ResourceController.cs 5.89 KB
Newer Older
1
using Coscine.Api.Project.Models;
2
using Coscine.Api.Project.ReturnObjects;
3 4
using Coscine.ApiCommons;
using Coscine.ApiCommons.Factories;
5
using Microsoft.AspNetCore.Mvc;
Benedikt Heinrichs's avatar
Benedikt Heinrichs committed
6 7
using System;
using System.Linq;
8 9 10
using Coscine.Action;
using Coscine.Configuration;
using Coscine.Action.EventArgs;
11 12 13
using Microsoft.AspNetCore.Authorization;
using Newtonsoft.Json.Linq;
using Coscine.Database.Model;
Benedikt Heinrichs's avatar
Benedikt Heinrichs committed
14 15 16

namespace Coscine.Api.Project.Controllers
{
17
    [Authorize]
Benedikt Heinrichs's avatar
Benedikt Heinrichs committed
18 19 20
    public class ResourceController : Controller
    {
        private readonly Authenticator _authenticator;
Benedikt Heinrichs's avatar
Benedikt Heinrichs committed
21
        private readonly ResourceModel _resourceModel;
22 23
        private readonly IConfiguration _configuration;
        private readonly Emitter _emitter;
Benedikt Heinrichs's avatar
Benedikt Heinrichs committed
24 25 26

        public ResourceController()
        {
27
            _authenticator = new Authenticator(this, Program.Configuration);
28
            _configuration = Program.Configuration;
Benedikt Heinrichs's avatar
Benedikt Heinrichs committed
29
            _resourceModel = new ResourceModel();
30
            _emitter = new Emitter(this._configuration);
Benedikt Heinrichs's avatar
Benedikt Heinrichs committed
31
        }
32

Benedikt Heinrichs's avatar
Benedikt Heinrichs committed
33 34 35
        [Route("[controller]")]
        public IActionResult Index()
        {
36 37 38 39 40 41 42 43 44
            var user = _authenticator.GetUser();
            return Json(_resourceModel.GetAllWhere((resource) =>
                (from projectResource in resource.ProjectResourceResourceIdIds
                 where (from projectRole in projectResource.Project.ProjectRolesProjectIdIds
                        where projectRole.User == user
                        && (projectRole.Role.DisplayName == "Owner" || projectRole.Role.DisplayName == "Member")
                        select projectRole).Any()
                 select projectResource).Any()
            ).Select((resource) => _resourceModel.CreateReturnObjectFromDatabaseObject(resource)));
Benedikt Heinrichs's avatar
Benedikt Heinrichs committed
45 46 47 48 49 50
        }


        [HttpGet("[controller]/{id}")]
        public IActionResult Get(string id)
        {
51 52 53
            var resource = _resourceModel.GetById(Guid.Parse(id));
            var user = _authenticator.GetUser();
            if (_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member))
54
            {
55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73
                _resourceModel.SetType(resource);
                return Json(_resourceModel.CreateReturnObjectFromDatabaseObject(resource));
            }
            else
            {
                return Unauthorized("User does not own resource!");
            }
        }

        [HttpGet("[controller]/resource/{id}/isCreator")]
        public IActionResult IsUserResourceCreator(string id)
        {
            Resource resource = _resourceModel.GetById(Guid.Parse(id));
            var user = _authenticator.GetUser();
            var json = new JObject
            {
                ["isResourceCreator"] = resource.Creator.Equals(user.Id)
            };
            return Json(json);
Benedikt Heinrichs's avatar
Benedikt Heinrichs committed
74 75 76 77 78
        }

        [HttpPost("[controller]/{id}")]
        public IActionResult Update(string id)
        {
79 80 81 82 83 84
            var resourceObject = ObjectFactory<ResourceObject>.DeserializeFromStream(Request.Body);
            var resource = _resourceModel.GetById(Guid.Parse(id));
            var user = _authenticator.GetUser();

            if (_resourceModel.HasAccess(user, resource, UserRoles.Owner) ||
                (_resourceModel.HasAccess(user, resource, UserRoles.Member) && resource.Creator.Equals(user.Id)))
85
            {
86 87 88 89 90 91
                return Json(_resourceModel.UpdateByObject(resource, resourceObject));
            }
            else
            {
                return Unauthorized("The user is not authorized to perform an update on the selected resource!");
            }
Benedikt Heinrichs's avatar
Benedikt Heinrichs committed
92 93
        }

94 95 96
        [HttpDelete("[controller]/{id}")]
        public IActionResult Delete(string id)
        {
97 98 99 100
            var resource = _resourceModel.GetById(Guid.Parse(id));
            var user = _authenticator.GetUser();
            if (_resourceModel.HasAccess(user, resource, UserRoles.Owner) ||
                (_resourceModel.HasAccess(user, resource, UserRoles.Member) && resource.Creator.Equals(user.Id)))
101
            {
102 103
                var returnObject = _resourceModel.CreateReturnObjectFromDatabaseObject(resource);
                _emitter.EmitResourceDelete(new ResourceEventArgs(_configuration)
104
                {
105 106 107 108 109 110 111 112 113
                    Resource = resource
                });
                _resourceModel.DeleteResource(resource);
                return Json(returnObject);
            }
            else
            {
                return Unauthorized("The user is not authorized to perform an update on the selected resource!");
            }
114 115
        }

L. Ellenbeck's avatar
L. Ellenbeck committed
116 117
        [HttpPost("[controller]/project/{projectId}")]
        public IActionResult StoreToProject(string projectId)
Benedikt Heinrichs's avatar
Benedikt Heinrichs committed
118
        {
119 120
            var resourceObject = ObjectFactory<ResourceObject>.DeserializeFromStream(Request.Body);
            var projectModel = new ProjectModel();
121 122
            var resourceTypeModel = new ResourceTypeModel();
            var isResourceEnabled = resourceTypeModel.GetById(resourceObject.Type.Id).Enabled;
123 124 125 126
            var project = projectModel.GetById(Guid.Parse(projectId));
            var user = _authenticator.GetUser();

            if (projectModel.HasAccess(user, project, UserRoles.Owner, UserRoles.Member))
127
            {
128 129 130 131
                if (!isResourceEnabled)
                {
                    return Unauthorized("The user is not authorized to add a new resource of this type to the selected project!");
                }
132 133 134
                resourceObject.Creator = user.Id;
                var resource = _resourceModel.StoreFromObject(resourceObject);
                projectModel.AddResource(project, resource);
135

136
                _emitter.EmitResourceCreate(new ResourceEventArgs(_configuration)
137
                {
138 139
                    Resource = resource
                });
140

141 142 143 144 145 146
                return Json(_resourceModel.CreateReturnObjectFromDatabaseObject(resource));
            }
            else
            {
                return Unauthorized("The user is not authorized to add a new resource to the selected project!");
            }
Benedikt Heinrichs's avatar
Benedikt Heinrichs committed
147 148 149
        }
    }
}