Shifted sanitizing outputs into Controller.cs
Now Hiding Parents
This commit is contained in:
parent
46db92fee5
commit
e1305126ee
|
@ -27,7 +27,7 @@ public class Controller : ControllerBase
|
||||||
return Unauthorized();
|
return Unauthorized();
|
||||||
}
|
}
|
||||||
|
|
||||||
var session = new Session(user);
|
var session = new Session(user.HidePassword().HideParentIfUserHasNoAccessToParent(user));
|
||||||
|
|
||||||
//TODO The Frontend should check for the MustResetPassword Flag
|
//TODO The Frontend should check for the MustResetPassword Flag
|
||||||
|
|
||||||
|
@ -60,8 +60,7 @@ public class Controller : ControllerBase
|
||||||
if (user is null || !session.HasAccessTo(user))
|
if (user is null || !session.HasAccessTo(user))
|
||||||
return Unauthorized();
|
return Unauthorized();
|
||||||
|
|
||||||
user.Password = "";
|
return user.HidePassword().HideParentIfUserHasNoAccessToParent(session);
|
||||||
return user;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -77,7 +76,7 @@ public class Controller : ControllerBase
|
||||||
if (installation is null || !user.HasAccessTo(installation))
|
if (installation is null || !user.HasAccessTo(installation))
|
||||||
return Unauthorized();
|
return Unauthorized();
|
||||||
|
|
||||||
return installation;
|
return installation.HideParentIfUserHasNoAccessToParent(user);
|
||||||
}
|
}
|
||||||
|
|
||||||
[HttpGet(nameof(GetUsersWithDirectAccessToInstallation))]
|
[HttpGet(nameof(GetUsersWithDirectAccessToInstallation))]
|
||||||
|
@ -95,6 +94,7 @@ public class Controller : ControllerBase
|
||||||
return installation
|
return installation
|
||||||
.UsersWithDirectAccess()
|
.UsersWithDirectAccess()
|
||||||
.Where(u => u.IsDescendantOf(user))
|
.Where(u => u.IsDescendantOf(user))
|
||||||
|
.Select(u => u.HidePassword())
|
||||||
.ToList();
|
.ToList();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -133,6 +133,7 @@ public class Controller : ControllerBase
|
||||||
return folder
|
return folder
|
||||||
.UsersWithDirectAccess()
|
.UsersWithDirectAccess()
|
||||||
.Where(u => u.IsDescendantOf(user))
|
.Where(u => u.IsDescendantOf(user))
|
||||||
|
.Select(u => u.HidePassword())
|
||||||
.ToList();
|
.ToList();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -168,7 +169,7 @@ public class Controller : ControllerBase
|
||||||
if (folder is null || !user.HasAccessTo(folder))
|
if (folder is null || !user.HasAccessTo(folder))
|
||||||
return Unauthorized();
|
return Unauthorized();
|
||||||
|
|
||||||
return folder;
|
return folder.HideParentIfUserHasNoAccessToParent(user);
|
||||||
}
|
}
|
||||||
|
|
||||||
[HttpGet(nameof(GetAllDirectChildUsers))]
|
[HttpGet(nameof(GetAllDirectChildUsers))]
|
||||||
|
@ -178,7 +179,7 @@ public class Controller : ControllerBase
|
||||||
if (user == null)
|
if (user == null)
|
||||||
return Unauthorized();
|
return Unauthorized();
|
||||||
|
|
||||||
return user.ChildUsers().ToList();
|
return user.ChildUsers().Select(u => u.HidePassword()).ToList();
|
||||||
}
|
}
|
||||||
|
|
||||||
[HttpGet(nameof(GetAllChildUsers))]
|
[HttpGet(nameof(GetAllChildUsers))]
|
||||||
|
@ -188,7 +189,7 @@ public class Controller : ControllerBase
|
||||||
if (user == null)
|
if (user == null)
|
||||||
return Unauthorized();
|
return Unauthorized();
|
||||||
|
|
||||||
return user.DescendantUsers().ToList();
|
return user.DescendantUsers().Select(u => u.HidePassword()).ToList();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -200,9 +201,7 @@ public class Controller : ControllerBase
|
||||||
if (user is null)
|
if (user is null)
|
||||||
return Unauthorized();
|
return Unauthorized();
|
||||||
|
|
||||||
user.AccessibleInstallations().ForEach(i => i.FillOrderNumbers());
|
return user.AccessibleInstallations().Select(i => i.FillOrderNumbers().HideParentIfUserHasNoAccessToParent(user)).ToList();
|
||||||
|
|
||||||
return user.AccessibleInstallations().ToList();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -215,7 +214,7 @@ public class Controller : ControllerBase
|
||||||
if (user is null)
|
if (user is null)
|
||||||
return Unauthorized();
|
return Unauthorized();
|
||||||
|
|
||||||
return new(user.AccessibleFolders());
|
return new(user.AccessibleFolders().HideParentIfUserHasNoAccessToParent(user));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -229,6 +228,8 @@ public class Controller : ControllerBase
|
||||||
|
|
||||||
var foldersAndInstallations = user
|
var foldersAndInstallations = user
|
||||||
.AccessibleFoldersAndInstallations()
|
.AccessibleFoldersAndInstallations()
|
||||||
|
.Do(o => o.FillOrderNumbers())
|
||||||
|
.Select(o => o.HideParentIfUserHasNoAccessToParent(user))
|
||||||
.OfType<Object>(); // Important! JSON serializer must see Objects otherwise
|
.OfType<Object>(); // Important! JSON serializer must see Objects otherwise
|
||||||
// it will just serialize the members of TreeNode %&@#!!!
