Exemplo n.º 1
0
        public async Task updateTopic(Int64 tokenId, Topic Topic)
        {
            var token = await quickGetToken(tokenId);

            var topic = Topic;

            var originalTopic = await(from t in _context.topics
                                      where t.Id == topic.Id
                                      select t).FirstOrDefaultAsync();

            if (originalTopic == null)
            {
                throw AutoApiError.NotFound();
            }
            var role      = new UserRole(token.User.RawRole);
            var canUpdate = (role.IsAdmin || (originalTopic.OwnerId != null && originalTopic.OwnerId.Value == token.UserId));

            if (!canUpdate)
            {
                throw AutoApiError.Unauthorised();
            }
            originalTopic.Title      = topic.Title;
            originalTopic.RoleToEdit = topic.RoleToEdit;
            originalTopic.RoleToRead = topic.RoleToRead;
            _context.topics.Update(originalTopic);
            await _context.SaveChangesAsync();
        }
Exemplo n.º 2
0
        public async Task logout(Int64 tokenId, string email)
        {
            var token = await LoginTokenTasks.GetLoginTokenAsync(_context, tokenId);

            if (token == null)
            {
                throw AutoApiError.NotFound();
            }
            if (email != null)
            {
                if (string.IsNullOrWhiteSpace(email))
                {
                    throw AutoApiError.InvalidParam("email");
                }
                var userRole = new UserRole(token.User.RawRole);
                if (!userRole.IsAdmin)
                {
                    throw AutoApiError.Unauthorised();
                }
                await LoginTokenTasks.LogoutAsync(_context, token, email);
            }
            else
            {
                await LoginTokenTasks.LogoutAsync(_context, token);
            }
        }
Exemplo n.º 3
0
        public async Task <Post> createPost(Int64 tokenId, Post Post)
        {
            var token = await quickGetToken(tokenId);

            var post = Post;

            post.Id = 0;
            if (post.UserId != token.UserId)
            {
                throw AutoApiError.Unauthorised();
            }

            var topicId = post.ParentId;

            if (topicId == null)
            {
                throw AutoApiError.InvalidParam("Post.ParentId");
            }
            var topic = await(from t in _context.topics
                              where t.Id == topicId.Value
                              select t).FirstOrDefaultAsync();

            if (token.User.RawRole < topic.RoleToEdit)
            {
                throw AutoApiError.Unauthorised();
            }
            var now = DateTime.UtcNow;

            post.Created  = now;
            post.Modified = now;
            _context.posts.Add(post);
            await _context.SaveChangesAsync();

            return(post.CloneForExport());
        }
Exemplo n.º 4
0
        public async Task <LoginToken> login(string email, string password)
        {
            var token = await LoginTokenTasks.LoginAsync(_context, email, password);

            if (token == null)
            {
                throw AutoApiError.AuthenticationFailure();
            }
            return(token);
        }
Exemplo n.º 5
0
 public async Task <Post> unhidePost(Int64 tokenId, int postId)
 {
     return(await ChangePostAsync(tokenId, postId, (post, isAdmin) =>
     {
         if (!isAdmin)
         {
             throw AutoApiError.Unauthorised();
         }
         post.Hidden = false;
     }));
 }
Exemplo n.º 6
0
        public async Task deleteTopic(Int64 tokenId, int topicId)
        {
            var token = await quickGetToken(tokenId);

            var userRole = new UserRole(token.User.RawRole);

            if (!userRole.IsAdmin)
            {
                throw AutoApiError.Unauthorised();
            }

            var topic = await(from t in _context.topics
                              where t.Id == topicId
                              select t).FirstOrDefaultAsync();

            if (topic == null)
            {
                throw AutoApiError.NotFound();
            }
            topic = null;

            /* We use this approach because EF Core doesn't support self-referential cascading. */

            try
            {
                // Delete the topic itself
                await _context.Database.BeginTransactionAsync();

                string sql  = "delete from topics where Id = @p0";
                int    rows = await _context.Database.ExecuteSqlCommandAsync(sql, new object[] { topicId });

                // Delete all its children for whom ParentId has now become null, recursively
                sql = "delete from topics where ParentId is NULL and IsRootEntry = 0";
                do
                {
                    rows = await _context.Database.ExecuteSqlCommandAsync(sql, new object[] { topicId });
                } while(rows > 0);

