ResourceController.cs

using Coscine.Api.Project.Models;
using Coscine.Api.Project.ReturnObjects;
using Coscine.ApiCommons;
using Coscine.ApiCommons.Exceptions;
using Coscine.ApiCommons.Factories;
using Microsoft.AspNetCore.Mvc;
using System;
using System.Linq;
using Newtonsoft.Json.Linq;

namespace Coscine.Api.Project.Controllers
{
    public class ResourceController : Controller
    {
        private readonly Authenticator _authenticator;
        private readonly ResourceModel _resourceModel;

        public ResourceController()
        {
            _authenticator = new Authenticator(this, Program.Configuration);
            _resourceModel = new ResourceModel();
        }
        
        [Route("[controller]")]
        public IActionResult Index()
        {
            return Ok(_authenticator.ValidateAndExecute((user) =>
            {
                return _resourceModel.GetAllWhere((resource) =>                
                    (from projectResource in resource.ProjectResourceResourceIdIds
                            where (from projectRole in projectResource.Project.ProjectRolesProjectIdIds
                                   where projectRole.User == user
                                   && projectRole.Role.DisplayName == "Owner"
                                   select projectRole).Any()
                            select projectResource).Any()
                ).Select((resource) => _resourceModel.CreateReturnObjectFromDatabaseObject(resource));
            }));
        }


        [HttpGet("[controller]/{id}")]
        public IActionResult Get(string id)
        {
            return Ok(_authenticator.ValidateAndExecute((user) =>
            {
                var resource = _resourceModel.GetById(Guid.Parse(id));
                if (_resourceModel.OwnsResource(user, resource))
                {
                    _resourceModel.SetType(resource);
                    return _resourceModel.CreateReturnObjectFromDatabaseObject(resource);
                }
                else
                {
                    throw new NotAuthorizedException("User does not own resource!");
                }
            }));
        }

        [HttpPost("[controller]/{id}")]
        public IActionResult Update(string id)
        {
            return Ok(_authenticator.ValidateAndExecute((user) =>
            {
                ResourceObject resourceObject = ObjectFactory<ResourceObject>.DeserializeFromStream(Request.Body);
                var resource = _resourceModel.GetById(Guid.Parse(id));
                if (_resourceModel.OwnsResource(user, resource))
                {
                    return _resourceModel.UpdateByObject(resource, resourceObject);
                }
                else
                {
                    throw new NotAuthorizedException("The user is not authorized to perform an update on the selected resource!");
                }
            }));
        }

        [HttpDelete("[controller]/{id}")]
        public IActionResult Delete(string id)
        {
            return Ok(_authenticator.ValidateAndExecute((user) =>
            {
                var resource = _resourceModel.GetById(Guid.Parse(id));
                if (_resourceModel.OwnsResource(user, resource))
                {
                    var returnObject = _resourceModel.CreateReturnObjectFromDatabaseObject(resource);
                    _resourceModel.DeleteResource(resource);
                    return returnObject;
                }
                else
                {
                    throw new NotAuthorizedException("The user is not authorized to perform an update on the selected resource!");
                }
            }));
        }

        [HttpPost("[controller]/project/{projectId}")]
        public IActionResult StoreToProject(string projectId)
        {
            return Ok(_authenticator.ValidateAndExecute((user) =>
            {
                ResourceObject resourceObject = ObjectFactory<ResourceObject>.DeserializeFromStream(Request.Body);

                ProjectModel projectModel = new ProjectModel();
                var project = projectModel.GetById(Guid.Parse(projectId));
                if (projectModel.OwnsProject(user, project))
                {
                    var resource = _resourceModel.StoreFromObject(resourceObject);

                    projectModel.AddResource(project, resource);

                    return _resourceModel.CreateReturnObjectFromDatabaseObject(resource);
                }
                else
                {
                    throw new NotAuthorizedException("The user is not authorized to add a new resource to the selected project!");
                }                
            }));
        }
    }
}