Innovenergy_trunk/csharp/App/Backend/Controller.cs

444 lines
14 KiB
C#
Raw Normal View History

2023-03-08 12:20:33 +00:00
using InnovEnergy.App.Backend.Database;
2023-03-15 13:38:06 +00:00
using InnovEnergy.App.Backend.DataTypes;
using InnovEnergy.App.Backend.DataTypes.Methods;
using InnovEnergy.App.Backend.Relations;
using InnovEnergy.Lib.Utils;
2023-02-16 12:57:06 +00:00
using Microsoft.AspNetCore.Mvc;
2023-03-08 12:20:33 +00:00
namespace InnovEnergy.App.Backend.Controllers;
2023-02-16 12:57:06 +00:00
2023-03-20 09:20:56 +00:00
using Token = String;
2023-02-16 12:57:06 +00:00
[ApiController]
2023-03-15 13:38:06 +00:00
[Route("api/")]
2023-03-20 07:33:44 +00:00
public class Controller : ControllerBase
2023-02-16 12:57:06 +00:00
{
2023-03-20 07:33:44 +00:00
[HttpPost(nameof(Login))]
2023-03-20 09:20:56 +00:00
public ActionResult<Session> Login(String username, String password)
2023-02-16 12:57:06 +00:00
{
var user = Db.GetUserByName(username);
if (user is null)
{
throw new Exceptions(400,"Null User Exception", "Must provide a user to log in as.", Request.Path.Value!);
}
if (!(user.Password is null && user.MustResetPassword))
{
if (!user.VerifyPassword(password))
{
//return Unauthorized("No Password set");
throw new Exceptions(401,"Wrong Password Exception", "Please try again.", Request.Path.Value!);
}
}
var session = new Session(user.HidePassword().HideParentIfUserHasNoAccessToParent(user));
//TODO The Frontend should check for the MustResetPassword Flag
2023-03-20 09:20:56 +00:00
return Db.Create(session)
? session
: throw new Exceptions(401,"Session Creation Exception", "Not allowed to log in.", Request.Path.Value!);
2023-02-16 12:57:06 +00:00
}
2023-03-20 07:33:44 +00:00
[HttpPost(nameof(Logout))]
2023-03-20 09:20:56 +00:00
public ActionResult Logout(Token authToken)
{
2023-03-20 09:20:56 +00:00
var session = Db.GetSession(authToken);
2023-03-15 13:38:06 +00:00
return session.Logout()
2023-03-20 07:33:44 +00:00
? Ok()
: Unauthorized();
}
2023-03-09 11:50:21 +00:00
2023-03-20 07:33:44 +00:00
[HttpGet(nameof(GetUserById))]
2023-03-20 09:20:56 +00:00
public ActionResult<User> GetUserById(Int64 id, Token authToken)
{
2023-03-20 09:20:56 +00:00
var session = Db.GetSession(authToken)?.User;
if (session == null)
2023-03-20 07:33:44 +00:00
return Unauthorized();
var user = Db.GetUserById(id);
2023-03-20 09:20:56 +00:00
if (user is null || !session.HasAccessTo(user))
2023-03-20 07:33:44 +00:00
return Unauthorized();
2023-03-16 11:49:25 +00:00
return user.HidePassword().HideParentIfUserHasNoAccessToParent(session);
}
2023-03-15 13:38:06 +00:00
2023-03-20 07:33:44 +00:00
[HttpGet(nameof(GetInstallationById))]
2023-03-20 09:20:56 +00:00
public ActionResult<Installation> GetInstallationById(Int64 id, Token authToken)
{
2023-03-20 09:20:56 +00:00
var user = Db.GetSession(authToken)?.User;
if (user == null)
2023-03-20 07:33:44 +00:00
return Unauthorized();
var installation = Db.GetInstallationById(id);
if (installation is null || !user.HasAccessTo(installation))
2023-03-20 07:33:44 +00:00
return Unauthorized();
return installation.FillOrderNumbers().HideParentIfUserHasNoAccessToParent(user);
