public EntityDecisionController() { Get("/api/v1/entity/decisions/active/get", _ => { var rules = new List <IValidatorRule>() { new ShouldHaveParameters(new[] { "entity_guid", "entity_type" }), new EntityShouldExist("entity_guid", "entity_type"), new ShouldBeCorrectEnumValue("entity_type", typeof(EntityType)), }; var errors = ValidationProcessor.Process(Request, rules, true); if (errors.Count > 0) { return(HttpResponse.Errors(errors)); } var entityType = (EntityType)GetRequestEnum("entity_type", typeof(EntityType)); var entityId = EntityUtils.GetEntityId(GetRequestStr("entity_guid"), entityType); var decisions = EntityDecisionRepository.GetActive(entityId, entityType); return(HttpResponse.Item("decisions", new DecisionTransformer().Many(decisions))); }); }
public EntityPermissionsController() { Get("/api/v1/entity/permissions/get", _ => { var errors = ValidationProcessor.Process(Request, new IValidatorRule[] { new ShouldHaveParameters(new[] { "entity_guid", "entity_type" }), new ShouldBeCorrectEnumValue("entity_type", typeof(EntityType)), new EntityShouldExist(), }, true); if (errors.Count > 0) { return(HttpResponse.Errors(errors)); } var me = UserRepository.Find(CurrentRequest.UserId); var entityType = (EntityType)GetRequestEnum("entity_type", typeof(EntityType)); var entityId = EntityUtils.GetEntityId(GetRequestStr("entity_guid"), entityType); if (!PermissionUtils.HasEntityPermission(me, entityId, entityType)) { return(HttpResponse.Item("permissions", new JArray() { })); } return(HttpResponse.Item("permissions", new JArray() { "read", "write" })); }); }
public static ProjectTeamMemberModel FindByProjectAndUser(string projectGuid, string userGuid) { var user = UserRepository.FindByGuid(userGuid); return(ProjectTeamMemberModel.Find( ProjectRepository.Find(EntityUtils.GetEntityId(projectGuid, EntityType.Project)), user )); }
public static bool HasEntityPermission(User user, string entityGuid, EntityType entityType) { return(HasEntityPermission( user, EntityUtils.GetEntityId(entityGuid, entityType), entityType )); }
public HttpError Process(Request request) { var entityType = (EntityType)Enum.Parse(typeof(EntityType), (string)request.Query[_typeParameter]); var entityId = EntityUtils.GetEntityId((string)request.Query[Parameter], entityType); return(InvoiceUtils.ActiveInvoiceExists(_user, entityId, entityType) ? new HttpError(HttpStatusCode.Forbidden, $"Invoice for same {entityType.ToString()} already exists") : null); }
// TODO: add auth for getting user balance? public FundingBalanceController() { Get("/api/v1/entity/funding/balances/get", _ => { var errors = ValidationProcessor.Process(Request, new IValidatorRule[] { new ShouldHaveParameters(new[] { "entity_guid", "entity_type" }), new ShouldBeCorrectEnumValue("entity_type", typeof(EntityType)), new EntityShouldExist(), }, true); if (errors.Count > 0) { return(HttpResponse.Errors(errors)); } var entityType = (EntityType)GetRequestEnum("entity_type", typeof(EntityType)); var entityId = EntityUtils.GetEntityId(GetRequestStr("entity_guid"), entityType); var balances = FundingBalanceRepository.Get(entityId, entityType); return(HttpResponse.Item("balances", new FundingBalanceTransformer().Many(balances))); }); }
