[HttpGet] //working
public IActionResult GetAllUsers()
{
try
{
if (!HelperMethods.ValidateIsAdmin(_httpContextAccessor))
{
ErrorMessage error = new ErrorMessage("Invalid Role", "Caller must have admin role.");
return(new UnauthorizedObjectResult(error));
}
// get and return all users
List <ReturnableUser> users = new List <ReturnableUser>();
foreach (User user in _context.Users.ToArray())
{
ReturnableUser retUser = new ReturnableUser(user);
users.Add(retUser);
}
return(new OkObjectResult(users));
}
catch (Exception ex)
{
ErrorMessage error = new ErrorMessage("Error retrieving users.", ex.Message);
return(new InternalServerErrorResult(error));
}
}
public IActionResult GetAllUsers()
{
if (!HelperMethods.ValidateIsAdmin(_context, int.Parse(_httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.Actor).Value), _keyAndIV))
{
ErrorMessage error = new ErrorMessage("Invalid Role", "Caller must have admin role.");
return(new UnauthorizedObjectResult(error));
}
// get and return all users
List <ReturnableUser> users = new List <ReturnableUser>();
foreach (User user in _context.Users.ToArray())
{
ReturnableUser retUser = new ReturnableUser(user, _keyAndIV);
users.Add(retUser);
}
return(new OkObjectResult(users));
}
[HttpGet] //working
public string GetAllUsers()
{
if (!HelperMethods.ValidateIsAdmin(_httpContextAccessor))
{
Response.StatusCode = 401;
return(JObject.FromObject(new ErrorMessage("Invalid Role", "n/a", "Caller must have admin role.")).ToString()); // n/a for no args there
}
// format success response.. maybe could be done better but not sure yet
JObject message = JObject.Parse(SuccessMessage._result);
JArray users = new JArray();
foreach (User user in _context.Users.ToArray())
{
ReturnableUser retUser = new ReturnableUser(user);
users.Add(JToken.FromObject(retUser));
}
message.Add(new JProperty("users", users));
return(message.ToString());
}
[HttpPost("{id:int}/folders")] // working
public string User_AddFolder(int id, [FromBody] string folderJson)
{
// verify that the user is either admin or is requesting their own data
if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id))
{
Response.StatusCode = 401;
return(JObject.FromObject(new ErrorMessage("Invalid User", "id accessed: " + id.ToString(), "Caller can only access their information.")).ToString());
}
JObject json = null;
// might want Json verification as own function since all will do it.. we will see
try { json = JObject.Parse(folderJson); } catch (Exception ex) {
Response.StatusCode = 400;
ErrorMessage error = new ErrorMessage("Invalid Json", folderJson, ex.Message);
return(JObject.FromObject(error).ToString());
}
try {
int?pid = json["parent_id"]?.ToObject <int?>(); // parent id
// if user doesnt own the parent or isnt currently admin, we throw error
if (pid != null && _context.Users.Single(a => a.ID == id).Folders.Single(b => b.ID == pid) == null && !HelperMethods.ValidateIsAdmin(_httpContextAccessor))
{
throw new Exception("User must own the parent folder or be admin");
}
// use token in header to to
Folder new_folder = new Folder {
UserID = id, FolderName = json["folder_name"].ToString(), ParentID = pid
};
_context.Folders.Add(new_folder); // add new folder
// only update parent if needed
if (pid != null)
{
Folder parent_folder = _context.Users.Single(a => a.ID == id).Folders.Single(b => b.ID == pid); // this makes sure that the parent folder is owned by our user
parent_folder.HasChild = true;
_context.Folders.Update(parent_folder); // register to parent that is now has at least 1 child
}
_context.SaveChanges();
} catch (Exception ex) {
Response.StatusCode = 500;
return(JObject.FromObject(new ErrorMessage("Error creating new folder.", folderJson, ex.Message)).ToString());
}
return(SuccessMessage._result);
}