}
[HttpGet(nameof(GetUsersWithDirectAccessToInstallation))]
public ActionResult<IEnumerable<Object>> GetUsersWithDirectAccessToInstallation(Int64 id, Token authToken)
{
2023-03-20 09:20:56 +00:00
var user = Db.GetSession(authToken)?.User;
if (user == null)
2023-03-20 07:33:44 +00:00
return Unauthorized();
var installation = Db.GetInstallationById(id);
if (installation is null || !user.HasAccessTo(installation))
2023-03-20 07:33:44 +00:00
return Unauthorized();
2023-03-09 11:50:21 +00:00
return installation
.UsersWithDirectAccess()
.Where(u => u.IsDescendantOf(user))
.Select(u => u.HidePassword())
.ToList();
}
[HttpGet(nameof(GetUsersWithInheritedAccessToInstallation))]
public ActionResult<IEnumerable<Object>> GetUsersWithInheritedAccessToInstallation(Int64 id, Token authToken)
{
var user = Db.GetSession(authToken)?.User;
if (user == null)
return Unauthorized();
var installation = Db.GetInstallationById(id);
if (installation is null || !user.HasAccessTo(installation))
return Unauthorized();
return installation
.Ancestors()
.SelectMany(f => f.UsersWithDirectAccess()
.Where(u => u.IsDescendantOf(user))
.Select(u => new { folderId = f.Id, folderName = f.Name, user = u.HidePassword() }))
.ToList();
}
[HttpGet(nameof(GetUsersWithDirectAccessToFolder))]
public ActionResult<IEnumerable<Object>> GetUsersWithDirectAccessToFolder(Int64 id, Token authToken)
{
2023-03-20 09:20:56 +00:00
var user = Db.GetSession(authToken)?.User;
if (user == null)
2023-03-20 07:33:44 +00:00
return Unauthorized();
var folder = Db.GetFolderById(id);
if (folder is null || !user.HasAccessTo(folder))
2023-03-20 07:33:44 +00:00
return Unauthorized();
return folder
.UsersWithDirectAccess()
.Where(u => u.IsDescendantOf(user))
.Select(u => u.HidePassword())
.ToList();
}
[HttpGet(nameof(GetUsersWithInheritedAccessToFolder))]
public ActionResult<IEnumerable<Object>> GetUsersWithInheritedAccessToFolder(Int64 id, Token authToken)
{
var user = Db.GetSession(authToken)?.User;
if (user == null)
return Unauthorized();
var folder = Db.GetFolderById(id);
if (folder is null || !user.HasAccessTo(folder))
return Unauthorized();
return folder
.Ancestors()
.SelectMany(f => f.UsersWithDirectAccess()
.Where(u => u.IsDescendantOf(user))
.Select(u => new { folderId = f.Id, folderName = f.Name, user = u.HidePassword() }))
.ToList();
}
2023-02-22 13:46:36 +00:00
2023-03-20 07:33:44 +00:00
[HttpGet(nameof(GetFolderById))]
2023-03-20 09:20:56 +00:00
public ActionResult<Folder> GetFolderById(Int64 id, Token authToken)
{
2023-03-20 09:20:56 +00:00
var user = Db.GetSession(authToken)?.User;
if (user == null)
2023-03-20 07:33:44 +00:00
return Unauthorized();
var folder = Db.GetFolderById(id);
if (folder is null || !user.HasAccessTo(folder))
2023-03-20 07:33:44 +00:00
return Unauthorized();
return folder.HideParentIfUserHasNoAccessToParent(user);
}
2023-02-16 14:08:50 +00:00
2023-03-23 14:45:40 +00:00
[HttpGet(nameof(GetAllDirectChildUsers))]
public ActionResult<IEnumerable<User>> GetAllDirectChildUsers(Token authToken)
{
var user = Db.GetSession(authToken)?.User;
if (user == null)
return Unauthorized();
