using InnovEnergy.App.Backend.Database; using InnovEnergy.App.Backend.DataTypes; using InnovEnergy.App.Backend.DataTypes.Methods; using InnovEnergy.App.Backend.Relations; using InnovEnergy.Lib.Utils; using Microsoft.AspNetCore.Mvc; namespace InnovEnergy.App.Backend.Controllers; [ApiController] [Route("api/")] public class Controller : ControllerBase { [HttpPost(nameof(Login))] public ActionResult Login(Credentials credentials) { var session = credentials.Login(); return session is null ? Unauthorized() : session; } [HttpPost(nameof(Logout))] public ActionResult Logout() { var session = GetSession(); return session.Logout() ? Ok() : Unauthorized(); } [HttpGet(nameof(GetUserById))] public ActionResult GetUserById(Int64 id) { var caller = GetSession()?.User; if (caller == null) return Unauthorized(); var user = Db.GetUserById(id); if (user is null || !caller.HasAccessTo(user)) return Unauthorized(); user.Password = ""; return user; } [HttpGet(nameof(GetInstallationById))] public ActionResult GetInstallationById(Int64 id) { var user = GetSession()?.User; if (user == null) return Unauthorized(); var installation = Db.GetInstallationById(id); if (installation is null || !user.HasAccessTo(installation)) return Unauthorized(); return installation; } [HttpGet(nameof(GetUsersWithAccessToInstallation))] public ActionResult> GetUsersWithAccessToInstallation(Int64 id) { var user = GetSession()?.User; if (user == null) return Unauthorized(); var installation = Db.GetInstallationById(id); if (installation is null || !user.HasAccessTo(installation)) return Unauthorized(); var directAccess = installation .UsersWithDirectAccess() .Where(u => u.IsDescendantOf(user)); var inheritedAccess = installation .Ancestors() .SelectMany(f => f.UsersWithDirectAccess() .Where(u => u.IsDescendantOf(user)) .Select(u => new { folderId = f.Id, user = u })); return directAccess .Concat(inheritedAccess) .Apply(Ok); // TODO: typing } [HttpGet(nameof(GetUsersWithAccessToFolder))] public ActionResult> GetUsersWithAccessToFolder(Int64 id) { var user = GetSession()?.User; if (user == null) return Unauthorized(); var folder = Db.GetFolderById(id); if (folder is null || !user.HasAccessTo(folder)) return Unauthorized(); return folder .Ancestors() .Prepend(folder) .SelectMany(f => f.UsersWithDirectAccess() .Where(u => u.IsDescendantOf(user)) .Select(u => new { folderId = f.Id, user = u })) .ToList(); } [HttpGet(nameof(GetFolderById))] public ActionResult GetFolderById(Int64 id) { var user = GetSession()?.User; if (user == null) return Unauthorized(); var folder = Db.GetFolderById(id); if (folder is null || !user.HasAccessTo(folder)) return Unauthorized(); return folder; } [HttpGet(nameof(GetAllInstallations))] public ActionResult> GetAllInstallations() { var user = GetSession()?.User; if (user is null) return Unauthorized(); return user.AccessibleInstallations().ToList(); } [HttpGet(nameof(GetAllFolders))] public ActionResult> GetAllFolders() { var user = GetSession()?.User; if (user is null) return Unauthorized(); return new(user.AccessibleFolders()); } [HttpGet(nameof(GetAllFoldersAndInstallations))] public ActionResult> GetAllFoldersAndInstallations() { var user = GetSession()?.User; if (user is null) return Unauthorized(); return new (user.AccessibleFoldersAndInstallations()); } [HttpPost(nameof(CreateUser))] public ActionResult CreateUser(User newUser) { return GetSession().Create(newUser) ? newUser : Unauthorized() ; } [HttpPost(nameof(CreateInstallation))] public async Task> CreateInstallation(Installation installation) { if (!await GetSession().Create(installation)) return Unauthorized(); return installation; } [HttpPost(nameof(CreateFolder))] public ActionResult CreateFolder(Folder folder) { var session = GetSession(); if (!session.Create(folder)) return Unauthorized(); return folder; } [HttpPost(nameof(GrantUserAccessToFolder))] public ActionResult GrantUserAccessToFolder(FolderAccess folderAccess) { var session = GetSession(); // TODO: automatic BadRequest when properties are null during deserialization var folder = Db.GetFolderById(folderAccess.FolderId); var user = Db.GetUserById(folderAccess.UserId); return session.GrantUserAccessTo(user, folder) ? Ok() : Unauthorized(); } [HttpPost(nameof(RevokeUserAccessToFolder))] public ActionResult RevokeUserAccessToFolder(FolderAccess folderAccess) { var session = GetSession(); // TODO: automatic BadRequest when properties are null during deserialization var folder = Db.GetFolderById(folderAccess.FolderId); var user = Db.GetUserById(folderAccess.UserId); return session.RevokeUserAccessTo(user, folder) ? Ok() : Unauthorized(); } [HttpPost(nameof(GrantUserAccessToInstallation))] public ActionResult GrantUserAccessToInstallation(InstallationAccess installationAccess) { var session = GetSession(); // TODO: automatic BadRequest when properties are null during deserialization var installation = Db.GetFolderById(installationAccess.InstallationId); var user = Db.GetUserById(installationAccess.UserId); return session.GrantUserAccessTo(user, installation) ? Ok() : Unauthorized(); } [HttpPost(nameof(RevokeUserAccessToInstallation))] public ActionResult RevokeUserAccessToInstallation(InstallationAccess installationAccess) { var session = GetSession(); // TODO: automatic BadRequest when properties are null during deserialization var installation = Db.GetFolderById(installationAccess.InstallationId); var user = Db.GetUserById(installationAccess.UserId); return session.RevokeUserAccessTo(user, installation) ? Ok() : Unauthorized(); } [HttpPut(nameof(UpdateUser))] public ActionResult UpdateUser(User updatedUser) { var session = GetSession(); if (!session.Update(updatedUser)) return Unauthorized(); updatedUser.Password = ""; // TODO: generic sanitize return values return updatedUser; } [HttpPut(nameof(UpdateInstallation))] public ActionResult UpdateInstallation(Installation installation) { var session = GetSession(); if (!session.Update(installation)) return Unauthorized(); return installation; } [HttpPut(nameof(UpdateFolder))] public ActionResult UpdateFolder(Folder folder) { var session = GetSession(); if (!session.Update(folder)) return Unauthorized(); return folder; } [HttpDelete(nameof(DeleteUser))] public ActionResult DeleteUser(Int64 userId) { var session = GetSession(); var user = Db.GetUserById(userId); return session.Delete(user) ? Ok() : Unauthorized(); } [HttpDelete(nameof(DeleteInstallation))] public ActionResult DeleteInstallation(Int64 installationId) { var session = GetSession(); var installation = Db.GetInstallationById(installationId); return session.Delete(installation) ? Ok() : Unauthorized(); } [HttpDelete(nameof(DeleteFolder))] public ActionResult DeleteFolder(Int64 folderId) { var session = GetSession(); var folder = Db.GetFolderById(folderId); return session.Delete(folder) ? Ok() : Unauthorized(); } private static Session? GetSession() { var ctxAccessor = new HttpContextAccessor(); return ctxAccessor.HttpContext?.Items["Session"] as Session; } }