using InnovEnergy.App.Backend.Database; using InnovEnergy.App.Backend.DataTypes; using InnovEnergy.App.Backend.DataTypes.Methods; using InnovEnergy.App.Backend.Relations; using InnovEnergy.Lib.Utils; using Microsoft.AspNetCore.Mvc; namespace InnovEnergy.App.Backend.Controllers; using Token = String; [ApiController] [Route("api/")] public class Controller : ControllerBase { [HttpPost(nameof(Login))] public ActionResult Login(String username, String password) { var user = Db.GetUserByEmail(username); if (user is null || !user.VerifyPassword(password)) return Unauthorized(); var session = new Session(user); return Db.Create(session) ? session : Unauthorized(); } [HttpPost(nameof(Logout))] public ActionResult Logout(Token authToken) { var session = Db.GetSession(authToken); return session.Logout() ? Ok() : Unauthorized(); } [HttpGet(nameof(GetUserById))] public ActionResult GetUserById(Int64 id, Token authToken) { var session = Db.GetSession(authToken)?.User; if (session == null) return Unauthorized(); var user = Db.GetUserById(id); if (user is null || !session.HasAccessTo(user)) return Unauthorized(); user.Password = ""; return user; } [HttpGet(nameof(GetInstallationById))] public ActionResult GetInstallationById(Int64 id, Token authToken) { var user = Db.GetSession(authToken)?.User; if (user == null) return Unauthorized(); var installation = Db.GetInstallationById(id); if (installation is null || !user.HasAccessTo(installation)) return Unauthorized(); return installation; } [HttpGet(nameof(GetUsersWithAccessToInstallation))] public ActionResult> GetUsersWithAccessToInstallation(Int64 id, Token authToken) { var user = Db.GetSession(authToken)?.User; if (user == null) return Unauthorized(); var installation = Db.GetInstallationById(id); if (installation is null || !user.HasAccessTo(installation)) return Unauthorized(); var directAccess = installation .UsersWithDirectAccess() .Where(u => u.IsDescendantOf(user)); var inheritedAccess = installation .Ancestors() .SelectMany(f => f.UsersWithDirectAccess() .Where(u => u.IsDescendantOf(user)) .Select(u => new { folderId = f.Id, user = u })); return directAccess .Concat(inheritedAccess) .Apply(Ok); // TODO: typing } [HttpGet(nameof(GetUsersWithAccessToFolder))] public ActionResult> GetUsersWithAccessToFolder(Int64 id, Token authToken) { var user = Db.GetSession(authToken)?.User; if (user == null) return Unauthorized(); var folder = Db.GetFolderById(id); if (folder is null || !user.HasAccessTo(folder)) return Unauthorized(); return folder .Ancestors() .Prepend(folder) .SelectMany(f => f.UsersWithDirectAccess() .Where(u => u.IsDescendantOf(user)) .Select(u => new { folderId = f.Id, user = u })) .ToList(); } [HttpGet(nameof(GetFolderById))] public ActionResult GetFolderById(Int64 id, Token authToken) { var user = Db.GetSession(authToken)?.User; if (user == null) return Unauthorized(); var folder = Db.GetFolderById(id); if (folder is null || !user.HasAccessTo(folder)) return Unauthorized(); return folder; } [HttpGet(nameof(GetAllInstallations))] public ActionResult> GetAllInstallations(Token authToken) { var user = Db.GetSession(authToken)?.User; if (user is null) return Unauthorized(); return user.AccessibleInstallations().ToList(); } [HttpGet(nameof(GetAllFolders))] public ActionResult> GetAllFolders(Token authToken) { var user = Db.GetSession(authToken)?.User; if (user is null) return Unauthorized(); return new(user.AccessibleFolders()); } [HttpGet(nameof(GetAllFoldersAndInstallations))] public ActionResult> GetAllFoldersAndInstallations(Token authToken) { var user = Db.GetSession(authToken)?.User; if (user is null) return Unauthorized(); return new (user.AccessibleFoldersAndInstallations()); } [HttpPost(nameof(CreateUser))] public ActionResult CreateUser(User newUser, Token authToken) { return