return user.ChildUsers().Select(u => u.HidePassword()).ToList();
}
2023-03-23 14:46:19 +00:00
2023-03-23 14:45:40 +00:00
[HttpGet(nameof(GetAllChildUsers))]
public ActionResult<IEnumerable<User>> GetAllChildUsers(Token authToken)
{
var user = Db.GetSession(authToken)?.User;
if (user == null)
return Unauthorized();
return user.DescendantUsers().Select(u => u.HidePassword()).ToList();
2023-03-23 14:46:19 +00:00
}
2023-03-23 14:45:40 +00:00
2023-03-20 07:33:44 +00:00
[HttpGet(nameof(GetAllInstallations))]
2023-03-20 09:20:56 +00:00
public ActionResult<IEnumerable<Installation>> GetAllInstallations(Token authToken)
2023-02-16 12:57:06 +00:00
{
2023-03-20 09:20:56 +00:00
var user = Db.GetSession(authToken)?.User;
2023-03-20 07:33:44 +00:00
if (user is null)
return Unauthorized();
2023-06-30 06:58:50 +00:00
return user
.AccessibleInstallations()
.Select(i => i.FillOrderNumbers().HideParentIfUserHasNoAccessToParent(user))
.ToList();
2023-02-16 12:57:06 +00:00
}
2023-02-24 11:58:47 +00:00
2023-03-20 07:33:44 +00:00
[HttpGet(nameof(GetAllFolders))]
2023-03-20 09:20:56 +00:00
public ActionResult<IEnumerable<Folder>> GetAllFolders(Token authToken)
2023-02-16 12:57:06 +00:00
{
2023-03-20 09:20:56 +00:00
var user = Db.GetSession(authToken)?.User;
2023-03-20 07:33:44 +00:00
if (user is null)
return Unauthorized();
2023-02-24 12:59:56 +00:00
return new(user.AccessibleFolders().HideParentIfUserHasNoAccessToParent(user));
2023-02-24 12:59:56 +00:00
}
2023-03-15 13:38:06 +00:00
2023-03-20 07:33:44 +00:00
[HttpGet(nameof(GetAllFoldersAndInstallations))]
public ActionResult<IEnumerable<Object>> GetAllFoldersAndInstallations(Token authToken)
{
2023-03-20 09:20:56 +00:00
var user = Db.GetSession(authToken)?.User;
2023-03-20 07:33:44 +00:00
2023-06-30 06:58:50 +00:00
"GetAllFoldersAndInstallations".WriteLine();
2023-03-20 07:33:44 +00:00
if (user is null)
return Unauthorized();
var foldersAndInstallations = user
.AccessibleFoldersAndInstallations()
.Do(o => o.FillOrderNumbers())
.Select(o => o.HideParentIfUserHasNoAccessToParent(user))
.OfType<Object>(); // Important! JSON serializer must see Objects otherwise
// it will just serialize the members of TreeNode %&@#!!!
return new (foldersAndInstallations);
}
2023-03-09 15:33:14 +00:00
2023-03-15 13:38:06 +00:00
2023-03-20 07:33:44 +00:00
[HttpPost(nameof(CreateUser))]
2023-03-20 09:20:56 +00:00
public ActionResult<User> CreateUser(User newUser, Token authToken)
2023-03-09 15:33:14 +00:00
{
2023-03-20 09:20:56 +00:00
return Db.GetSession(authToken).Create(newUser)
? newUser.HidePassword()
2023-03-20 07:33:44 +00:00
: Unauthorized() ;
2023-03-09 15:33:14 +00:00
}
2023-03-20 07:33:44 +00:00
[HttpPost(nameof(CreateInstallation))]
2023-03-20 09:20:56 +00:00
public async Task<ActionResult<Installation>> CreateInstallation(Installation installation, Token authToken)
2023-03-09 15:33:14 +00:00
{
var session = Db.GetSession(authToken);
if (! await session.Create(installation))
2023-03-20 07:33:44 +00:00
return Unauthorized();
return installation.FillOrderNumbers().HideParentIfUserHasNoAccessToParent(session!.User);
2023-03-09 15:33:14 +00:00
}
2023-03-20 07:33:44 +00:00
