Exemplo n.º 1
0
        public async Task <Response <GirafUserDTO> > DeleteResource(string id, [FromBody] ResourceIdDTO resourceIdDTO)
        {
            //Check if the caller owns the resource
            var user = _giraf._context.Users.Include(r => r.Resources).ThenInclude(dr => dr.Pictogram).FirstOrDefault(u => u.Id == id);

            if (user == null)
            {
                return(new ErrorResponse <GirafUserDTO>(ErrorCode.UserNotFound));
            }

            //Check that valid parameters have been specified in the call
            if (resourceIdDTO == null)
            {
                return(new ErrorResponse <GirafUserDTO>(ErrorCode.MissingProperties, "resourceIdDTO"));
            }

            //Fetch the resource with the given id, check that it exists.
            var resource = await _giraf._context.Pictograms
                           .Where(f => f.Id == resourceIdDTO.Id)
                           .FirstOrDefaultAsync();

            if (resource == null)
            {
                return(new ErrorResponse <GirafUserDTO>(ErrorCode.ResourceNotFound));
            }

            // check access rights
            if (!(await _authentication.HasEditOrReadUserAccess(await _giraf._userManager.GetUserAsync(HttpContext.User), user)))
            {
                return(new ErrorResponse <GirafUserDTO>(ErrorCode.NotAuthorized));
            }

            //Fetch the relationship from the database and check that it exists
            var relationship = await _giraf._context.UserResources
                               .Where(ur => ur.PictogramKey == resource.Id && ur.OtherKey == user.Id)
                               .FirstOrDefaultAsync();

            if (relationship == null)
            {
                return(new ErrorResponse <GirafUserDTO>(ErrorCode.UserDoesNotOwnResource));
            }

            //Remove the resource - both from the user's list and the database
            user.Resources.Remove(relationship);
            _giraf._context.UserResources.Remove(relationship);
            await _giraf._context.SaveChangesAsync();

            // Get the roles the user is associated with
            var userRole = await _roleManager.findUserRole(_giraf._userManager, user);

            //Return Ok and the user - the resource is now visible in user.Resources
            return(new Response <GirafUserDTO>(new GirafUserDTO(user, userRole)));
        }
Exemplo n.º 2
0
        public async Task <Response <GirafUserDTO> > AddUserResource(string id, [FromBody] ResourceIdDTO resourceIdDTO)
        {
            //Check if valid parameters have been specified in the call
            if (string.IsNullOrEmpty(id))
            {
                return(new ErrorResponse <GirafUserDTO>(ErrorCode.MissingProperties, "username"));
            }

            if (resourceIdDTO == null)
            {
                return(new ErrorResponse <GirafUserDTO>(ErrorCode.MissingProperties, "resourceIdDTO"));
            }

            //Attempt to find the target user and check that he exists
            var user = _giraf._context.Users.Include(u => u.Resources).ThenInclude(dr => dr.Pictogram).FirstOrDefault(u => u.Id == id);

            if (user == null)
            {
                return(new ErrorResponse <GirafUserDTO>(ErrorCode.UserNotFound));
            }

            // check access rights
            if (!(await _authentication.HasEditOrReadUserAccess(await _giraf._userManager.GetUserAsync(HttpContext.User), user)))
            {
                return(new ErrorResponse <GirafUserDTO>(ErrorCode.NotAuthorized));
            }

            //Find the resource and check that it actually does exist - also verify that the resource is private
            var resource = await _giraf._context.Pictograms
                           .Where(pf => pf.Id == resourceIdDTO.Id)
                           .FirstOrDefaultAsync();

            if (resource == null)
            {
                return(new ErrorResponse <GirafUserDTO>(ErrorCode.ResourceNotFound));
            }

            if (resource.AccessLevel != AccessLevel.PRIVATE)
            {
                return(new ErrorResponse <GirafUserDTO>(ErrorCode.ResourceMustBePrivate));
            }


            //Check that the currently authenticated user owns the resource
            var curUsr = await _giraf.LoadBasicUserDataAsync(HttpContext.User);

            var resourceOwnedByCaller = await _giraf.CheckPrivateOwnership(resource, curUsr);

            if (!resourceOwnedByCaller)
            {
                return(new ErrorResponse <GirafUserDTO>(ErrorCode.NotAuthorized));
            }

            //Check if the target user already owns the resource
            if (user.Resources.Any(ur => ur.PictogramKey == resourceIdDTO.Id))
            {
                return(new ErrorResponse <GirafUserDTO>(ErrorCode.UserAlreadyOwnsResource));
            }

            //Create the relation and save changes.
            var userResource = new UserResource(user, resource);
            await _giraf._context.UserResources.AddAsync(userResource);

            await _giraf._context.SaveChangesAsync();

            // Get the roles the user is associated with
            GirafRoles userRole = await _roleManager.findUserRole(_giraf._userManager, user);

            return(new Response <GirafUserDTO>(new GirafUserDTO(user, userRole)));
        }