UNOV/manager-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
manager-service/ManagerService/Controllers/UserController.cs

261 lines
9.7 KiB
C#
Raw Blame History

using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Manager.Services;
using ManagerService.Data;
using ManagerService.DTOs;
using ManagerService.Helpers;
using ManagerService.Service;
using ManagerService.Services;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
using NSwag.Annotations;
namespace ManagerService.Controllers
{
[Authorize(Policy = ManagerService.Service.Security.Policies.InstanceAdmin)]
[ApiController, Route("api/[controller]")]
[OpenApiTag("User", Description = "User management")]
public class UserController : ControllerBase
{
private UserDatabaseService _userService;
private readonly ILogger<UserController> _logger;
private readonly ProfileLogic _profileLogic;
private readonly MyInfoMateDbContext _myInfoMateDbContext;
IHexIdGeneratorService idService = new HexIdGeneratorService();
public UserController(ILogger<UserController> logger, UserDatabaseService userService, ProfileLogic profileLogic, MyInfoMateDbContext myInfoMateDbContext)
{
_logger = logger;
_userService = userService;
_profileLogic = profileLogic;
_myInfoMateDbContext = myInfoMateDbContext;
}
private string? GetCallerInstanceId() =>
User.FindFirst(ManagerService.Service.Security.ClaimTypes.InstanceId)?.Value;
private bool IsSuperAdmin() =>
User.HasClaim(ManagerService.Service.Security.ClaimTypes.Permission, ManagerService.Service.Security.Permissions.SuperAdmin);
private UserRole GetCallerRole()
{
if (User.HasClaim(ManagerService.Service.Security.ClaimTypes.Permission, ManagerService.Service.Security.Permissions.SuperAdmin)) return UserRole.SuperAdmin;
if (User.HasClaim(ManagerService.Service.Security.ClaimTypes.Permission, ManagerService.Service.Security.Permissions.InstanceAdmin)) return UserRole.InstanceAdmin;
if (User.HasClaim(ManagerService.Service.Security.ClaimTypes.Permission, ManagerService.Service.Security.Permissions.ContentEditor)) return UserRole.ContentEditor;
return UserRole.Viewer;
}
/// <summary>
/// Get a list of user
/// </summary>
[ProducesResponseType(typeof(List<UserDetailDTO>), 200)]
[ProducesResponseType(typeof(string), 500)]
[HttpGet]
public ObjectResult Get()
{
try
{
var query = _myInfoMateDbContext.Users.AsQueryable();
if (!IsSuperAdmin())
query = query.Where(u => u.InstanceId == GetCallerInstanceId());
return new OkObjectResult(query.ToList().Select(u => u.ToDTO()));
}
catch (Exception ex)
{
return new ObjectResult(ex.Message) { StatusCode = 500 };
}
}
/// <summary>
/// Get a specific user
/// </summary>
/// <param name="id">id user</param>
[ProducesResponseType(typeof(UserDetailDTO), 200)]
[ProducesResponseType(typeof(string), 404)]
[ProducesResponseType(typeof(string), 500)]
[HttpGet("{id}")]
public ObjectResult GetDetail(string id)
{
try
{
User user = _myInfoMateDbContext.Users.FirstOrDefault(i => i.Id == id);
if (user == null)
throw new KeyNotFoundException("This user was not found");
return new OkObjectResult(user.ToDTO());
}
catch (KeyNotFoundException ex)
{
return new NotFoundObjectResult(ex.Message) {};
}
catch (Exception ex)
{
return new ObjectResult(ex.Message) { StatusCode = 500 };
}
}
/// <summary>
/// Create an user
/// </summary>
/// <param name="newUserDTO">New user info</param>
[ProducesResponseType(typeof(UserDetailDTO), 200)]
[ProducesResponseType(typeof(string), 400)]
[ProducesResponseType(typeof(string), 409)]
[ProducesResponseType(typeof(string), 500)]
[HttpPost]
public ObjectResult CreateUser([FromBody] UserDetailDTO newUserDTO)
{
try
{
if (newUserDTO == null)
throw new ArgumentNullException("User param is null");
if (newUserDTO.instanceId == null)
