Skip to content
Snippets Groups Projects

Sprint/202000

Merged Marcel Nellesen requested to merge Product/306-rightsAndRoles into Sprint/202000
10 files
+ 106
35
Compare changes
  • Side-by-side
  • Inline

Files

@@ -6,9 +6,11 @@ using Microsoft.AspNetCore.Mvc;
using System;
using System.Linq;
using System.ComponentModel.DataAnnotations;
using Microsoft.AspNetCore.Authorization;
namespace Coscine.Api.User.Controllers
{
[Authorize]
public class UserController : Controller
{
private readonly Authenticator _authenticator;
@@ -23,50 +25,50 @@ namespace Coscine.Api.User.Controllers
[HttpPost("[controller]/email")]
public IActionResult ChangeContactMail()
{
return Ok(_authenticator.ValidateAndExecute((user) =>
var user = _authenticator.GetUser();
UserObject userObject = ObjectFactory<UserObject>.DeserializeFromStream(Request.Body);
if (new EmailAddressAttribute().IsValid(userObject.EmailAddress))
{
user.EmailAddress = userObject.EmailAddress;
return Ok(_userModel.Update(user));
}
else
{
UserObject userObject = ObjectFactory<UserObject>.DeserializeFromStream(Request.Body);
if (new EmailAddressAttribute().IsValid(userObject.EmailAddress))
{
user.EmailAddress = userObject.EmailAddress;
return _userModel.Update(user);
}
else
{
throw new FormatException("Incorrect E-Mail format!");
}
}));
throw new FormatException("Incorrect E-Mail format!");
}
}
[HttpGet("[controller]/user")]
public IActionResult GetUser()
{
return Ok(_authenticator.ValidateAndExecute((user) => new UserObject(user.Id, user.DisplayName, user.EmailAddress)));
var user = _authenticator.GetUser();
return Ok(new UserObject(user.Id, user.DisplayName, user.EmailAddress));
}
[HttpGet("[controller]/query/{queryString}/project/{projectId}")]
public IActionResult Query(string queryString, string projectId)
{
return Ok(_authenticator.ValidateAndExecute((user) => {
string lowerQueryString = queryString.ToLower();
Guid.TryParse(projectId, out Guid projectIdGuid);
ProjectModel projectModel = new ProjectModel();
if (projectModel.OwnsProject(user, projectModel.GetById(projectIdGuid)))
{
return _userModel.GetAllWhere((dbUser) =>
(dbUser.DisplayName.ToLower().Contains(lowerQueryString)
|| dbUser.EmailAddress.ToLower().Contains(lowerQueryString))
&& !((from projectRole in dbUser.ProjectRolesUserIdIds
where projectRole.ProjectId == projectIdGuid
select projectRole).Any()))
.Take(10)
.Select((dbUser) => new UserObject(dbUser.Id, dbUser.DisplayName, null));
}
else
{
throw new UnauthorizedAccessException("User is not allowed to query users with respect to given project!");
}
}));
var user = _authenticator.GetUser();
string lowerQueryString = queryString.ToLower();
Guid.TryParse(projectId, out Guid projectIdGuid);
ProjectModel projectModel = new ProjectModel();
if (projectModel.HasAccess(user, projectModel.GetById(projectIdGuid)))
{
return Ok(_userModel.GetAllWhere((dbUser) =>
(dbUser.DisplayName.ToLower().Contains(lowerQueryString)
|| dbUser.EmailAddress.ToLower().Contains(lowerQueryString))
&& !((from projectRole in dbUser.ProjectRolesUserIdIds
where projectRole.ProjectId == projectIdGuid
select projectRole).Any()))
.Take(10)
.Select((dbUser) => new UserObject(dbUser.Id, dbUser.DisplayName, null)));
}
else
{
throw new UnauthorizedAccessException("User is not allowed to query users with respect to given project!");
}
}
}
Loading