public async Task <Response <WeekPictogramDTO> > ReadPictogram(long id)
{
try
{
//Fetch the pictogram and check that it actually exists
var pictogram = await _giraf._context.Pictograms
.Where(p => p.Id == id)
.FirstOrDefaultAsync();
if (pictogram == null)
{
return(new ErrorResponse <WeekPictogramDTO>(ErrorCode.PictogramNotFound));
}
//Check if the pictogram is public and return it if so
if (pictogram.AccessLevel == AccessLevel.PUBLIC)
{
return(new Response <WeekPictogramDTO>(new WeekPictogramDTO(pictogram)));
}
var usr = await _giraf.LoadBasicUserDataAsync(HttpContext.User);
if (usr == null)
{
return(new ErrorResponse <WeekPictogramDTO>(ErrorCode.UserNotFound));
}
var ownsResource = false;
if (pictogram.AccessLevel == AccessLevel.PRIVATE)
{
ownsResource = await _giraf.CheckPrivateOwnership(pictogram, usr);
}
else if (pictogram.AccessLevel == AccessLevel.PROTECTED)
{
ownsResource = await _giraf.CheckProtectedOwnership(pictogram, usr);
}
if (ownsResource)
{
return(new Response <WeekPictogramDTO>(new WeekPictogramDTO(pictogram)));
}
else
{
return(new ErrorResponse <WeekPictogramDTO>(ErrorCode.NotAuthorized));
}
} catch (Exception e)
{
var exceptionMessage = $"Exception occured in read:\n{e}";
_giraf._logger.LogError(exceptionMessage);
return(new ErrorResponse <WeekPictogramDTO>(ErrorCode.Error));
}
}
public async Task <Response <DepartmentDTO> > AddResource(long departmentId, long resourceId)
{
var usr = await _giraf.LoadUserWithResources(HttpContext.User);
//Fetch the department and check that it exists no need to load ressources already on user
var department = await _giraf._context.Departments.Where(d => d.Key == departmentId)
.Include(d => d.Members)
.FirstOrDefaultAsync();
if (department == null)
{
return(new ErrorResponse <DepartmentDTO>(ErrorCode.DepartmentNotFound));
}
//Fetch the resource with the given id, check that it exists and that the user owns it.
var resource = await _giraf._context.Pictograms.Where(f => f.Id == resourceId).FirstOrDefaultAsync();
if (resource == null)
{
return(new ErrorResponse <DepartmentDTO>(ErrorCode.ResourceNotFound));
}
var resourceOwned = await _giraf.CheckPrivateOwnership(resource, usr);
if (!resourceOwned)
{
return(new ErrorResponse <DepartmentDTO>(ErrorCode.NotAuthorized));
}
//Check if the department already owns the resource
var alreadyOwned = await _giraf._context.DepartmentResources
.Where(depres => depres.OtherKey == departmentId &&
depres.PictogramKey == resourceId)
.AnyAsync();
if (alreadyOwned)
{
return(new ErrorResponse <DepartmentDTO>(ErrorCode.DepartmentAlreadyOwnsResource));
}
//Remove resource from user
var usrResource = await _giraf._context.UserResources
.Where(ur => ur.PictogramKey == resource.Id && ur.OtherKey == usr.Id)
.FirstOrDefaultAsync();
if (usrResource == null)
{
return(new ErrorResponse <DepartmentDTO>(ErrorCode.ResourceNotFound));
}
usr.Resources.Remove(usrResource);
await _giraf._context.SaveChangesAsync();
//Change resource AccessLevel to Protected from Private
resource.AccessLevel = AccessLevel.PROTECTED;
//Create a relationship between the department and the resource.
var dr = new DepartmentResource(usr.Department, resource);
await _giraf._context.DepartmentResources.AddAsync(dr);
await _giraf._context.SaveChangesAsync();
//Return Ok and the department - the resource is now visible in deparment.Resources
var members = DepartmentDTO.FindMembers(department.Members, _roleManager, _giraf);
return(new Response <DepartmentDTO>(new DepartmentDTO(usr.Department, members)));
}
public async Task <Response <GirafUserDTO> > AddUserResource(string id, [FromBody] ResourceIdDTO resourceIdDTO)
{
//Check if valid parameters have been specified in the call
if (string.IsNullOrEmpty(id))
{
return(new ErrorResponse <GirafUserDTO>(ErrorCode.MissingProperties, "username"));
}
if (resourceIdDTO == null)
{
return(new ErrorResponse <GirafUserDTO>(ErrorCode.MissingProperties, "resourceIdDTO"));
}
//Attempt to find the target user and check that he exists
var user = _giraf._context.Users.Include(u => u.Resources).ThenInclude(dr => dr.Pictogram).FirstOrDefault(u => u.Id == id);
if (user == null)
{
return(new ErrorResponse <GirafUserDTO>(ErrorCode.UserNotFound));
}
// check access rights
if (!(await _authentication.HasEditOrReadUserAccess(await _giraf._userManager.GetUserAsync(HttpContext.User), user)))
{
return(new ErrorResponse <GirafUserDTO>(ErrorCode.NotAuthorized));
}
//Find the resource and check that it actually does exist - also verify that the resource is private
var resource = await _giraf._context.Pictograms
.Where(pf => pf.Id == resourceIdDTO.Id)
.FirstOrDefaultAsync();
if (resource == null)
{
return(new ErrorResponse <GirafUserDTO>(ErrorCode.ResourceNotFound));
}
if (resource.AccessLevel != AccessLevel.PRIVATE)
{
return(new ErrorResponse <GirafUserDTO>(ErrorCode.ResourceMustBePrivate));
}
//Check that the currently authenticated user owns the resource
var curUsr = await _giraf.LoadBasicUserDataAsync(HttpContext.User);
var resourceOwnedByCaller = await _giraf.CheckPrivateOwnership(resource, curUsr);
if (!resourceOwnedByCaller)
{
return(new ErrorResponse <GirafUserDTO>(ErrorCode.NotAuthorized));
}
//Check if the target user already owns the resource
if (user.Resources.Any(ur => ur.PictogramKey == resourceIdDTO.Id))
{
return(new ErrorResponse <GirafUserDTO>(ErrorCode.UserAlreadyOwnsResource));
}
//Create the relation and save changes.
var userResource = new UserResource(user, resource);
await _giraf._context.UserResources.AddAsync(userResource);
await _giraf._context.SaveChangesAsync();
// Get the roles the user is associated with
GirafRoles userRole = await _roleManager.findUserRole(_giraf._userManager, user);
return(new Response <GirafUserDTO>(new GirafUserDTO(user, userRole)));
}