public EntityDecisionCrudController() { // Options should be a valid json array ex. "['option 1', 'option2']" Post("/api/v1/entity/decision/create", _ => { var rules = new List <IValidatorRule>() { new ShouldHaveParameters(new[] { "entity_guid", "entity_type", "title", "content", "deadline", "options" }), new MinLength("title", 3), new MinLength("content", 10), new ShouldBeCorrectEnumValue("entity_type", typeof(EntityType)), new EntityShouldExist() }; var errors = ValidationProcessor.Process(Request, rules, true); if (errors.Count > 0) { return(HttpResponse.Errors(errors)); } JArray options; try { options = JArray.Parse(GetRequestStr("options")); } catch (Exception e) { return(HttpResponse.Error( HttpStatusCode.UnprocessableEntity, "For options please provide a valid JSON array" )); } var entityType = (EntityType)GetRequestEnum("entity_type", typeof(EntityType)); var entityId = EntityUtils.GetEntityId(GetRequestStr("entity_guid"), entityType); if (entityType != EntityType.Project || entityType != EntityType.Board) { } var deadline = DateTime.Parse(GetRequestStr("deadline")); var minDeadline = DateTime.Now.AddDays(1); if (deadline < minDeadline) { return(HttpResponse.Error( HttpStatusCode.UnprocessableEntity, "Deadline cannot be earlier than 1 day : " + minDeadline )); } var me = UserRepository.Find(CurrentRequest.UserId); if (PermissionUtils.HasEntityPermission(me, entityId, entityType)) { return(HttpResponse.Error( HttpStatusCode.Unauthorized, "You don't have decision edit access" )); } var decision = EntityDecisionRepository.Create( me, entityId, entityType, GetRequestStr("title"), GetRequestStr("content"), deadline ); int optionOrder = 1; foreach (var option in options) { EntityDecisionOptionRepository.Create(decision, option.Value <string>(), optionOrder); optionOrder++; if (optionOrder > 10) { break; } } return(HttpResponse.Item( "decision", new DecisionTransformer().Transform(decision), HttpStatusCode.Created )); }); Patch("/api/v1/entity/decision/edit", _ => { var rules = new List <IValidatorRule>() { new ShouldHaveParameters(new[] { "decision_guid" }), new ExistsInTable("decision_guid", "entity_decisions", "guid") }; var errors = ValidationProcessor.Process(Request, rules, true); if (errors.Count > 0) { return(HttpResponse.Errors(errors)); } var me = UserRepository.Find(CurrentRequest.UserId); var decision = EntityDecisionRepository.FindByGuid(GetRequestStr("decision_guid")); if (me.id != decision.creator_id) { return(HttpResponse.Error(HttpStatusCode.Unauthorized, "Only creator can update this decision")); } if (GetRequestStr("new_status") != "") { var newStatus = (DecisionStatus)GetRequestEnum("new_status", typeof(DecisionStatus)); switch (newStatus) { case DecisionStatus.Canceled: decision.UpdateStatus(DecisionStatus.Canceled); break; case DecisionStatus.Open: case DecisionStatus.Closed: return(HttpResponse.Error(HttpStatusCode.Unauthorized, "You cannot set this status")); } } decision = decision.Refresh(); return(HttpResponse.Item("decision", new DecisionTransformer().Transform(decision))); }); Delete("/api/v1/entity/decision/delete", _ => { var rules = new List <IValidatorRule>() { new ShouldHaveParameters(new[] { "decision_guid" }), new ExistsInTable("decision_guid", "entity_decisions", "guid") }; var errors = ValidationProcessor.Process(Request, rules, true); if (errors.Count > 0) { return(HttpResponse.Errors(errors)); } var me = UserRepository.Find(CurrentRequest.UserId); var decision = EntityDecisionRepository.FindByGuid(GetRequestStr("decision_guid")); if (me.id != decision.creator_id) { return(HttpResponse.Error(HttpStatusCode.Unauthorized, "Only creator can update this decision")); } decision.Delete(); return(HttpResponse.Item("decision", new DecisionTransformer().Transform(decision))); }); }
