public async Task updateTopic(Int64 tokenId, Topic Topic)
{
var token = await quickGetToken(tokenId);
var topic = Topic;
var originalTopic = await(from t in _context.topics
where t.Id == topic.Id
select t).FirstOrDefaultAsync();
if (originalTopic == null)
{
throw AutoApiError.NotFound();
}
var role = new UserRole(token.User.RawRole);
var canUpdate = (role.IsAdmin || (originalTopic.OwnerId != null && originalTopic.OwnerId.Value == token.UserId));
if (!canUpdate)
{
throw AutoApiError.Unauthorised();
}
originalTopic.Title = topic.Title;
originalTopic.RoleToEdit = topic.RoleToEdit;
originalTopic.RoleToRead = topic.RoleToRead;
_context.topics.Update(originalTopic);
await _context.SaveChangesAsync();
}
public async Task logout(Int64 tokenId, string email)
{
var token = await LoginTokenTasks.GetLoginTokenAsync(_context, tokenId);
if (token == null)
{
throw AutoApiError.NotFound();
}
if (email != null)
{
if (string.IsNullOrWhiteSpace(email))
{
throw AutoApiError.InvalidParam("email");
}
var userRole = new UserRole(token.User.RawRole);
if (!userRole.IsAdmin)
{
throw AutoApiError.Unauthorised();
}
await LoginTokenTasks.LogoutAsync(_context, token, email);
}
else
{
await LoginTokenTasks.LogoutAsync(_context, token);
}
}
public async Task <Post> createPost(Int64 tokenId, Post Post)
{
var token = await quickGetToken(tokenId);
var post = Post;
post.Id = 0;
if (post.UserId != token.UserId)
{
throw AutoApiError.Unauthorised();
}
var topicId = post.ParentId;
if (topicId == null)
{
throw AutoApiError.InvalidParam("Post.ParentId");
}
var topic = await(from t in _context.topics
where t.Id == topicId.Value
select t).FirstOrDefaultAsync();
if (token.User.RawRole < topic.RoleToEdit)
{
throw AutoApiError.Unauthorised();
}
var now = DateTime.UtcNow;
post.Created = now;
post.Modified = now;
_context.posts.Add(post);
await _context.SaveChangesAsync();
return(post.CloneForExport());
}
public async Task <LoginToken> login(string email, string password)
{
var token = await LoginTokenTasks.LoginAsync(_context, email, password);
if (token == null)
{
throw AutoApiError.AuthenticationFailure();
}
return(token);
}
public async Task <Post> unhidePost(Int64 tokenId, int postId)
{
return(await ChangePostAsync(tokenId, postId, (post, isAdmin) =>
{
if (!isAdmin)
{
throw AutoApiError.Unauthorised();
}
post.Hidden = false;
}));
}
public async Task deleteTopic(Int64 tokenId, int topicId)
{
var token = await quickGetToken(tokenId);
var userRole = new UserRole(token.User.RawRole);
if (!userRole.IsAdmin)
{
throw AutoApiError.Unauthorised();
}
var topic = await(from t in _context.topics
where t.Id == topicId
select t).FirstOrDefaultAsync();
if (topic == null)
{
throw AutoApiError.NotFound();
}
topic = null;
/* We use this approach because EF Core doesn't support self-referential cascading. */
try
{
// Delete the topic itself
await _context.Database.BeginTransactionAsync();
string sql = "delete from topics where Id = @p0";
int rows = await _context.Database.ExecuteSqlCommandAsync(sql, new object[] { topicId });
// Delete all its children for whom ParentId has now become null, recursively
sql = "delete from topics where ParentId is NULL and IsRootEntry = 0";
do
{
rows = await _context.Database.ExecuteSqlCommandAsync(sql, new object[] { topicId });
} while(rows > 0);
// Delete all the posts that have been orphaned as a result of the above.
