L. Ellenbeck · cbed3869 · 89f51f00 · cbed3869
--- a/src/Project/Controllers/ProjectController.cs

+ 207

− 0
+++ b/src/Project/Controllers/ProjectController.cs

+ 207

− 0
 using Coscine.Action;
 using Coscine.Action.EventArgs;
+using Coscine.Action.Utils;
 using Coscine.Api.Project.ParameterObjects;
 using Coscine.Api.Project.ReturnObjects;
 using Coscine.ApiCommons;
 @@ -15,6 +16,7 @@ using Coscine.ResourceLoader;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
+using Newtonsoft.Json.Linq;
 using System;
 using System.Collections.Generic;
 using System.Linq;
 @@ -39,6 +41,9 @@ namespace Coscine.Api.Project.Controllers
        private readonly ResourceModel _resourceModel;
        private readonly CoscineLogger _coscineLogger;
        private readonly VisibilityModel _visibilityModel;
+        private readonly InvitationModel _invitationModel;
+        private readonly RoleModel _roleModel;
+        private readonly UserModel _userModel;
        private readonly int _maxAvailable = 100;

        /// <summary>
 @@ -58,6 +63,9 @@ namespace Coscine.Api.Project.Controllers
            _projectQuotaModel = new ProjectQuotaModel();
            _coscineLogger = new CoscineLogger(logger);
            _visibilityModel = new VisibilityModel();
+            _invitationModel = new InvitationModel();
+            _roleModel = new RoleModel();
+            _userModel = new UserModel();
        }

        /// <summary>
 @@ -506,6 +514,11 @@ namespace Coscine.Api.Project.Controllers
                    _projectQuotaModel.Delete(projectQuota);
                }

+                foreach (var invitation in _invitationModel.GetAllWhere((x) => x.Project == project.Id))
+                {
+                    _invitationModel.Delete(invitation);
+                }
+
                _activatedFeaturesModel.DeactivateAllFeatures(project);

                if (propegateAction)
 @@ -562,6 +575,200 @@ namespace Coscine.Api.Project.Controllers
            return Json(_projectModel.CreateReturnObjectFromDatabaseObject(project));
        }

