SubProjectController.cs 2.58 KB
Newer Older
David Schimmel's avatar
David Schimmel committed
1
using Coscine.Api.Project.Models;
David Schimmel's avatar
David Schimmel committed
2
using Coscine.ApiCommons;
3
using Microsoft.AspNetCore.Authorization;
David Schimmel's avatar
David Schimmel committed
4 5 6 7 8 9
using Microsoft.AspNetCore.Mvc;
using System;
using System.Linq;

namespace Coscine.Api.Project.Controllers
{
10
    [Authorize]
David Schimmel's avatar
David Schimmel committed
11
    public class SubProjectController : Controller
David Schimmel's avatar
David Schimmel committed
12 13
    {
        private readonly Authenticator _authenticator;
Benedikt Heinrichs's avatar
Benedikt Heinrichs committed
14
        private readonly SubProjectModel _subProjectModel;
David Schimmel's avatar
David Schimmel committed
15

David Schimmel's avatar
David Schimmel committed
16 17 18
        public SubProjectController()
        {
            _authenticator = new Authenticator(this, Program.Configuration);
Benedikt Heinrichs's avatar
Benedikt Heinrichs committed
19
            _subProjectModel = new SubProjectModel();
David Schimmel's avatar
David Schimmel committed
20 21 22
        }

        [HttpGet("[controller]/{parentId}")]
David Schimmel's avatar
David Schimmel committed
23 24
        public IActionResult Get(string parentId)
        {
25 26
            var parentGuid = new Guid(parentId);
            var projectModel = new ProjectModel();
27
            var projectRoleModel = new ProjectRoleModel();
28
            var user = _authenticator.GetUser();
29 30 31
            string[] allowedRoles = { UserRoles.Owner, UserRoles.Member };
            allowedRoles = allowedRoles.Select(x => x.ToLower().Trim()).ToArray();
            if (projectModel.HasAccess(user, projectModel.GetById(parentGuid), allowedRoles))
David Schimmel's avatar
David Schimmel committed
32
            {
33 34 35 36 37 38 39
                var subProjects = _subProjectModel.GetAllWhere((subProjectM) => (subProjectM.ProjectId == parentGuid 
                                                                                 // select only subprojects to which the user has access
                                                                                 && (from projectRole in subProjectM.SubProject_FK.ProjectRolesProjectIdIds
                                                                                     where projectRole.User.Id == user.Id 
                                                                                     && allowedRoles.Contains(projectRole.Role.DisplayName.ToLower())
                                                                                     select projectRole).Any())
                                                                                 )
40 41 42 43 44 45 46 47 48
                                                    .Select((subProject) => projectModel.GetById(subProject.SubProjectId))
                                                    .Select((project) => projectModel.CreateReturnObjectFromDatabaseObject(project, parentGuid))
                                                    .OrderBy(element => element.DisplayName);
                return Json(subProjects);
            }
            else
            {
                return Unauthorized("User is not allowed to create a subproject for the given project id!");
            }
David Schimmel's avatar
David Schimmel committed
49 50 51
        }
    }
}