using Coscine.Action; using Coscine.Action.EventArgs; using Coscine.Api.Project.Models; using Coscine.Api.Project.ReturnObjects; using Coscine.ApiCommons; using Coscine.ApiCommons.Factories; using Microsoft.AspNetCore.Mvc; using System; using System.Linq; using Coscine.Configuration; using Microsoft.AspNetCore.Authorization; using System.Collections.Generic; namespace Coscine.Api.Project.Controllers { [Authorize] public class ProjectController : Controller { private readonly Authenticator _authenticator; private readonly ProjectModel _projectModel; private readonly IConfiguration _configuration; private readonly Emitter _emitter; public ProjectController() { _authenticator = new Authenticator(this, Program.Configuration); _configuration = Program.Configuration; _projectModel = new ProjectModel(); _emitter = new Emitter(_configuration); } [Route("[controller]")] public IActionResult Index() { var user = _authenticator.GetUser(); return Ok(_projectModel.GetWithAccess(user, UserRoles.Member, UserRoles.Owner).ToList() .Select((project) => _projectModel.CreateReturnObjectFromDatabaseObject(project)) .OrderBy(element => element.DisplayName) ); } [HttpGet("[controller]/{id}")] public IActionResult Get(string id) { var user = _authenticator.GetUser(); var project = _projectModel.GetById(Guid.Parse(id)); if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner)) { SubProjectModel subProjectModel = new SubProjectModel(); var subProjectRel = subProjectModel.GetAllWhere((subProject) => subProject.SubProjectId == project.Id); var parentProjectRelation = subProjectRel.FirstOrDefault(); if (parentProjectRelation != null && _projectModel.HasAccess(user, parentProjectRelation.ProjectId, UserRoles.Member, UserRoles.Owner)) { return Ok(_projectModel.CreateReturnObjectFromDatabaseObject(project, parentProjectRelation.ProjectId)); } return Ok(_projectModel.CreateReturnObjectFromDatabaseObject(project)); } else { return Unauthorized($"User is not allowed to see given the project {id}"); } } [HttpGet("[controller]/{id}/resources")] public IActionResult GetResources(string id) { var project = _projectModel.GetById(Guid.Parse(id)); var user = _authenticator.GetUser(); var resourceModel = new ResourceModel(); var resourceTypeModel = new ResourceTypeModel(); if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner)) { return Json(resourceModel.GetAllWhere((resource) => (from projectResource in resource.ProjectResourceResourceIdIds where projectResource.ProjectId == project.Id select projectResource).Any()) .Select((resource) => { return resourceModel.CreateReturnObjectFromDatabaseObject(resource); }).OrderBy(element => element.DisplayName)); } else { return Unauthorized($"User is not allowed to see given the project {id}"); } } [HttpPost("[controller]/{id}")] public IActionResult Update(string id) { var user = _authenticator.GetUser(); var projectObject = ObjectFactory.DeserializeFromStream(Request.Body); var project = _projectModel.GetById(Guid.Parse(id)); if(_projectModel.HasAccess(user, project, UserRoles.Owner)) { return Ok(_projectModel.UpdateByObject(project, projectObject)); } else { return Unauthorized("The user is not authorized to perform an update on the selected project!"); } } [HttpDelete("[controller]/{id}")] public IActionResult Delete(string id) { var user = _authenticator.GetUser(); var project = _projectModel.GetById(Guid.Parse(id)); if (_projectModel.HasAccess(user, project, UserRoles.Owner)) { DeleteProject(project); return Json(_projectModel.CreateReturnObjectFromDatabaseObject(project)); } else { return Unauthorized("The user is not authorized to perform an update on the selected project!"); } } public void DeleteProject(Database.Model.Project project) { var subProjectModel = new SubProjectModel(); foreach(var subProject in subProjectModel.GetAllWhere((subProject) => subProject.ProjectId == project.Id)) { subProjectModel.Delete(subProject); DeleteProject(_projectModel.GetById(subProject.SubProjectId)); } foreach (var subProject in subProjectModel.GetAllWhere((subProject) => subProject.SubProjectId == project.Id)) { subProjectModel.Delete(subProject); } var projectResourceModel = new ProjectResourceModel(); ResourceModel resourceModel = new ResourceModel(); foreach (var projectResource in projectResourceModel.GetAllWhere((projectResource) => projectResource.ProjectId == project.Id)) { projectResourceModel.Delete(projectResource); resourceModel.Delete(resourceModel.GetById(projectResource.ResourceId)); } var projectRoleModel = new ProjectRoleModel(); foreach (var projectRole in projectRoleModel.GetAllWhere((projectRole) => projectRole.ProjectId == project.Id)) { projectRoleModel.Delete(projectRole); } var projectDisciplineModel = new ProjectDisciplineModel(); foreach (var projectDiscipline in projectDisciplineModel.GetAllWhere((projectDiscipline) => projectDiscipline.ProjectId == project.Id)) { projectDisciplineModel.Delete(projectDiscipline); } var projectInstituteModel = new ProjectInstituteModel(); foreach (var projectInstitute in projectInstituteModel.GetAllWhere((projectInstitute) => projectInstitute.ProjectId == project.Id)) { projectInstituteModel.Delete(projectInstitute); } _emitter.EmitProjectDelete(new ProjectEventArgs(_configuration) { Project = project }); _projectModel.Delete(project); } [HttpPost("[controller]")] public IActionResult Store() { var user = _authenticator.GetUser(); var projectObject = ObjectFactory.DeserializeFromStream(Request.Body); if (projectObject.ParentId != null && projectObject.ParentId != new Guid() && !_projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Owner)) { return Unauthorized("User is not allowed to create SubProjects."); } var project = _projectModel.StoreFromObject(projectObject, user); if (projectObject.ParentId != null && projectObject.ParentId != new Guid() // for now, only an owner can add subprojects to projects && _projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Owner)) { var subProjectModel = new SubProjectModel(); subProjectModel.LinkSubProject(projectObject.ParentId, project.Id); } _emitter.EmitProjectCreate(new ProjectEventArgs(_configuration) { Project = project, ProjectOwner = user }); return Json(_projectModel.CreateReturnObjectFromDatabaseObject(project)); } } }