|
// it will just serialize the members of TreeNode %&@#!!!
|
||||||
|
|
||||||
|
@ -240,17 +241,19 @@ public class Controller : ControllerBase
|
||||||
public ActionResult<User> CreateUser(User newUser, Token authToken)
|
public ActionResult<User> CreateUser(User newUser, Token authToken)
|
||||||
{
|
{
|
||||||
return Db.GetSession(authToken).Create(newUser)
|
return Db.GetSession(authToken).Create(newUser)
|
||||||
? newUser
|
? newUser.HidePassword()
|
||||||
: Unauthorized() ;
|
: Unauthorized() ;
|
||||||
}
|
}
|
||||||
|
|
||||||
[HttpPost(nameof(CreateInstallation))]
|
[HttpPost(nameof(CreateInstallation))]
|
||||||
public async Task<ActionResult<Installation>> CreateInstallation(Installation installation, Token authToken)
|
public async Task<ActionResult<Installation>> CreateInstallation(Installation installation, Token authToken)
|
||||||
{
|
{
|
||||||
if (!await Db.GetSession(authToken).Create(installation))
|
var session = Db.GetSession(authToken);
|
||||||
|
|
||||||
|
if (! await session.Create(installation))
|
||||||
return Unauthorized();
|
return Unauthorized();
|
||||||
|
|
||||||
return installation;
|
return installation.HideParentIfUserHasNoAccessToParent(session!.User);
|
||||||
}
|
}
|
||||||
|
|
||||||
[HttpPost(nameof(CreateFolder))]
|
[HttpPost(nameof(CreateFolder))]
|
||||||
|
@ -261,7 +264,7 @@ public class Controller : ControllerBase
|
||||||
if (!session.Create(folder))
|
if (!session.Create(folder))
|
||||||
return Unauthorized();
|
return Unauthorized();
|
||||||
|
|
||||||
return folder;
|
return folder.HideParentIfUserHasNoAccessToParent(session!.User);
|
||||||
}
|
}
|
||||||
|
|
||||||
[HttpPost(nameof(GrantUserAccessToFolder))]
|
[HttpPost(nameof(GrantUserAccessToFolder))]
|
||||||
|
@ -332,7 +335,7 @@ public class Controller : ControllerBase
|
||||||
if (!session.Update(updatedUser))
|
if (!session.Update(updatedUser))
|
||||||
return Unauthorized();
|
return Unauthorized();
|
||||||
|
|
||||||
return updatedUser;
|
return updatedUser.HidePassword();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -356,7 +359,7 @@ public class Controller : ControllerBase
|
||||||
if (!session.Update(installation))
|
if (!session.Update(installation))
|
||||||
return Unauthorized();
|
return Unauthorized();
|
||||||
|
|
||||||
return installation;
|
return installation.HideParentIfUserHasNoAccessToParent(session.User);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -368,7 +371,7 @@ public class Controller : ControllerBase
|
||||||
if (!session.Update(folder))
|
if (!session.Update(folder))
|
||||||
return Unauthorized();
|
return Unauthorized();
|
||||||
|
|
||||||
return folder;
|
return folder.HideParentIfUserHasNoAccessToParent(session.User);
|
||||||
}
|
}
|
||||||
|
|
||||||
[HttpPut(nameof(MoveInstallation))]
|
[HttpPut(nameof(MoveInstallation))]
|
||||||
|
|
|
@ -175,6 +175,7 @@ public static class SessionMethods
|
||||||
&& sessionUser.HasAccessTo(editedUser)
|
&& sessionUser.HasAccessTo(editedUser)
|
||||||
&& editedUser
|
&& editedUser
|
||||||
.WithParentOf(originalUser) // prevent moving
|
.WithParentOf(originalUser) // prevent moving
|
||||||
|
.WithNameOf(originalUser)
|
||||||
.WithPasswordOf(originalUser)
|
.WithPasswordOf(originalUser)
|
||||||
.Apply(Db.Update);
|
.Apply(Db.Update);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
using InnovEnergy.App.Backend.Database;
|
||||||
|
|
||||||
namespace InnovEnergy.App.Backend.DataTypes.Methods;
|
namespace InnovEnergy.App.Backend.DataTypes.Methods;
|
||||||
|
|
||||||
public static class TreeNodeMethods
|