[HttpPost(nameof(CreateFolder))]
2023-03-20 09:20:56 +00:00
public ActionResult<Folder> CreateFolder(Folder folder, Token authToken)
2023-03-09 15:33:14 +00:00
{
2023-03-20 09:20:56 +00:00
var session = Db.GetSession(authToken);
2023-03-09 15:33:14 +00:00
2023-03-20 07:33:44 +00:00
if (!session.Create(folder))
return Unauthorized();
return folder.HideParentIfUserHasNoAccessToParent(session!.User);
2023-03-09 15:33:14 +00:00
}
2023-03-20 07:33:44 +00:00
[HttpPost(nameof(GrantUserAccessToFolder))]
2023-03-20 09:20:56 +00:00
public ActionResult GrantUserAccessToFolder(FolderAccess folderAccess, Token authToken)
{
2023-03-20 09:20:56 +00:00
var session = Db.GetSession(authToken);
// TODO: automatic BadRequest when properties are null during deserialization
var folder = Db.GetFolderById(folderAccess.FolderId);
var user = Db.GetUserById(folderAccess.UserId);
return session.GrantUserAccessTo(user, folder)
2023-03-20 07:33:44 +00:00
? Ok()
: Unauthorized();
}
2023-03-20 07:33:44 +00:00
[HttpPost(nameof(RevokeUserAccessToFolder))]
2023-03-20 09:20:56 +00:00
public ActionResult RevokeUserAccessToFolder(FolderAccess folderAccess, Token authToken)
{
2023-03-20 09:20:56 +00:00
var session = Db.GetSession(authToken);
// TODO: automatic BadRequest when properties are null during deserialization
var folder = Db.GetFolderById(folderAccess.FolderId);
var user = Db.GetUserById(folderAccess.UserId);
return session.RevokeUserAccessTo(user, folder)
2023-03-20 07:33:44 +00:00
? Ok()
: Unauthorized();
}
2023-03-20 07:33:44 +00:00
[HttpPost(nameof(GrantUserAccessToInstallation))]
2023-03-20 09:20:56 +00:00
public ActionResult GrantUserAccessToInstallation(InstallationAccess installationAccess, Token authToken)
{
2023-03-20 09:20:56 +00:00
var session = Db.GetSession(authToken);
// TODO: automatic BadRequest when properties are null during deserialization
var installation = Db.GetFolderById(installationAccess.InstallationId);
var user = Db.GetUserById(installationAccess.UserId);
return session.GrantUserAccessTo(user, installation)
2023-03-20 07:33:44 +00:00
? Ok()
: Unauthorized();
}
2023-03-20 07:33:44 +00:00
[HttpPost(nameof(RevokeUserAccessToInstallation))]
2023-03-20 09:20:56 +00:00
public ActionResult RevokeUserAccessToInstallation(InstallationAccess installationAccess, Token authToken)
{
2023-03-20 09:20:56 +00:00
var session = Db.GetSession(authToken);
// TODO: automatic BadRequest when properties are null during deserialization
var installation = Db.GetFolderById(installationAccess.InstallationId);
var user = Db.GetUserById(installationAccess.UserId);
return session.RevokeUserAccessTo(user, installation)
2023-03-20 07:33:44 +00:00
? Ok()
: Unauthorized();
}
2023-03-20 07:33:44 +00:00
[HttpPut(nameof(UpdateUser))]
2023-03-20 09:20:56 +00:00
public ActionResult<User> UpdateUser(User updatedUser, Token authToken)
2023-02-16 12:57:06 +00:00
{
2023-03-20 09:20:56 +00:00
var session = Db.GetSession(authToken);
2023-03-15 13:38:06 +00:00
2023-03-20 07:33:44 +00:00
if (!session.Update(updatedUser))
return Unauthorized();
return updatedUser.HidePassword();
2023-02-16 12:57:06 +00:00
}
