using Coscine.Api.Project.Models; using Coscine.Api.Project.ReturnObjects; using Coscine.ApiCommons; using Coscine.ApiCommons.Factories; using Microsoft.AspNetCore.Mvc; using System; using System.Linq; using Coscine.Action; using Coscine.Configuration; using Coscine.Action.EventArgs; using Microsoft.AspNetCore.Authorization; using Newtonsoft.Json.Linq; using Coscine.Database.Model; namespace Coscine.Api.Project.Controllers { [Authorize] public class ResourceController : Controller { private readonly Authenticator _authenticator; private readonly ResourceModel _resourceModel; private readonly IConfiguration _configuration; private readonly Emitter _emitter; public ResourceController() { _authenticator = new Authenticator(this, Program.Configuration); _configuration = Program.Configuration; _resourceModel = new ResourceModel(); _emitter = new Emitter(this._configuration); } [Route("[controller]")] public IActionResult Index() { var user = _authenticator.GetUser(); return Json(_resourceModel.GetAllWhere((resource) => (from projectResource in resource.ProjectResourceResourceIdIds where (from projectRole in projectResource.Project.ProjectRolesProjectIdIds where projectRole.User == user && (projectRole.Role.DisplayName == "Owner" || projectRole.Role.DisplayName == "Member") select projectRole).Any() select projectResource).Any() ).Select((resource) => _resourceModel.CreateReturnObjectFromDatabaseObject(resource))); } [HttpGet("[controller]/{id}")] public IActionResult Get(string id) { var resource = _resourceModel.GetById(Guid.Parse(id)); var user = _authenticator.GetUser(); if (_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member)) { _resourceModel.SetType(resource); return Json(_resourceModel.CreateReturnObjectFromDatabaseObject(resource)); } else { return Unauthorized("User does not own resource!"); } } [HttpGet("[controller]/resource/{id}/isCreator")] public IActionResult IsUserResourceCreator(string id) { Resource resource = _resourceModel.GetById(Guid.Parse(id)); var user = _authenticator.GetUser(); var json = new JObject { ["isResourceCreator"] = resource.Creator.Equals(user.Id) }; return Json(json); } [HttpPost("[controller]/{id}")] public IActionResult Update(string id) { var resourceObject = ObjectFactory.DeserializeFromStream(Request.Body); var resource = _resourceModel.GetById(Guid.Parse(id)); var user = _authenticator.GetUser(); if (_resourceModel.HasAccess(user, resource, UserRoles.Owner) || (_resourceModel.HasAccess(user, resource, UserRoles.Member) && resource.Creator.Equals(user.Id))) { return Json(_resourceModel.UpdateByObject(resource, resourceObject)); } else { return Unauthorized("The user is not authorized to perform an update on the selected resource!"); } } [HttpDelete("[controller]/{id}")] public IActionResult Delete(string id) { var resource = _resourceModel.GetById(Guid.Parse(id)); var user = _authenticator.GetUser(); if (_resourceModel.HasAccess(user, resource, UserRoles.Owner) || (_resourceModel.HasAccess(user, resource, UserRoles.Member) && resource.Creator.Equals(user.Id))) { var returnObject = _resourceModel.CreateReturnObjectFromDatabaseObject(resource); _emitter.EmitResourceDelete(new ResourceEventArgs(_configuration) { Resource = resource }); _resourceModel.DeleteResource(resource); return Json(returnObject); } else { return Unauthorized("The user is not authorized to perform an update on the selected resource!"); } } [HttpPost("[controller]/project/{projectId}")] public IActionResult StoreToProject(string projectId) { var resourceObject = ObjectFactory.DeserializeFromStream(Request.Body); var projectModel = new ProjectModel(); var resourceTypeModel = new ResourceTypeModel(); var isResourceEnabled = resourceTypeModel.GetById(resourceObject.Type.Id).Enabled; var project = projectModel.GetById(Guid.Parse(projectId)); var user = _authenticator.GetUser(); if (projectModel.HasAccess(user, project, UserRoles.Owner, UserRoles.Member)) { if (!isResourceEnabled) { return Unauthorized("The user is not authorized to add a new resource of this type to the selected project!"); } resourceObject.Creator = user.Id; var resource = _resourceModel.StoreFromObject(resourceObject); projectModel.AddResource(project, resource); _emitter.EmitResourceCreate(new ResourceEventArgs(_configuration) { Resource = resource }); return Json(_resourceModel.CreateReturnObjectFromDatabaseObject(resource)); } else { return Unauthorized("The user is not authorized to add a new resource to the selected project!"); } } } }