramNotFound));
}
//Check if the pictogram is public and return it if so
if (pictogram.AccessLevel == AccessLevel.PUBLIC)
{
return(new Response <WeekPictogramDTO>(new WeekPictogramDTO(pictogram)));
}
var usr = await _giraf.LoadBasicUserDataAsync(HttpContext.User);
if (usr == null)
{
return(new ErrorResponse <WeekPictogramDTO>(ErrorCode.UserNotFound));
}
var ownsResource = false;
if (pictogram.AccessLevel == AccessLevel.PRIVATE)
{
ownsResource = await _giraf.CheckPrivateOwnership(pictogram, usr);
}
else if (pictogram.AccessLevel == AccessLevel.PROTECTED)
{
ownsResource = await _giraf.CheckProtectedOwnership(pictogram, usr);
}
if (ownsResource)
{
return(new Response <WeekPictogramDTO>(new WeekPictogramDTO(pictogram)));
}
else
{
return(new ErrorResponse <WeekPictogramDTO>(ErrorCode.NotAuthorized));
}
} catch (Exception e)
{
var exceptionMessage = $"Exception occured in read:\n{e}";
_giraf._logger.LogError(exceptionMessage);
return(new ErrorResponse <WeekPictogramDTO>(ErrorCode.Error));
}
}
public async Task <Response <DepartmentDTO> > Post([FromBody] DepartmentDTO depDTO)
{
try
{
if (depDTO?.Name == null)
{
return(new ErrorResponse <DepartmentDTO>(ErrorCode.MissingProperties,
"Deparment name has to be specified!"));
}
var authenticatedUser = await _giraf.LoadBasicUserDataAsync(HttpContext.User);
if (authenticatedUser == null)
{
return(new ErrorResponse <DepartmentDTO>(ErrorCode.UserNotFound));
}
var userRole = await _roleManager.findUserRole(_giraf._userManager, authenticatedUser);
if (userRole != GirafRoles.SuperUser)
{
return(new ErrorResponse <DepartmentDTO>(ErrorCode.NotAuthorized));
}
//Add the department to the database.
Department department = new Department(depDTO);
//Add all members specified by either id or username in the DTO
if (depDTO.Members != null)
{
foreach (var mem in depDTO.Members)
{
var usr = await _giraf._context.Users
.Where(u => u.UserName == mem.UserName || u.Id == mem.UserId)
.FirstOrDefaultAsync();
if (usr == null)
{
return(new ErrorResponse <DepartmentDTO>(ErrorCode.InvalidProperties,
"The member list contained an invalid id: " + mem));
}
department.Members.Add(usr);
usr.Department = department;
}
}
//Add all the resources with the given ids
if (depDTO.Resources != null)
{
foreach (var reso in depDTO.Resources)
{
var res = await _giraf._context.Pictograms
.Where(p => p.Id == reso)
.FirstOrDefaultAsync();
if (res == null)
{
return(new ErrorResponse <DepartmentDTO>(ErrorCode.InvalidProperties,
"The list of resources contained an invalid resource id: " + reso));
}
var dr = new DepartmentResource(department, res);
await _giraf._context.DepartmentResources.AddAsync(dr);
}
}
await _giraf._context.Departments.AddAsync(department);
//Create a new user with the supplied information
var departmentUser = new GirafUser(depDTO.Name, department)
{
IsDepartment = true
};
//department.Members.Add(user);
var identityUser = await _giraf._userManager.CreateAsync(departmentUser, "0000");
if (identityUser.Succeeded == false)
{
return(new ErrorResponse <DepartmentDTO>(ErrorCode.CouldNotCreateDepartmentUser, string.Join("\n", identityUser.Errors)));
}
await _giraf._userManager.AddToRoleAsync(departmentUser, GirafRole.Department);
//Save the changes and return the entity
await _giraf._context.SaveChangesAsync();
var members = DepartmentDTO.FindMembers(department.Members, _roleManager, _giraf);
return(new Response <DepartmentDTO>(new DepartmentDTO(department, members)));
}
catch (System.Exception e)
{
var errorDescription = $"Exception in Post: {e.Message}, {e.InnerException}";
_giraf._logger.LogError(errorDescription);
return(new ErrorResponse <DepartmentDTO>(ErrorCode.Error, errorDescription));
}
}
public async Task <Response <GirafUserDTO> > AddUserResource(string id, [FromBody] ResourceIdDTO resourceIdDTO)
{
//Check if valid parameters have been specified in the call
if (string.IsNullOrEmpty(id))
{
return(new ErrorResponse <GirafUserDTO>(ErrorCode.MissingProperties, "username"));
}
if (resourceIdDTO == null)
{
return(new ErrorResponse <GirafUserDTO>(ErrorCode.MissingProperties, "resourceIdDTO"));
}
//Attempt to find the target user and check that he exists
var user = _giraf._context.Users.Include(u => u.Resources).ThenInclude(dr => dr.Pictogram).FirstOrDefault(u => u.Id == id);
if (user == null)
{
return(new ErrorResponse <GirafUserDTO>(ErrorCode.UserNotFound));
}
// check access rights
if (!(await _authentication.HasEditOrReadUserAccess(await _giraf._userManager.GetUserAsync(HttpContext.User), user)))
{
return(new ErrorResponse <GirafUserDTO>(ErrorCode.NotAuthorized));
}
//Find the resource and check that it actually does exist - also verify that the resource is private
var resource = await _giraf._context.Pictograms
.Where(pf => pf.Id == resourceIdDTO.Id)
.FirstOrDefaultAsync();
if (resource == null)
{
return(new ErrorResponse <GirafUserDTO>(ErrorCode.ResourceNotFound));
}
if (resource.AccessLevel != AccessLevel.PRIVATE)
{
return(new ErrorResponse <GirafUserDTO>(ErrorCode.ResourceMustBePrivate));
}
//Check that the currently authenticated user owns the resource
var curUsr = await _giraf.LoadBasicUserDataAsync(HttpContext.User);
var resourceOwnedByCaller = await _giraf.CheckPrivateOwnership(resource, curUsr);
if (!resourceOwnedByCaller)
{
return(new ErrorResponse <GirafUserDTO>(ErrorCode.NotAuthorized));
}
//Check if the target user already owns the resource
if (user.Resources.Any(ur => ur.PictogramKey == resourceIdDTO.Id))
{
return(new ErrorResponse <GirafUserDTO>(ErrorCode.UserAlreadyOwnsResource));
}
//Create the relation and save changes.
var userResource = new UserResource(user, resource);
await _giraf._context.UserResources.AddAsync(userResource);
await _giraf._context.SaveChangesAsync();
// Get the roles the user is associated with
GirafRoles userRole = await _roleManager.findUserRole(_giraf._userManager, user);
return(new Response <GirafUserDTO>(new GirafUserDTO(user, userRole)));
}