public async Task<IActionResult> Get(int tagId, [FromHeader] string authorization)
{
try
{
Tag tag = await Repo.TagManager.FindTag(tagId, true);
List<AuthorizationRequirement> reqs = new List<AuthorizationRequirement>();
reqs.Add(new AuthorizationRequirement
{
AuthResourceType = Authorization.AuthResourceType.User,
ResourceId = tag.Book.UserId,
Scopes = Authorization.AuthScopes.Full
});
reqs.Add(new AuthorizationRequirement
{
AuthResourceType = Authorization.AuthResourceType.Book,
ResourceId = tag.Book.Id,
Scopes = Authorization.AuthScopes.Readable
});
WebAuthorizationHandler authHandler = new WebAuthorizationHandler(authorization);
if (!await authHandler.IsValid(IdentityRepo, Request.Method, Request.Path)) { return HttpUnauthorized(); }
if (!await authHandler.FulFillAny(IdentityRepo, reqs)) { return HttpUnauthorized(); }
return new ObjectResult(tag);
}
catch (TokenExtractionException) { return HttpUnauthorized(); }
catch (PiggyBankDataNotFoundException) { return HttpUnauthorized(); }
catch (PiggyBankDataException e) { return HttpBadRequest(new { error = e.Message }); }
}
public async Task<IActionResult> Put(int tagId, [FromBody] Tag tag, [FromHeader] string authorization)
{
if (tag == null) return HttpBadRequest(new { error = "Tag object is missing" });
if (tag.Id != tagId) return HttpBadRequest(new { error = "Invalid Tag.Id [" + tag.Id + "]" });
try
{
Tag tagToUpdate = await Repo.TagManager.FindTag(tagId, true);
List<AuthorizationRequirement> reqs = new List<AuthorizationRequirement>();
reqs.Add(new AuthorizationRequirement
{
AuthResourceType = Authorization.AuthResourceType.User,
ResourceId = tag.Book.UserId,
Scopes = Authorization.AuthScopes.Full
});
reqs.Add(new AuthorizationRequirement
{
AuthResourceType = Authorization.AuthResourceType.Book,
ResourceId = tag.Book.Id,
Scopes = Authorization.AuthScopes.Editable
});
WebAuthorizationHandler authHandler = new WebAuthorizationHandler(authorization);
if (!await authHandler.IsValid(IdentityRepo, Request.Method, Request.Path, Request.Body)) { return HttpUnauthorized(); }
if (!await authHandler.FulFillAny(IdentityRepo, reqs)) { return HttpUnauthorized(); }
await Repo.TagManager.UpdateTag(tag);
return new NoContentResult();
}
catch (TokenExtractionException) { return HttpUnauthorized(); }
catch (PiggyBankDataNotFoundException) { return HttpUnauthorized(); }
catch (PiggyBankDataException e) { return HttpBadRequest(new { error = e.Message }); }
}
public async Task<IActionResult> Put(int bookId, [FromBody] Book book, [FromHeader] string authorization)
{
if (book == null) return HttpBadRequest(new { error = "Book object not provided" });
if (book.Id != bookId) return HttpBadRequest(new { error = "Invalid Book.Id [" + book.Id + "]" });
try
{
Book bookToUpdate = await Repo.BookManager.FindBook(bookId);
List<AuthorizationRequirement> reqs = new List<AuthorizationRequirement>();
reqs.Add(new AuthorizationRequirement
{
AuthResourceType = Authorization.AuthResourceType.User,
ResourceId = bookToUpdate.UserId,
Scopes = Authorization.AuthScopes.Full
});
reqs.Add(new AuthorizationRequirement
{
AuthResourceType = Authorization.AuthResourceType.Book,
ResourceId = bookId,
Scopes = Authorization.AuthScopes.Editable
}); WebAuthorizationHandler authHandler = new WebAuthorizationHandler(authorization);
if (!await authHandler.IsValid(IdentityRepo, Request.Method, Request.Path, Request.Body)) { return HttpUnauthorized(); }
if (!await authHandler.FulFillAny(IdentityRepo, reqs)) { return HttpUnauthorized(); }
await Repo.BookManager.UpdateBook(book);
return new NoContentResult();
}
catch (TokenExtractionException) { return HttpUnauthorized(); }
catch (PiggyBankDataNotFoundException) { return HttpUnauthorized(); }
catch (PiggyBankDataException e) { return HttpBadRequest(new { error = e.Message }); }
}
public async Task<IActionResult> UnTag(int transactionId, int tagId, [FromHeader] string authorization)
{
try
{
List<AuthorizationRequirement> reqs = new List<AuthorizationRequirement>();