+        /// <summary>
+        /// List all invitations of a project.
+        /// </summary>
+        /// <param name="projectId">Project id of the project</param>
+        /// <returns>List of invitations</returns>
+        [HttpGet("[controller]/invitation/list/{projectId}")]
+        public ActionResult<IEnumerable<InvitationReturnObject>> ListInvitations(Guid projectId)
+        {
+            var project = _projectModel.GetById(projectId);
+
+            if (project == null)
+            {
+                return NotFound($@"The project ""{projectId}"" was not found.");
+            }
+
+            var user = _authenticator.GetUser();
+
+            if (!_projectModel.HasAccess(user, project, UserRoles.Owner))
+            {
+                return Unauthorized($"You are not an owner of the project.");
+            }
+
+            var invitations = _invitationModel.GetAllWhere(x => x.Project == projectId && x.Expiration > DateTime.UtcNow)
+                .Select(x => new InvitationReturnObject
+                {
+                    Id = x.Id,
+                    Expiration = x.Expiration,
+                    Issuer = x.Issuer,
+                    ProjectId = x.Project,
+                    RoleId = x.Role,
+                    UserMail = x.InviteeEmail 
+                });
+
+            return new ActionResult<IEnumerable<InvitationReturnObject>>(invitations);
+        }
+
+        /// <summary>
+        /// Create and send an invitation to specified mail.
+        /// </summary>
+        /// <param name="sendInvitationObject">Informations for sending an invitation</param>
+        /// <returns>NoContent</returns>
+        [HttpPost("[controller]/invitation")]
+        public IActionResult SendInvitation(SendInvitationObject sendInvitationObject)
+        {
+            var user = _authenticator.GetUser();
+
+            if (!IsValidEmail(sendInvitationObject.Mail))
+            {
+                return BadRequest($@"The email ""{sendInvitationObject.Mail}"" is invalid.");
+            }
+
+            var project = _projectModel.GetById(sendInvitationObject.Project);
+
+            if (project == null)
+            {
+                return NotFound($@"The project ""{sendInvitationObject.Project}"" was not found.");
+            }
+
+            if (_roleModel.GetById(sendInvitationObject.Role) == null)
+            {
+                return NotFound($@"The role ""{sendInvitationObject.Role}"" was not found.");
+            }
+
+            if (!_projectModel.HasAccess(user, project, UserRoles.Owner))
+            {
+                return Unauthorized($"You are not an owner of the project.");
+            }
+
+            var invitations = _invitationModel.GetAllWhere(
+                x => x.Project == sendInvitationObject.Project &&
+                     x.InviteeEmail == sendInvitationObject.Mail &&
+                     x.Expiration > DateTime.UtcNow
+            );
+
+            if (invitations != null && invitations.Any())
+            {
+                return BadRequest("This invitee already has a valid invitation to this project.");
+            }
+
+            var token = _invitationModel.CreateInvitation(sendInvitationObject.Project, user.Id, sendInvitationObject.Role, sendInvitationObject.Mail);
+
+            var body = new JObject
+            {
+                ["Args"] = new JObject()
+                {
+                    ["placeholder"] = new JObject()
+                    {
+                        ["confirmation_link"] = $@"{_configuration.GetString("coscine/local/api/additional/url")}/invitation?token={token}"
+                    }
+                }
+            };
+
+            NotificationBusUtil.Send(Program.Configuration, "user_invitation", NotificationBusUtil.GetUserList(new User { EmailAddress = sendInvitationObject.Mail }), sendInvitationObject.Project.ToString(), body);
+
+            return NoContent();
+        }
+
+        /// <summary>
+        /// Deletes an invitation.
+        /// </summary>
+        /// <param name="invitationId">Id of a invitation</param>
+        /// <returns>NoContent</returns>
+        [HttpDelete("[controller]/invitation/{invitationId}")]
+        public IActionResult DeleteInvitation(Guid invitationId)
+        {
+            var invitation = _invitationModel.GetById(invitationId);
+
+            if(invitation == null)
+            {
+                return NotFound("Invitation was not found.");
+            }
+
+            var user = _authenticator.GetUser();
+
+            if (!_projectModel.HasAccess(user, _projectModel.GetById(invitation.Project), UserRoles.Owner))
+            {
+                return Unauthorized($"You are not an owner of this project.");
+            }
+
+            _invitationModel.Delete(invitation);
+
+            return NoContent();
+        }
+
+        /// <summary>
+        /// Resolve an invitation for the current user.
+        /// </summary>
+        /// <param name="token">Token of a invitation</param>
+        /// <returns>NoContent</returns>
+        [HttpGet("[controller]/invitation/resolve/{token}")]
+        public IActionResult ResolveInvitation(Guid token)
+        {
+            var user = _authenticator.GetUser();
+
+            var invitation = _invitationModel.GetByToken(token);
+
+            if(invitation == null)
+            {
+                return NotFound("Invitation was not found.");
+            }
+
+            if (invitation.Expiration < DateTime.UtcNow)
+            {
+                return BadRequest("The invitation has expired");
+            }
+
+            var project = _projectModel.GetById(invitation.Project);
+
+            if (!_projectModel.HasAccess(_userModel.GetById(invitation.Issuer), project, UserRoles.Owner))
+            {
+                return Unauthorized($"The issuer is not an owner of the project.");
+            }
+
+            if (_projectRoleModel.GetAllWhere(x => x.ProjectId == invitation.Project && x.UserId == user.Id).Any())
+            {
+                return BadRequest($"The invitee is already part of the project.");
+            }
+
+            var role = _roleModel.GetById(invitation.Role);
+
+            _emitter.EmitUserAdd(new UserEventArgs(_configuration)
+            {
+                Project = project,
+                Role = role,
+                User = user,
+            });
+
+            var projectRole = new ProjectRole()
+            {
+                RelationId = Guid.NewGuid(),
+                ProjectId = invitation.Project,
+                UserId = user.Id,
+                RoleId = invitation.Role
+            };
+
+            _projectRoleModel.Insert(projectRole);
+
+            _invitationModel.Delete(invitation);
+
+            return Ok($"User {user.Id} is now {role.DisplayName} of project {project.Id}.");
+        }
+
+        private static bool IsValidEmail(string email)
+        {
+            try
+            {
+                return new System.Net.Mail.MailAddress(email).Address == email;
+            }
+            catch
+            {
+                return false;
+            }
+        }
+
        /// <summary>
        /// Checks if the given user is a member of the RWTH 
        /// </summary>