throw new ArgumentNullException("InstanceId is null");
if (newUserDTO.password == null)
throw new ArgumentNullException("Password is null");
var requestedRole = newUserDTO.role ?? UserRole.ContentEditor;
if (requestedRole < GetCallerRole())
throw new UnauthorizedAccessException("Cannot assign a role higher than your own");
User newUser = new User();
newUser.InstanceId = newUserDTO.instanceId;
newUser.Email = newUserDTO.email;
newUser.FirstName = newUserDTO.firstName;
newUser.LastName = newUserDTO.lastName;
newUser.Role = requestedRole;
newUser.Token = Guid.NewGuid().ToString();
newUser.DateCreation = DateTime.Now.ToUniversalTime();
newUser.Id = idService.GenerateHexId();
if (_myInfoMateDbContext.Users.Any(u => u.Email == newUser.Email))
throw new InvalidOperationException("This Email is already used");
newUser.Password = _profileLogic.HashPassword(newUserDTO.password);
_myInfoMateDbContext.Add(newUser);
_myInfoMateDbContext.SaveChanges();
return new OkObjectResult(newUser.ToDTO());
}
catch (ArgumentNullException ex)
{
return new BadRequestObjectResult(ex.Message) {};
}
catch (UnauthorizedAccessException ex)
{
return new ObjectResult(ex.Message) { StatusCode = 403 };
}
catch (InvalidOperationException ex)
{
return new ConflictObjectResult(ex.Message) {};
}
catch (Exception ex)
{
return new ObjectResult(ex.Message) { StatusCode = 500 };
}
}
/// <summary>
/// Update an user
/// </summary>
/// <param name="updatedUser">User to update</param>
[ProducesResponseType(typeof(UserDetailDTO), 200)]
[ProducesResponseType(typeof(string), 400)]
[ProducesResponseType(typeof(string), 404)]
[ProducesResponseType(typeof(string), 500)]
[HttpPut]
public ObjectResult UpdateUser([FromBody] UserDetailDTO updatedUser)
{
try
{
if (updatedUser == null)
throw new ArgumentNullException("User param is null");
User user = _myInfoMateDbContext.Users.FirstOrDefault(u => u.Id == updatedUser.id);
if (user == null)
throw new KeyNotFoundException("User does not exist");
user.FirstName = updatedUser.firstName;
user.LastName = updatedUser.lastName;
if (updatedUser.role.HasValue)
{
if (updatedUser.role.Value < GetCallerRole())
throw new UnauthorizedAccessException("Cannot assign a role higher than your own");
user.Role = updatedUser.role.Value;
}
_myInfoMateDbContext.SaveChanges();
return new OkObjectResult(user.ToDTO());
}
catch (ArgumentNullException ex)
{
return new BadRequestObjectResult(ex.Message) {};
}
catch (UnauthorizedAccessException ex)
{
return new ObjectResult(ex.Message) { StatusCode = 403 };
}
catch (KeyNotFoundException ex)
{
return new NotFoundObjectResult(ex.Message) {};
}
catch (Exception ex)
{
return new ObjectResult(ex.Message) { StatusCode = 500 };
}
}
/// <summary>
/// Delete an user
/// </summary>
/// <param name="id">Id of user to delete</param>
[ProducesResponseType(typeof(string), 202)]
[ProducesResponseType(typeof(string), 400)]
[ProducesResponseType(typeof(string), 404)]
[ProducesResponseType(typeof(string), 500)]
[HttpDelete("{id}")]
public ObjectResult DeleteUser(string id)
{
try
{
if (id == null)
throw new ArgumentNullException("User param is null");
User user = _myInfoMateDbContext.Users.FirstOrDefault(u => u.Id == id);
if (user == null)
throw new KeyNotFoundException("User does not exist");
_myInfoMateDbContext.Remove(user);
_myInfoMateDbContext.SaveChanges();
return new ObjectResult("The user has been deleted") { StatusCode = 202 };
}
catch (ArgumentNullException ex)
{
return new BadRequestObjectResult(ex.Message) { };
}
catch (KeyNotFoundException ex)
{
return new NotFoundObjectResult(ex.Message) { };
}
catch (Exception ex)
{
return new ObjectResult(ex.Message) { StatusCode = 500 };
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink