Select Git revision
-
Marcel Nellesen authoredMarcel Nellesen authored
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
ResourceController.cs 5.89 KiB
using Coscine.Api.Project.Models;
using Coscine.Api.Project.ReturnObjects;
using Coscine.ApiCommons;
using Coscine.ApiCommons.Factories;
using Microsoft.AspNetCore.Mvc;
using System;
using System.Linq;
using Coscine.Action;
using Coscine.Configuration;
using Coscine.Action.EventArgs;
using Microsoft.AspNetCore.Authorization;
using Newtonsoft.Json.Linq;
using Coscine.Database.Model;
namespace Coscine.Api.Project.Controllers
{
[Authorize]
public class ResourceController : Controller
{
private readonly Authenticator _authenticator;
private readonly ResourceModel _resourceModel;
private readonly IConfiguration _configuration;
private readonly Emitter _emitter;
public ResourceController()
{
_authenticator = new Authenticator(this, Program.Configuration);
_configuration = Program.Configuration;
_resourceModel = new ResourceModel();
_emitter = new Emitter(this._configuration);
}
[Route("[controller]")]
public IActionResult Index()
{
var user = _authenticator.GetUser();
return Json(_resourceModel.GetAllWhere((resource) =>
(from projectResource in resource.ProjectResourceResourceIdIds
where (from projectRole in projectResource.Project.ProjectRolesProjectIdIds
where projectRole.User == user
&& (projectRole.Role.DisplayName == "Owner" || projectRole.Role.DisplayName == "Member")
select projectRole).Any()
select projectResource).Any()
).Select((resource) => _resourceModel.CreateReturnObjectFromDatabaseObject(resource)));
}
[HttpGet("[controller]/{id}")]
public IActionResult Get(string id)
{
var resource = _resourceModel.GetById(Guid.Parse(id));
var user = _authenticator.GetUser();
if (_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member))
{
_resourceModel.SetType(resource);
return Json(_resourceModel.CreateReturnObjectFromDatabaseObject(resource));
}
else
{
return Unauthorized("User does not own resource!");
}
}
[HttpGet("[controller]/resource/{id}/isCreator")]
public IActionResult IsUserResourceCreator(string id)
{
Resource resource = _resourceModel.GetById(Guid.Parse(id));
var user = _authenticator.GetUser();
var json = new JObject
{
["isResourceCreator"] = resource.Creator.Equals(user.Id)
};
return Json(json);
}
[HttpPost("[controller]/{id}")]
public IActionResult Update(string id)
{
var resourceObject = ObjectFactory<ResourceObject>.DeserializeFromStream(Request.Body);
var resource = _resourceModel.GetById(Guid.Parse(id));
var user = _authenticator.GetUser();
if (_resourceModel.HasAccess(user, resource, UserRoles.Owner) ||
(_resourceModel.HasAccess(user, resource, UserRoles.Member) && resource.Creator.Equals(user.Id)))
{
return Json(_resourceModel.UpdateByObject(resource, resourceObject));
}
else
{
return Unauthorized("The user is not authorized to perform an update on the selected resource!");
}
}
[HttpDelete("[controller]/{id}")]
public IActionResult Delete(string id)
{
var resource = _resourceModel.GetById(Guid.Parse(id));
var user = _authenticator.GetUser();
if (_resourceModel.HasAccess(user, resource, UserRoles.Owner) ||
(_resourceModel.HasAccess(user, resource, UserRoles.Member) && resource.Creator.Equals(user.Id)))
{
var returnObject = _resourceModel.CreateReturnObjectFromDatabaseObject(resource);
_emitter.EmitResourceDelete(new ResourceEventArgs(_configuration)
{
Resource = resource
});
_resourceModel.DeleteResource(resource);
return Json(returnObject);
}
else
{
return Unauthorized("The user is not authorized to perform an update on the selected resource!");
}
}
[HttpPost("[controller]/project/{projectId}")]
public IActionResult StoreToProject(string projectId)
{
var resourceObject = ObjectFactory<ResourceObject>.DeserializeFromStream(Request.Body);
var projectModel = new ProjectModel();
var resourceTypeModel = new ResourceTypeModel();
var isResourceEnabled = resourceTypeModel.GetById(resourceObject.Type.Id).Enabled;
var project = projectModel.GetById(Guid.Parse(projectId));
var user = _authenticator.GetUser();
if (projectModel.HasAccess(user, project, UserRoles.Owner, UserRoles.Member))
{
if (!isResourceEnabled)
{
return Unauthorized("The user is not authorized to add a new resource of this type to the selected project!");
}
resourceObject.Creator = user.Id;
var resource = _resourceModel.StoreFromObject(resourceObject);
projectModel.AddResource(project, resource);
_emitter.EmitResourceCreate(new ResourceEventArgs(_configuration)
{
Resource = resource
});
return Json(_resourceModel.CreateReturnObjectFromDatabaseObject(resource));
}
else
{
return Unauthorized("The user is not authorized to add a new resource to the selected project!");
}
}
}
}