public async Task <IActionResult?> Run( [HttpTrigger(AuthorizationLevel.Anonymous, "put", Route = "dishes/{dishId}/rating")] HttpRequest req, string dishId ) { var(authenticationStatus, authenticationResponse) = await req.HttpContext.AuthenticateAzureFunctionAsync(); if (!authenticationStatus) { return(authenticationResponse); } var dish = await _dishRepository.GetDishAsync(Guid.Parse(dishId)); if (dish is null) { return(new BadRequestObjectResult("DISH_NOT_FOUND")); } var userId = Guid.Parse(req.HttpContext.User.GetNameIdentifierId() !); if (!_authz.Authorize(userId, dish.FamilyId, Resources.Dish, Actions.Update)) { return(new UnauthorizedResult()); } var dishRating = await req.GetBodyAs <UpdateDishRatingCommandModel>(); if (dishRating is null || dishRating.FamilyMemberId is null) { return(new BadRequestObjectResult("MISSING_VALUES")); } var family = await _familyRepository.GetFamily(dish.FamilyId); var familyMemberId = Guid.Parse(dishRating.FamilyMemberId); var familyMember = family !.FamilyMembers.FirstOrDefault(w => w.Id == familyMemberId); if (familyMember is null) { return(new BadRequestObjectResult("FAMILYMEMBER_NOT_FOUND_IN_FAMILY")); } // verify that you're rating as yourself or on behalf of a user that doesn't have autonomy - rating on behalf of other autonomus users is not allowed if (!familyMember.Id.Equals(userId) && familyMember.HasAutonomy) { return(new BadRequestObjectResult("NOT_ALLOWED")); } dish.SetRating(familyMemberId, dishRating.GetRatingInDomainFormat()); await _dishRepository.SaveAsync(dish); return(new OkResult()); }
public async Task <IActionResult?> Run( [HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "dishes/stats/family/{familyId}")] HttpRequest req, string familyId ) { var(authenticationStatus, authenticationResponse) = await req.HttpContext.AuthenticateAzureFunctionAsync(); if (!authenticationStatus) { return(authenticationResponse); } if (!_authz.Authorize(req.HttpContext.User.GetNameIdentifierId() ?? "", familyId, Resources.Dish, Actions.Read)) { return(new UnauthorizedResult()); } _logger.LogInformation("GetDishes called for familyId " + familyId); var parsedId = Guid.Parse(familyId); var dishes = await _dishQueryService.GetDishUsageStatsAsync(parsedId, LocalDate.MinIsoValue, LocalDate.MaxIsoValue); return(new OkObjectResult(dishes)); }