Transaction transaction = await Repo.TransactionManager.FindTransaction(transactionId, true);
reqs.Add(new AuthorizationRequirement
{
AuthResourceType = Authorization.AuthResourceType.User,
ResourceId = transaction.Book.UserId,
Scopes = Authorization.AuthScopes.Editable
});
reqs.Add(new AuthorizationRequirement
{
AuthResourceType = Authorization.AuthResourceType.Book,
ResourceId = transaction.Book.Id,
Scopes = Authorization.AuthScopes.Editable
});
WebAuthorizationHandler authHandler = new WebAuthorizationHandler(authorization);
if (!await authHandler.IsValid(IdentityRepo, Request.Method, Request.Path)) { return HttpUnauthorized(); }
if (!await authHandler.FulFillAny(IdentityRepo, reqs)) { return HttpUnauthorized(); }
await Repo.TransactionManager.RemoveTag(transactionId, tagId);
return new NoContentResult();
}
catch (TokenExtractionException) { return HttpUnauthorized(); }
catch (PiggyBankDataNotFoundException) { return HttpUnauthorized(); }
catch (PiggyBankDataException e) { return HttpBadRequest(new { error = e.Message }); }
}
public async Task<ActionResult> GetAccounts(int userId, [FromHeader] string authorization)
{
try
{
AuthorizationRequirement req = new AuthorizationRequirement
{
AuthResourceType = Authorization.AuthResourceType.User,
ResourceId = userId,
Scopes = Authorization.AuthScopes.Readable
};
WebAuthorizationHandler authHandler = new WebAuthorizationHandler(authorization);
if (!await authHandler.IsValid(IdentityRepo, Request.Method, Request.Path)) { return HttpUnauthorized(); }
if (!await authHandler.FulFill(IdentityRepo, req)) { return HttpUnauthorized(); }
IEnumerable<Account> accounts = await Repo.AccountManager.ListAccounts(userId);
List<Account> readableAccounts = new List<Account>();
foreach (Account account in accounts)
{
List<AuthorizationRequirement> accReqs = new List<AuthorizationRequirement>();
accReqs.Add(new AuthorizationRequirement
{
AuthResourceType = Authorization.AuthResourceType.User,
ResourceId = userId,
Scopes = Authorization.AuthScopes.Full
});
accReqs.Add(new AuthorizationRequirement
{
AuthResourceType = Authorization.AuthResourceType.Book,
ResourceId = account.Book.Id,
Scopes = Authorization.AuthScopes.Readable
});
accReqs.Add(new AuthorizationRequirement
{
AuthResourceType = Authorization.AuthResourceType.Account,
ResourceId = account.Id,
Scopes = Authorization.AuthScopes.Readable
});
if (await authHandler.FulFillAny(IdentityRepo, accReqs)) { readableAccounts.Add(account); }
}
return new ObjectResult(readableAccounts.AsEnumerable());
}
catch (TokenExtractionException) { return HttpUnauthorized(); }
}
public async Task<IActionResult> GetBooks(int userId, [FromHeader] string authorization)
{
try
{
AuthorizationRequirement req = new AuthorizationRequirement
{
AuthResourceType = Authorization.AuthResourceType.User,
ResourceId = userId,
Scopes = Authorization.AuthScopes.Readable
};
WebAuthorizationHandler authHandler = new WebAuthorizationHandler(authorization);
if (!await authHandler.IsValid(IdentityRepo, Request.Method, Request.Path)) { return HttpUnauthorized(); }
if (!await authHandler.FulFill(IdentityRepo, req)) { return HttpUnauthorized(); }
List<Book> readableBooks = new List<Book>();
IEnumerable<Book> books = await Repo.BookManager.ListBooks(userId);
foreach (Book book in books)
{
List<AuthorizationRequirement> bookReqs = new List<AuthorizationRequirement>();
bookReqs.Add(new AuthorizationRequirement
{
AuthResourceType = Authorization.AuthResourceType.User,
ResourceId = userId,
Scopes = Authorization.AuthScopes.Full
});
bookReqs.Add(new AuthorizationRequirement
{
AuthResourceType = Authorization.AuthResourceType.Book,
ResourceId = book.Id,
Scopes = Authorization.AuthScopes.Readable
});
if (await authHandler.FulFillAny(IdentityRepo, bookReqs)) { readableBooks.Add(book); }
}
return new ObjectResult(readableBooks.AsEnumerable());
}
catch (TokenExtractionException) { return HttpUnauthorized(); }
catch (PiggyBankDataNotFoundException) { return HttpUnauthorized(); }
}
