public async Task <Post> createPost(Int64 tokenId, Post Post) { var token = await quickGetToken(tokenId); var post = Post; post.Id = 0; if (post.UserId != token.UserId) { throw AutoApiError.Unauthorised(); } var topicId = post.ParentId; if (topicId == null) { throw AutoApiError.InvalidParam("Post.ParentId"); } var topic = await(from t in _context.topics where t.Id == topicId.Value select t).FirstOrDefaultAsync(); if (token.User.RawRole < topic.RoleToEdit) { throw AutoApiError.Unauthorised(); } var now = DateTime.UtcNow; post.Created = now; post.Modified = now; _context.posts.Add(post); await _context.SaveChangesAsync(); return(post.CloneForExport()); }
public async Task updateTopic(Int64 tokenId, Topic Topic) { var token = await quickGetToken(tokenId); var topic = Topic; var originalTopic = await(from t in _context.topics where t.Id == topic.Id select t).FirstOrDefaultAsync(); if (originalTopic == null) { throw AutoApiError.NotFound(); } var role = new UserRole(token.User.RawRole); var canUpdate = (role.IsAdmin || (originalTopic.OwnerId != null && originalTopic.OwnerId.Value == token.UserId)); if (!canUpdate) { throw AutoApiError.Unauthorised(); } originalTopic.Title = topic.Title; originalTopic.RoleToEdit = topic.RoleToEdit; originalTopic.RoleToRead = topic.RoleToRead; _context.topics.Update(originalTopic); await _context.SaveChangesAsync(); }
public async Task logout(Int64 tokenId, string email) { var token = await LoginTokenTasks.GetLoginTokenAsync(_context, tokenId); if (token == null) { throw AutoApiError.NotFound(); } if (email != null) { if (string.IsNullOrWhiteSpace(email)) { throw AutoApiError.InvalidParam("email"); } var userRole = new UserRole(token.User.RawRole); if (!userRole.IsAdmin) { throw AutoApiError.Unauthorised(); } await LoginTokenTasks.LogoutAsync(_context, token, email); } else { await LoginTokenTasks.LogoutAsync(_context, token); } }
public async Task <Post> unhidePost(Int64 tokenId, int postId) { return(await ChangePostAsync(tokenId, postId, (post, isAdmin) => { if (!isAdmin) { throw AutoApiError.Unauthorised(); } post.Hidden = false; })); }
public async Task deleteTopic(Int64 tokenId, int topicId) { var token = await quickGetToken(tokenId); var userRole = new UserRole(token.User.RawRole); if (!userRole.IsAdmin) { throw AutoApiError.Unauthorised(); } var topic = await(from t in _context.topics where t.Id == topicId select t).FirstOrDefaultAsync(); if (topic == null) { throw AutoApiError.NotFound(); } topic = null; /* We use this approach because EF Core doesn't support self-referential cascading. */ try { // Delete the topic itself await _context.Database.BeginTransactionAsync(); string sql = "delete from topics where Id = @p0"; int rows = await _context.Database.ExecuteSqlCommandAsync(sql, new object[] { topicId }); // Delete all its children for whom ParentId has now become null, recursively sql = "delete from topics where ParentId is NULL and IsRootEntry = 0"; do { rows = await _context.Database.ExecuteSqlCommandAsync(sql, new object[] { topicId }); } while(rows > 0); // Delete all the posts that have been orphaned as a result of the above. sql = "delete from posts where ParentId is NULL"; do { rows = await _context.Database.ExecuteSqlCommandAsync(sql, new object[] { topicId }); } while(rows > 0); _context.Database.CommitTransaction(); } catch (Exception ex) { Log(ex.Message); _context.Database.RollbackTransaction(); } }
public async Task updateUser(Int64 tokenId, User user) { var token = await quickGetToken(tokenId); if (token.UserId != user.Id) { var userRole = new UserRole(token.User.RawRole); if (!userRole.IsAdmin) { throw AutoApiError.Unauthorised(); } } await UserTasks.UpdateUserAsync(_context, token, user); }
public async Task <List <User> > getUsers(Int64 tokenId) { var token = await quickGetToken(tokenId); var role = new UserRole(token.User.RawRole); if (!role.IsAdmin) { throw AutoApiError.Unauthorised(); } var users = await(from u in _context.users select u).ToListAsync(); for (int i = 0; i < users.Count; ++i) { users[i] = users[i].CloneForExport(); } return(users); }