                // Delete all the posts that have been orphaned as a result of the above.
                sql = "delete from posts where ParentId is NULL";
                do
                {
                    rows = await _context.Database.ExecuteSqlCommandAsync(sql, new object[] { topicId });
                } while(rows > 0);
                _context.Database.CommitTransaction();
            }
            catch (Exception ex)
            {
                Log(ex.Message);
                _context.Database.RollbackTransaction();
            }
        }
Exemplo n.º 7
0
        public async Task updateUser(Int64 tokenId, User user)
        {
            var token = await quickGetToken(tokenId);

            if (token.UserId != user.Id)
            {
                var userRole = new UserRole(token.User.RawRole);
                if (!userRole.IsAdmin)
                {
                    throw AutoApiError.Unauthorised();
                }
            }
            await UserTasks.UpdateUserAsync(_context, token, user);
        }
Exemplo n.º 8
0
        private async Task <LoginToken> quickGetToken(Int64 tokenId, bool allowAnon = false)
        {
            if (tokenId == LoginToken.AnonymousLoginId && allowAnon)
            {
                return(LoginTokenTasks.GetAnonmymousToken());
            }
            var token = await LoginTokenTasks.GetLoginTokenAsync(_context, tokenId);

            if (token.User.Active)
            {
                return(token);
            }
            throw AutoApiError.InvalidToken();
        }
Exemplo n.º 9
0
        public async Task <List <User> > getUsers(Int64 tokenId)
        {
            var token = await quickGetToken(tokenId);

            var role = new UserRole(token.User.RawRole);

            if (!role.IsAdmin)
            {
                throw AutoApiError.Unauthorised();
            }
            var users = await(from u in _context.users select u).ToListAsync();

            for (int i = 0; i < users.Count; ++i)
            {
                users[i] = users[i].CloneForExport();
            }
            return(users);
        }
Exemplo n.º 10
0
        public async Task updatePassword(string email, string oldPassword, string newPassword)
        {
            if (string.IsNullOrWhiteSpace(email))
            {
                throw AutoApiError.InvalidParam("email");
            }

            if (string.IsNullOrWhiteSpace(oldPassword))
            {
                throw AutoApiError.InvalidParam("oldPassword");
            }

            if (string.IsNullOrWhiteSpace(newPassword))
            {
                throw AutoApiError.InvalidParam("newPassword");
            }

            await UserTasks.UpdatePasswordAsync(_context, email, oldPassword, newPassword);
        }
Exemplo n.º 11
0
        public async Task <User> createUser(Int64 tokenId, string email, string displayName, string password, int role)
        {
            var token = await quickGetToken(tokenId);

            var userRole = new UserRole(token.User.RawRole);

            if (!userRole.IsAdmin)
            {
                throw AutoApiError.Unauthorised();
            }

            if (string.IsNullOrWhiteSpace(email))
            {
                throw AutoApiError.InvalidParam("email");
            }
            if (string.IsNullOrWhiteSpace(password))
            {
                throw AutoApiError.InvalidParam("password");
            }

            if (!UserRole.RoleIsValid(role))
            {
                throw AutoApiError.InvalidParam("role");
            }
            try
            {
                var user = await UserTasks.CreateUserAsync(_context, token, email, displayName, password, role);

                if (user == null)
                {
                    throw AutoApiError.ServerError("Create user failed unexpectedly.");
                }
                return(user.CloneForExport());
            }
            catch (Exception ex)
            {
                if (ex.Message == "Unauthorised")
                {
                    throw AutoApiError.Unauthorised();
                }
                throw;
            }
        }
Exemplo n.º 12
0
        public async Task <LoginToken> getToken(Int64 tokenId)
        {
            LoginToken token;

            if (tokenId == LoginToken.AnonymousLoginId)
            {
                token = LoginTokenTasks.GetAnonmymousToken();
            }
            else
            {
                token = await LoginTokenTasks.GetLoginTokenAsync(_context, tokenId);
            }

            if (token == null)
            {
                throw AutoApiError.InvalidToken();
            }

            return(token.CloneForExport());
        }
Exemplo n.º 13
0
        private async Task <ApiResult> activateUser_Impl(Int64 tokenId, string email, bool active)
        {
            var token = await quickGetToken(tokenId);

            var userRole = new UserRole(token.User.RawRole);

            if (!userRole.IsAdmin)
            {
                throw AutoApiError.Unauthorised();
            }

            if (string.IsNullOrWhiteSpace(email))
            {
                throw AutoApiError.InvalidParam("email");
            }

            await UserTasks.SetUserActiveAsync(_context, token, email, active);

            return(new ApiResult(StdResult.OK));
        }
Exemplo n.º 14
0
        public async Task <Topic> getTopic(Int64 tokenId, int topicId)
        {
            var token = await quickGetToken(tokenId, true);

            Topic topic = await(from t in _context.topics
                                where t.Id == topicId
                                select t).FirstOrDefaultAsync();

            if (topic != null)
            {
                int tokenRole = token.User.RawRole;
                if (topic.RoleToRead > tokenRole)
                {
                    throw AutoApiError.Unauthorised();
                }

                return(topic.CloneForExport());
            }

            throw AutoApiError.NotFound();
        }
Exemplo n.º 15
0
        public async Task <User> getUser(Int64 tokenId, int userId)
        {
            var token = await quickGetToken(tokenId);