public async Task<IActionResult> GetTransactionCount(int accountId, [FromQuery] DateTime? periodStart, [FromQuery] DateTime? periodEnd, [FromHeader] string authorization)
{
Dictionary<string, string> args = new Dictionary<string, string>();
if (periodStart != null) { args.Add("periodStart", Request.Query["periodStart"]); }
if (periodEnd != null) { args.Add("periodEnd", Request.Query["periodEnd"]); }
try
{
Account account = await Repo.AccountManager.FindAccount(accountId, true);
List<AuthorizationRequirement> reqs = new List<AuthorizationRequirement>();
reqs.Add(new AuthorizationRequirement
{
AuthResourceType = Authorization.AuthResourceType.User,
ResourceId = account.Book.UserId,
Scopes = Authorization.AuthScopes.Full
});
reqs.Add(new AuthorizationRequirement
{
AuthResourceType = Authorization.AuthResourceType.Book,
ResourceId = account.Book.Id,
Scopes = Authorization.AuthScopes.Readable
});
reqs.Add(new AuthorizationRequirement
{
AuthResourceType = Authorization.AuthResourceType.Account,
ResourceId = accountId,
Scopes = Authorization.AuthScopes.Readable
});
WebAuthorizationHandler authHandler = new WebAuthorizationHandler(authorization);
if (!await authHandler.IsValid(IdentityRepo, Request.Method, Request.Path, parameters: args)) { return HttpUnauthorized(); }
if (!await authHandler.FulFillAny(IdentityRepo, reqs)) { return HttpUnauthorized(); }
return new ObjectResult(await Repo.AccountManager.GetTransactionCount(accountId, periodStart, periodEnd));
}
catch (TokenExtractionException) { return HttpUnauthorized(); }
catch (PiggyBankDataNotFoundException) { return HttpUnauthorized(); }
catch (PiggyBankDataException e) { return HttpBadRequest(new { error = e.Message }); }
}
public async Task<IActionResult> GetAccounts(int bookId, [FromHeader] string authorization)
{
try
{
Book book = await Repo.BookManager.FindBook(bookId);
List<AuthorizationRequirement> reqs = new List<AuthorizationRequirement>();
reqs.Add(new AuthorizationRequirement
{
AuthResourceType = Authorization.AuthResourceType.User,
ResourceId = book.UserId,
Scopes = Authorization.AuthScopes.Full
});
reqs.Add(new AuthorizationRequirement
{
AuthResourceType = Authorization.AuthResourceType.Book,
ResourceId = book.Id,
Scopes = Authorization.AuthScopes.Readable
});
WebAuthorizationHandler authHandler = new WebAuthorizationHandler(authorization);
if (!await authHandler.IsValid(IdentityRepo, Request.Method, Request.Path)) { return HttpUnauthorized(); }
if (!await authHandler.FulFillAny(IdentityRepo, reqs)) { return HttpUnauthorized(); }
IEnumerable<Account> accounts = await Repo.AccountManager.ListAccounts(book);
return new ObjectResult(accounts);
}
catch (TokenExtractionException) { return HttpUnauthorized(); }
catch (PiggyBankBookException) { return HttpUnauthorized(); }
}
public async Task<IActionResult> PostTag(int bookId, [FromBody] Tag tag, [FromHeader] string authorization)
{
try
{
Book book = await Repo.BookManager.FindBook(bookId);
List<AuthorizationRequirement> reqs = new List<AuthorizationRequirement>();
reqs.Add(new AuthorizationRequirement
{
AuthResourceType = Authorization.AuthResourceType.User,
ResourceId = book.UserId,
Scopes = Authorization.AuthScopes.Full
});
reqs.Add(new AuthorizationRequirement
{
AuthResourceType = Authorization.AuthResourceType.Book,
ResourceId = bookId,
Scopes = Authorization.AuthScopes.Editable
});
WebAuthorizationHandler authHandler = new WebAuthorizationHandler(authorization);
if (!await authHandler.IsValid(IdentityRepo, Request.Method, Request.Path, Request.Body)) { return HttpUnauthorized(); }
if (!await authHandler.FulFillAny(IdentityRepo, reqs)) { return HttpUnauthorized(); }
Tag tagCreated = await Repo.TagManager.CreateTag(book, tag);
return CreatedAtRoute("GetTag", new { controller = "tags", tagId = tagCreated.Id }, tagCreated);
}
catch (TokenExtractionException) { return HttpUnauthorized(); }
catch (PiggyBankDataNotFoundException) { return HttpUnauthorized(); }
catch (PiggyBankDataException e) { return HttpBadRequest(new { error = e.Message }); }
}