Exemplo n.º 1
0
        public async Task <ApiResult <RoleForDto> > UpdateRole(RoleForDto roleDto)
        {
            using (_log.BeginScope())
            {
                _log.Write($"Update role {roleDto.Name}");

                var role = _mapper.Map <RoleForDto, Role>(roleDto);

                // check if there are user with this role before delete
                // if there is send message that role can't be deleted
                if (!roleDto.Active)
                {
                    if (await _roleBus.IsSafeToDeleteRole(role))
                    {
                        return(ApiResult <RoleForDto> .Forbidden("There are active users with this role. Please remove all users to delete role."));
                    }
                }

                await _roleBus.UpdateRole(role);

                _log.Write($"Successfully update role id {role.Id}");

                var roleDtoReturn = _mapper.Map <Role, RoleForDto>(role);

                return(ApiResult <RoleForDto> .Created(roleDtoReturn));
            }
        }
Exemplo n.º 2
0
        public async Task <ApiResult> GetProject(int projectId)
        {
            //get the roles of the current user.
            var roles = (await _userManager.GetRolesAsync(await _userManager.GetUserAsync(User)))
                        .Select(async roleName => await _roleManager.FindByNameAsync(roleName))
                        .Select(e => e.Result);

            //if none of the roles has the VIEW_ALL_PROJECTS permission and the current user is not a member of the project we return a 403 forbidden result.
            if (!roles.Any(role => role.Permissions.HasFlag(Permissions.VIEW_ALL_PROJECTS)))
            {
                if (!_projectService.UserIsMember(projectId, int.Parse(User.FindFirstValue(ClaimTypes.NameIdentifier))))
                {
                    return(ApiResult.Forbidden("You do not have access to this project."));
                }
            }

            Project project = _projectService.GetProject(projectId);

            if (project == null)
            {
                return(ApiResult.NotFound());
            }

            var projectModel = _mapper.Map <Core.Models.Projects.Project>(project);

            return(ApiResult.Success(projectModel));
        }
Exemplo n.º 3
0
        public async Task <ApiResult> ModifySelf(Core.Models.Users.User user)
        {
            var currentUser = await _userManager.GetUserAsync(User);

            if (currentUser.Id != user.Id)
            {
                return(ApiResult.Forbidden("You do not have access to modify a different user using this endpoint."));
            }

            var oldUser = await _userManager.FindByIdAsync(user.Id.ToString());

            if (oldUser == null)
            {
                return(ApiResult.BadRequest());
            }

            if (_userService.TryModifyUser(user, oldUser, out User newUser))
            {
                var userModel = _mapper.Map <Core.Models.Users.User>(newUser);

                return(ApiResult.Success(userModel));
            }

            return(ApiResult.BadRequest());
        }
Exemplo n.º 4
0
        public async Task <ActionResult> Login([FromBody] UserLoginPost user)
        {
            if (!ModelState.IsValid)
            {
                return(ApiResult.BadRequest(ModelState.First(e => e.Value.Errors.Any()).Value.Errors.First().ErrorMessage));
            }

            var result = await _signInManager.PasswordSignInAsync(user.Username, user.Password, user.RememberMe, false);

            if (result.Succeeded)
            {
                return(ApiResult.NoContent());
            }

            return(ApiResult.Forbidden(result.ToString()));
        }
Exemplo n.º 5
0
        public async Task <ApiResult> EditProfile(EditProfileMessage message)
        {
            try
            {
                var id = User.Claims.First(c => c.Type == ClaimTypes.Name).Value.ToString();

                if (message.Id != id)
                {
                    return(ApiResult.Forbidden("Not allowed"));
                }

                return(await _profileService.EditProfile(message) ? ApiResult.Success("Profile edited correctly") : ApiResult.BadRequest("Something went wrong"));
            }
            catch (System.Exception)
            {
                return(ApiResult.BadRequest("Something went wrong"));
            }
        }
Exemplo n.º 6
0
        public ApiResult Login([FromBody] LoginMessage message)
        {
            try
            {
                var user = _authService.LoginUser(message);
                if (user == null)
                {
                    return(ApiResult.Forbidden("Wrong credentials"));
                }

                var token = _authService.CreateToken(user.Id, user.Role);

                return(ApiResult.Success(user, token));
            }
            catch (System.Exception)
            {
                return(ApiResult.BadRequest("Something went wrong"));
            }
        }