public static class TreeNodeMethods
|
||||||
|
@ -9,16 +11,38 @@ public static class TreeNodeMethods
|
||||||
return treeNode;
|
return treeNode;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static T WithNameOf<T>(this T treeNode, T other) where T: TreeNode
|
||||||
|
{
|
||||||
|
treeNode.Name = other.Name;
|
||||||
|
return treeNode;
|
||||||
|
}
|
||||||
|
|
||||||
public static T WithParent<T>(this T treeNode, T other) where T: TreeNode
|
public static T WithParent<T>(this T treeNode, T other) where T: TreeNode
|
||||||
{
|
{
|
||||||
treeNode.ParentId = other.Id;
|
treeNode.ParentId = other.Id;
|
||||||
return treeNode;
|
return treeNode;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static T HideParent<T>(this T treeNode) where T: TreeNode
|
public static T HideParentIfUserHasNoAccessToParent<T>(this T node, User? accessingUser)
|
||||||
|
{
|
||||||
|
if (accessingUser is not null && node is TreeNode treeNode && !accessingUser.HasAccessToParentOf(treeNode))
|
||||||
{
|
{
|
||||||
treeNode.ParentId = 0;
|
treeNode.ParentId = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
return node;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static TreeNode FillOrderNumbers(this TreeNode treeNode)
|
||||||
|
{
|
||||||
|
if (treeNode is Installation installation)
|
||||||
|
{
|
||||||
|
installation.FillOrderNumbers();
|
||||||
|
}
|
||||||
|
|
||||||
return treeNode;
|
return treeNode;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
|
@ -35,7 +35,7 @@ public static class UserMethods
|
||||||
{
|
{
|
||||||
var folders = user.AccessibleFolders() as IEnumerable<TreeNode>;
|
var folders = user.AccessibleFolders() as IEnumerable<TreeNode>;
|
||||||
|
|
||||||
user.AccessibleInstallations().ForEach(i => i.FillOrderNumbers());
|
// user.AccessibleInstallations().ForEach(i => i.FillOrderNumbers());
|
||||||
var installations = user.AccessibleInstallations();
|
var installations = user.AccessibleInstallations();
|
||||||
|
|
||||||
return folders.Concat(installations);
|
return folders.Concat(installations);
|
||||||
|
@ -49,7 +49,7 @@ public static class UserMethods
|
||||||
.Select(r => r.InstallationId)
|
.Select(r => r.InstallationId)
|
||||||
.Select(i => Db.GetInstallationById(i))
|
.Select(i => Db.GetInstallationById(i))
|
||||||
.NotNull()
|
.NotNull()
|
||||||
.Do(i => i.HideParent()); // hide inaccessible parents from calling user
|
.Do(i => i.HideParentIfUserHasNoAccessToParent(user)); // hide inaccessible parents from calling user
|
||||||
}
|
}
|
||||||
|
|
||||||
public static IEnumerable<Folder> DirectlyAccessibleFolders(this User user)
|
public static IEnumerable<Folder> DirectlyAccessibleFolders(this User user)
|
||||||
|
@ -60,7 +60,7 @@ public static class UserMethods
|
||||||
.Select(r => r.FolderId)
|
.Select(r => r.FolderId)
|
||||||
.Select(i => Db.GetFolderById(i))
|
.Select(i => Db.GetFolderById(i))
|
||||||
.NotNull()
|
.NotNull()
|
||||||
.Do(f => f.HideParent()); // hide inaccessible parents from calling user;
|
.Do(f => f.HideParentIfUserHasNoAccessToParent(user)); // hide inaccessible parents from calling user;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static IEnumerable<User> ChildUsers(this User parent)
|
public static IEnumerable<User> ChildUsers(this User parent)
|
||||||
|
@ -93,7 +93,7 @@ public static class UserMethods
|
||||||
|
|
||||||
public static Boolean VerifyPassword(this User user, String password)
|
public static Boolean VerifyPassword(this User user, String password)
|
||||||
{
|
{
|
||||||
