public async Task <Post> createPost(Int64 tokenId, Post Post)
{
var token = await quickGetToken(tokenId);
var post = Post;
post.Id = 0;
if (post.UserId != token.UserId)
{
throw AutoApiError.Unauthorised();
}
var topicId = post.ParentId;
if (topicId == null)
{
throw AutoApiError.InvalidParam("Post.ParentId");
}
var topic = await(from t in _context.topics
where t.Id == topicId.Value
select t).FirstOrDefaultAsync();
if (token.User.RawRole < topic.RoleToEdit)
{
throw AutoApiError.Unauthorised();
}
var now = DateTime.UtcNow;
post.Created = now;
post.Modified = now;
_context.posts.Add(post);
await _context.SaveChangesAsync();
return(post.CloneForExport());
}
public async Task logout(Int64 tokenId, string email)
{
var token = await LoginTokenTasks.GetLoginTokenAsync(_context, tokenId);
if (token == null)
{
throw AutoApiError.NotFound();
}
if (email != null)
{
if (string.IsNullOrWhiteSpace(email))
{
throw AutoApiError.InvalidParam("email");
}
var userRole = new UserRole(token.User.RawRole);
if (!userRole.IsAdmin)
{
throw AutoApiError.Unauthorised();
}
await LoginTokenTasks.LogoutAsync(_context, token, email);
}
else
{
await LoginTokenTasks.LogoutAsync(_context, token);
}
}
public async Task updatePassword(string email, string oldPassword, string newPassword)
{
if (string.IsNullOrWhiteSpace(email))
{
throw AutoApiError.InvalidParam("email");
}
if (string.IsNullOrWhiteSpace(oldPassword))
{
throw AutoApiError.InvalidParam("oldPassword");
}
if (string.IsNullOrWhiteSpace(newPassword))
{
throw AutoApiError.InvalidParam("newPassword");
}
await UserTasks.UpdatePasswordAsync(_context, email, oldPassword, newPassword);
}
public async Task <User> createUser(Int64 tokenId, string email, string displayName, string password, int role)
{
var token = await quickGetToken(tokenId);
var userRole = new UserRole(token.User.RawRole);
if (!userRole.IsAdmin)
{
throw AutoApiError.Unauthorised();
}
if (string.IsNullOrWhiteSpace(email))
{
throw AutoApiError.InvalidParam("email");
}
if (string.IsNullOrWhiteSpace(password))
{
throw AutoApiError.InvalidParam("password");
}
if (!UserRole.RoleIsValid(role))
{
throw AutoApiError.InvalidParam("role");
}
try
{
var user = await UserTasks.CreateUserAsync(_context, token, email, displayName, password, role);
if (user == null)
{
throw AutoApiError.ServerError("Create user failed unexpectedly.");
}
return(user.CloneForExport());
}
catch (Exception ex)
{
if (ex.Message == "Unauthorised")
{
throw AutoApiError.Unauthorised();
}
throw;
}
}
private async Task <ApiResult> activateUser_Impl(Int64 tokenId, string email, bool active)
{
var token = await quickGetToken(tokenId);
var userRole = new UserRole(token.User.RawRole);
if (!userRole.IsAdmin)
{
throw AutoApiError.Unauthorised();
}
if (string.IsNullOrWhiteSpace(email))
{
throw AutoApiError.InvalidParam("email");
}
await UserTasks.SetUserActiveAsync(_context, token, email, active);
return(new ApiResult(StdResult.OK));
}
public async Task <Topic> createTopic(Int64 tokenId, int?parentTopicId, string title, int roleToEdit, int roleToRead)
{
var token = await quickGetToken(tokenId);
var userRole = new UserRole(token.User.RawRole);
if (parentTopicId == null) //Only administators can edit the root topic level.
{
if (!userRole.IsAdmin)
{
throw AutoApiError.Unauthorised();
}
}
else
{
var parentTopic = await(from t in _context.topics
where t.Id == parentTopicId.Value
select t).FirstOrDefaultAsync();
if (parentTopic == null)
{
throw AutoApiError.NotFound();
}
if (parentTopic.RoleToEdit > token.User.RawRole)
{
throw AutoApiError.Unauthorised();
}
}
if (title == null)
{
throw AutoApiError.InvalidParam("title.");
}
if (!UserRole.RoleIsValid(roleToEdit))
{
throw AutoApiError.InvalidRole("roleToEdit.");
}
if (!UserRole.RoleIsValid(roleToRead))
{
throw AutoApiError.InvalidParam("roleToRead.");
}
if (roleToRead > token.User.RawRole)
{
throw new AutoApiError("The topic would be unreadable by its creator.");
}
var topic = new Topic();
topic.Title = title;
topic.RoleToEdit = roleToEdit;
topic.RoleToRead = roleToRead;
topic.ParentId = parentTopicId;
topic.IsRootEntry = parentTopicId == null;
topic.OwnerId = token.UserId;
var now = DateTime.UtcNow;
topic.Modified = now;
topic.Created = now;
_context.topics.Add(topic);
await _context.SaveChangesAsync();
return(topic.CloneForExport());
}