using Coscine.Api.Project.Models; using Coscine.ApiCommons; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using System; using System.Linq; namespace Coscine.Api.Project.Controllers { [Authorize] public class SubProjectController : Controller { private readonly Authenticator _authenticator; private readonly SubProjectModel _subProjectModel; public SubProjectController() { _authenticator = new Authenticator(this, Program.Configuration); _subProjectModel = new SubProjectModel(); } [HttpGet("[controller]/{parentId}")] public IActionResult Get(string parentId) { var parentGuid = new Guid(parentId); var projectModel = new ProjectModel(); var projectRoleModel = new ProjectRoleModel(); var user = _authenticator.GetUser(); string[] allowedRoles = { UserRoles.Owner, UserRoles.Member }; allowedRoles = allowedRoles.Select(x => x.ToLower().Trim()).ToArray(); if (projectModel.HasAccess(user, projectModel.GetById(parentGuid), allowedRoles)) { var subProjects = _subProjectModel.GetAllWhere((subProjectM) => (subProjectM.ProjectId == parentGuid // select only subprojects to which the user has access && (from projectRole in subProjectM.SubProject_FK.ProjectRolesProjectIdIds where projectRole.User.Id == user.Id && allowedRoles.Contains(projectRole.Role.DisplayName.ToLower()) select projectRole).Any()) ) .Select((subProject) => projectModel.GetById(subProject.SubProjectId)) .Select((project) => projectModel.CreateReturnObjectFromDatabaseObject(project, parentGuid)) .OrderBy(element => element.DisplayName); return Json(subProjects); } else { return Unauthorized("User is not allowed to create a subproject for the given project id!"); } } } }