using Coscine.Database.Models;
using Coscine.ApiCommons;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Newtonsoft.Json.Linq;
using System;
using System.Linq;
using Coscine.Database.Util;
using System.Collections.Generic;
namespace Coscine.Api.Project.Controllers
{
/// <summary>
/// This controller represents the action which can be taken with a subproject object
/// </summary>
[Authorize]
public class SubProjectController : Controller
{
private readonly Authenticator _authenticator;
private readonly SubProjectModel _subProjectModel;
/// <summary>
/// SubProjectController specifying a SubProjectModel
/// </summary>
public SubProjectController()
{
_authenticator = new Authenticator(this, Program.Configuration);
_subProjectModel = new SubProjectModel();
}
/// <summary>
/// This method gets the Id of the parent
/// </summary>
/// <param name="parentId">Id of parent</param>
/// <returns>Json Object or Statuscode 401</returns>
[HttpGet("[controller]/{parentId}")]
public IActionResult Get(string parentId)
{
var parentGuid = new Guid(parentId);
var projectModel = new ProjectModel();
var projectRoleModel = new ProjectRoleModel();
var user = _authenticator.GetUser();
string[] allowedRoles = { UserRoles.Owner, UserRoles.Member };
allowedRoles = allowedRoles.Select(x => x.ToLower().Trim()).ToArray();
if (projectModel.HasAccess(user, projectModel.GetById(parentGuid), allowedRoles))
{
var subProjects = _subProjectModel.GetAllWhere((subProjectM) => (subProjectM.ProjectId == parentGuid
// Corrosponing subproject must exist
&& subProjectM.SubProjectNavigation.Deleted == false
// select only subprojects to which the user has access
&& (from projectRole in subProjectM.SubProjectNavigation.ProjectRoles
where projectRole.User.Id == user.Id
&& allowedRoles.Contains(projectRole.Role.DisplayName.ToLower())
select projectRole).Any())
)
.Select((subProject) => projectModel.GetById(subProject.SubProjectId))
.Select((project) => projectModel.CreateReturnObjectFromDatabaseObject(project, parentGuid))
.OrderBy(element => element.DisplayName);
return Json(subProjects);
}
else
{
return Unauthorized("User is not allowed to create a subproject for the given project id!");
}
}
/// <summary>
/// This method retrieves the accessible Parent
/// </summary>
/// <param name="childId">Id of the child</param>
/// <returns>Json or Statuscode 401</returns>
[HttpGet("[controller]/{childId}/accessibleParent")]
public IActionResult GetAccessibleParent(string childId)
{
var childGuid = new Guid(childId);
var projectModel = new ProjectModel();
var projectRoleModel = new ProjectRoleModel();
var user = _authenticator.GetUser();
string[] allowedRoles = { UserRoles.Owner, UserRoles.Member };
allowedRoles = allowedRoles.Select(x => x.ToLower().Trim()).ToArray();
if (projectModel.HasAccess(user, projectModel.GetById(childGuid), allowedRoles))
{
var subProjects = _subProjectModel.GetAllWhere((subProjectM) => (subProjectM.SubProjectId == childGuid)).ToArray();
var json = new JObject();
json["id"] = "00000000-0000-0000-0000-000000000000";
if (subProjects.Count() == 1 && projectModel.HasAccess(user, projectModel.GetById(subProjects[0].ProjectId), allowedRoles))
{
json["id"] = subProjects[0].ProjectId;
}
return Json(json);
}
else
{
return Unauthorized("User is not allowed to create a subproject for the given project id!");
}
}
}
}