public ProjectProductCrudController() { Post("/api/v1/project/product/new", _ => { var projectGuid = GetRequestStr("project_guid"); var me = UserRepository.Find(CurrentRequest.UserId); var errors = ValidationProcessor.Process(Request, new IValidatorRule[] { new ShouldHaveParameters(new[] { "project_guid", "name", "description", "usd_price", "use_url" }), new ExistsInTable("project_guid", "projects", "guid"), new HasPermission(me, EntityUtils.GetEntityId(projectGuid, EntityType.Project), EntityType.Project) }); if (errors.Count > 0) { return(HttpResponse.Errors(errors)); } var price = Convert.ToDecimal(GetRequestStr("usd_price")); int priceInPennies = (int)(price * 100); if (priceInPennies < 50) { return(HttpResponse.Error( HttpStatusCode.UnprocessableEntity, "Price cannot be less than 0.5 USD" )); } var project = ProjectRepository.FindByGuid(GetRequestStr("project_guid")); var product = ProjectProductRepository.Create( project, GetRequestStr("name"), GetRequestStr("description"), GetRequestStr("url"), GetRequestStr("use_url") ); if (!String.IsNullOrEmpty(GetRequestStr("duration_hours"))) { product.UpdateCol("duration_hours", GetRequestInt("duration_hours")); } product.UpdateCol("usd_price_pennies", priceInPennies); return(HttpResponse.Item( "product", new ProjectProductTransformer().Transform(product.Refresh()), HttpStatusCode.Created )); }); // TODO: ??? // Patch("/api/v1/project/product/edit", _ => { // var me = UserRepository.Find(CurrentRequest.UserId); // // var product = ProjectProductRepository.FindByGuid(GetRequestStr("product_guid")); // // var errors = ValidationProcessor.Process(Request, new IValidatorRule[] { // new ShouldHaveParameters(new[] {"product_guid"}), // new ExistsInTable("product_guid", "project_products", "guid"), // new HasPermission(me, product.project_id, EntityType.Project) // }, true); // if (errors.Count > 0) return HttpResponse.Errors(errors); // // if (!String.IsNullOrEmpty(GetRequestStr("name"))) { // product.UpdateCol("name", GetRequestStr("name")); // } // // if (!String.IsNullOrEmpty(GetRequestStr("description"))) { // product.UpdateCol("description", GetRequestStr("description")); // } // // if (!String.IsNullOrEmpty(GetRequestStr("url"))) { // product.UpdateCol("url", GetRequestStr("url")); // } // // if (!String.IsNullOrEmpty(GetRequestStr("set_url"))) { // product.UpdateCol("set_url", GetRequestStr("set_url")); // } // // if (!String.IsNullOrEmpty(GetRequestStr("usd_price"))) { // var price = Convert.ToDecimal(GetRequestStr("usd_price")); // int priceInPennies = (int) (price * 100); // // product.UpdateCol("usd_price_pennies", priceInPennies); // } // // if (!String.IsNullOrEmpty(GetRequestStr("duration_hours"))) { // product.UpdateCol("duration_hours", GetRequestInt("duration_hours")); // } // // return HttpResponse.Item("product", new ProjectProductTransformer().Transform(product.Refresh())); // }); Delete("/api/v1/project/product/delete", _ => { var me = UserRepository.Find(CurrentRequest.UserId); var product = ProjectProductRepository.FindByGuid(GetRequestStr("product_guid")); var errors = ValidationProcessor.Process(Request, new IValidatorRule[] { new ShouldHaveParameters(new[] { "product_guid" }), new ExistsInTable("product_guid", "project_products", "guid"), new HasPermission(me, product?.project_id ?? 0, EntityType.Project) }, true); if (errors.Count > 0) { return(HttpResponse.Errors(errors)); } if (product != null && product.UsersCount() > 0) { return(HttpResponse.Error(HttpStatusCode.Forbidden, "You cannot delete product owned by others")); } product?.Delete(); return(HttpResponse.Item("product", new ProjectProductTransformer().Transform(product))); }); }
