using InnovEnergy.App.Backend.Database; using InnovEnergy.App.Backend.DataTypes; using InnovEnergy.App.Backend.DataTypes.Methods; using InnovEnergy.App.Backend.Relations; using Microsoft.AspNetCore.Mvc; using static System.Net.HttpStatusCode; using Folder = InnovEnergy.App.Backend.DataTypes.Folder; using Installation = InnovEnergy.App.Backend.DataTypes.Installation; using Object = System.Object; using User = InnovEnergy.App.Backend.DataTypes.User; namespace InnovEnergy.App.Backend.Controllers; [ApiController] [Route("api/")] public class Controller { private static readonly HttpResponseMessage _Unauthorized = new HttpResponseMessage(Unauthorized); private static readonly HttpResponseMessage _Ok = new HttpResponseMessage(OK); private static readonly HttpResponseMessage _BadRequest = new HttpResponseMessage(BadRequest); [Returns] [Returns(Unauthorized)] [Returns(BadRequest)] [HttpPost($"{nameof(Login)}")] public Object Login(Credentials credentials) { var session = credentials.Login(); return session is null ? _Unauthorized : session; } [Returns(OK)] [Returns(Unauthorized)] [HttpPost($"{nameof(Logout)}")] public Object Logout() { var session = GetSession(); return session.Logout() ? _Ok : _Unauthorized; } [Returns] [Returns(Unauthorized)] [HttpGet($"{nameof(GetUserById)}")] public Object GetUserById(Int64 id) { var caller = GetSession()?.User; if (caller == null) return _Unauthorized; var user = Db.GetUserById(id); if (user is null || !caller.HasAccessTo(user)) return _Unauthorized; user.Password = ""; return user; } [Returns] [Returns(Unauthorized)] [HttpGet($"{nameof(GetInstallationById)}")] public Object GetInstallationById(Int64 id) { var user = GetSession()?.User; if (user == null) return _Unauthorized; var installation = Db.GetInstallationById(id); if (installation is null || !user.HasAccessTo(installation)) return _Unauthorized; return installation; } [Returns] [Returns(Unauthorized)] [HttpGet($"{nameof(GetUsersWithAccessToInstallation)}")] public Object GetUsersWithAccessToInstallation(Int64 id) { var user = GetSession()?.User; if (user == null) return _Unauthorized; var installation = Db.GetInstallationById(id); if (installation is null || !user.HasAccessTo(installation)) return _Unauthorized; var usersWithInheritedAccess = installation .Ancestors() .SelectMany(f => f.UsersWithDirectAccess() .Where(u => u.IsDescendantOf(user)) .Select(u => new { folderId = f.Id, user = u })) .OfType(); var usersWithDirectAccess = installation.UsersWithDirectAccess() .Where(u => u.IsDescendantOf(user)) .Select(u => new { installationId = installation.Id, user = u }) .OfType(); return usersWithInheritedAccess.Concat(usersWithDirectAccess); } [Returns] [Returns(Unauthorized)] [HttpGet($"{nameof(GetUsersWithAccessToFolder)}")] public Object GetUsersWithAccessToFolder(Int64 id) { var user = GetSession()?.User; if (user == null) return _Unauthorized; var folder = Db.GetFolderById(id); if (folder is null || !user.HasAccessTo(folder)) return _Unauthorized; return folder .Ancestors() .Append(folder) .SelectMany(f => f.UsersWithDirectAccess() .Where(u => u.IsDescendantOf(user)) .Select(u => new { folderId = f.Id, user = u })); } [Returns] [Returns(Unauthorized)] [HttpGet($"{nameof(GetFolderById)}")] public Object GetFolderById(Int64 id) { var user = GetSession()?.User; if (user == null) return _Unauthorized; var folder = Db.GetFolderById(id); if (folder is null || !user.HasAccessTo(folder)) return _Unauthorized; return folder; } [Returns] // assuming swagger knows about arrays but not lists (JSON) [Returns(Unauthorized)] [HttpGet($"{nameof(GetAllInstallations)}/")] public Object GetAllInstallations() { var user = GetSession()?.User; return user is null ? _Unauthorized : user.AccessibleInstallations(); } [Returns] // assuming swagger knows about arrays but not lists (JSON) [Returns(Unauthorized)] [HttpGet($"{nameof(GetAllFolders)}/")] public Object GetAllFolders() { var user = GetSession()?.User; return user is null ? _Unauthorized : user.AccessibleFolders(); } // [Returns] // assuming swagger knows about arrays but not lists (JSON) // [Returns(Unauthorized)] // [HttpGet($"{nameof(GetUsersOfFolder)}/")] // public Object GetUsersOfFolder(Int64 folderId) // { // var caller = GetCaller(); // if (caller == null) // return new HttpResponseMessage(Unauthorized); // // var