[HttpGet] //working public IActionResult GetAllUsers() { try { if (!HelperMethods.ValidateIsAdmin(_httpContextAccessor)) { ErrorMessage error = new ErrorMessage("Invalid Role", "Caller must have admin role."); return(new UnauthorizedObjectResult(error)); } // get and return all users List <ReturnableUser> users = new List <ReturnableUser>(); foreach (User user in _context.Users.ToArray()) { ReturnableUser retUser = new ReturnableUser(user); users.Add(retUser); } return(new OkObjectResult(users)); } catch (Exception ex) { ErrorMessage error = new ErrorMessage("Error retrieving users.", ex.Message); return(new InternalServerErrorResult(error)); } }
public IActionResult GetAllUsers() { if (!HelperMethods.ValidateIsAdmin(_context, int.Parse(_httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.Actor).Value), _keyAndIV)) { ErrorMessage error = new ErrorMessage("Invalid Role", "Caller must have admin role."); return(new UnauthorizedObjectResult(error)); } // get and return all users List <ReturnableUser> users = new List <ReturnableUser>(); foreach (User user in _context.Users.ToArray()) { ReturnableUser retUser = new ReturnableUser(user, _keyAndIV); users.Add(retUser); } return(new OkObjectResult(users)); }
[HttpGet] //working public string GetAllUsers() { if (!HelperMethods.ValidateIsAdmin(_httpContextAccessor)) { Response.StatusCode = 401; return(JObject.FromObject(new ErrorMessage("Invalid Role", "n/a", "Caller must have admin role.")).ToString()); // n/a for no args there } // format success response.. maybe could be done better but not sure yet JObject message = JObject.Parse(SuccessMessage._result); JArray users = new JArray(); foreach (User user in _context.Users.ToArray()) { ReturnableUser retUser = new ReturnableUser(user); users.Add(JToken.FromObject(retUser)); } message.Add(new JProperty("users", users)); return(message.ToString()); }
[HttpPost("{id:int}/folders")] // working public string User_AddFolder(int id, [FromBody] string folderJson) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { Response.StatusCode = 401; return(JObject.FromObject(new ErrorMessage("Invalid User", "id accessed: " + id.ToString(), "Caller can only access their information.")).ToString()); } JObject json = null; // might want Json verification as own function since all will do it.. we will see try { json = JObject.Parse(folderJson); } catch (Exception ex) { Response.StatusCode = 400; ErrorMessage error = new ErrorMessage("Invalid Json", folderJson, ex.Message); return(JObject.FromObject(error).ToString()); } try { int?pid = json["parent_id"]?.ToObject <int?>(); // parent id // if user doesnt own the parent or isnt currently admin, we throw error if (pid != null && _context.Users.Single(a => a.ID == id).Folders.Single(b => b.ID == pid) == null && !HelperMethods.ValidateIsAdmin(_httpContextAccessor)) { throw new Exception("User must own the parent folder or be admin"); } // use token in header to to Folder new_folder = new Folder { UserID = id, FolderName = json["folder_name"].ToString(), ParentID = pid }; _context.Folders.Add(new_folder); // add new folder // only update parent if needed if (pid != null) { Folder parent_folder = _context.Users.Single(a => a.ID == id).Folders.Single(b => b.ID == pid); // this makes sure that the parent folder is owned by our user parent_folder.HasChild = true; _context.Folders.Update(parent_folder); // register to parent that is now has at least 1 child } _context.SaveChanges(); } catch (Exception ex) { Response.StatusCode = 500; return(JObject.FromObject(new ErrorMessage("Error creating new folder.", folderJson, ex.Message)).ToString()); } return(SuccessMessage._result); }