public InvoiceController() { Post("/api/v1/invoice/new", _ => { var me = DL.Model.User.User.Find(CurrentRequest.UserId); var errors = ValidationProcessor.Process(Request, new IValidatorRule[] { new ShouldHaveParameters(new[] { "entity_guid", "entity_type", "amount", "currency_type" }), new ShouldBeCorrectEnumValue("entity_type", typeof(EntityType)), new ShouldBeCorrectEnumValue("currency_type", typeof(CurrencyType)), new EntityShouldExist(), new UserActiveInvoicesLimit(me, InvoiceConfig.UserActiveInvoicesLimit), }, true); if (errors.Count > 0) { return(HttpResponse.Errors(errors)); } var entityType = (EntityType)GetRequestEnum("entity_type", typeof(EntityType)); var currencyType = (CurrencyType)GetRequestEnum("currency_type", typeof(CurrencyType)); var wallet = CurrencyWalletRepository.FindRandom(currencyType); var invoice = InvoiceRepository.Create( me, EntityUtils.GetEntityId(GetRequestStr("entity_guid"), entityType), entityType, (decimal)Request.Query["amount"], currencyType, InvoiceStatus.Created, wallet ); return(HttpResponse.Item( "invoice", new InvoiceTransformer().Transform(invoice), HttpStatusCode.Created )); }); Get("/api/v1/me/invoice/get", _ => { var me = UserRepository.Find(CurrentRequest.UserId); var errors = ValidationProcessor.Process(Request, new IValidatorRule[] { new ShouldHaveParameters(new[] { "invoice_guid" }), new ExistsInTable("invoice_guid", "invoices", "guid"), new StringShouldBeSameInDb( "invoice_guid", "invoices", "guid", "user_id", me.id.ToString() ) }, true); if (errors.Count > 0) { return(HttpResponse.Errors(errors)); } return(HttpResponse.Item("invoice", new InvoiceTransformer().Transform( InvoiceRepository.FindByGuid(GetRequestStr("invoice_guid")) ))); }); Get("/api/v1/me/invoices/finished", _ => { var me = UserRepository.Find(CurrentRequest.UserId); var invoices = DL.Model.Funding.Invoice.GetForUserByStatuses(me, new [] { InvoiceStatus.Confirmed, InvoiceStatus.Failed, InvoiceStatus.Done }); return(HttpResponse.Item("invoices", new InvoiceTransformer().Many(invoices))); }); Get("/api/v1/me/invoices/active", _ => { var me = UserRepository.Find(CurrentRequest.UserId); var invoices = DL.Model.Funding.Invoice.GetActiveForUser(me, 25); return(HttpResponse.Item("invoices", new InvoiceTransformer().Many(invoices))); }); Patch("/api/v1/me/invoice/status/update", _ => { var me = UserRepository.Find(CurrentRequest.UserId); var errors = ValidationProcessor.Process(Request, new IValidatorRule[] { new ShouldHaveParameters(new[] { "invoice_guid", "status" }), new ExistsInTable("invoice_guid", "invoices", "guid"), new ShouldBeCorrectEnumValue("status", typeof(InvoiceStatus)), new StringShouldBeSameInDb( "invoice_guid", "invoices", "guid", "user_id", me.id.ToString() ) }, true); if (errors.Count > 0) { return(HttpResponse.Errors(errors)); } var newStatus = (InvoiceStatus)GetRequestEnum("status", typeof(InvoiceStatus)); var invoice = InvoiceRepository.FindByGuid(GetRequestStr("invoice_guid")); if (invoice.status != InvoiceStatus.Created) { return(HttpResponse.Error(new HttpError(HttpStatusCode.Forbidden, "Cannot update invoice with this status"))); } var availableStatuses = new[] { InvoiceStatus.Failed, InvoiceStatus.RequiresConfirmation }; if (!availableStatuses.Contains(newStatus)) { return(HttpResponse.Error(new HttpError(HttpStatusCode.Forbidden, "This status is not allowed"))); } InvoiceRepository.UpdateStatus(invoice, newStatus); return(HttpResponse.Item("invoice", new InvoiceTransformer().Transform(invoice.Refresh()))); }); }