folder = Db.GetFolderById(folderId); // // if (folder is null || !caller.HasAccessTo(folder)) // return new HttpResponseMessage(Unauthorized); // // return descendantUsers; // } [Returns] // assuming swagger knows about arrays but not lists (JSON) [Returns(Unauthorized)] [HttpGet($"{nameof(GetAllFoldersAndInstallations)}/")] public Object GetAllFoldersAndInstallations() { var user = GetSession()?.User; return user is null ? _Unauthorized : user.AccessibleFoldersAndInstallations(); } [Returns(OK)] [Returns(Unauthorized)] [HttpPost($"{nameof(CreateUser)}/")] public Object CreateUser(User newUser) { var session = GetSession(); return session.Create(newUser) ? newUser : _Unauthorized ; } [Returns(OK)] [Returns(Unauthorized)] [HttpPost($"{nameof(CreateInstallation)}/")] public Object CreateInstallation(Installation installation) { var session = GetSession(); return session.Create(installation) ? installation : _Unauthorized; } [Returns(OK)] [Returns(Unauthorized)] [Returns(InternalServerError)] [HttpPost($"{nameof(CreateFolder)}/")] public Object CreateFolder(Folder folder) { var session = GetSession(); return session.Create(folder) ? folder : _Unauthorized; } [Returns(OK)] [Returns(Unauthorized)] [HttpPost($"{nameof(GrantUserAccessToFolder)}/")] public Object GrantUserAccessToFolder([FromQuery] Int64 folderId, [FromQuery] Int64? id) { var session = GetSession(); var user = id is not null ? Db.GetUserById(id) : session?.User; return session.GrantUserAccessTo(user, Db.GetFolderById(folderId)) ? _Ok : _Unauthorized; } [Returns(OK)] [Returns(Unauthorized)] [HttpPost($"{nameof(GrantUserAccessToInstallation)}/")] public Object GrantUserAccessToInstallation([FromQuery] Int64 installationId, [FromQuery] Int64? id) { var session = GetSession(); var user = id is not null ? Db.GetUserById(id) : session?.User; return session.GrantUserAccessTo(user, Db.GetInstallationById(installationId)) ? _Ok : _Unauthorized; } [Returns(OK)] [Returns(Unauthorized)] [HttpPost($"{nameof(RevokeUserAccessToInstallation)}/")] public Object RevokeUserAccessToInstallation([FromQuery] Int64 installationId, [FromQuery] Int64? id) { var session = GetSession(); var user = id is not null ? Db.GetUserById(id) : session?.User; return session.RevokeAccessTo(user, Db.GetInstallationById(installationId)) ? _Ok : _Unauthorized; } [Returns(OK)] [Returns(Unauthorized)] [HttpPost($"{nameof(RevokeUserAccessToFolder)}/")] public Object RevokeUserAccessToFolder([FromQuery] Int64 folderId, [FromQuery] Int64? id) { var session = GetSession(); var user = id is not null ? Db.GetUserById(id) : session?.User; return session.RevokeAccessTo(user, Db.GetFolderById(folderId)) ? _Ok : _Unauthorized; } [Returns(OK)] [Returns(Unauthorized)] [HttpPut($"{nameof(UpdateUser)}/")] public Object UpdateUser(User updatedUser) { var session = GetSession(); if (!session.Update(updatedUser)) return _Unauthorized; updatedUser.Password = ""; return updatedUser; } [Returns(OK)] [Returns(Unauthorized)] [HttpPut($"{nameof(UpdateInstallation)}/")] public Object UpdateInstallation(Installation installation) { var session = GetSession(); return session.Update(installation) ? installation : _Unauthorized; } [Returns(OK)] [Returns(Unauthorized)] [HttpPut($"{nameof(UpdateFolder)}/")] public Object UpdateFolder(Folder folder) { var session = GetSession(); return session.Update(folder) ? folder : _Unauthorized; } [Returns(OK)] [Returns(Unauthorized)] [HttpDelete($"{nameof(DeleteUser)}/")] public Object DeleteUser(Int64 userId) { var session = GetSession(); var user = Db.GetUserById(userId); return session.Delete(user) ? _Ok : _Unauthorized; } [Returns(OK)] [Returns(Unauthorized)] [HttpDelete($"{nameof(DeleteInstallation)}/")] public Object DeleteInstallation(Int64 installationId) { var session = GetSession(); var installation = Db.GetInstallationById(installationId); return session.Delete(installation) ? _Ok : _Unauthorized; } [ProducesResponseType(200)] [ProducesResponseType(401)] [HttpDelete($"{nameof(DeleteFolder)}/")] public Object DeleteFolder(Int64 folderId) { var session = GetSession(); var folder = Db.GetFolderById(folderId); return session.Delete(folder) ? _Ok : _Unauthorized; } private static Session? GetSession() { var ctxAccessor = new HttpContextAccessor(); return ctxAccessor.HttpContext?.Items["Session"] as Session; } }