public async Task <User> createUser(Int64 tokenId, string email, string displayName, string password, int role) { var token = await quickGetToken(tokenId); var userRole = new UserRole(token.User.RawRole); if (!userRole.IsAdmin) { throw AutoApiError.Unauthorised(); } if (string.IsNullOrWhiteSpace(email)) { throw AutoApiError.InvalidParam("email"); } if (string.IsNullOrWhiteSpace(password)) { throw AutoApiError.InvalidParam("password"); } if (!UserRole.RoleIsValid(role)) { throw AutoApiError.InvalidParam("role"); } try { var user = await UserTasks.CreateUserAsync(_context, token, email, displayName, password, role); if (user == null) { throw AutoApiError.ServerError("Create user failed unexpectedly."); } return(user.CloneForExport()); } catch (Exception ex) { if (ex.Message == "Unauthorised") { throw AutoApiError.Unauthorised(); } throw; } }
private async Task <ApiResult> activateUser_Impl(Int64 tokenId, string email, bool active) { var token = await quickGetToken(tokenId); var userRole = new UserRole(token.User.RawRole); if (!userRole.IsAdmin) { throw AutoApiError.Unauthorised(); } if (string.IsNullOrWhiteSpace(email)) { throw AutoApiError.InvalidParam("email"); } await UserTasks.SetUserActiveAsync(_context, token, email, active); return(new ApiResult(StdResult.OK)); }
public async Task <Topic> getTopic(Int64 tokenId, int topicId) { var token = await quickGetToken(tokenId, true); Topic topic = await(from t in _context.topics where t.Id == topicId select t).FirstOrDefaultAsync(); if (topic != null) { int tokenRole = token.User.RawRole; if (topic.RoleToRead > tokenRole) { throw AutoApiError.Unauthorised(); } return(topic.CloneForExport()); } throw AutoApiError.NotFound(); }
public async Task <User> getUser(Int64 tokenId, int userId) { var token = await quickGetToken(tokenId); UserRole role = new UserRole(token.User.RawRole); if (!(role.IsAdmin || token.UserId == userId)) { throw AutoApiError.Unauthorised(); } var user = await(from u in _context.users where u.Id == userId select u).FirstOrDefaultAsync(); if (user == null) { throw AutoApiError.NotFound(); } user = user.CloneForExport(); return(user); }
public async Task <Post> getPost(Int64 tokenId, int postId) { var token = await quickGetToken(tokenId); var tokenRole = token.User.RawRole; var post = await(from p in _context.posts where p.Id == postId select p).FirstOrDefaultAsync(); if (tokenRole < post.RoleToRead) { throw AutoApiError.Unauthorised(); } if (post == null) { throw AutoApiError.NotFound(); } return(post.CloneForExport()); }
private async Task <Post> ChangePostAsync(Int64 tokenId, int postId, Action <Post, bool> callback) { var token = await quickGetToken(tokenId); var role = new UserRole(token.User.RawRole); var post = await(from p in _context.posts where p.Id == postId select p).FirstOrDefaultAsync(); if (post == null) { throw AutoApiError.NotFound(); } bool mayChange = (post.UserId != null && post.UserId == token.UserId) || role.IsAdmin; if (!mayChange) { throw AutoApiError.Unauthorised(); } try { callback(post, role.IsAdmin); } catch (Exception ex) { if (ex is AutoApiError) { throw; } throw AutoApiError.ServerError(ex.Message); } post.Modified = DateTime.Now; _context.Update(post); await _context.SaveChangesAsync(); return(post.CloneForExport()); }
public async Task <Topic> createTopic(Int64 tokenId, int?parentTopicId, string title, int roleToEdit, int roleToRead) { var token = await quickGetToken(tokenId); var userRole = new UserRole(token.User.RawRole); if (parentTopicId == null) //Only administators can edit the root topic level. { if (!userRole.IsAdmin) { throw AutoApiError.Unauthorised(); } } else { var parentTopic = await(from t in _context.topics where t.Id == parentTopicId.Value select t).FirstOrDefaultAsync(); if (parentTopic == null) { throw AutoApiError.NotFound(); } if (parentTopic.RoleToEdit > token.User.RawRole) { throw AutoApiError.Unauthorised(); } } if (title == null) { throw AutoApiError.InvalidParam("title."); } if (!UserRole.RoleIsValid(roleToEdit)) { throw AutoApiError.InvalidRole("roleToEdit."); } if (!UserRole.RoleIsValid(roleToRead)) { throw AutoApiError.InvalidParam("roleToRead."); } if (roleToRead > token.User.RawRole) { throw new AutoApiError("The topic would be unreadable by its creator."); } var topic = new Topic(); topic.Title = title; topic.RoleToEdit = roleToEdit; topic.RoleToRead = roleToRead; topic.ParentId = parentTopicId; topic.IsRootEntry = parentTopicId == null; topic.OwnerId = token.UserId; var now = DateTime.UtcNow; topic.Modified = now; topic.Created = now; _context.topics.Add(topic); await _context.SaveChangesAsync(); return(topic.CloneForExport()); }