using InnovEnergy.App.Backend.Database; using InnovEnergy.App.Backend.DataTypes; using InnovEnergy.App.Backend.DataTypes.Methods; using InnovEnergy.App.Backend.Relations; using Microsoft.AspNetCore.Mvc; using static System.Net.HttpStatusCode; namespace InnovEnergy.App.Backend.Controllers; [ApiController] [Route("api/")] public class Controller { private static readonly HttpResponseMessage _Unauthorized = new HttpResponseMessage(Unauthorized); private static readonly HttpResponseMessage _Ok = new HttpResponseMessage(OK); private static readonly HttpResponseMessage _BadRequest = new HttpResponseMessage(BadRequest); [Returns] [Returns(Unauthorized)] [Returns(BadRequest)] [HttpPost($"{nameof(Login)}")] public Object Login(Credentials credentials) { var session = credentials.Login(); return session is null ? _Unauthorized : session; } [Returns(OK)] [Returns(Unauthorized)] [HttpPost($"{nameof(Logout)}")] public Object Logout() { var session = GetSession(); return session.Logout() ? _Ok : _Unauthorized; } [Returns] [Returns(Unauthorized)] [HttpGet($"{nameof(GetUserById)}")] public Object GetUserById(Int64 id) { var caller = GetSession()?.User; if (caller == null) return _Unauthorized; var user = Db.GetUserById(id); if (user is null || !caller.HasAccessTo(user)) return _Unauthorized; user.Password = ""; return user; } [Returns] [Returns(Unauthorized)] [HttpGet($"{nameof(GetInstallationById)}")] public Object GetInstallationById(Int64 id) { var user = GetSession()?.User; if (user == null) return _Unauthorized; var installation = Db.GetInstallationById(id); if (installation is null || !user.HasAccessTo(installation)) return _Unauthorized; return installation; } [Returns] [Returns(Unauthorized)] [HttpGet($"{nameof(GetUsersWithAccessToInstallation)}")] public Object GetUsersWithAccessToInstallation(Int64 id) { var user = GetSession()?.User; if (user == null) return _Unauthorized; var installation = Db.GetInstallationById(id); if (installation is null || !user.HasAccessTo(installation)) return _Unauthorized; var directAccess = installation .UsersWithDirectAccess() .Where(u => u.IsDescendantOf(user)); var inheritedAccess = installation .Ancestors() .SelectMany(f => f.UsersWithDirectAccess() .Where(u => u.IsDescendantOf(user)) .Select(u => new { folderId = f.Id, user = u })); return directAccess .Concat(inheritedAccess); } [Returns(Unauthorized)] [HttpGet($"{nameof(GetUsersWithAccessToFolder)}")] public Object GetUsersWithAccessToFolder(Int64 id) { var user = GetSession()?.User; if (user == null) return _Unauthorized; var folder = Db.GetFolderById(id); if (folder is null || !user.HasAccessTo(folder)) return _Unauthorized; return folder .Ancestors() .Prepend(folder) .SelectMany(f => f.UsersWithDirectAccess() .Where(u => u.IsDescendantOf(user)) .Select(u => new { folderId = f.Id, user = u })); } [Returns] [Returns(Unauthorized)] [HttpGet($"{nameof(GetFolderById)}")] public Object GetFolderById(Int64 id) { var user = GetSession()?.User; if (user == null) return _Unauthorized; var folder = Db.GetFolderById(id); if (folder is null || !user.HasAccessTo(folder)) return _Unauthorized; return folder; } [Returns] // assuming swagger knows about arrays but not lists (JSON) [Returns(Unauthorized)] [HttpGet($"{nameof(GetAllInstallations)}/")] public Object GetAllInstallations() { var user = GetSession()?.User; return user is null ? _Unauthorized : user.AccessibleInstallations(); } [Returns] // assuming swagger knows about arrays but not lists (JSON) [Returns(Unauthorized)] [HttpGet($"{nameof(GetAllFolders)}/")] public Object GetAllFolders() { var user = GetSession()?.User; return user is null ? _Unauthorized : user.AccessibleFolders(); } [Returns] // assuming swagger knows about arrays but not lists (JSON) [Returns(Unauthorized)] [HttpGet($"{nameof(GetAllFoldersAndInstallations)}/")] public Object GetAllFoldersAndInstallations() { var user = GetSession()?.User; return user is null ? _Unauthorized : user.AccessibleFoldersAndInstallations(); } [Returns(OK)] [Returns(Unauthorized)] [HttpPost($"{nameof(CreateUser)}/")] public Object