2023-02-24 11:58:47 +00:00
[HttpPut(nameof(UpdatePassword))]
public ActionResult<User> UpdatePassword(String newPassword, Token authToken)
{
var session = Db.GetSession(authToken);
return session.UpdatePassword(newPassword)
? Ok()
: Unauthorized();
}
2023-03-20 07:33:44 +00:00
[HttpPut(nameof(UpdateInstallation))]
2023-03-20 09:20:56 +00:00
public ActionResult<Installation> UpdateInstallation(Installation installation, Token authToken)
2023-02-16 12:57:06 +00:00
{
2023-03-20 09:20:56 +00:00
var session = Db.GetSession(authToken);
2023-03-20 07:33:44 +00:00
if (!session.Update(installation))
return Unauthorized();
2023-02-16 12:57:06 +00:00
return installation.FillOrderNumbers().HideParentIfUserHasNoAccessToParent(session!.User);
2023-02-16 12:57:06 +00:00
}
2023-03-20 07:33:44 +00:00
[HttpPut(nameof(UpdateFolder))]
2023-03-20 09:20:56 +00:00
public ActionResult<Folder> UpdateFolder(Folder folder, Token authToken)
2023-02-16 12:57:06 +00:00
{
2023-03-20 09:20:56 +00:00
var session = Db.GetSession(authToken);
2023-03-20 07:33:44 +00:00
if (!session.Update(folder))
return Unauthorized();
2023-02-16 12:57:06 +00:00
return folder.HideParentIfUserHasNoAccessToParent(session!.User);
2023-02-16 12:57:06 +00:00
}
[HttpPut(nameof(MoveInstallation))]
public ActionResult MoveInstallation(Int64 installationId,Int64 parentId, Token authToken)
{
var session = Db.GetSession(authToken);
return session.MoveInstallation(installationId, parentId)
? Ok()
: Unauthorized();
}
[HttpPut(nameof(MoveFolder))]
public ActionResult MoveFolder(Int64 folderId,Int64 parentId, Token authToken)
{
var session = Db.GetSession(authToken);
return session.MoveFolder(folderId, parentId)
? Ok()
: Unauthorized();
}
2023-03-20 07:33:44 +00:00
[HttpDelete(nameof(DeleteUser))]
2023-03-20 09:20:56 +00:00
public ActionResult DeleteUser(Int64 userId, Token authToken)
2023-02-16 12:57:06 +00:00
{
2023-03-20 09:20:56 +00:00
var session = Db.GetSession(authToken);
2023-03-15 13:38:06 +00:00
var user = Db.GetUserById(userId);
2023-02-24 11:58:47 +00:00
2023-03-15 13:38:06 +00:00
return session.Delete(user)
2023-03-20 07:33:44 +00:00
? Ok()
: Unauthorized();
2023-02-16 12:57:06 +00:00
}
2023-03-20 07:33:44 +00:00
[HttpDelete(nameof(DeleteInstallation))]
2023-03-20 09:20:56 +00:00
public ActionResult DeleteInstallation(Int64 installationId, Token authToken)
2023-02-16 12:57:06 +00:00
{
2023-03-20 09:20:56 +00:00
var session = Db.GetSession(authToken);
2023-03-15 13:38:06 +00:00
var installation = Db.GetInstallationById(installationId);
2023-03-15 13:38:06 +00:00
return session.Delete(installation)
2023-03-20 07:33:44 +00:00
? Ok()
: Unauthorized();
2023-02-16 12:57:06 +00:00
}
2023-03-20 07:33:44 +00:00
[HttpDelete(nameof(DeleteFolder))]
2023-03-20 09:20:56 +00:00
public ActionResult DeleteFolder(Int64 folderId, Token authToken)
2023-02-16 12:57:06 +00:00
{
2023-03-20 09:20:56 +00:00
var session = Db.GetSession(authToken);
var folder = Db.GetFolderById(folderId);
2023-03-15 13:38:06 +00:00
return session.Delete(folder)
2023-03-20 07:33:44 +00:00
? Ok()
: Unauthorized();
2023-02-16 12:57:06 +00:00
}
}
2023-02-24 11:58:47 +00:00