예제 #1
0
        public async Task <IActionResult> GetGlobalRoles([FromQuery] string username)
        {
            var normalizedUsername = UsernameNormalizer.Normalize(username);

            // Authroize
            var loggedInUsername    = UsernameNormalizer.Normalize(HttpContext.User.Identity.Name);
            var authorizationResult = await authorizationModule.AuthorizeAsync(new GetGlobalRolesResourceDescription(normalizedUsername), loggedInUsername);

            if (!authorizationResult.IsAuthorized)
            {
                return(StatusCode((int)HttpStatusCode.Unauthorized, "Not authorized"));
            }

            if (!await authenticationModule.ExistsAsync(normalizedUsername))
            {
                return(NotFound($"User '{normalizedUsername}' doesn't exist"));
            }

            var roles = await authenticationModule.GetGlobalRolesForUserAsync(normalizedUsername);

            return(new ContentResult
            {
                ContentType = Conventions.JsonContentType,
                Content = JsonConvert.SerializeObject(roles),
                StatusCode = (int)HttpStatusCode.OK
            });
        }
예제 #2
0
        public async Task <IActionResult> ReportTo(
            [FromQuery] string recipient,
            [FromQuery] string dataType,
            [FromQuery] string id)
        {
            // Validate
            if (string.IsNullOrEmpty(recipient))
            {
                return(BadRequest("Recipient missing"));
            }
            if (string.IsNullOrEmpty(dataType))
            {
                return(BadRequest("Data type missing"));
            }
            if (string.IsNullOrEmpty(id))
            {
                return(BadRequest("ID missing"));
            }
            var recipientExists = await authenticationModule.ExistsAsync(recipient);

            if (!recipientExists)
            {
                return(BadRequest("Unknown recipient"));
            }

            // Authenticate
            var loggedInUsername    = UsernameNormalizer.Normalize(HttpContext.User.Identity.Name);
            var authorizationResult = await authorizationModule.AuthorizeAsync(
                new ReportDataResourceDescription(),
                loggedInUsername);

            if (!authorizationResult.IsAuthorized)
            {
                return(StatusCode((int)HttpStatusCode.Unauthorized, "Not authorized"));
            }

            // Provide
            await subscriptionManager.NotifyUserAboutNewDataAsync(recipient, dataType, id);

            apiEventLogger.Log(LogLevel.Info, $"User '{authorizationResult.User.UserName}' reported '{dataType}' with ID '{id}' to '{recipient}'");
            return(Ok());
        }