CreateUser(User newUser) { var session = GetSession(); return session.Create(newUser) ? newUser : _Unauthorized ; } [Returns(OK)] [Returns(Unauthorized)] [HttpPost($"{nameof(CreateInstallation)}/")] public Object CreateInstallation(Installation installation) { var session = GetSession(); return session.Create(installation) ? installation : _Unauthorized; } [Returns(OK)] [Returns(Unauthorized)] [Returns(InternalServerError)] [HttpPost($"{nameof(CreateFolder)}/")] public Object CreateFolder(Folder folder) { var session = GetSession(); return session.Create(folder) ? folder : _Unauthorized; } [Returns(OK)] [Returns(Unauthorized)] [HttpPost($"{nameof(GrantUserAccessToFolder)}/")] public Object GrantUserAccessToFolder(FolderAccess folderAccess) { var session = GetSession(); // TODO: automatic BadRequest when properties are null during deserialization var folder = Db.GetFolderById(folderAccess.FolderId); var user = Db.GetUserById(folderAccess.UserId); return session.GrantUserAccessTo(user, folder) ? _Ok : _Unauthorized; } [Returns(OK)] [Returns(Unauthorized)] [HttpPost($"{nameof(RevokeUserAccessToFolder)}/")] public Object RevokeUserAccessToFolder(FolderAccess folderAccess) { var session = GetSession(); // TODO: automatic BadRequest when properties are null during deserialization var folder = Db.GetFolderById(folderAccess.FolderId); var user = Db.GetUserById(folderAccess.UserId); return session.RevokeUserAccessTo(user, folder) ? _Ok : _Unauthorized; } [Returns(OK)] [Returns(Unauthorized)] [HttpPost($"{nameof(GrantUserAccessToInstallation)}/")] public Object GrantUserAccessToInstallation(InstallationAccess installationAccess) { var session = GetSession(); // TODO: automatic BadRequest when properties are null during deserialization var installation = Db.GetFolderById(installationAccess.InstallationId); var user = Db.GetUserById(installationAccess.UserId); return session.GrantUserAccessTo(user, installation) ? _Ok : _Unauthorized; } [Returns(OK)] [Returns(Unauthorized)] [HttpPost($"{nameof(RevokeUserAccessToInstallation)}/")] public Object RevokeUserAccessToInstallation(InstallationAccess installationAccess) { var session = GetSession(); // TODO: automatic BadRequest when properties are null during deserialization var installation = Db.GetFolderById(installationAccess.InstallationId); var user = Db.GetUserById(installationAccess.UserId); return session.RevokeUserAccessTo(user, installation) ? _Ok : _Unauthorized; } [Returns(OK)] [Returns(Unauthorized)] [HttpPut($"{nameof(UpdateUser)}/")] public Object UpdateUser(User updatedUser) { var session = GetSession(); if (!session.Update(updatedUser)) return _Unauthorized; updatedUser.Password = ""; return updatedUser; } [Returns(OK)] [Returns(Unauthorized)] [HttpPut($"{nameof(UpdateInstallation)}/")] public Object UpdateInstallation(Installation installation) { var session = GetSession(); return session.Update(installation) ? installation : _Unauthorized; } [Returns(OK)] [Returns(Unauthorized)] [HttpPut($"{nameof(UpdateFolder)}/")] public Object UpdateFolder(Folder folder) { var session = GetSession(); return session.Update(folder) ? folder : _Unauthorized; } [Returns(OK)] [Returns(Unauthorized)] [HttpDelete($"{nameof(DeleteUser)}/")] public Object DeleteUser(Int64 userId) { var session = GetSession(); var user = Db.GetUserById(userId); return session.Delete(user) ? _Ok : _Unauthorized; } [Returns(OK)] [Returns(Unauthorized)] [HttpDelete($"{nameof(DeleteInstallation)}/")] public Object DeleteInstallation(Int64 installationId) { var session = GetSession(); var installation = Db.GetInstallationById(installationId); return session.Delete(installation) ? _Ok : _Unauthorized; } [ProducesResponseType(200)] [ProducesResponseType(401)] [HttpDelete($"{nameof(DeleteFolder)}/")] public Object DeleteFolder(Int64 folderId) { var session = GetSession(); var folder = Db.GetFolderById(folderId); return session.Delete(folder) ? _Ok : _Unauthorized; } private static Session? GetSession() { var ctxAccessor = new HttpContextAccessor(); return ctxAccessor.HttpContext?.Items["Session"] as Session; } }