            UserRole role = new UserRole(token.User.RawRole);

            if (!(role.IsAdmin || token.UserId == userId))
            {
                throw AutoApiError.Unauthorised();
            }

            var user = await(from u in _context.users where u.Id == userId select u).FirstOrDefaultAsync();

            if (user == null)
            {
                throw AutoApiError.NotFound();
            }

            user = user.CloneForExport();
            return(user);
        }
Exemplo n.º 16
0
        public async Task <Post> getPost(Int64 tokenId, int postId)
        {
            var token = await quickGetToken(tokenId);

            var tokenRole = token.User.RawRole;

            var post = await(from p in _context.posts
                             where p.Id == postId
                             select p).FirstOrDefaultAsync();

            if (tokenRole < post.RoleToRead)
            {
                throw AutoApiError.Unauthorised();
            }

            if (post == null)
            {
                throw AutoApiError.NotFound();
            }

            return(post.CloneForExport());
        }
Exemplo n.º 17
0
        private async Task <Post> ChangePostAsync(Int64 tokenId, int postId, Action <Post, bool> callback)
        {
            var token = await quickGetToken(tokenId);

            var role = new UserRole(token.User.RawRole);

            var post = await(from p in _context.posts
                             where p.Id == postId
                             select p).FirstOrDefaultAsync();

            if (post == null)
            {
                throw AutoApiError.NotFound();
            }
            bool mayChange = (post.UserId != null && post.UserId == token.UserId) ||
                             role.IsAdmin;

            if (!mayChange)
            {
                throw AutoApiError.Unauthorised();
            }
            try
            {
                callback(post, role.IsAdmin);
            }
            catch (Exception ex)
            {
                if (ex is AutoApiError)
                {
                    throw;
                }
                throw AutoApiError.ServerError(ex.Message);
            }
            post.Modified = DateTime.Now;
            _context.Update(post);
            await _context.SaveChangesAsync();

            return(post.CloneForExport());
        }
Exemplo n.º 18
0
        public async Task <Post> updatePost(Int64 tokenId, Post Post)
        {
            var post = Post;

            return(await ChangePostAsync(tokenId, post.Id,
                                         (originalPost, isAdmin) =>
            {
                if ((originalPost.RoleToEdit != post.RoleToEdit ||
                     originalPost.RoleToRead != post.RoleToRead) &&
                    !isAdmin)
                {
                    throw AutoApiError.NotFound();
                }
                else
                {
                    originalPost.RoleToEdit = post.RoleToEdit;
                    originalPost.RoleToEdit = post.RoleToRead;
                }
                originalPost.Title = post.Title;
                originalPost.Body = post.Body;
                originalPost.Modified = DateTime.UtcNow;
            }));
        }
Exemplo n.º 19
0
        public async Task <Topic> createTopic(Int64 tokenId, int?parentTopicId, string title, int roleToEdit, int roleToRead)
        {
            var token = await quickGetToken(tokenId);

            var userRole = new UserRole(token.User.RawRole);

            if (parentTopicId == null)              //Only administators can edit the root topic level.
            {
                if (!userRole.IsAdmin)
                {
                    throw AutoApiError.Unauthorised();
                }
            }
            else
            {
                var parentTopic = await(from t in _context.topics
                                        where t.Id == parentTopicId.Value
                                        select t).FirstOrDefaultAsync();
                if (parentTopic == null)
                {
                    throw AutoApiError.NotFound();
                }
                if (parentTopic.RoleToEdit > token.User.RawRole)
                {
                    throw AutoApiError.Unauthorised();
                }
            }

            if (title == null)
            {
                throw AutoApiError.InvalidParam("title.");
            }
            if (!UserRole.RoleIsValid(roleToEdit))
            {
                throw AutoApiError.InvalidRole("roleToEdit.");
            }
            if (!UserRole.RoleIsValid(roleToRead))
            {
                throw AutoApiError.InvalidParam("roleToRead.");
            }
            if (roleToRead > token.User.RawRole)
            {
                throw new AutoApiError("The topic would be unreadable by its creator.");
            }
            var topic = new Topic();

            topic.Title       = title;
            topic.RoleToEdit  = roleToEdit;
            topic.RoleToRead  = roleToRead;
            topic.ParentId    = parentTopicId;
            topic.IsRootEntry = parentTopicId == null;
            topic.OwnerId     = token.UserId;
            var now = DateTime.UtcNow;

            topic.Modified = now;
            topic.Created  = now;
            _context.topics.Add(topic);
            await _context.SaveChangesAsync();

            return(topic.CloneForExport());
        }