Db.GetSession(authToken).Create(newUser) ? newUser : Unauthorized() ; } [HttpPost(nameof(CreateInstallation))] public async Task> CreateInstallation(Installation installation, Token authToken) { if (!await Db.GetSession(authToken).Create(installation)) return Unauthorized(); return installation; } [HttpPost(nameof(CreateFolder))] public ActionResult CreateFolder(Folder folder, Token authToken) { var session = Db.GetSession(authToken); if (!session.Create(folder)) return Unauthorized(); return folder; } [HttpPost(nameof(GrantUserAccessToFolder))] public ActionResult GrantUserAccessToFolder(FolderAccess folderAccess, Token authToken) { var session = Db.GetSession(authToken); // TODO: automatic BadRequest when properties are null during deserialization var folder = Db.GetFolderById(folderAccess.FolderId); var user = Db.GetUserById(folderAccess.UserId); return session.GrantUserAccessTo(user, folder) ? Ok() : Unauthorized(); } [HttpPost(nameof(RevokeUserAccessToFolder))] public ActionResult RevokeUserAccessToFolder(FolderAccess folderAccess, Token authToken) { var session = Db.GetSession(authToken); // TODO: automatic BadRequest when properties are null during deserialization var folder = Db.GetFolderById(folderAccess.FolderId); var user = Db.GetUserById(folderAccess.UserId); return session.RevokeUserAccessTo(user, folder) ? Ok() : Unauthorized(); } [HttpPost(nameof(GrantUserAccessToInstallation))] public ActionResult GrantUserAccessToInstallation(InstallationAccess installationAccess, Token authToken) { var session = Db.GetSession(authToken); // TODO: automatic BadRequest when properties are null during deserialization var installation = Db.GetFolderById(installationAccess.InstallationId); var user = Db.GetUserById(installationAccess.UserId); return session.GrantUserAccessTo(user, installation) ? Ok() : Unauthorized(); } [HttpPost(nameof(RevokeUserAccessToInstallation))] public ActionResult RevokeUserAccessToInstallation(InstallationAccess installationAccess, Token authToken) { var session = Db.GetSession(authToken); // TODO: automatic BadRequest when properties are null during deserialization var installation = Db.GetFolderById(installationAccess.InstallationId); var user = Db.GetUserById(installationAccess.UserId); return session.RevokeUserAccessTo(user, installation) ? Ok() : Unauthorized(); } [HttpPut(nameof(UpdateUser))] public ActionResult UpdateUser(User updatedUser, Token authToken) { var session = Db.GetSession(authToken); if (!session.Update(updatedUser)) return Unauthorized(); updatedUser.Password = ""; // TODO: generic sanitize return values return updatedUser; } [HttpPut(nameof(UpdateInstallation))] public ActionResult UpdateInstallation(Installation installation, Token authToken) { var session = Db.GetSession(authToken); if (!session.Update(installation)) return Unauthorized(); return installation; } [HttpPut(nameof(UpdateFolder))] public ActionResult UpdateFolder(Folder folder, Token authToken) { var session = Db.GetSession(authToken); if (!session.Update(folder)) return Unauthorized(); return folder; } [HttpDelete(nameof(DeleteUser))] public ActionResult DeleteUser(Int64 userId, Token authToken) { var session = Db.GetSession(authToken); var user = Db.GetUserById(userId); return session.Delete(user) ? Ok() : Unauthorized(); } [HttpDelete(nameof(DeleteInstallation))] public ActionResult DeleteInstallation(Int64 installationId, Token authToken) { var session = Db.GetSession(authToken); var installation = Db.GetInstallationById(installationId); return session.Delete(installation) ? Ok() : Unauthorized(); } [HttpDelete(nameof(DeleteFolder))] public ActionResult DeleteFolder(Int64 folderId, Token authToken) { var session = Db.GetSession(authToken); var folder = Db.GetFolderById(folderId); return session.Delete(folder) ? Ok() : Unauthorized(); } }