return Db.GetUserWithPasswordByName(user.Name)?.Password == user.SaltAndHashPassword(password);
|
return Db.GetUserByName(user.Name)?.Password == user.SaltAndHashPassword(password);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -167,7 +167,31 @@ public static class UserMethods
|
||||||
.Contains(user);
|
.Contains(user);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static String Salt(this User user)
|
public static Boolean HasAccessTo(this User user, TreeNode? other)
|
||||||
|
{
|
||||||
|
return other?.Type switch
|
||||||
|
{
|
||||||
|
"installation" => user.HasAccessTo((Installation)other),
|
||||||
|
"user" => user.HasAccessTo((User)other),
|
||||||
|
"folder" => user.HasAccessTo((Folder)other),
|
||||||
|
_ => false
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
public static Boolean HasAccessToParentOf(this User user, TreeNode? other)
|
||||||
|
{
|
||||||
|
return other?.Type switch
|
||||||
|
{
|
||||||
|
"installation" => user.HasAccessTo(Db.GetInstallationById(other.ParentId)),
|
||||||
|
"user" => user.HasAccessTo(Db.GetUserById(other.ParentId)),
|
||||||
|
"folder" => user.HasAccessTo(Db.GetFolderById(other.ParentId)),
|
||||||
|
_ => false
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
private static String Salt(this User user)
|
||||||
{
|
{
|
||||||
// + id => salt unique per user
|
// + id => salt unique per user
|
||||||
// + InnovEnergy => globally unique
|
// + InnovEnergy => globally unique
|
||||||
|
@ -192,11 +216,10 @@ public static class UserMethods
|
||||||
return deletedUser;
|
return deletedUser;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static User? HidePassword(this User? user)
|
public static User HidePassword(this User user)
|
||||||
{
|
{
|
||||||
if(user is not null)
|
|
||||||
user.Password = "";
|
user.Password = "";
|
||||||
|
|
||||||
return user;
|
return user;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
|
@ -1,7 +1,6 @@
|
||||||
using InnovEnergy.App.Backend.DataTypes;
|
using InnovEnergy.App.Backend.DataTypes;
|
||||||
using InnovEnergy.App.Backend.DataTypes.Methods;
|
using InnovEnergy.App.Backend.DataTypes.Methods;
|
||||||
using InnovEnergy.App.Backend.Relations;
|
using InnovEnergy.App.Backend.Relations;
|
||||||
using InnovEnergy.Lib.Utils;
|
|
||||||
|
|
||||||
|
|
||||||
namespace InnovEnergy.App.Backend.Database;
|
namespace InnovEnergy.App.Backend.Database;
|
||||||
|
@ -18,25 +17,16 @@ public static partial class Db
|
||||||
public static Installation? GetInstallationById(Int64? id)
|
public static Installation? GetInstallationById(Int64? id)
|
||||||
{
|
{
|
||||||
return Installations
|
return Installations
|
||||||
.FirstOrDefault(i => i.Id == id)
|
.FirstOrDefault(i => i.Id == id);
|
||||||
.FillOrderNumbers();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public static User? GetUserById(Int64? id)
|
public static User? GetUserById(Int64? id)
|
||||||
{
|
{
|
||||||
return Users
|
return Users
|
||||||
.FirstOrDefault(u => u.Id == id)
|
.FirstOrDefault(u => u.Id == id);
|
||||||
.HidePassword();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public static User? GetUserByName(String userName)
|
public static User? GetUserByName(String userName)
|
||||||
{
|
|
||||||
return Users
|
|
||||||
.FirstOrDefault(u => u.Name == userName)
|
|
||||||
.HidePassword();
|
|
||||||
}
|
|
||||||
|
|
||||||
public static User? GetUserWithPasswordByName(String userName)
|
|
||||||
{
|
{
|
||||||
return Users
|
return Users
|
||||||
.FirstOrDefault(u => u.Name == userName);
|
.FirstOrDefault(u => u.Name == userName);
|
||||||
|
|
Loading…
Reference in New Issue