public async Task <Response <IEnumerable <WeekTemplateNameDTO> > > GetWeekTemplates() { var user = await _giraf.LoadBasicUserDataAsync(HttpContext.User); if (!await _authentication.HasTemplateAccess(user)) { return(new ErrorResponse <IEnumerable <WeekTemplateNameDTO> >(ErrorCode.NotAuthorized)); } var result = _giraf._context.WeekTemplates .Where(t => t.DepartmentKey == user.DepartmentKey) .Select(w => new WeekTemplateNameDTO(w.Name, w.Id)).ToArray(); if (result.Length < 1) { return(new ErrorResponse <IEnumerable <WeekTemplateNameDTO> >(ErrorCode.NoWeekTemplateFound)); } else { return(new Response <IEnumerable <WeekTemplateNameDTO> >(result)); } }
public async Task <Response <WeekPictogramDTO> > ReadPictogram(long id) { try { //Fetch the pictogram and check that it actually exists var pictogram = await _giraf._context.Pictograms .Where(p => p.Id == id) .FirstOrDefaultAsync(); if (pictogram == null) { return(new ErrorResponse <WeekPictogramDTO>(ErrorCode.PictogramNotFound)); } //Check if the pictogram is public and return it if so if (pictogram.AccessLevel == AccessLevel.PUBLIC) { return(new Response <WeekPictogramDTO>(new WeekPictogramDTO(pictogram))); } var usr = await _giraf.LoadBasicUserDataAsync(HttpContext.User); if (usr == null) { return(new ErrorResponse <WeekPictogramDTO>(ErrorCode.UserNotFound)); } var ownsResource = false; if (pictogram.AccessLevel == AccessLevel.PRIVATE) { ownsResource = await _giraf.CheckPrivateOwnership(pictogram, usr); } else if (pictogram.AccessLevel == AccessLevel.PROTECTED) { ownsResource = await _giraf.CheckProtectedOwnership(pictogram, usr); } if (ownsResource) { return(new Response <WeekPictogramDTO>(new WeekPictogramDTO(pictogram))); } else { return(new ErrorResponse <WeekPictogramDTO>(ErrorCode.NotAuthorized)); } } catch (Exception e) { var exceptionMessage = $"Exception occured in read:\n{e}"; _giraf._logger.LogError(exceptionMessage); return(new ErrorResponse <WeekPictogramDTO>(ErrorCode.Error)); } }
public async Task <Response <DepartmentDTO> > Post([FromBody] DepartmentDTO depDTO) { try { if (depDTO?.Name == null) { return(new ErrorResponse <DepartmentDTO>(ErrorCode.MissingProperties, "Deparment name has to be specified!")); } var authenticatedUser = await _giraf.LoadBasicUserDataAsync(HttpContext.User); if (authenticatedUser == null) { return(new ErrorResponse <DepartmentDTO>(ErrorCode.UserNotFound)); } var userRole = await _roleManager.findUserRole(_giraf._userManager, authenticatedUser); if (userRole != GirafRoles.SuperUser) { return(new ErrorResponse <DepartmentDTO>(ErrorCode.NotAuthorized)); } //Add the department to the database. Department department = new Department(depDTO); //Add all members specified by either id or username in the DTO if (depDTO.Members != null) { foreach (var mem in depDTO.Members) { var usr = await _giraf._context.Users .Where(u => u.UserName == mem.UserName || u.Id == mem.UserId) .FirstOrDefaultAsync(); if (usr == null) { return(new ErrorResponse <DepartmentDTO>(ErrorCode.InvalidProperties, "The member list contained an invalid id: " + mem)); } department.Members.Add(usr); usr.Department = department; } } //Add all the resources with the given ids if (depDTO.Resources != null) { foreach (var reso in depDTO.Resources) { var res = await _giraf._context.Pictograms .Where(p => p.Id == reso) .FirstOrDefaultAsync(); if (res == null) { return(new ErrorResponse <DepartmentDTO>(ErrorCode.InvalidProperties, "The list of resources contained an invalid resource id: " + reso)); } var dr = new DepartmentResource(department, res); await _giraf._context.DepartmentResources.AddAsync(dr); } } await _giraf._context.Departments.AddAsync(department); //Create a new user with the supplied information var departmentUser = new GirafUser(depDTO.Name, department) { IsDepartment = true }; //department.Members.Add(user); var identityUser = await _giraf._userManager.CreateAsync(departmentUser, "0000"); if (identityUser.Succeeded == false) { return(new ErrorResponse <DepartmentDTO>(ErrorCode.CouldNotCreateDepartmentUser, string.Join("\n", identityUser.Errors))); } await _giraf._userManager.AddToRoleAsync(departmentUser, GirafRole.Department); //Save the changes and return the entity await _giraf._context.SaveChangesAsync(); var members = DepartmentDTO.FindMembers(department.Members, _roleManager, _giraf); return(new Response <DepartmentDTO>(new DepartmentDTO(department, members))); } catch (System.Exception e) { var errorDescription = $"Exception in Post: {e.Message}, {e.InnerException}"; _giraf._logger.LogError(errorDescription); return(new ErrorResponse <DepartmentDTO>(ErrorCode.Error, errorDescription)); } }
public async Task <Response <GirafUserDTO> > AddUserResource(string id, [FromBody] ResourceIdDTO resourceIdDTO) { //Check if valid parameters have been specified in the call if (string.IsNullOrEmpty(id)) { return(new ErrorResponse <GirafUserDTO>(ErrorCode.MissingProperties, "username")); } if (resourceIdDTO == null) { return(new ErrorResponse <GirafUserDTO>(ErrorCode.MissingProperties, "resourceIdDTO")); } //Attempt to find the target user and check that he exists var user = _giraf._context.Users.Include(u => u.Resources).ThenInclude(dr => dr.Pictogram).FirstOrDefault(u => u.Id == id); if (user == null) { return(new ErrorResponse <GirafUserDTO>(ErrorCode.UserNotFound)); } // check access rights if (!(await _authentication.HasEditOrReadUserAccess(await _giraf._userManager.GetUserAsync(HttpContext.User), user))) { return(new ErrorResponse <GirafUserDTO>(ErrorCode.NotAuthorized)); } //Find the resource and check that it actually does exist - also verify that the resource is private var resource = await _giraf._context.Pictograms .Where(pf => pf.Id == resourceIdDTO.Id) .FirstOrDefaultAsync(); if (resource == null) { return(new ErrorResponse <GirafUserDTO>(ErrorCode.ResourceNotFound)); } if (resource.AccessLevel != AccessLevel.PRIVATE) { return(new ErrorResponse <GirafUserDTO>(ErrorCode.ResourceMustBePrivate)); } //Check that the currently authenticated user owns the resource var curUsr = await _giraf.LoadBasicUserDataAsync(HttpContext.User); var resourceOwnedByCaller = await _giraf.CheckPrivateOwnership(resource, curUsr); if (!resourceOwnedByCaller) { return(new ErrorResponse <GirafUserDTO>(ErrorCode.NotAuthorized)); } //Check if the target user already owns the resource if (user.Resources.Any(ur => ur.PictogramKey == resourceIdDTO.Id)) { return(new ErrorResponse <GirafUserDTO>(ErrorCode.UserAlreadyOwnsResource)); } //Create the relation and save changes. var userResource = new UserResource(user, resource); await _giraf._context.UserResources.AddAsync(userResource); await _giraf._context.SaveChangesAsync(); // Get the roles the user is associated with GirafRoles userRole = await _roleManager.findUserRole(_giraf._userManager, user); return(new Response <GirafUserDTO>(new GirafUserDTO(user, userRole))); }