sql = "delete from posts where ParentId is NULL";
do
{
rows = await _context.Database.ExecuteSqlCommandAsync(sql, new object[] { topicId });
} while(rows > 0);
_context.Database.CommitTransaction();
}
catch (Exception ex)
{
Log(ex.Message);
_context.Database.RollbackTransaction();
}
}
public async Task updateUser(Int64 tokenId, User user)
{
var token = await quickGetToken(tokenId);
if (token.UserId != user.Id)
{
var userRole = new UserRole(token.User.RawRole);
if (!userRole.IsAdmin)
{
throw AutoApiError.Unauthorised();
}
}
await UserTasks.UpdateUserAsync(_context, token, user);
}
private async Task <LoginToken> quickGetToken(Int64 tokenId, bool allowAnon = false)
{
if (tokenId == LoginToken.AnonymousLoginId && allowAnon)
{
return(LoginTokenTasks.GetAnonmymousToken());
}
var token = await LoginTokenTasks.GetLoginTokenAsync(_context, tokenId);
if (token.User.Active)
{
return(token);
}
throw AutoApiError.InvalidToken();
}
public async Task <List <User> > getUsers(Int64 tokenId)
{
var token = await quickGetToken(tokenId);
var role = new UserRole(token.User.RawRole);
if (!role.IsAdmin)
{
throw AutoApiError.Unauthorised();
}
var users = await(from u in _context.users select u).ToListAsync();
for (int i = 0; i < users.Count; ++i)
{
users[i] = users[i].CloneForExport();
}
return(users);
}
public async Task updatePassword(string email, string oldPassword, string newPassword)
{
if (string.IsNullOrWhiteSpace(email))
{
throw AutoApiError.InvalidParam("email");
}
if (string.IsNullOrWhiteSpace(oldPassword))
{
throw AutoApiError.InvalidParam("oldPassword");
}
if (string.IsNullOrWhiteSpace(newPassword))
{
throw AutoApiError.InvalidParam("newPassword");
}
await UserTasks.UpdatePasswordAsync(_context, email, oldPassword, newPassword);
}
public async Task <User> createUser(Int64 tokenId, string email, string displayName, string password, int role)
{
var token = await quickGetToken(tokenId);
var userRole = new UserRole(token.User.RawRole);
if (!userRole.IsAdmin)
{
throw AutoApiError.Unauthorised();
}
if (string.IsNullOrWhiteSpace(email))
{
throw AutoApiError.InvalidParam("email");
}
if (string.IsNullOrWhiteSpace(password))
{
throw AutoApiError.InvalidParam("password");
}
if (!UserRole.RoleIsValid(role))
{
throw AutoApiError.InvalidParam("role");
}
try
{
var user = await UserTasks.CreateUserAsync(_context, token, email, displayName, password, role);
if (user == null)
{
throw AutoApiError.ServerError("Create user failed unexpectedly.");
}
return(user.CloneForExport());
}
catch (Exception ex)
{
if (ex.Message == "Unauthorised")
{
throw AutoApiError.Unauthorised();
}
throw;
}
}
public async Task <LoginToken> getToken(Int64 tokenId)
{
LoginToken token;
if (tokenId == LoginToken.AnonymousLoginId)
{
token = LoginTokenTasks.GetAnonmymousToken();
}
else
{
token = await LoginTokenTasks.GetLoginTokenAsync(_context, tokenId);
}
if (token == null)
{
throw AutoApiError.InvalidToken();
}
return(token.CloneForExport());
}
private async Task <ApiResult> activateUser_Impl(Int64 tokenId, string email, bool active)
{
var token = await quickGetToken(tokenId);
var userRole = new UserRole(token.User.RawRole);
if (!userRole.IsAdmin)
{
throw AutoApiError.Unauthorised();
}
if (string.IsNullOrWhiteSpace(email))
{
throw AutoApiError.InvalidParam("email");
}
await UserTasks.SetUserActiveAsync(_context, token, email, active);
return(new ApiResult(StdResult.OK));
}
public async Task <Topic> getTopic(Int64 tokenId, int topicId)
{
var token = await quickGetToken(tokenId, true);
Topic topic = await(from t in _context.topics
where t.Id == topicId
select t).FirstOrDefaultAsync();
if (topic != null)
{
int tokenRole = token.User.RawRole;
if (topic.RoleToRead > tokenRole)
{
throw AutoApiError.Unauthorised();
}
return(topic.CloneForExport());
}
throw AutoApiError.NotFound();
}
public async Task <User> getUser(Int64 tokenId, int userId)
{
var token = await quickGetToken(tokenId);
UserRole role = new UserRole(token.User.RawRole);
if (!(role.IsAdmin || token.UserId == userId))
{
throw AutoApiError.Unauthorised();
}
var user = await(from u in _context.users where u.Id == userId select u).FirstOrDefaultAsync();
if (user == null)
{
throw AutoApiError.NotFound();
}
user = user.CloneForExport();
return(user);
}
public async Task <Post> getPost(Int64 tokenId, int postId)
{
var token = await quickGetToken(tokenId);
var tokenRole = token.User.RawRole;
var post = await(from p in _context.posts
where p.Id == postId
select p).FirstOrDefaultAsync();
if (tokenRole < post.RoleToRead)
{
throw AutoApiError.Unauthorised();
}
if (post == null)
{
throw AutoApiError.NotFound();
}
return(post.CloneForExport());
}
private async Task <Post> ChangePostAsync(Int64 tokenId, int postId, Action <Post, bool> callback)
{
var token = await quickGetToken(tokenId);
var role = new UserRole(token.User.RawRole);
var post = await(from p in _context.posts
where p.Id == postId
select p).FirstOrDefaultAsync();
if (post == null)
{
throw AutoApiError.NotFound();
}
bool mayChange = (post.UserId != null && post.UserId == token.UserId) ||
role.IsAdmin;
if (!mayChange)
{
throw AutoApiError.Unauthorised();
}
try
{
callback(post, role.IsAdmin);
}
catch (Exception ex)
{
if (ex is AutoApiError)
{
throw;
}
throw AutoApiError.ServerError(ex.Message);
}
post.Modified = DateTime.Now;
_context.Update(post);
await _context.SaveChangesAsync();
return(post.CloneForExport());
}
public async Task <Post> updatePost(Int64 tokenId, Post Post)
{
var post = Post;
return(await ChangePostAsync(tokenId, post.Id,
(originalPost, isAdmin) =>
{
if ((originalPost.RoleToEdit != post.RoleToEdit ||
originalPost.RoleToRead != post.RoleToRead) &&
!isAdmin)
{
throw AutoApiError.NotFound();
}
else
{
originalPost.RoleToEdit = post.RoleToEdit;
originalPost.RoleToEdit = post.RoleToRead;
}
originalPost.Title = post.Title;
originalPost.Body = post.Body;
originalPost.Modified = DateTime.UtcNow;
}));
}
public async Task <Topic> createTopic(Int64 tokenId, int?parentTopicId, string title, int roleToEdit, int roleToRead)
{
var token = await quickGetToken(tokenId);
var userRole = new UserRole(token.User.RawRole);
if (parentTopicId == null) //Only administators can edit the root topic level.
{
if (!userRole.IsAdmin)
{
throw AutoApiError.Unauthorised();
}
}
else
{
var parentTopic = await(from t in _context.topics
where t.Id == parentTopicId.Value
select t).FirstOrDefaultAsync();
if (parentTopic == null)
{
throw AutoApiError.NotFound();
}
if (parentTopic.RoleToEdit > token.User.RawRole)
{
throw AutoApiError.Unauthorised();
}
}
if (title == null)
{
throw AutoApiError.InvalidParam("title.");
}
if (!UserRole.RoleIsValid(roleToEdit))
{
throw AutoApiError.InvalidRole("roleToEdit.");
}
if (!UserRole.RoleIsValid(roleToRead))
{
throw AutoApiError.InvalidParam("roleToRead.");
}
if (roleToRead > token.User.RawRole)
{
throw new AutoApiError("The topic would be unreadable by its creator.");
}
var topic = new Topic();
topic.Title = title;
topic.RoleToEdit = roleToEdit;
topic.RoleToRead = roleToRead;
topic.ParentId = parentTopicId;
topic.IsRootEntry = parentTopicId == null;
topic.OwnerId = token.UserId;
var now = DateTime.UtcNow;
topic.Modified = now;
topic.Created = now;
_context.topics.Add(topic);
await _context.SaveChangesAsync();
return(topic.CloneForExport());
}